/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2012-01-01">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
39
43
      <holder>Teddy Hogeborn</holder>
40
44
      <holder>Björn Påhlsson</holder>
41
45
    </copyright>
100
104
      <sbr/>
101
105
      <arg><option>--statedir
102
106
      <replaceable>DIRECTORY</replaceable></option></arg>
 
107
      <sbr/>
 
108
      <arg><option>--socket
 
109
      <replaceable>FD</replaceable></option></arg>
 
110
      <sbr/>
 
111
      <arg><option>--foreground</option></arg>
 
112
      <sbr/>
 
113
      <arg><option>--no-zeroconf</option></arg>
103
114
    </cmdsynopsis>
104
115
    <cmdsynopsis>
105
116
      <command>&COMMANDNAME;</command>
286
297
        <term><option>--no-restore</option></term>
287
298
        <listitem>
288
299
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
300
          <para>
 
301
            See also <xref linkend="persistent_state"/>.
 
302
          </para>
289
303
        </listitem>
290
304
      </varlistentry>
291
305
      
296
310
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
297
311
        </listitem>
298
312
      </varlistentry>
 
313
      
 
314
      <varlistentry>
 
315
        <term><option>--socket
 
316
        <replaceable>FD</replaceable></option></term>
 
317
        <listitem>
 
318
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
319
        </listitem>
 
320
      </varlistentry>
 
321
      
 
322
      <varlistentry>
 
323
        <term><option>--foreground</option></term>
 
324
        <listitem>
 
325
          <xi:include href="mandos-options.xml"
 
326
                      xpointer="foreground"/>
 
327
        </listitem>
 
328
      </varlistentry>
 
329
      
 
330
      <varlistentry>
 
331
        <term><option>--no-zeroconf</option></term>
 
332
        <listitem>
 
333
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
 
334
        </listitem>
 
335
      </varlistentry>
 
336
      
299
337
    </variablelist>
300
338
  </refsect1>
301
339
  
378
416
      extended timeout, checker program, and interval between checks
379
417
      can be configured both globally and per client; see
380
418
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
381
 
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
382
 
      receiving its password will also be treated as a successful
383
 
      checker run.
 
419
      <manvolnum>5</manvolnum></citerefentry>.
384
420
    </para>
385
421
  </refsect1>
386
422
  
414
450
    </para>
415
451
  </refsect1>
416
452
  
 
453
  <refsect1 id="persistent_state">
 
454
    <title>PERSISTENT STATE</title>
 
455
    <para>
 
456
      Client settings, initially read from
 
457
      <filename>clients.conf</filename>, are persistent across
 
458
      restarts, and run-time changes will override settings in
 
459
      <filename>clients.conf</filename>.  However, if a setting is
 
460
      <emphasis>changed</emphasis> (or a client added, or removed) in
 
461
      <filename>clients.conf</filename>, this will take precedence.
 
462
    </para>
 
463
  </refsect1>
 
464
  
417
465
  <refsect1 id="dbus_interface">
418
466
    <title>D-BUS INTERFACE</title>
419
467
    <para>
481
529
        </listitem>
482
530
      </varlistentry>
483
531
      <varlistentry>
484
 
        <term><filename>/var/run/mandos.pid</filename></term>
 
532
        <term><filename>/run/mandos.pid</filename></term>
485
533
        <listitem>
486
534
          <para>
487
535
            The file containing the process id of the
488
536
            <command>&COMMANDNAME;</command> process started last.
 
537
            <emphasis >Note:</emphasis> If the <filename
 
538
            class="directory">/run</filename> directory does not
 
539
            exist, <filename>/var/run/mandos.pid</filename> will be
 
540
            used instead.
489
541
          </para>
490
542
        </listitem>
491
543
      </varlistentry>
492
544
      <varlistentry>
493
 
        <term><filename class="devicefile">/dev/log</filename></term>
494
 
      </varlistentry>
495
 
      <varlistentry>
496
545
        <term><filename
497
546
        class="directory">/var/lib/mandos</filename></term>
498
547
        <listitem>
504
553
        </listitem>
505
554
      </varlistentry>
506
555
      <varlistentry>
507
 
        <term><filename>/dev/log</filename></term>
 
556
        <term><filename class="devicefile">/dev/log</filename></term>
508
557
        <listitem>
509
558
          <para>
510
559
            The Unix domain socket to where local syslog messages are
536
585
      There is no fine-grained control over logging and debug output.
537
586
    </para>
538
587
    <para>
539
 
      Debug mode is conflated with running in the foreground.
540
 
    </para>
541
 
    <para>
542
588
      This server does not check the expire time of clients’ OpenPGP
543
589
      keys.
544
590
    </para>
 
591
    <xi:include href="bugs.xml"/>
545
592
  </refsect1>
546
593
  
547
594
  <refsect1 id="example">
660
707
      </varlistentry>
661
708
      <varlistentry>
662
709
        <term>
663
 
          <ulink url="http://www.gnu.org/software/gnutls/"
664
 
          >GnuTLS</ulink>
 
710
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
665
711
        </term>
666
712
      <listitem>
667
713
        <para>
705
751
      </varlistentry>
706
752
      <varlistentry>
707
753
        <term>
708
 
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
709
 
          Protocol Version 1.1</citetitle>
 
754
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
 
755
          Protocol Version 1.2</citetitle>
710
756
        </term>
711
757
      <listitem>
712
758
        <para>
713
 
          TLS 1.1 is the protocol implemented by GnuTLS.
 
759
          TLS 1.2 is the protocol implemented by GnuTLS.
714
760
        </para>
715
761
      </listitem>
716
762
      </varlistentry>
726
772
      </varlistentry>
727
773
      <varlistentry>
728
774
        <term>
729
 
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
730
 
          Security</citetitle>
 
775
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
 
776
          Security (TLS) Authentication</citetitle>
731
777
        </term>
732
778
      <listitem>
733
779
        <para>