/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2008-10-03">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
35
43
      <holder>Teddy Hogeborn</holder>
36
44
      <holder>Björn Påhlsson</holder>
37
45
    </copyright>
116
124
        <replaceable>TIME</replaceable></option></arg>
117
125
      </group>
118
126
      <sbr/>
119
 
      <arg><option>--force</option></arg>
 
127
      <group>
 
128
        <arg choice="plain"><option>--force</option></arg>
 
129
        <arg choice="plain"><option>-f</option></arg>
 
130
      </group>
120
131
    </cmdsynopsis>
121
132
    <cmdsynopsis>
122
133
      <command>&COMMANDNAME;</command>
142
153
        <arg choice="plain"><option>-n
143
154
        <replaceable>NAME</replaceable></option></arg>
144
155
      </group>
 
156
      <group>
 
157
        <arg choice="plain"><option>--no-ssh</option></arg>
 
158
        <arg choice="plain"><option>-S</option></arg>
 
159
      </group>
145
160
    </cmdsynopsis>
146
161
    <cmdsynopsis>
147
162
      <command>&COMMANDNAME;</command>
212
227
        <listitem>
213
228
          <para>
214
229
            Target directory for key files.  Default is
215
 
            <filename>/etc/mandos</filename>.
 
230
            <filename class="directory">/etc/mandos</filename>.
216
231
          </para>
217
232
        </listitem>
218
233
      </varlistentry>
224
239
        <replaceable>TYPE</replaceable></option></term>
225
240
        <listitem>
226
241
          <para>
227
 
            Key type.  Default is <quote>DSA</quote>.
 
242
            Key type.  Default is <quote>RSA</quote>.
228
243
          </para>
229
244
        </listitem>
230
245
      </varlistentry>
236
251
        <replaceable>BITS</replaceable></option></term>
237
252
        <listitem>
238
253
          <para>
239
 
            Key length in bits.  Default is 2048.
 
254
            Key length in bits.  Default is 4096.
240
255
          </para>
241
256
        </listitem>
242
257
      </varlistentry>
248
263
        <replaceable>KEYTYPE</replaceable></option></term>
249
264
        <listitem>
250
265
          <para>
251
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
266
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
252
267
            encryption-only).
253
268
          </para>
254
269
        </listitem>
261
276
        <replaceable>BITS</replaceable></option></term>
262
277
        <listitem>
263
278
          <para>
264
 
            Subkey length in bits.  Default is 2048.
 
279
            Subkey length in bits.  Default is 4096.
265
280
          </para>
266
281
        </listitem>
267
282
      </varlistentry>
285
300
        <replaceable>TEXT</replaceable></option></term>
286
301
        <listitem>
287
302
          <para>
288
 
            Comment field for key.  The default value is
289
 
            <quote><literal>Mandos client key</literal></quote>.
 
303
            Comment field for key.  Default is empty.
290
304
          </para>
291
305
        </listitem>
292
306
      </varlistentry>
344
358
          </para>
345
359
        </listitem>
346
360
      </varlistentry>
 
361
      <varlistentry>
 
362
        <term><option>--no-ssh</option></term>
 
363
        <term><option>-S</option></term>
 
364
        <listitem>
 
365
          <para>
 
366
            When <option>--password</option> or
 
367
            <option>--passfile</option> is given, this option will
 
368
            prevent <command>&COMMANDNAME;</command> from calling
 
369
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
370
            for this host and, if successful, output suitable config
 
371
            options to use this fingerprint as a
 
372
            <option>checker</option> option in the output.  This is
 
373
            otherwise the default behavior.
 
374
          </para>
 
375
        </listitem>
 
376
      </varlistentry>
347
377
    </variablelist>
348
378
  </refsect1>
349
379
  
409
439
        </listitem>
410
440
      </varlistentry>
411
441
      <varlistentry>
412
 
        <term><filename>/tmp</filename></term>
 
442
        <term><filename class="directory">/tmp</filename></term>
413
443
        <listitem>
414
444
          <para>
415
445
            Temporary files will be written here if
420
450
    </variablelist>
421
451
  </refsect1>
422
452
  
423
 
<!--   <refsect1 id="bugs"> -->
424
 
<!--     <title>BUGS</title> -->
425
 
<!--     <para> -->
426
 
<!--     </para> -->
427
 
<!--   </refsect1> -->
 
453
  <refsect1 id="bugs">
 
454
    <title>BUGS</title>
 
455
    <xi:include href="bugs.xml"/>
 
456
  </refsect1>
428
457
  
429
458
  <refsect1 id="example">
430
459
    <title>EXAMPLE</title>
450
479
    </informalexample>
451
480
    <informalexample>
452
481
      <para>
453
 
        Prompt for a password, encrypt it with the key in
454
 
        <filename>/etc/mandos</filename> and output a section suitable
455
 
        for <filename>clients.conf</filename>.
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
456
485
      </para>
457
486
      <para>
458
487
        <userinput>&COMMANDNAME; --password</userinput>
491
520
  <refsect1 id="see_also">
492
521
    <title>SEE ALSO</title>
493
522
    <para>
 
523
      <citerefentry><refentrytitle>intro</refentrytitle>
 
524
      <manvolnum>8mandos</manvolnum></citerefentry>,
494
525
      <citerefentry><refentrytitle>gpg</refentrytitle>
495
526
      <manvolnum>1</manvolnum></citerefentry>,
496
527
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
498
529
      <citerefentry><refentrytitle>mandos</refentrytitle>
499
530
      <manvolnum>8</manvolnum></citerefentry>,
500
531
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
501
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
532
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
533
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
 
534
      <manvolnum>1</manvolnum></citerefentry>
502
535
    </para>
503
536
  </refsect1>
504
537