/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2021-02-03 23:10:42 UTC
  • mto: This revision was merged to the branch mainline in revision 406.
  • Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej
mandos-ctl: Fix bad test for command.Remove and related minor issues

The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server.  But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing.  Fix this.

In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).

Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.

* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
  original "clients" dict, and loop over those instead.  Add assertion
  that all clients were indeed removed.  Also fix the code which looks
  for the Remove command, which now needs to actually work.
  (TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
  assertion that there are still clients before looping over them.
  (TestPropertySetterCmd.runTest): Add assertion that the list of
  values to get is not empty before looping over them.  Also add check
  that there are still clients before looping over clients.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
 
6
<!ENTITY TIMESTAMP "2019-06-20">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
7
9
]>
8
10
 
9
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
12
  <refentryinfo>
11
 
    <title>&CONFNAME;</title>
 
13
    <title>Mandos Manual</title>
12
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
 
    <productname>&CONFNAME;</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
15
18
    <authorgroup>
16
19
      <author>
17
20
        <firstname>Björn</firstname>
18
21
        <surname>Påhlsson</surname>
19
22
        <address>
20
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
21
24
        </address>
22
25
      </author>
23
26
      <author>
24
27
        <firstname>Teddy</firstname>
25
28
        <surname>Hogeborn</surname>
26
29
        <address>
27
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
28
31
        </address>
29
32
      </author>
30
33
    </authorgroup>
31
34
    <copyright>
32
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
 
46
      <year>2019</year>
33
47
      <holder>Teddy Hogeborn</holder>
34
48
      <holder>Björn Påhlsson</holder>
35
49
    </copyright>
36
 
    <legalnotice>
37
 
      <para>
38
 
        This manual page is free software: you can redistribute it
39
 
        and/or modify it under the terms of the GNU General Public
40
 
        License as published by the Free Software Foundation,
41
 
        either version 3 of the License, or (at your option) any
42
 
        later version.
43
 
      </para>
44
 
 
45
 
      <para>
46
 
        This manual page is distributed in the hope that it will
47
 
        be useful, but WITHOUT ANY WARRANTY; without even the
48
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
49
 
        PARTICULAR PURPOSE.  See the GNU General Public License
50
 
        for more details.
51
 
      </para>
52
 
 
53
 
      <para>
54
 
        You should have received a copy of the GNU General Public
55
 
        License along with this program; If not, see
56
 
        <ulink url="http://www.gnu.org/licenses/"/>.
57
 
      </para>
58
 
    </legalnotice>
 
50
    <xi:include href="legalnotice.xml"/>
59
51
  </refentryinfo>
60
 
 
 
52
  
61
53
  <refmeta>
62
54
    <refentrytitle>&CONFNAME;</refentrytitle>
63
55
    <manvolnum>5</manvolnum>
69
61
      Configuration file for the Mandos server
70
62
    </refpurpose>
71
63
  </refnamediv>
72
 
 
 
64
  
73
65
  <refsynopsisdiv>
74
 
    <synopsis>
75
 
      &CONFPATH;
76
 
    </synopsis>
 
66
    <synopsis>&CONFPATH;</synopsis>
77
67
  </refsynopsisdiv>
78
 
 
 
68
  
79
69
  <refsect1 id="description">
80
70
    <title>DESCRIPTION</title>
81
71
    <para>
93
83
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
94
84
      to provide comments.
95
85
    </para>
96
 
 
 
86
    
97
87
  </refsect1>
98
88
  <refsect1>
99
89
    <title>OPTIONS</title>
100
90
    
101
91
    <variablelist>
102
92
      <varlistentry>
103
 
        <term><varname>interface</varname></term>
 
93
        <term><option>interface<literal> = </literal><replaceable
 
94
        >NAME</replaceable></option></term>
104
95
        <listitem>
105
 
          <synopsis><literal>interface = </literal><replaceable
106
 
          >IF</replaceable>
107
 
          </synopsis>
108
96
          <xi:include href="mandos-options.xml" xpointer="interface"/>
109
97
        </listitem>
110
98
      </varlistentry>
111
 
 
 
