/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-07-14 22:39:15 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190714223915-aqjkms3t3taa6tye
Only use sanitizing options when debugging

The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious.  It has
become clear that sanitizing is only really meant for use while
debugging.

As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.

* Makefile (DEBUG): Add "$(SANITIZE)".
  (SANITIZE): Comment out.
  (CFLAGS): Remove "$(SANITIZE)".
  (plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
                             we no longer need to remove the leak
                             sanitizer by overriding CFLAGS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
<?xml version="1.0" encoding="UTF-8"?>
 
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY CONFNAME "mandos.conf">
 
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
 
6
<!ENTITY TIMESTAMP "2019-06-20">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
 
9
]>
 
10
 
 
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
 
12
  <refentryinfo>
 
13
    <title>Mandos Manual</title>
 
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
 
18
    <authorgroup>
 
19
      <author>
 
20
        <firstname>Björn</firstname>
 
21
        <surname>Påhlsson</surname>
 
22
        <address>
 
23
          <email>belorn@recompile.se</email>
 
24
        </address>
 
25
      </author>
 
26
      <author>
 
27
        <firstname>Teddy</firstname>
 
28
        <surname>Hogeborn</surname>
 
29
        <address>
 
30
          <email>teddy@recompile.se</email>
 
31
        </address>
 
32
      </author>
 
33
    </authorgroup>
 
34
    <copyright>
 
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
 
46
      <year>2019</year>
 
47
      <holder>Teddy Hogeborn</holder>
 
48
      <holder>Björn Påhlsson</holder>
 
49
    </copyright>
 
50
    <xi:include href="legalnotice.xml"/>
 
51
  </refentryinfo>
 
52
  
 
53
  <refmeta>
 
54
    <refentrytitle>&CONFNAME;</refentrytitle>
 
55
    <manvolnum>5</manvolnum>
 
56
  </refmeta>
 
57
  
 
58
  <refnamediv>
 
59
    <refname><filename>&CONFNAME;</filename></refname>
 
60
    <refpurpose>
 
61
      Configuration file for the Mandos server
 
62
    </refpurpose>
 
63
  </refnamediv>
 
64
  
 
65
  <refsynopsisdiv>
 
66
    <synopsis>&CONFPATH;</synopsis>
 
67
  </refsynopsisdiv>
 
68
  
 
69
  <refsect1 id="description">
 
70
    <title>DESCRIPTION</title>
 
71
    <para>
 
72
      The file &CONFPATH; is a simple configuration file for
 
73
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
74
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
 
75
      startup.  The configuration file starts with <quote><literal
 
76
      >[DEFAULT]</literal></quote> on a line by itself, followed by
 
77
      any number of <quote><varname><replaceable>option</replaceable
 
78
      ></varname>=<replaceable>value</replaceable></quote> entries,
 
79
      with continuations in the style of RFC 822.  <quote><varname
 
80
      ><replaceable>option</replaceable></varname>: <replaceable
 
81
      >value</replaceable></quote> is also accepted.  Note that
 
82
      leading whitespace is removed from values.  Lines beginning with
 
83
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
 
84
      to provide comments.
 
85
    </para>
 
86
    
 
87
  </refsect1>
 
88
  <refsect1>
 
89
    <title>OPTIONS</title>
 
90
    
 
91
    <variablelist>
 
92
      <varlistentry>
 
93
        <term><option>interface<literal> = </literal><replaceable
 
94
        >NAME</replaceable></option></term>
 
95
        <listitem>
 
96
          <xi:include href="mandos-options.xml" xpointer="interface"/>
 
97
        </listitem>
 
98
      </varlistentry>
 
99
      
 
100
      <varlistentry>
 
101
        <term><option>address<literal> = </literal><replaceable
 
102
          >ADDRESS</replaceable></option></term>
 
103
        <listitem>
 
104
          <xi:include href="mandos-options.xml" xpointer="address"/>
 
105
        </listitem>
 
106
      </varlistentry>
 
107
      
 
108
      <varlistentry>
 
109
        <term><option>port<literal> = </literal><replaceable
 
110
        >NUMBER</replaceable></option></term>
 
111
        <listitem>
 
112
          <xi:include href="mandos-options.xml" xpointer="port"/>
 
113
        </listitem>
 
114
      </varlistentry>
 
115
      
 
116
      <varlistentry>
 
117
        <term><option>debug<literal> = </literal>{ <literal
 
118
          >1</literal> | <literal>yes</literal> | <literal
 
119
          >true</literal> | <literal>on</literal> | <literal
 
120
          >0</literal> | <literal>no</literal> | <literal
 
121
          >false</literal> | <literal>off</literal> }</option></term>
 
122
        <listitem>
 
123
          <xi:include href="mandos-options.xml" xpointer="debug"/>
 
124
        </listitem>
 
125
      </varlistentry>
 
126
      
 
127
      <varlistentry>
 
128
        <term><option>priority<literal> = </literal><replaceable
 
129
        >STRING</replaceable></option></term>
 
130
        <listitem>
 
131
          <xi:include href="mandos-options.xml" xpointer="priority"/>
 
132
        </listitem>
 
133
      </varlistentry>
 
134
      
 
135
      <varlistentry>
 
136
        <term><option>servicename<literal> = </literal
 
137
        ><replaceable>NAME</replaceable></option></term>
 
138
        <listitem>
 
139
          <xi:include href="mandos-options.xml"
 
