/mandos/trunk

		   -*- mode: org; coding: utf-8 -*-

		    Mandos Server D-Bus Interface

This file documents the D-Bus interface to the Mandos server.

* Bus: System bus

  Bus name: "se.recompile.Mandos"

* Object Paths:

  | Path                  | Object            |

  |-----------------------+-------------------|

  | "/"                   | The Mandos Server |

  (To get a list of paths to client objects, use the standard D-Bus

  org.freedesktop.DBus.ObjectManager interface, which the server

  object supports.)

* Mandos Server Interface:

  Interface name: "se.recompile.Mandos"

** Methods:

*** RemoveClient(o: ObjectPath) → nothing

    Removes a client

** Signals:

*** ClientNotFound(s: Fingerprint, s: Address)

    A client connected from Address using Fingerprint, but was

    rejected because it was not found in the server.  The fingerprint

    is represented as a string of hexadecimal digits.  The address is

    an IPv4 or IPv6 address in its normal string format.

* Mandos Client Interface:

  Interface name: "se.recompile.Mandos.Client"

** Methods

*** Approve(b: Approve) → nothing

    Approve or deny a connected client waiting for approval.  If

    denied, a client will not be sent its secret.

*** CheckedOK() → nothing

    Assert that this client has been checked and found to be alive.

    This will restart the timeout before disabling this client.  See

    also the "LastCheckedOK" property.

** Properties

   Note: Many of these properties directly correspond to a setting in

   "clients.conf", in which case they are fully documented in

   mandos-clients.conf(5).

   | Name                    | Type | Access     | clients.conf        |

   |-------------------------+------+------------+---------------------|

   | ApprovedByDefault       | b    | Read/Write | approved_by_default |

   | ApprovalDelay (a)       | t    | Read/Write | approval_delay      |

   | ApprovalDuration (a)    | t    | Read/Write | approval_duration   |

   | ApprovalPending (b)     | b    | Read       | N/A                 |

   | Checker                 | s    | Read/Write | checker             |

   | CheckerRunning (c)      | b    | Read/Write | N/A                 |

   | Created (d)             | s    | Read       | N/A                 |

   | Enabled (e)             | b    | Read/Write | N/A                 |

   | Expires (f)             | s    | Read       | N/A                 |

   | ExtendedTimeout (a)     | t    | Read/Write | extended_timeout    |

   | Fingerprint             | s    | Read       | fingerprint         |

   | Host                    | s    | Read/Write | host                |

   | Interval (a)            | t    | Read/Write | interval            |

   | LastApprovalRequest (g) | s    | Read       | N/A                 |

   | LastCheckedOK (h)       | s    | Read/Write | N/A                 |

   | LastCheckerStatus (i)   | n    | Read       | N/A                 |

   | LastEnabled (j)         | s    | Read       | N/A                 |

   | Name                    | s    | Read       | (Section name)      |

   | Secret (k)              | ay   | Write      | secret (or secfile) |

   | Timeout (a)             | t    | Read/Write | timeout             |

   a) Represented as milliseconds.

   b) An approval is currently pending.

   c) Changing this property can either start a new checker or abort a

      running one.

   d) The creation time of this client object, as an RFC 3339 string.

   e) Changing this property enables or disables a client.

   f) The date and time this client will be disabled, as an RFC 3339

      string, or an empty string if this is not scheduled.

   g) The date and time of the last approval request, as an RFC 3339

      string, or an empty string if this has not happened.

   h) The date and time a checker was last successful, as an RFC 3339

      string, or an empty string if this has not happened.  Setting

      this property is equivalent to calling CheckedOK(), i.e. the

      current time is set, regardless of the string sent.  Please

      always use an empty string when setting this property, to allow

      for possible future expansion.

   i) The exit status of the last checker, -1 if it did not exit

      cleanly, -2 if a checker has not yet returned.

   j) The date and time this client was last enabled, as an RFC 3339

      string, or an empty string if this has not happened.

   k) A raw byte array, not hexadecimal digits.

** Signals

*** CheckerCompleted(n: Exitcode, x: Waitstatus, s: Command)

    A checker (Command) has completed.  Exitcode is either the exit

    code or -1 for abnormal exit.  In any case, the full Waitstatus

    (as from wait(2)) is also available.

*** CheckerStarted(s: Command)

    A checker command (Command) has just been started.

*** GotSecret()

    This client has been sent its secret.

*** NeedApproval(t: Timeout, b: ApprovedByDefault)

    This client will be approved or denied in exactly Timeout

    milliseconds, depending on ApprovedByDefault.  Approve() can now

    usefully be called on this client object.

*** Rejected(s: Reason)

    This client was not given its secret for a specified Reason.

* Copyright

    Copyright © 2010-2016 Teddy Hogeborn

    Copyright © 2010-2016 Björn Påhlsson

** License:

   This program is free software: you can redistribute it and/or

   modify it under the terms of the GNU General Public License as

   published by the Free Software Foundation, either version 3 of the

   License, or (at your option) any later version.

   This program is distributed in the hope that it will be useful, but

   WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

   General Public License for more details.

   You should have received a copy of the GNU General Public License

   along with this program.  If not, see

   <http://www.gnu.org/licenses/>.

#+STARTUP: showall