=== modified file 'Makefile'
--- Makefile 2008-08-17 20:34:18 +0000
+++ Makefile 2008-08-17 22:42:28 +0000
@@ -37,7 +37,8 @@
--param make.year.ranges 1 \
--param make.single.year.ranges 1 \
--param man.output.quietly 1 \
- --param man.authors.section.enabled 0
+ --param man.authors.section.enabled 0 \
+ /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
# DocBook-to-man post-processing to fix a \n escape bug
MANPOST=sed --in-place --expression='s,\\en,\en,g;s,\\een,\\en,g'
=== modified file 'mandos.xml'
--- mandos.xml 2008-08-17 20:34:18 +0000
+++ mandos.xml 2008-08-17 22:42:28 +0000
@@ -1,16 +1,15 @@
-
-
+
+
]>
&COMMANDNAME;
-
+
&COMMANDNAME;
&VERSION;
@@ -74,35 +73,35 @@
&COMMANDNAME;
- --interfaceIF
- --addressADDRESS
- --portPORT
- --priorityPRIORITY
- --servicenameNAME
- --configdirDIRECTORY
- --debug
-
-
- &COMMANDNAME;
- -iIF
- -aADDRESS
- -pPORT
- --priorityPRIORITY
- --servicenameNAME
- --configdirDIRECTORY
- --debug
-
-
- &COMMANDNAME;
- --help
-
-
- &COMMANDNAME;
- --version
-
-
- &COMMANDNAME;
- --check
+ --interfaceIF
+ --addressADDRESS
+ --portPORT
+ --priorityPRIORITY
+ --servicenameNAME
+ --configdirDIRECTORY
+ --debug
+
+
+ &COMMANDNAME;
+ -iIF
+ -aADDRESS
+ -pPORT
+ --priorityPRIORITY
+ --servicenameNAME
+ --configdirDIRECTORY
+ --debug
+
+
+ &COMMANDNAME;
+ --help
+
+
+ &COMMANDNAME;
+ --version
+
+
+ &COMMANDNAME;
+ --check
@@ -112,12 +111,13 @@
&COMMANDNAME; is a server daemon which
handles incoming request for passwords for a pre-defined list of
client host computers. The Mandos server uses Zeroconf to
- announce itself on the local network, and uses GnuTLS to
- communicate securely with and to authenticate the clients.
- Mandos uses IPv6 link-local addresses, since the clients are
- assumed to not have any other addresses configured. Any
- authenticated client is then given the pre-encrypted password
- for that specific client.
+ announce itself on the local network, and uses TLS to
+ communicate securely with and to authenticate the clients. The
+ Mandos server uses IPv6 to allow Mandos clients to use IPv6
+ link-local addresses, since the clients will probably not have
+ any other addresses configured (see ).
+ Any authenticated client is then given the stored pre-encrypted
+ password for that specific client.
@@ -127,14 +127,9 @@
The purpose of this is to enable remote and unattended
- rebooting of any client host computer with an
- encrypted root file system. The client
- host computer should start a Mandos client in the initial RAM
- disk environment, the Mandos client program communicates with
- this server program to get an encrypted password, which is then
- decrypted and used to unlock the encrypted root file system.
- The client host computer can then continue its boot sequence
- normally.
+ rebooting of client host computer with an
+ encrypted root file system. See for details.
@@ -197,7 +192,7 @@
--check
- Run the server's self-tests. This includes any unit
+ Run the server’s self-tests. This includes any unit
tests, etc.
@@ -220,14 +215,13 @@
GnuTLS priority string for the TLS handshake with the
- clients. See
- gnutls_priority_init
+ clients. The default is
+ SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
.
+ See gnutls_priority_init
3
- for the syntax. The default is
- SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
.
- Warning: changing this may make the
- TLS handshake fail, making communication with clients
- impossible.
+ for the syntax. Warning: changing
+ this may make the TLS handshake fail, making communication
+ with clients impossible.
@@ -244,8 +238,8 @@
which would not normally be useful. If there are name
collisions on the same network, the
newer server will automatically rename itself to
- Mandos #2
, and so on,
- therefore this option is not needed in that case.
+ Mandos #2
, and so on;
+ therefore, this option is not needed in that case.
@@ -276,6 +270,16 @@
+
+ OVERVIEW
+ &OVERVIEW;
+
+ This program is the server part. It is a normal server program
+ and will run in a normal system environment, not in an initial
+ RAM disk environment.
+
+
+
NETWORK PROTOCOL
@@ -341,7 +345,7 @@
are still up. If a client has not been confirmed as being up
for some time, the client is assumed to be compromised and is no
longer eligible to receive the encrypted password. The timeout,
- checker program and interval between checks can be configured
+ checker program, and interval between checks can be configured
both globally and per client; see
mandos.conf
5 and
@@ -437,8 +441,10 @@
- Run the server in debug mode and read configuration files from
- the ~/mandos directory:
+ Run the server in debug mode, read configuration files from
+ the ~/mandos directory, and use the
+ Zeroconf service name Test
to not collide with
+ any other official Mandos server on this host:
@@ -466,8 +472,10 @@
SERVER
- Running the server should not in itself present any security
- risk to the host computer running it.
+ Running this &COMMANDNAME; server program should not in itself
+ present any security risk to the host computer running it.
+ The program does not need any special privileges to run, and
+ is designed to run as a non-root user.
