/mandos/release : revision 237.7.494

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2018-04-01 19:35:00 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 368.
Revision ID: teddy@recompile.se-20180401193500-150t7d6w89s1c0u3

Remove duplicate "Mandos plugin mandos-client:" in error output

* plugins.d/mandos-client.c (init_gpgme, pgp_packet_decrypt): Remove
old hardcoded prefix, since it is now always printed by
fprintf_plus().

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
network-protocol.txt

files renamed:
mandos-client.c => plugin-runner.c

mandos-client.xml => plugin-runner.xml

plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2018-02-08">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control or query the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

100

101

<arg choice="plain"><option>-t

102

103

</group>

104

<sbr/>

105

<group>

106

<arg choice="plain"><option>--extended-timeout

107

108

</group>

109

<sbr/>

110

<group>

111

<arg choice="plain"><option>--interval

112

113

<arg choice="plain"><option>-i

114

115

</group>

116

<sbr/>

117

<group>

118

<arg choice="plain"><option>--approve-by-default</option

119

></arg>

120

<sbr/>

121

<arg choice="plain"><option>--deny-by-default</option></arg>

122

</group>

123

<sbr/>

124

<group>

125

<arg choice="plain"><option>--approval-delay

126

127

</group>

128

<sbr/>

129

<group>

130

<arg choice="plain"><option>--approval-duration

131

132

</group>

133

<sbr/>

134

<group>

135

<arg choice="plain"><option>--interval

136

137

<arg choice="plain"><option>-i

138

139

</group>

140

<sbr/>

141

<group>

142

<arg choice="plain"><option>--host

143

<replaceable>STRING</replaceable></option></arg>

144

<arg choice="plain"><option>-H

145

<replaceable>STRING</replaceable></option></arg>

146

</group>

147

<sbr/>

148

<group>

149

<arg choice="plain"><option>--secret

150

<replaceable>FILENAME</replaceable></option></arg>

151

<arg choice="plain"><option>-s

152

<replaceable>FILENAME</replaceable></option></arg>

153

</group>

154

<sbr/>

155

<group>

156

<arg choice="plain"><option>--approve</option></arg>

157

158

<sbr/>

159

160

161

</group>

162

</group>

163

<sbr/>

164

165

166

167

168

<replaceable>CLIENT</replaceable>

169

</arg>

170

</group>

171

</cmdsynopsis>

172

173

<command>&COMMANDNAME;</command>

174

<group>

175

<arg choice="plain"><option>--verbose</option></arg>

176

177

<sbr/>

178

179

180

</group>

181

<group>

182

183

<replaceable>CLIENT</replaceable>

184

</arg>

185

</group>

186

</cmdsynopsis>

187

188

<command>&COMMANDNAME;</command>

189

190

<arg choice="plain"><option>--is-enabled</option></arg>

191

192

</group>

193

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

194

</cmdsynopsis>

195

196

<command>&COMMANDNAME;</command>

197

198

199

200

</group>

201

</cmdsynopsis>

202

203

<command>&COMMANDNAME;</command>

204

205

<arg choice="plain"><option>--version</option></arg>

206

207

</group>

208

</cmdsynopsis>

209

210

<command>&COMMANDNAME;</command>

211

<arg choice="plain"><option>--check</option></arg>

212

</cmdsynopsis>

213

</refsynopsisdiv>

214

215

216

<title>DESCRIPTION</title>

217

<para>

218

<command>&COMMANDNAME;</command> is a program to control or

219

query the operation of the Mandos server

220

<citerefentry><refentrytitle>mandos</refentrytitle><manvolnum

221

>8</manvolnum></citerefentry>.

222

</para>

223

<para>

224

This program can be used to change client settings, approve or

225

deny client requests, and to remove clients from the server.

226

</para>

227

</refsect1>

228

229

230

<title>PURPOSE</title>

231

<para>

232

The purpose of this is to enable <emphasis>remote and unattended

233

rebooting</emphasis> of client host computer with an

234

<emphasis>encrypted root file system</emphasis>. See <xref

235

linkend="overview"/> for details.

236

</para>

237

</refsect1>

238

239

240

<title>OPTIONS</title>

241

242

243

244

245

246

247

<para>

248

Show a help message and exit

249

</para>

250

</listitem>

251

</varlistentry>

252

253

254

<term><option>--enable</option></term>

255

256

257

<para>

258

Enable client(s). An enabled client will be eligble to

259

receive its secret.

