423
by Teddy Hogeborn
Documentation changes:
|
1
|
-*- mode: org; coding: utf-8 -*-
|
2
|
|
3
|
Mandos Server D-Bus Interface
|
4
|
|
5
|
This file documents the D-Bus interface to the Mandos server.
|
6
|
|
7
|
* Bus: System bus
|
8
|
Bus name: "se.bsnet.fukt.Mandos"
|
9
|
|
10
|
|
11
|
* Object Paths:
|
12
|
|
13
|
| Path | Object |
|
14
|
|-----------------------+-------------------|
|
15
|
| "/" | The Mandos Server |
|
16
|
| "/clients/CLIENTNAME" | Mandos Client |
|
17
|
|
18
|
|
19
|
* Mandos Server Interface:
|
20
|
Interface name: "se.bsnet.fukt.Mandos"
|
21
|
|
22
|
** Methods:
|
23
|
*** GetAllClients() → (ao: Clients)
|
24
|
Returns an array of all client D-Bus object paths
|
25
|
|
26
|
*** GetAllClientsWithProperties() → (a{oa{sv}}: ClientProperties)
|
27
|
Returns an array of all clients and all their properties
|
28
|
|
29
|
*** RemoveClient(o: ObjectPath) → nothing
|
30
|
Removes a client
|
31
|
|
32
|
** Signals:
|
33
|
*** ClientAdded(o: ObjectPath)
|
34
|
A new client was added.
|
35
|
|
36
|
*** ClientNotFound(s: Fingerprint, s: Address)
|
37
|
A client connected from Address using Fingerprint, but was
|
38
|
rejected because it was not found in the server. The fingerprint
|
39
|
is represented as a string of hexadecimal digits. The address is
|
40
|
an IPv4 or IPv6 address in its normal string format.
|
41
|
|
42
|
*** ClientRemoved(o: ObjectPath, s: Name)
|
43
|
A client named Name on ObjectPath was removed.
|
44
|
|
45
|
|
46
|
* Mandos Client Interface:
|
47
|
Interface name: "se.bsnet.fukt.Mandos.Client"
|
48
|
|
49
|
** Methods
|
50
|
*** Approve(b: Approve) → nothing
|
51
|
Approve or deny a connected client waiting for approval. If
|
52
|
denied, a client will not be sent its secret.
|
53
|
|
54
|
*** CheckedOK() → nothing
|
55
|
Assert that this client has been checked and found to be alive.
|
56
|
This will restart the timeout before disabling this client. See
|
57
|
also the "LastCheckedOK" property.
|
58
|
|
59
|
*** Disable() → nothing
|
60
|
Disable this client. See also the "Enabled" property.
|
61
|
|
62
|
*** Enable() → nothing
|
63
|
Enable this client. See also the "Enabled" property.
|
64
|
|
65
|
*** StartChecker() → nothing
|
66
|
Start a new checker for this client, if none is currently
|
67
|
running. See also the "CheckerRunning" property.
|
68
|
|
69
|
*** StopChecker() → nothing
|
70
|
Abort a running checker process for this client, if any. See also
|
71
|
the "CheckerRunning" property.
|
72
|
|
73
|
** Properties
|
74
|
|
75
|
Note: Many of these properties directly correspond to a setting in
|
76
|
"clients.conf", in which case they are fully documented in
|
77
|
mandos-clients.conf(5).
|
78
|
|
79
|
| Name | Type | Access | clients.conf |
|
80
|
|----------------------+------+------------+---------------------|
|
81
|
| ApprovedByDefault | b | Read/Write | approved_by_default |
|
82
|
| ApprovalDelay (a) | t | Read/Write | approval_delay |
|
83
|
| ApprovalDuration (a) | t | Read/Write | approval_duration |
|
84
|
| ApprovalPending (b) | b | Read | N/A |
|
85
|
| Checker | s | Read/Write | checker |
|
86
|
| CheckerRunning (c) | b | Read/Write | N/A |
|
87
|
| Created (d) | s | Read | N/A |
|
88
|
| Enabled (e) | b | Read/Write | N/A |
|
89
|
| Fingerprint | s | Read | fingerprint |
|
90
|
| Host | s | Read/Write | host |
|
91
|
| Interval (a) | t | Read/Write | interval |
|
92
|
| LastCheckedOK (f) | s | Read/Write | N/A |
|
93
|
| LastEnabled (g) | s | Read | N/A |
|
94
|
| Name | s | Read | (Section name) |
|
95
|
| ObjectPath | o | Read | N/A |
|
96
|
| Secret (h) | ay | Write | secret (or secfile) |
|
97
|
| Timeout (a) | t | Read/Write | timeout |
|
98
|
|
99
|
a) Represented as milliseconds.
|
100
|
|
101
|
b) An approval is currently pending.
|
102
|
|
103
|
c) Setting this property is equivalent to calling StartChecker() or
|
104
|
StopChecker().
|
105
|
|
106
|
d) The creation time of this client object, as a RFC 3339 string.
|
107
|
|
108
|
e) Setting this property is equivalent to calling Enable() or
|
109
|
Disable().
|
110
|
|
111
|
f) The last time a checker was successful, as a RFC 3339 string, or
|
112
|
an empty string if this has not happened. Setting this property
|
113
|
is equivalent to calling CheckedOK(), i.e. the current time is
|
114
|
set, regardless of the string sent. Please always use an empty
|
115
|
string when setting this property, to allow for possible future
|
116
|
expansion.
|
117
|
|
118
|
g) The last time this client was enabled, as a RFC 3339 string, or
|
119
|
an empty string if this has not happened.
|
120
|
|
121
|
h) A raw byte array, not hexadecimal digits.
|
122
|
|
123
|
** Signals
|
124
|
*** CheckerCompleted(n: Exitcode, x: Waitstatus, s: Command)
|
125
|
A checker (Command) has completed. Exitcode is either the exit
|
126
|
code or -1 for abnormal exit. In any case, the full Waitstatus
|
127
|
(as from wait(2)) is also available.
|
128
|
|
129
|
*** CheckerStarted(s: Command)
|
130
|
A checker command (Command) has just been started.
|
131
|
|
132
|
*** GotSecret()
|
133
|
This client has been sent its secret.
|
134
|
|
135
|
*** NeedApproval(t: Timeout, b: ApprovedByDefault)
|
136
|
This client will be approved or denied in exactly Timeout
|
137
|
milliseconds, depending on ApprovedByDefault. Approve() can now
|
138
|
usefully be called on this client object.
|
139
|
|
140
|
*** PropertyChanged(s: Property, v: Value)
|
141
|
The Property on this client has changed to Value.
|
142
|
|
143
|
*** Rejected(s: Reason)
|
144
|
This client was not given its secret for a specified Reason.
|
145
|
|
146
|
�
|
147
|
#+STARTUP: showall
|