/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.conf.xml
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
7
 
<!ENTITY OVERVIEW SYSTEM "overview.xml">
 
6
<!ENTITY TIMESTAMP "2016-03-05">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
8
9
]>
9
10
 
10
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
  <refentryinfo>
12
 
    <title>&CONFNAME;</title>
 
13
    <title>Mandos Manual</title>
13
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>&CONFNAME;</productname>
15
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
16
18
    <authorgroup>
17
19
      <author>
18
20
        <firstname>Björn</firstname>
19
21
        <surname>Påhlsson</surname>
20
22
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
22
24
        </address>
23
25
      </author>
24
26
      <author>
25
27
        <firstname>Teddy</firstname>
26
28
        <surname>Hogeborn</surname>
27
29
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
29
31
        </address>
30
32
      </author>
31
33
    </authorgroup>
32
34
    <copyright>
33
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
34
44
      <holder>Teddy Hogeborn</holder>
35
45
      <holder>Björn Påhlsson</holder>
36
46
    </copyright>
37
 
    <legalnotice>
38
 
      <para>
39
 
        This manual page is free software: you can redistribute it
40
 
        and/or modify it under the terms of the GNU General Public
41
 
        License as published by the Free Software Foundation,
42
 
        either version 3 of the License, or (at your option) any
43
 
        later version.
44
 
      </para>
45
 
 
46
 
      <para>
47
 
        This manual page is distributed in the hope that it will
48
 
        be useful, but WITHOUT ANY WARRANTY; without even the
49
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
50
 
        PARTICULAR PURPOSE.  See the GNU General Public License
51
 
        for more details.
52
 
      </para>
53
 
 
54
 
      <para>
55
 
        You should have received a copy of the GNU General Public
56
 
        License along with this program; If not, see
57
 
        <ulink url="http://www.gnu.org/licenses/"/>.
58
 
      </para>
59
 
    </legalnotice>
 
47
    <xi:include href="legalnotice.xml"/>
60
48
  </refentryinfo>
61
 
 
 
49
  
62
50
  <refmeta>
63
51
    <refentrytitle>&CONFNAME;</refentrytitle>
64
52
    <manvolnum>5</manvolnum>
70
58
      Configuration file for the Mandos server
71
59
    </refpurpose>
72
60
  </refnamediv>
73
 
 
 
61
  
74
62
  <refsynopsisdiv>
75
 
    <synopsis>
76
 
      &CONFPATH;
77
 
    </synopsis>
 
63
    <synopsis>&CONFPATH;</synopsis>
78
64
  </refsynopsisdiv>
79
 
 
 
65
  
80
66
  <refsect1 id="description">
81
67
    <title>DESCRIPTION</title>
82
68
    <para>
83
69
      The file &CONFPATH; is a simple configuration file for
84
70
      <citerefentry><refentrytitle>mandos</refentrytitle>
85
71
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
86
 
      startup.  The configuration file starts with
87
 
      <quote><literal>[DEFAULT]</literal></quote> on a line by itself,
88
 
      followed by any number of
89
 
      <quote><varname><replaceable>option</replaceable></varname>=<replaceable>value</replaceable></quote>
90
 
      entries, with continuations in the style of RFC 822.
91
 
      <quote><varname><replaceable>option</replaceable></varname>:
92
 
      <replaceable>value</replaceable></quote> is also accepted.  Note
93
 
      that leading whitespace is removed from values.  Lines beginning
94
 
      with <quote>#</quote> or <quote>;</quote> are ignored and may be
95
 
      used to provide comments.
 
72
      startup.  The configuration file starts with <quote><literal
 
73
      >[DEFAULT]</literal></quote> on a line by itself, followed by
 
74
      any number of <quote><varname><replaceable>option</replaceable
 
75
      ></varname>=<replaceable>value</replaceable></quote> entries,
 
76
      with continuations in the style of RFC 822.  <quote><varname
 
77
      ><replaceable>option</replaceable></varname>: <replaceable
 
78
      >value</replaceable></quote> is also accepted.  Note that
 
79
      leading whitespace is removed from values.  Lines beginning with
 
80
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
 
81
      to provide comments.
96
82
    </para>
97
 
 
 
