/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
<?xml version="1.0" encoding="UTF-8"?>
 
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY CONFNAME "mandos.conf">
 
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
 
6
<!ENTITY TIMESTAMP "2016-03-05">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
 
9
]>
 
10
 
 
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
 
12
  <refentryinfo>
 
13
    <title>Mandos Manual</title>
 
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
 
18
    <authorgroup>
 
19
      <author>
 
20
        <firstname>Björn</firstname>
 
21
        <surname>Påhlsson</surname>
 
22
        <address>
 
23
          <email>belorn@recompile.se</email>
 
24
        </address>
 
25
      </author>
 
26
      <author>
 
27
        <firstname>Teddy</firstname>
 
28
        <surname>Hogeborn</surname>
 
29
        <address>
 
30
          <email>teddy@recompile.se</email>
 
31
        </address>
 
32
      </author>
 
33
    </authorgroup>
 
34
    <copyright>
 
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <holder>Teddy Hogeborn</holder>
 
45
      <holder>Björn Påhlsson</holder>
 
46
    </copyright>
 
47
    <xi:include href="legalnotice.xml"/>
 
48
  </refentryinfo>
 
49
  
 
50
  <refmeta>
 
51
    <refentrytitle>&CONFNAME;</refentrytitle>
 
52
    <manvolnum>5</manvolnum>
 
53
  </refmeta>
 
54
  
 
55
  <refnamediv>
 
56
    <refname><filename>&CONFNAME;</filename></refname>
 
57
    <refpurpose>
 
58
      Configuration file for the Mandos server
 
59
    </refpurpose>
 
60
  </refnamediv>
 
61
  
 
62
  <refsynopsisdiv>
 
63
    <synopsis>&CONFPATH;</synopsis>
 
64
  </refsynopsisdiv>
 
65
  
 
66
  <refsect1 id="description">
 
67
    <title>DESCRIPTION</title>
 
68
    <para>
 
69
      The file &CONFPATH; is a simple configuration file for
 
70
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
71
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
 
72
      startup.  The configuration file starts with <quote><literal
 
73
      >[DEFAULT]</literal></quote> on a line by itself, followed by
 
74
      any number of <quote><varname><replaceable>option</replaceable
 
75
      ></varname>=<replaceable>value</replaceable></quote> entries,
 
76
      with continuations in the style of RFC 822.  <quote><varname
 
77
      ><replaceable>option</replaceable></varname>: <replaceable
 
78
      >value</replaceable></quote> is also accepted.  Note that
 
79
      leading whitespace is removed from values.  Lines beginning with
 
80
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
 
81
      to provide comments.
 
82
    </para>
 
83
    
 
84
  </refsect1>
 
85
  <refsect1>
 
86
    <title>OPTIONS</title>
 
87
    
 
88
    <variablelist>
 
89
      <varlistentry>
 
90
        <term><option>interface<literal> = </literal><replaceable
 
91
        >NAME</replaceable></option></term>
 
92
        <listitem>
 
93
          <xi:include href="mandos-options.xml" xpointer="interface"/>
 
94
        </listitem>
 
95
      </varlistentry>
 
96
      
 
97
      <varlistentry>
 
98
        <term><option>address<literal> = </literal><replaceable
 
99
          >ADDRESS</replaceable></option></term>
 
100
        <listitem>
 
101
          <xi:include href="mandos-options.xml" xpointer="address"/>
 
102
        </listitem>
 
103
      </varlistentry>
 
104
      
 
105
      <varlistentry>
 
106
        <term><option>port<literal> = </literal><replaceable
 
107
        >NUMBER</replaceable></option></term>
 
108
        <listitem>
 
109
          <xi:include href="mandos-options.xml" xpointer="port"/>
 
110
        </listitem>
 
111
      </varlistentry>
 
112
      
 
113
      <varlistentry>
 
114
        <term><option>debug<literal> = </literal>{ <literal
 
115
          >1</literal> | <literal>yes</literal> | <literal
 
116
          >true</literal> | <literal>on</literal> | <literal
 
117
          >0</literal> | <literal>no</literal> | <literal
 
118
          >false</literal> | <literal>off</literal> }</option></term>
 
119
        <listitem>
 
120
          <xi:include href="mandos-options.xml" xpointer="debug"/>
 
121
        </listitem>
 
122
      </varlistentry>
 
123
      
 
124
      <varlistentry>
 
125
        <term><option>priority<literal> = </literal><replaceable
 
126
        >STRING</replaceable></option></term>
 
127
        <listitem>
 
128
          <xi:include href="mandos-options.xml" xpointer="priority"/>
 
129
        </listitem>
 
130
      </varlistentry>
 
131
      
 
132
      <varlistentry>
 
133
        <term><option>servicename<literal> = </literal
 
134
        ><replaceable>NAME</replaceable></option></term>
 
135
        <listitem>
 
136
          <xi:include href="mandos-options.xml"
 
137
                      xpointer="servicename"/>
 
138
        </listitem>
 
139
      </varlistentry>
 
140
      
 
141
      <varlistentry>
 
142
        <term><option>use_dbus<literal> = </literal>{ <literal
 
143
          >1</literal> | <literal>yes</literal> | <literal
 
144
          >true</literal> | <literal>on</literal> | <literal
 
145
          >0</literal> | <literal>no</literal> | <literal
 
146
          >false</literal> | <literal>off</literal> }</option></term>
 
147
        <listitem>
 
148
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
149
        </listitem>
 