260

</para>

261

</listitem>

262

</varlistentry>

263

264

265

<term><option>--disable</option></term>

266

267

268

<para>

269

Disable client(s). A disabled client will not be eligble

270

to receive its secret, and no checkers will be started for

271

it.

272

</para>

273

</listitem>

274

</varlistentry>

275

276

277

<term><option>--bump-timeout</option></term>

278

279

<para>

280

Bump the timeout of the specified client(s), just as if a

281

checker had completed successfully for it/them.

282

</para>

283

</listitem>

284

</varlistentry>

285

286

287

<term><option>--start-checker</option></term>

288

289

<para>

290

Start a new checker now for the specified client(s).

291

</para>

292

</listitem>

293

</varlistentry>

294

295

296

<term><option>--stop-checker</option></term>

297

298

<para>

299

Stop any running checker for the specified client(s).

300

</para>

301

</listitem>

302

</varlistentry>

303

304

305

<term><option>--remove</option></term>

306

307

308

<para>

309

Remove the specified client(s) from the server.

310

</para>

311

</listitem>

312

</varlistentry>

313

314

315

<term><option>--checker

316

<replaceable>COMMAND</replaceable></option></term>

317

<term><option>-c

318

<replaceable>COMMAND</replaceable></option></term>

319

320

<para>

321

Set the <varname>checker</varname> option of the specified

322

client(s); see <citerefentry><refentrytitle

323

>mandos-clients.conf</refentrytitle><manvolnum

324

>5</manvolnum></citerefentry>.

325

</para>

326

</listitem>

327

</varlistentry>

328

329

330

<term><option>--timeout

331

332

<term><option>-t

333

334

335

<para>

336

Set the <varname>timeout</varname> option of the specified

337

client(s); see <citerefentry><refentrytitle

338

>mandos-clients.conf</refentrytitle><manvolnum

339

>5</manvolnum></citerefentry>.

340

</para>

341

</listitem>

342

</varlistentry>

343

344

345

<term><option>--extended-timeout

346

347

348

<para>

349

Set the <varname>extended_timeout</varname> option of the

350

specified client(s); see <citerefentry><refentrytitle

351

>mandos-clients.conf</refentrytitle><manvolnum

352

>5</manvolnum></citerefentry>.

353

</para>

354

</listitem>

355

</varlistentry>

356

357

358

<term><option>--interval

359

360

<term><option>-i

361

362

363

<para>

364

Set the <varname>interval</varname> option of the

365

specified client(s); see <citerefentry><refentrytitle

366

>mandos-clients.conf</refentrytitle><manvolnum

367

>5</manvolnum></citerefentry>.

368

</para>

369

</listitem>

370

</varlistentry>

371

372

373

<term><option>--approve-by-default</option></term>

374

<term><option>--deny-by-default</option></term>

375

376

<para>

377

Set the <varname>approved_by_default</varname> option of

378

the specified client(s) to <literal>True</literal> or

379

<literal>False</literal>, respectively; see

380

<citerefentry><refentrytitle

381

>mandos-clients.conf</refentrytitle><manvolnum

382

>5</manvolnum></citerefentry>.

383

</para>

384

</listitem>

385

</varlistentry>

386

387

388

<term><option>--approval-delay

389

390

391

<para>

392

Set the <varname>approval_delay</varname> option of the

393

specified client(s); see <citerefentry><refentrytitle

394

>mandos-clients.conf</refentrytitle><manvolnum

395

>5</manvolnum></citerefentry>.

396

</para>

397

</listitem>

398

</varlistentry>

399

400

401

<term><option>--approval-duration

402

403

404

<para>

405

Set the <varname>approval_duration</varname> option of the

406

specified client(s); see <citerefentry><refentrytitle

407

>mandos-clients.conf</refentrytitle><manvolnum

408

>5</manvolnum></citerefentry>.

409

</para>

410

</listitem>

411

</varlistentry>

412

413

414

<term><option>--host

415

<replaceable>STRING</replaceable></option></term>

416

<term><option>-H

417

<replaceable>STRING</replaceable></option></term>

418

419

<para>

420

Set the <varname>host</varname> option of the specified

421

client(s); see <citerefentry><refentrytitle

422

>mandos-clients.conf</refentrytitle><manvolnum

423

>5</manvolnum></citerefentry>.