83
    
98
84
  </refsect1>
99
85
  <refsect1>
100
86
    <title>OPTIONS</title>
101
87
    
102
88
    <variablelist>
103
89
      <varlistentry>
104
 
        <term><varname>interface</varname></term>
 
90
        <term><option>interface<literal> = </literal><replaceable
 
91
        >NAME</replaceable></option></term>
105
92
        <listitem>
106
 
          <synopsis><literal>interface = </literal><replaceable
107
 
          >IF</replaceable>
108
 
          </synopsis>
109
93
          <xi:include href="mandos-options.xml" xpointer="interface"/>
110
94
        </listitem>
111
95
      </varlistentry>
112
 
 
 
96
      
113
97
      <varlistentry>
114
 
        <term><varname>address</varname></term>
 
98
        <term><option>address<literal> = </literal><replaceable
 
99
          >ADDRESS</replaceable></option></term>
115
100
        <listitem>
116
 
          <synopsis><literal>address = </literal><replaceable
117
 
          >ADDRESS</replaceable>
118
 
          </synopsis>
119
101
          <xi:include href="mandos-options.xml" xpointer="address"/>
120
102
        </listitem>
121
103
      </varlistentry>
122
 
 
 
104
      
123
105
      <varlistentry>
124
 
        <term><varname>port</varname></term>
 
106
        <term><option>port<literal> = </literal><replaceable
 
107
        >NUMBER</replaceable></option></term>
125
108
        <listitem>
126
 
          <synopsis><literal>port = </literal><replaceable
127
 
          >PORT</replaceable>
128
 
          </synopsis>
129
109
          <xi:include href="mandos-options.xml" xpointer="port"/>
130
110
        </listitem>
131
111
      </varlistentry>
132
 
 
 
112
      
133
113
      <varlistentry>
134
 
        <term><varname>debug</varname></term>
135
 
        <listitem>
136
 
          <synopsis><literal>debug = </literal>{ <literal
 
114
        <term><option>debug<literal> = </literal>{ <literal
137
115
          >1</literal> | <literal>yes</literal> | <literal
138
116
          >true</literal> | <literal>on</literal> | <literal
139
117
          >0</literal> | <literal>no</literal> | <literal
140
 
          >false</literal> | <literal>off</literal> }
141
 
          </synopsis>
 
118
          >false</literal> | <literal>off</literal> }</option></term>
 
119
        <listitem>
142
120
          <xi:include href="mandos-options.xml" xpointer="debug"/>
143
121
        </listitem>
144
122
      </varlistentry>
145
 
 
 
123
      
146
124
      <varlistentry>
147
 
        <term><varname>priority</varname></term>
 
125
        <term><option>priority<literal> = </literal><replaceable
 
126
        >STRING</replaceable></option></term>
148
127
        <listitem>
149
 
          <synopsis><literal>priority = </literal><replaceable
150
 
          >PRIORITY</replaceable>
151
 
          </synopsis>
152
128
          <xi:include href="mandos-options.xml" xpointer="priority"/>
153
129
        </listitem>
154
130
      </varlistentry>
155
 
 
 
131
      
156
132
      <varlistentry>
157
 
        <term><varname>servicename</varname></term>
 
133
        <term><option>servicename<literal> = </literal
 
134
        ><replaceable>NAME</replaceable></option></term>
158
135
        <listitem>
159
 
          <synopsis><literal>servicename = </literal><replaceable
160
 
          >NAME</replaceable>
161
 
          </synopsis>
162
136
          <xi:include href="mandos-options.xml"
163
137
                      xpointer="servicename"/>
164
138
        </listitem>
165
139
      </varlistentry>
166
140
      
 
141
      <varlistentry>
 
142
        <term><option>use_dbus<literal> = </literal>{ <literal
 
143
          >1</literal> | <literal>yes</literal> | <literal
 
144
          >true</literal> | <literal>on</literal> | <literal
 
145
          >0</literal> | <literal>no</literal> | <literal
 
146
          >false</literal> | <literal>off</literal> }</option></term>
 
147
        <listitem>
 
148
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
149
        </listitem>
 
150
      </varlistentry>
 
151
      
 
152
      <varlistentry>
 
153
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
154
          >1</literal> | <literal>yes</literal> | <literal
 
155
          >true</literal> | <literal>on</literal> | <literal
 
156
          >0</literal> | <literal>no</literal> | <literal
 
157
          >false</literal> | <literal>off</literal> }</option></term>
 
158
        <listitem>
 
159
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
160
        </listitem>
 