@@ -481,8 +489,14 @@
itself and looks up the fingerprint in its list of
clients. The clients.conf file (see
mandos-clients.conf
- 5) must be non-readable
- by anyone except the user running the server.
+ 5)
+ must be made non-readable by anyone
+ except the user running the server.
+
+
+ As detailed in , the status of all
+ client computers will continually be checked and be assumed
+ compromised if they are gone for too long.
For more details on client-side security, see
@@ -494,45 +508,107 @@
SEE ALSO
-
-
- password-request
- 8mandos
-
-
-
- plugin-runner
- 8mandos
-
-
-
- Zeroconf
-
-
-
- Avahi
-
-
-
- GnuTLS
-
-
-
- RFC 4880: OpenPGP Message
- Format
-
-
-
- RFC 5081: Using OpenPGP Keys for
- Transport Layer Security
-
-
-
- RFC 4291: IP Version 6 Addressing
- Architecture, section 2.5.6, Link-Local IPv6
- Unicast Addresses
-
-
+
+
+
+
+ password-request
+ 8mandos
+
+
+
+
+ This is the actual program which talks to this server.
+ Note that it is normally not invoked directly, and is only
+ run in the initial RAM disk environment, and not on a
+ fully started system.
+
+
+
+
+
+ Zeroconf
+
+
+
+ Zeroconf is the network protocol standard used by clients
+ for finding this Mandos server on the local network.
+
+
+
+
+
+ Avahi
+
+
+
+ Avahi is the library this server calls to implement
+ Zeroconf service announcements.
+
+
+
+
+
+ GnuTLS
+
+
+
+ GnuTLS is the library this server uses to implement TLS for
+ communicating securely with the client, and at the same time
+ confidently get the client’s public OpenPGP key.
+
+
+
+
+
+ RFC 4291: IP Version 6 Addressing
+ Architecture, section 2.5.6, Link-Local IPv6
+ Unicast Addresses
+
+
+
+ The clients use IPv6 link-local addresses, which are
+ immediately usable since a link-local addresses is
+ automatically assigned to a network interfaces when it is
+ brought up.
+
+
+
+
+
+ RFC 4346: The Transport Layer Security
+ (TLS) Protocol Version 1.1
+
+
+
+ TLS 1.1 is the protocol implemented by GnuTLS.
+
+
+
+
+
+ RFC 4880: OpenPGP Message
+ Format
+
+
+
+ The data sent to clients is binary encrypted OpenPGP data.
+
+
+
+
+
+ RFC 5081: Using OpenPGP Keys for
+ Transport Layer Security
+
+
+
+ This is implemented by GnuTLS and used by this server so
+ that OpenPGP keys can be used.
+
+
+
+
=== added file 'overview.xml'
--- overview.xml 1970-01-01 00:00:00 +0000
+++ overview.xml 2008-08-17 22:42:28 +0000
@@ -0,0 +1,13 @@
+
+
+ This is part of the Mandos system for allowing host computers to
+ have encrypted root file systems and also be capable of remote and
+ unattended reboots. The host computers run a small client program
+ in the initial RAM disk environment which will communicate with a
+ server over a network. The clients are identified by the server
+ using a OpenPGP key; each client has one unique to it. The server
+ sends the clients an encrypted password. The encrypted password is
+ decrypted by the clients using the same OpenPGP key, and the
+ password is then used to unlock the root file system, whereupon the
+ host computers can continue booting normally.
+
=== modified file 'plugins.d/password-request.c'
--- plugins.d/password-request.c 2008-08-14 21:03:26 +0000
+++ plugins.d/password-request.c 2008-08-17 22:42:28 +0000
@@ -302,7 +302,7 @@
}
static const char * safer_gnutls_strerror (int value) {
- const char *ret = gnutls_strerror (value);
+ const char *ret = gnutls_strerror (value); /* Spurious warning */
if (ret == NULL)
ret = "(unknown)";
return ret;
@@ -341,7 +341,8 @@
/* OpenPGP credentials */
gnutls_certificate_allocate_credentials(&mc->cred);
if (ret != GNUTLS_E_SUCCESS){
- fprintf (stderr, "GnuTLS memory error: %s\n",
+ fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
+ warning */
safer_gnutls_strerror(ret));
gnutls_global_deinit ();
return -1;
@@ -475,7 +476,7 @@
fprintf(stderr, "Binding to interface %s\n", interface);
}
- memset(&to, 0, sizeof(to)); /* Spurious warning */
+ memset(&to, 0, sizeof(to));
to.in6.sin6_family = AF_INET6;
/* It would be nice to have a way to detect if we were passed an
IPv4 address here. Now we assume an IPv6 address. */
@@ -661,7 +662,7 @@
flags,
void* userdata) {
mandos_context *mc = userdata;
- assert(r); /* Spurious warning */
+ assert(r);
/* Called whenever a service has been resolved successfully or
timed out */
@@ -703,7 +704,7 @@
flags,
void* userdata) {
mandos_context *mc = userdata;
- assert(b); /* Spurious warning */
+ assert(b);
/* Called whenever a new services becomes available on the LAN or
is removed from the LAN */
@@ -897,7 +898,7 @@
exitcode = EXIT_FAILURE;
goto end;
}
- strcpy(network.ifr_name, interface); /* Spurious warning */
+ strcpy(network.ifr_name, interface);
ret = ioctl(sd, SIOCGIFFLAGS, &network);
if(ret == -1){
perror("ioctl SIOCGIFFLAGS");