/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
36
43
      <holder>Teddy Hogeborn</holder>
37
44
      <holder>Björn Påhlsson</holder>
38
45
    </copyright>
117
124
        <replaceable>TIME</replaceable></option></arg>
118
125
      </group>
119
126
      <sbr/>
120
 
      <arg><option>--force</option></arg>
 
127
      <group>
 
128
        <arg choice="plain"><option>--force</option></arg>
 
129
        <arg choice="plain"><option>-f</option></arg>
 
130
      </group>
121
131
    </cmdsynopsis>
122
132
    <cmdsynopsis>
123
133
      <command>&COMMANDNAME;</command>
143
153
        <arg choice="plain"><option>-n
144
154
        <replaceable>NAME</replaceable></option></arg>
145
155
      </group>
 
156
      <group>
 
157
        <arg choice="plain"><option>--no-ssh</option></arg>
 
158
        <arg choice="plain"><option>-S</option></arg>
 
159
      </group>
146
160
    </cmdsynopsis>
147
161
    <cmdsynopsis>
148
162
      <command>&COMMANDNAME;</command>
213
227
        <listitem>
214
228
          <para>
215
229
            Target directory for key files.  Default is
216
 
            <filename>/etc/mandos</filename>.
 
230
            <filename class="directory">/etc/mandos</filename>.
217
231
          </para>
218
232
        </listitem>
219
233
      </varlistentry>
225
239
        <replaceable>TYPE</replaceable></option></term>
226
240
        <listitem>
227
241
          <para>
228
 
            Key type.  Default is <quote>DSA</quote>.
 
242
            Key type.  Default is <quote>RSA</quote>.
229
243
          </para>
230
244
        </listitem>
231
245
      </varlistentry>
237
251
        <replaceable>BITS</replaceable></option></term>
238
252
        <listitem>
239
253
          <para>
240
 
            Key length in bits.  Default is 2048.
 
254
            Key length in bits.  Default is 4096.
241
255
          </para>
242
256
        </listitem>
243
257
      </varlistentry>
249
263
        <replaceable>KEYTYPE</replaceable></option></term>
250
264
        <listitem>
251
265
          <para>
252
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
266
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
253
267
            encryption-only).
254
268
          </para>
255
269
        </listitem>
262
276
        <replaceable>BITS</replaceable></option></term>
263
277
        <listitem>
264
278
          <para>
265
 
            Subkey length in bits.  Default is 2048.
 
279
            Subkey length in bits.  Default is 4096.
266
280
          </para>
267
281
        </listitem>
268
282
      </varlistentry>
286
300
        <replaceable>TEXT</replaceable></option></term>
287
301
        <listitem>
288
302
          <para>
289
 
            Comment field for key.  The default value is
290
 
            <quote><literal>Mandos client key</literal></quote>.
 
303
            Comment field for key.  Default is empty.
291
304
          </para>
292
305
        </listitem>
293
306
      </varlistentry>
345
358
          </para>
346
359
        </listitem>
347
360
      </varlistentry>
 
361
      <varlistentry>
 
362
        <term><option>--no-ssh</option></term>
 
363
        <term><option>-S</option></term>
 
364
        <listitem>
 
365
          <para>
 
366
            When <option>--password</option> or
 
367
            <option>--passfile</option> is given, this option will
 
368
            prevent <command>&COMMANDNAME;</command> from calling
 
369
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
370
            for this host and, if successful, output suitable config
 
371
            options to use this fingerprint as a
 
372
            <option>checker</option> option in the output.  This is
 
373
            otherwise the default behavior.
 
374
          </para>
 
375
        </listitem>
 
376
      </varlistentry>
348
377
    </variablelist>
349
378
  </refsect1>
350
379
  
410
439
        </listitem>
411
440
      </varlistentry>
412
441
      <varlistentry>
413
 
        <term><filename>/tmp</filename></term>
 
442
        <term><filename class="directory">/tmp</filename></term>
414
443
        <listitem>
415
444
          <para>
416
445
            Temporary files will be written here if
421
450
    </variablelist>
422
451
  </refsect1>
423
452
  
424
 
<!--   <refsect1 id="bugs"> -->
425
 
<!--     <title>BUGS</title> -->
426
 
<!--     <para> -->
427
 
<!--     </para> -->
428
 
<!--   </refsect1> -->
 
453
  <refsect1 id="bugs">
 
454
    <title>BUGS</title>
 
455
    <xi:include href="bugs.xml"/>
 
456
  </refsect1>
429
457
  
430
458
  <refsect1 id="example">
431
459
    <title>EXAMPLE</title>
451
479
    </informalexample>
452
480
    <informalexample>
453
481
      <para>
454
 
        Prompt for a password, encrypt it with the key in
455
 
        <filename>/etc/mandos</filename> and output a section suitable
456
 
        for <filename>clients.conf</filename>.
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
457
485
      </para>
458
486
      <para>
459
487
        <userinput>&COMMANDNAME; --password</userinput>
492
520
  <refsect1 id="see_also">
493
521
    <title>SEE ALSO</title>
494
522
    <para>
 
523
      <citerefentry><refentrytitle>intro</refentrytitle>
 
524
      <manvolnum>8mandos</manvolnum></citerefentry>,
495
525
      <citerefentry><refentrytitle>gpg</refentrytitle>
496
526
      <manvolnum>1</manvolnum></citerefentry>,
497
527
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
499
529
      <citerefentry><refentrytitle>mandos</refentrytitle>
500
530
      <manvolnum>8</manvolnum></citerefentry>,
501
531
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
502
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
532
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
533
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
 
534
      <manvolnum>1</manvolnum></citerefentry>
503
535
    </para>
504
536
  </refsect1>
505
537