161
      </varlistentry>
 
162
      
 
163
      <varlistentry>
 
164
        <term><option>restore<literal> = </literal>{ <literal
 
165
          >1</literal> | <literal>yes</literal> | <literal
 
166
          >true</literal> | <literal>on</literal> | <literal
 
167
          >0</literal> | <literal>no</literal> | <literal
 
168
          >false</literal> | <literal>off</literal> }</option></term>
 
169
        <listitem>
 
170
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
171
        </listitem>
 
172
      </varlistentry>
 
173
      
 
174
      <varlistentry>
 
175
        <term><option>statedir<literal> = </literal><replaceable
 
176
        >DIRECTORY</replaceable></option></term>
 
177
        <listitem>
 
178
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
179
        </listitem>
 
180
      </varlistentry>
 
181
      
 
182
      <varlistentry>
 
183
        <term><option>socket<literal> = </literal><replaceable
 
184
        >NUMBER</replaceable></option></term>
 
185
        <listitem>
 
186
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
187
        </listitem>
 
188
      </varlistentry>
 
189
      
167
190
    </variablelist>
168
191
  </refsect1>
169
192
  
179
202
    <para>
180
203
      The <literal>[DEFAULT]</literal> is necessary because the Python
181
204
      built-in module <systemitem class="library">ConfigParser</systemitem>
182
 
      requres it.
 
205
      requires it.
183
206
    </para>
 
207
    <xi:include href="bugs.xml"/>
184
208
  </refsect1>
185
209
  
186
210
  <refsect1 id="example">
201
225
[DEFAULT]
202
226
# A configuration example
203
227
interface = eth0
204
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
228
address = fe80::aede:48ff:fe71:f6f2
205
229
port = 1025
206
 
debug = true
207
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
230
debug = True
 
231
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
208
232
servicename = Daena
 
233
use_dbus = False
 
234
use_ipv6 = True
 
235
restore = True
 
236
statedir = /var/lib/mandos
209
237
      </programlisting>
210
238
    </informalexample>
211
239
  </refsect1>
 
240
  
 
241
  <refsect1 id="see_also">
 
242
    <title>SEE ALSO</title>
 
243
    <para>
 
244
      <citerefentry><refentrytitle>intro</refentrytitle>
 
245
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
246
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
247
      ><manvolnum>3</manvolnum></citerefentry>,
 
248
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
249
      <manvolnum>8</manvolnum></citerefentry>,
 
250
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
251
      <manvolnum>5</manvolnum></citerefentry>
 
252
    </para>
 
253
    
 
254
    <variablelist>
 
255
      <varlistentry>
 
256
        <term>
 
257
          RFC 4291: <citetitle>IP Version 6 Addressing
 
258
          Architecture</citetitle>
 
259
        </term>
 
260
        <listitem>
 
261
          <variablelist>
 
262
            <varlistentry>
 
263
              <term>Section 2.2: <citetitle>Text Representation of
 
264
              Addresses</citetitle></term>
 
265
              <listitem><para/></listitem>
 
266
            </varlistentry>
 
267
            <varlistentry>
 
268
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
 
269
              Address</citetitle></term>
 
270
              <listitem><para/></listitem>
 
271
            </varlistentry>
 
272
            <varlistentry>
 
273
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
 
274
            Addresses</citetitle></term>
 
275
            <listitem>
 
276
              <para>
 
277
                The clients use IPv6 link-local addresses, which are
 
278
                immediately usable since a link-local addresses is
 
279
                automatically assigned to a network interface when it
 
280
                is brought up.
 
281
              </para>
 
282
            </listitem>
 
283
            </varlistentry>
 
284
          </variablelist>
 
285
        </listitem>
 
286
      </varlistentry>
 
287
      <varlistentry>
 
288
        <term>
 
289
          <ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
 
290
        </term>
 
291
        <listitem>
 
292
          <para>
 
293
            Zeroconf is the network protocol standard used by clients
 
294
            for finding the Mandos server on the local network.
 
295
          </para>
 
296
        </listitem>
 
297
      </varlistentry>
 
298
    </variablelist>
 
299
  </refsect1>
212
300
</refentry>
 
301
<!-- Local Variables: -->
 
302
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
303
<!-- time-stamp-end: "[\"']>" -->
 
304
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
305
<!-- End: -->