99
      
112
100
      <varlistentry>
113
 
        <term><varname>address</varname></term>
 
101
        <term><option>address<literal> = </literal><replaceable
 
102
          >ADDRESS</replaceable></option></term>
114
103
        <listitem>
115
 
          <synopsis><literal>address = </literal><replaceable
116
 
          >ADDRESS</replaceable>
117
 
          </synopsis>
118
104
          <xi:include href="mandos-options.xml" xpointer="address"/>
119
105
        </listitem>
120
106
      </varlistentry>
121
 
 
 
107
      
122
108
      <varlistentry>
123
 
        <term><varname>port</varname></term>
 
109
        <term><option>port<literal> = </literal><replaceable
 
110
        >NUMBER</replaceable></option></term>
124
111
        <listitem>
125
 
          <synopsis><literal>port = </literal><replaceable
126
 
          >PORT</replaceable>
127
 
          </synopsis>
128
112
          <xi:include href="mandos-options.xml" xpointer="port"/>
129
113
        </listitem>
130
114
      </varlistentry>
131
 
 
 
115
      
132
116
      <varlistentry>
133
 
        <term><varname>debug</varname></term>
134
 
        <listitem>
135
 
          <synopsis><literal>debug = </literal>{ <literal
 
117
        <term><option>debug<literal> = </literal>{ <literal
136
118
          >1</literal> | <literal>yes</literal> | <literal
137
119
          >true</literal> | <literal>on</literal> | <literal
138
120
          >0</literal> | <literal>no</literal> | <literal
139
 
          >false</literal> | <literal>off</literal> }
140
 
          </synopsis>
 
121
          >false</literal> | <literal>off</literal> }</option></term>
 
122
        <listitem>
141
123
          <xi:include href="mandos-options.xml" xpointer="debug"/>
142
124
        </listitem>
143
125
      </varlistentry>
144
 
 
 
126
      
145
127
      <varlistentry>
146
 
        <term><varname>priority</varname></term>
 
128
        <term><option>priority<literal> = </literal><replaceable
 
129
        >STRING</replaceable></option></term>
147
130
        <listitem>
148
 
          <synopsis><literal>priority = </literal><replaceable
149
 
          >PRIORITY</replaceable>
150
 
          </synopsis>
151
131
          <xi:include href="mandos-options.xml" xpointer="priority"/>
152
132
        </listitem>
153
133
      </varlistentry>
154
 
 
 
134
      
155
135
      <varlistentry>
156
 
        <term><varname>servicename</varname></term>
 
136
        <term><option>servicename<literal> = </literal
 
137
        ><replaceable>NAME</replaceable></option></term>
157
138
        <listitem>
158
 
          <synopsis><literal>servicename = </literal><replaceable
159
 
          >NAME</replaceable>
160
 
          </synopsis>
161
139
          <xi:include href="mandos-options.xml"
162
140
                      xpointer="servicename"/>
163
141
        </listitem>
164
142
      </varlistentry>
165
143
      
 
144
      <varlistentry>
 
145
        <term><option>use_dbus<literal> = </literal>{ <literal
 
146
          >1</literal> | <literal>yes</literal> | <literal
 
147
          >true</literal> | <literal>on</literal> | <literal
 
148
          >0</literal> | <literal>no</literal> | <literal
 
149
          >false</literal> | <literal>off</literal> }</option></term>
 
150
        <listitem>
 
151
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
152
        </listitem>
 
153
      </varlistentry>
 
154
      
 
155
      <varlistentry>
 
156
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
157
          >1</literal> | <literal>yes</literal> | <literal
 
158
          >true</literal> | <literal>on</literal> | <literal
 
159
          >0</literal> | <literal>no</literal> | <literal
 
160
          >false</literal> | <literal>off</literal> }</option></term>
 
161
        <listitem>
 
162
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
163
        </listitem>
 
164
      </varlistentry>
 
165
      
 
166
      <varlistentry>
 
167
        <term><option>restore<literal> = </literal>{ <literal
 
168
          >1</literal> | <literal>yes</literal> | <literal
 
169
          >true</literal> | <literal>on</literal> | <literal
 
170
          >0</literal> | <literal>no</literal> | <literal
 
171
          >false</literal> | <literal>off</literal> }</option></term>
 
172
        <listitem>
 
173
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
174
        </listitem>
 
