/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to clients.conf

Committer: teddy at recompile
Date: 2020-02-09 03:38:33 UTC
Revision ID: teddy@recompile.se-20200209033833-2la1pujrnv2m0so4

Use reallocarray() if available, or check for overflow

* dracut-module/password-agent.c (add_to_queue): Check for overflow.
(test_add_to_queue_overflow): New test.
* plugin-runner.c (add_to_char_array, main): Use reallocarray().
* plugins.d/plymouth.c (exec_and_wait): - '' -

files removed:
debian/po/es.po

debian/po/pt_BR.po

files modified:
DBUS-API

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.lintian-overrides

debian/mandos-client.templates

debian/po/fr.po

debian/rules

dracut-module/ask-password-mandos.service

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos-to-cryptroot-unlock

mandos.lsm

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

4

4

5

5

# How long until a client is disabled and not be allowed to get the

6

6

# data this server holds.

7

# (RFC 3339 duration syntax)

8

7

;timeout = PT5M

9

8

10

9

# How often to run the checker to confirm that a client is still up.

12

11

# running. The server will wait for a checker to complete until the

13

12

# above "timeout" occurs, at which time the client will be disabled,

14

13

# and any running checker killed.

15

# (RFC 3339 duration syntax)

16

14

;interval = PT2M

17

15

18

16

# Extended timeout is an added timeout that is given once after a

19

17

# password has been sent sucessfully to a client. This allows for

20

18

# additional delays caused by file system checks and quota checks.

21

# (RFC 3339 duration syntax)

22

19

;extended_timeout = PT15M

23

20

24

21

# What command to run as "the checker".

28

25

;approved_by_default = True

29

26

30

27

# How long to wait for approval.

31

# (RFC 3339 duration syntax)

32

28

;approval_delay = PT0S

33

29

34

30

# How long one approval will last.

35

# (RFC 3339 duration syntax)

36

31

;approval_duration = PT1S

37

32

38

33

# Whether this client is enabled by default

50

45

;fingerprint = 7788 2722 5BA7 DE53 9C5A 7CFA 59CF F7CD BD9A 5920

51

46

;

52

47

;# This is base64-encoded binary data. It will be decoded and sent to

53

;# the client matching the above key_id (for GnuTLS 3.6.6 or later) or

54

;# the above fingerprint (for GnuTLS before 3.6.0). This should, of

55

;# course, be OpenPGP encrypted data, decryptable only by the client.

48

;# the client matching the above fingerprint. This should, of course,

49

;# be OpenPGP encrypted data, decryptable only by the client.

56

50

;secret =

57

51

; hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234

58

52

; REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N

Older »