424

</para>

425

</listitem>

426

</varlistentry>

427

428

429

<term><option>--secret

430

<replaceable>FILENAME</replaceable></option></term>

431

<term><option>-s

432

<replaceable>FILENAME</replaceable></option></term>

433

434

<para>

435

Set the <varname>secfile</varname> option of the specified

436

client(s); see <citerefentry><refentrytitle

437

>mandos-clients.conf</refentrytitle><manvolnum

438

>5</manvolnum></citerefentry>.

439

</para>

440

</listitem>

441

</varlistentry>

442

443

444

<term><option>--approve</option></term>

445

446

447

<para>

448

Approve client(s) if currently waiting for approval.

449

</para>

450

</listitem>

451

</varlistentry>

452

453

454

455

456

457

<para>

458

Deny client(s) if currently waiting for approval.

459

</para>

460

</listitem>

461

</varlistentry>

462

463

464

465

466

467

<para>

468

Make the client-modifying options modify <emphasis

469

>all</emphasis> clients.

470

</para>

471

</listitem>

472

</varlistentry>

473

474

475

<term><option>--verbose</option></term>

476

477

478

<para>

479

Show all client settings, not just a subset.

480

</para>

481

</listitem>

482

</varlistentry>

483

484

485

486

487

488

<para>

489

Dump client settings as JSON to standard output.

490

</para>

491

</listitem>

492

</varlistentry>

493

494

495

<term><option>--is-enabled</option></term>

496

497

498

<para>

499

Check if a single client is enabled or not, and exit with

500

a successful exit status only if the client is enabled.

501

</para>

502

</listitem>

503

</varlistentry>

504

505

506

<term><option>--check</option></term>

507

508

<para>

509

Run self-tests. This includes any unit tests, etc.

510

</para>

511

</listitem>

512

</varlistentry>

513

514

</variablelist>

515

</refsect1>

516

517

518

<title>OVERVIEW</title>

519

<xi:include href="overview.xml"/>

520

<para>

521

This program is a small utility to generate new OpenPGP keys for

522

new Mandos clients, and to generate sections for inclusion in

523

<filename>clients.conf</filename> on the server.

524

</para>

525

</refsect1>

526

527

528

<title>EXIT STATUS</title>

529

<para>

530

If the <option>--is-enabled</option> option is used, the exit

531

status will be 0 only if the specified client is enabled.

532

</para>

533

</refsect1>

534

535

536

537

<xi:include href="bugs.xml"/>

538

</refsect1>

539

540

541

<title>EXAMPLE</title>

542

543

<para>

544

To list all clients:

545

</para>

546

<para>

547

<userinput>&COMMANDNAME;</userinput>

548

</para>

549

</informalexample>

550

551

552

<para>

553

To list <emphasis>all</emphasis> settings for the clients

554

named <quote>foo1.example.org</quote> and <quote

555

>foo2.example.org</quote>:

556

</para>

557

<para>

558

559

560

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

561

562

</para>

563

</informalexample>

564

565

566

<para>

567

To enable all clients:

568

</para>

569

<para>

570

<userinput>&COMMANDNAME; --enable --all</userinput>

571

</para>

572

</informalexample>

573

574

575

<para>

576

To change timeout and interval value for the clients

577

named <quote>foo1.example.org</quote> and <quote

578

>foo2.example.org</quote>:

579

</para>

580

<para>

581

582

583

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

584

585

</para>

586

</informalexample>

587

588

589

<para>

590

To approve all clients currently waiting for it:

591

</para>

592

<para>

593

<userinput>&COMMANDNAME; --approve --all</userinput>

594

</para>

595

</informalexample>

596

</refsect1>

597

598

599

<title>SECURITY</title>

600

<para>

601

This program must be permitted to access the Mandos server via

602

the D-Bus interface. This normally requires the root user, but

603

could be configured otherwise by reconfiguring the D-Bus server.

604

</para>

605

</refsect1>

606

607

608

609

<para>

610

<citerefentry><refentrytitle>intro</refentrytitle>

611

<manvolnum>8mandos</manvolnum></citerefentry>,

612

<citerefentry><refentrytitle>mandos</refentrytitle>

613

<manvolnum>8</manvolnum></citerefentry>,

614

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

615

<manvolnum>5</manvolnum></citerefentry>,

616

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

617

618

</para>

619

</refsect1>

620

621

</refentry>

622

623

624

625

626

Older »