/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

* plugins.d/mandos-client.c (main): Use separate bool variable instead
                                    of clumsy NUL character in
                                    "tempdir".  Bug fix: Don't try to
                                    remove temp directory if it was
                                    never created.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2011-10-03">
 
5
<!ENTITY TIMESTAMP "2009-01-24">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2011</year>
37
36
      <holder>Teddy Hogeborn</holder>
38
37
      <holder>Björn Påhlsson</holder>
39
38
    </copyright>
94
93
      </arg>
95
94
      <sbr/>
96
95
      <arg>
97
 
        <option>--delay <replaceable>SECONDS</replaceable></option>
98
 
      </arg>
99
 
      <sbr/>
100
 
      <arg>
101
 
        <option>--retry <replaceable>SECONDS</replaceable></option>
102
 
      </arg>
103
 
      <sbr/>
104
 
      <arg>
105
 
        <option>--network-hook-dir<replaceable>DIR</replaceable></option>
106
 
      </arg>
107
 
      <sbr/>
108
 
      <arg>
109
96
        <option>--debug</option>
110
97
      </arg>
111
98
    </cmdsynopsis>
142
129
      using TLS with an OpenPGP key to ensure authenticity and
143
130
      confidentiality.  This client program keeps running, trying all
144
131
      servers on the network, until it receives a satisfactory reply
145
 
      or a TERM signal.  After all servers have been tried, all
146
 
      servers are periodically retried.  If no servers are found it
147
 
      will wait indefinitely for new servers to appear.
 
132
      or a TERM signal is received.  If no servers are found, or after
 
133
      all servers have been tried, it waits indefinitely for new
 
134
      servers to appear.
148
135
    </para>
149
136
    <para>
150
137
      This program is not meant to be run directly; it is really meant
204
191
      </varlistentry>
205
192
      
206
193
      <varlistentry>
207
 
        <term><option>--interface=<replaceable
208
 
        >NAME</replaceable></option></term>
 
194
        <term><option>--interface=
 
195
        <replaceable>NAME</replaceable></option></term>
209
196
        <term><option>-i
210
197
        <replaceable>NAME</replaceable></option></term>
211
198
        <listitem>
212
199
          <para>
213
200
            Network interface that will be brought up and scanned for
214
 
            Mandos servers to connect to.  The default is the empty
215
 
            string, which will automatically choose an appropriate
216
 
            interface.
 
201
            Mandos servers to connect to.  The default it
 
202
            <quote><literal>eth0</literal></quote>.
217
203
          </para>
218
204
          <para>
219
205
            If the <option>--connect</option> option is used, this
229
215
            until much later in the boot process, and can not be used
230
216
            by this program.
231
217
          </para>
232
 
          <para>
233
 
            <replaceable>NAME</replaceable> can be the string
234
 
            <quote><literal>none</literal></quote>; this will not use
235
 
            any specific interface, and will not bring up an interface
236
 
            on startup.  This is not recommended, and only meant for
237
 
            advanced users.
238
 
          </para>
239
218
        </listitem>
240
219
      </varlistentry>
241
220
      
286
265
          </para>
287
266
        </listitem>
288
267
      </varlistentry>
289
 
 
290
 
      <varlistentry>
291
 
        <term><option>--delay=<replaceable
292
 
        >SECONDS</replaceable></option></term>
293
 
        <listitem>
294
 
          <para>
295
 
            After bringing the network interface up, the program waits
296
 
            for the interface to arrive in a <quote>running</quote>
297
 
            state before proceeding.  During this time, the kernel log
298
 
            level will be lowered to reduce clutter on the system
299
 
            console, alleviating any other plugins which might be
300
 
            using the system console.  This option sets the upper
301
 
            limit of seconds to wait.  The default is 2.5 seconds.
302
 
          </para>
303
 
        </listitem>
304
 
      </varlistentry>
305
 
 
306
 
      <varlistentry>
307
 
        <term><option>--retry=<replaceable
308
 
        >SECONDS</replaceable></option></term>
309
 
        <listitem>
310
 
          <para>
311
 
            All Mandos servers are tried repeatedly until a password
312
 
            is received.  This value specifies, in seconds, how long
313
 
            between each successive try <emphasis>for the same
314
 
            server</emphasis>.  The default is 10 seconds.
315
 
          </para>
316
 
        </listitem>
317
 
      </varlistentry>
318
 
 
319
 
      <varlistentry>
320
 
        <term><option>--network-hook-dir=<replaceable
321
 
        >DIR</replaceable></option></term>
322
 
        <listitem>
323
 
          <para>
324
 
            Network hook directory.  The default directory is
325
 
            <quote><filename class="directory"
326
 
            >/lib/mandos/network-hooks.d</filename></quote>.
327
 
          </para>
328
 
        </listitem>
329
 
      </varlistentry>
330
268
      
331
269
      <varlistentry>
332
270
        <term><option>--debug</option></term>
405
343
      server could be found and the password received from it could be
406
344
      successfully decrypted and output on standard output.  The
407
345
      program will exit with a non-zero exit status only if a critical
408
 
      error occurs.  Otherwise, it will forever connect to any
409
 
      discovered <application>Mandos</application> servers, trying to
410
 
      get a decryptable password and print it.
 
346
      error occurs.  Otherwise, it will forever connect to new
 
347
      <application>Mandos</application> servers as they appear, trying
 
348
      to get a decryptable password and print it.
411
349
    </para>
412
350
  </refsect1>
413
351
  
488
426
    <informalexample>
489
427
      <para>
490
428
        Run in debug mode, with a custom key, and do not use Zeroconf
491
 
        to locate a server; connect directly to the IPv6 link-local
492
 
        address <quote><systemitem class="ipaddress"
493
 
        >fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,
494
 
        using interface eth2:
 
429
        to locate a server; connect directly to the IPv6 address
 
430
        <quote><systemitem class="ipaddress"
 
431
        >2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,
 
432
        port 4711, using interface eth2:
495
433
      </para>
496
434
      <para>
497
435
 
498
436
<!-- do not wrap this line -->
499
 
<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>
 
437
<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>
500
438
 
501
439
      </para>
502
440
    </informalexample>
552
490
  <refsect1 id="see_also">
553
491
    <title>SEE ALSO</title>
554
492
    <para>
555
 
      <citerefentry><refentrytitle>intro</refentrytitle>
556
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
557
493
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
558
494
      <manvolnum>8</manvolnum></citerefentry>,
559
495
      <citerefentry><refentrytitle>crypttab</refentrytitle>