150
      </varlistentry>
 
151
      
 
152
      <varlistentry>
 
153
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
154
          >1</literal> | <literal>yes</literal> | <literal
 
155
          >true</literal> | <literal>on</literal> | <literal
 
156
          >0</literal> | <literal>no</literal> | <literal
 
157
          >false</literal> | <literal>off</literal> }</option></term>
 
158
        <listitem>
 
159
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
160
        </listitem>
 
161
      </varlistentry>
 
162
      
 
163
      <varlistentry>
 
164
        <term><option>restore<literal> = </literal>{ <literal
 
165
          >1</literal> | <literal>yes</literal> | <literal
 
166
          >true</literal> | <literal>on</literal> | <literal
 
167
          >0</literal> | <literal>no</literal> | <literal
 
168
          >false</literal> | <literal>off</literal> }</option></term>
 
169
        <listitem>
 
170
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
171
        </listitem>
 
172
      </varlistentry>
 
173
      
 
174
      <varlistentry>
 
175
        <term><option>statedir<literal> = </literal><replaceable
 
176
        >DIRECTORY</replaceable></option></term>
 
177
        <listitem>
 
178
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
179
        </listitem>
 
180
      </varlistentry>
 
181
      
 
182
      <varlistentry>
 
183
        <term><option>socket<literal> = </literal><replaceable
 
184
        >NUMBER</replaceable></option></term>
 
185
        <listitem>
 
186
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
187
        </listitem>
 
188
      </varlistentry>
 
189
      
 
190
    </variablelist>
 
191
  </refsect1>
 
192
  
 
193
  <refsect1 id="files">
 
194
    <title>FILES</title>
 
195
    <para>
 
196
      The file described here is &CONFPATH;
 
197
    </para>
 
198
  </refsect1>
 
199
  
 
200
  <refsect1 id="bugs">
 
201
    <title>BUGS</title>
 
202
    <para>
 
203
      The <literal>[DEFAULT]</literal> is necessary because the Python
 
204
      built-in module <systemitem class="library">ConfigParser</systemitem>
 
205
      requires it.
 
206
    </para>
 
207
    <xi:include href="bugs.xml"/>
 
208
  </refsect1>
 
209
  
 
210
  <refsect1 id="example">
 
211
    <title>EXAMPLE</title>
 
212
    <informalexample>
 
213
      <para>
 
214
        No options are actually required:
 
215
      </para>
 
216
      <programlisting>
 
217
[DEFAULT]
 
218
      </programlisting>
 
219
    </informalexample>
 
220
    <informalexample>
 
221
      <para>
 
222
        An example using all the options:
 
223
      </para>
 
224
      <programlisting>
 
225
[DEFAULT]
 
226
# A configuration example
 
227
interface = eth0
 
228
address = fe80::aede:48ff:fe71:f6f2
 
229
port = 1025
 
230
debug = True
 
231
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
 
232
servicename = Daena
 
233
use_dbus = False
 
234
use_ipv6 = True
 
235
restore = True
 
236
statedir = /var/lib/mandos
 
237
      </programlisting>
 
238
    </informalexample>
 
239
  </refsect1>
 
240
  
 
241
  <refsect1 id="see_also">
 
242
    <title>SEE ALSO</title>
 
243
    <para>
 
244
      <citerefentry><refentrytitle>intro</refentrytitle>
 
245
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
246
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
247
      ><manvolnum>3</manvolnum></citerefentry>,
 
248
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
249
      <manvolnum>8</manvolnum></citerefentry>,
 
250
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
251
      <manvolnum>5</manvolnum></citerefentry>
 
252
    </para>
 
253
    
 
254
    <variablelist>
 
255
      <varlistentry>
 
256
        <term>
 
257
          RFC 4291: <citetitle>IP Version 6 Addressing
 
258
          Architecture</citetitle>
 
259
        </term>
 
260
        <listitem>
 
261
          <variablelist>
 
262
            <varlistentry>
 
263
              <term>Section 2.2: <citetitle>Text Representation of
 
264
              Addresses</citetitle></term>
 
265
              <listitem><para/></listitem>
 
266
            </varlistentry>
 
267
            <varlistentry>
 
268
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
 
269
              Address</citetitle></term>
 
270
              <listitem><para/></listitem>
 
271
            </varlistentry>
 
272
            <varlistentry>
 
273
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
 
274
            Addresses</citetitle></term>
 
275
            <listitem>
 
276
              <para>
 
277
                The clients use IPv6 link-local addresses, which are
 
278
                immediately usable since a link-local addresses is
 
279
                automatically assigned to a network interface when it
 
280
                is brought up.
 
281
              </para>
 
282
            </listitem>
 
283
            </varlistentry>
 
284
          </variablelist>
 
285
        </listitem>
 
286
      </varlistentry>
 
287
      <varlistentry>
 
288
        <term>
 
289
          <ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
 
290
        </term>
 
291
        <listitem>
 
292
          <para>
 
293
            Zeroconf is the network protocol standard used by clients
 
294
            for finding the Mandos server on the local network.
 
295
          </para>
 
296
        </listitem>
 
297
      </varlistentry>
 
298
    </variablelist>
 
299
  </refsect1>
 
300
</refentry>
 
301
<!-- Local Variables: -->
 
302
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
303
<!-- time-stamp-end: "[\"']>" -->
 
304
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
305
<!-- End: -->