140
                      xpointer="servicename"/>
 
141
        </listitem>
 
142
      </varlistentry>
 
143
      
 
144
      <varlistentry>
 
145
        <term><option>use_dbus<literal> = </literal>{ <literal
 
146
          >1</literal> | <literal>yes</literal> | <literal
 
147
          >true</literal> | <literal>on</literal> | <literal
 
148
          >0</literal> | <literal>no</literal> | <literal
 
149
          >false</literal> | <literal>off</literal> }</option></term>
 
150
        <listitem>
 
151
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
152
        </listitem>
 
153
      </varlistentry>
 
154
      
 
155
      <varlistentry>
 
156
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
157
          >1</literal> | <literal>yes</literal> | <literal
 
158
          >true</literal> | <literal>on</literal> | <literal
 
159
          >0</literal> | <literal>no</literal> | <literal
 
160
          >false</literal> | <literal>off</literal> }</option></term>
 
161
        <listitem>
 
162
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
163
        </listitem>
 
164
      </varlistentry>
 
165
      
 
166
      <varlistentry>
 
167
        <term><option>restore<literal> = </literal>{ <literal
 
168
          >1</literal> | <literal>yes</literal> | <literal
 
169
          >true</literal> | <literal>on</literal> | <literal
 
170
          >0</literal> | <literal>no</literal> | <literal
 
171
          >false</literal> | <literal>off</literal> }</option></term>
 
172
        <listitem>
 
173
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
174
        </listitem>
 
175
      </varlistentry>
 
176
      
 
177
      <varlistentry>
 
178
        <term><option>statedir<literal> = </literal><replaceable
 
179
        >DIRECTORY</replaceable></option></term>
 
180
        <listitem>
 
181
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
182
        </listitem>
 
183
      </varlistentry>
 
184
      
 
185
      <varlistentry>
 
186
        <term><option>socket<literal> = </literal><replaceable
 
187
        >NUMBER</replaceable></option></term>
 
188
        <listitem>
 
189
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
190
        </listitem>
 
191
      </varlistentry>
 
192
      
 
193
    </variablelist>
 
194
  </refsect1>
 
195
  
 
196
  <refsect1 id="files">
 
197
    <title>FILES</title>
 
198
    <para>
 
199
      The file described here is &CONFPATH;
 
200
    </para>
 
201
  </refsect1>
 
202
  
 
203
  <refsect1 id="bugs">
 
204
    <title>BUGS</title>
 
205
    <para>
 
206
      The <literal>[DEFAULT]</literal> is necessary because the Python
 
207
      built-in module <systemitem class="library">ConfigParser</systemitem>
 
208
      requires it.
 
209
    </para>
 
210
    <xi:include href="bugs.xml"/>
 
211
  </refsect1>
 
212
  
 
213
  <refsect1 id="example">
 
214
    <title>EXAMPLE</title>
 
215
    <informalexample>
 
216
      <para>
 
217
        No options are actually required:
 
218
      </para>
 
219
      <programlisting>
 
220
[DEFAULT]
 
221
      </programlisting>
 
222
    </informalexample>
 
223
    <informalexample>
 
224
      <para>
 
225
        An example using all the options:
 
226
      </para>
 
227
      <programlisting>
 
228
[DEFAULT]
 
229
# A configuration example
 
230
interface = enp1s0
 
231
address = fe80::aede:48ff:fe71:f6f2
 
232
port = 1025
 
233
debug = True
 
234
priority = SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA
 
235
servicename = Daena
 
236
use_dbus = False
 
237
use_ipv6 = True
 
238
restore = True
 
239
statedir = /var/lib/mandos
 
240
      </programlisting>
 
241
    </informalexample>
 
242
  </refsect1>
 
243
  
 
244
  <refsect1 id="see_also">
 
245
    <title>SEE ALSO</title>
 
246
    <para>
 
247
      <citerefentry><refentrytitle>intro</refentrytitle>
 
248
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
249
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
250
      ><manvolnum>3</manvolnum></citerefentry>,
 
251
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
252
      <manvolnum>8</manvolnum></citerefentry>,
 
253
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
254
      <manvolnum>5</manvolnum></citerefentry>
 
255
    </para>
 
256
    
 
257
    <variablelist>
 
258
      <varlistentry>
 
259
        <term>
 
260
          RFC 4291: <citetitle>IP Version 6 Addressing
 
261
          Architecture</citetitle>
 
262
        </term>
 
263
        <listitem>
 
264
          <variablelist>
 
265
            <varlistentry>
 
266
              <term>Section 2.2: <citetitle>Text Representation of
 
267
              Addresses</citetitle></term>
 
268
              <listitem><para/></listitem>
 
269
            </varlistentry>
 
270
            <varlistentry>
 
271
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
 
272
              Address</citetitle></term>
 
273
              <listitem><para/></listitem>
 
274
            </varlistentry>
 
275
            <varlistentry>
 
276
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
 
277
            Addresses</citetitle></term>
 
278
            <listitem>
 
279
              <para>
 
280
                The clients use IPv6 link-local addresses, which are
 
281
                immediately usable since a link-local addresses is
 
282
                automatically assigned to a network interface when it
 
283
                is brought up.
 
284
              </para>
 
285
            </listitem>
 
286
            </varlistentry>
 
287
          </variablelist>
 
288
        </listitem>
 
289
      </varlistentry>
 
290
      <varlistentry>
 
291
        <term>
 
292
          <ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
 
293
        </term>
 
294
        <listitem>
 
295
          <para>
 
296
            Zeroconf is the network protocol standard used by clients
 
297
            for finding the Mandos server on the local network.
 
298
          </para>
 
299
        </listitem>
 
300
      </varlistentry>
 
301
    </variablelist>
 
302
  </refsect1>
 
303
</refentry>
 
304
<!-- Local Variables: -->
 
305
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
306
<!-- time-stamp-end: "[\"']>" -->
 
307
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
308
<!-- End: -->