175
      </varlistentry>
 
176
      
 
177
      <varlistentry>
 
178
        <term><option>statedir<literal> = </literal><replaceable
 
179
        >DIRECTORY</replaceable></option></term>
 
180
        <listitem>
 
181
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
182
        </listitem>
 
183
      </varlistentry>
 
184
      
 
185
      <varlistentry>
 
186
        <term><option>socket<literal> = </literal><replaceable
 
187
        >NUMBER</replaceable></option></term>
 
188
        <listitem>
 
189
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
190
        </listitem>
 
191
      </varlistentry>
 
192
      
166
193
    </variablelist>
167
194
  </refsect1>
168
195
  
178
205
    <para>
179
206
      The <literal>[DEFAULT]</literal> is necessary because the Python
180
207
      built-in module <systemitem class="library">ConfigParser</systemitem>
181
 
      requres it.
 
208
      requires it.
182
209
    </para>
 
210
    <xi:include href="bugs.xml"/>
183
211
  </refsect1>
184
212
  
185
213
  <refsect1 id="example">
199
227
      <programlisting>
200
228
[DEFAULT]
201
229
# A configuration example
202
 
interface = eth0
203
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
interface = enp1s0
 
231
address = fe80::aede:48ff:fe71:f6f2
204
232
port = 1025
205
 
debug = true
206
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
233
debug = True
 
234
priority = SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA
207
235
servicename = Daena
 
236
use_dbus = False
 
237
use_ipv6 = True
 
238
restore = True
 
239
statedir = /var/lib/mandos
208
240
      </programlisting>
209
241
    </informalexample>
210
242
  </refsect1>
212
244
  <refsect1 id="see_also">
213
245
    <title>SEE ALSO</title>
214
246
    <para>
215
 
      <citerefentry>
216
 
        <refentrytitle>mandos</refentrytitle>
217
 
        <manvolnum>8</manvolnum></citerefentry>, <citerefentry>
218
 
        <refentrytitle>mandos-clients.conf</refentrytitle>
219
 
        <manvolnum>5</manvolnum></citerefentry>
 
247
      <citerefentry><refentrytitle>intro</refentrytitle>
 
248
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
249
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
250
      ><manvolnum>3</manvolnum></citerefentry>,
 
251
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
252
      <manvolnum>8</manvolnum></citerefentry>,
 
253
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
254
      <manvolnum>5</manvolnum></citerefentry>
220
255
    </para>
 
256
    
 
257
    <variablelist>
 
258
      <varlistentry>
 
259
        <term>
 
260
          RFC 4291: <citetitle>IP Version 6 Addressing
 
261
          Architecture</citetitle>
 
262
        </term>
 
263
        <listitem>
 
264
          <variablelist>
 
265
            <varlistentry>
 
266
              <term>Section 2.2: <citetitle>Text Representation of
 
267
              Addresses</citetitle></term>
 
268
              <listitem><para/></listitem>
 
269
            </varlistentry>
 
270
            <varlistentry>
 
271
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
 
272
              Address</citetitle></term>
 
273
              <listitem><para/></listitem>
 
274
            </varlistentry>
 
275
            <varlistentry>
 
276
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
 
277
            Addresses</citetitle></term>
 
278
            <listitem>
 
279
              <para>
 
280
                The clients use IPv6 link-local addresses, which are
 
281
                immediately usable since a link-local addresses is
 
282
                automatically assigned to a network interface when it
 
283
                is brought up.
 
284
              </para>
 
285
            </listitem>
 
286
            </varlistentry>
 
287
          </variablelist>
 
288
        </listitem>
 
289
      </varlistentry>
 
290
      <varlistentry>
 
291
        <term>
 
292
          <ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
 
293
        </term>
 
294
        <listitem>
 
295
          <para>
 
296
            Zeroconf is the network protocol standard used by clients
 
297
            for finding the Mandos server on the local network.
 
298
          </para>
 
299
        </listitem>
 
300
      </varlistentry>
 
301
    </variablelist>
221
302
  </refsect1>
222
303
</refentry>
 
304
<!-- Local Variables: -->
 
305
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
306
<!-- time-stamp-end: "[\"']>" -->
 
307
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
308
<!-- End: -->