/mandos/trunk : revision 1237

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2021-02-03 23:10:42 UTC
Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej

mandos-ctl: Fix bad test for command.Remove and related minor issues

The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server.  But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing.  Fix this.

In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).

Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.

* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
  original "clients" dict, and loop over those instead.  Add assertion
  that all clients were indeed removed.  Also fix the code which looks
  for the Remove command, which now needs to actually work.
  (TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
  assertion that there are still clients before looping over them.
  (TestPropertySetterCmd.runTest): Add assertion that the list of
  values to get is not empty before looping over them.  Also add check
  that there are still clients before looping over clients.

files added:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2010-09-21">

<!ENTITY TIMESTAMP "2019-07-29">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<refname><command>&COMMANDNAME;</command></refname>

Control the operation of the Mandos server

Control or query the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interval

<arg choice="plain"><option>-i

100

101

</group>

102

<sbr/>

103

<group>

104

<arg choice="plain"><option>--host

105

<replaceable>STRING</replaceable></option></arg>

106

<arg choice="plain"><option>-H

107

<replaceable>STRING</replaceable></option></arg>

108

</group>

109

<sbr/>

110

<group>

111

<arg choice="plain"><option>--secret

112

<replaceable>FILENAME</replaceable></option></arg>

113

<arg choice="plain"><option>-s

114

<replaceable>FILENAME</replaceable></option></arg>

115

</group>

116

<sbr/>

117

<group>

118

<arg choice="plain"><option>--approve</option></arg>

119

120

<sbr/>

<arg choice="plain"><option>--verbose</option></arg>

<sbr/>

</group>

<arg><option>--debug</option></arg>

<group>

<replaceable>CLIENT</replaceable>

</arg>

</group>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

100

<group>

101

<arg choice="plain"><option>--checker

102

<replaceable>COMMAND</replaceable></option></arg>

103

<arg choice="plain"><option>-c

104

<replaceable>COMMAND</replaceable></option></arg>

105

</group>

106

<sbr/>

107

<group>

108

<arg choice="plain"><option>--timeout

109

110

<arg choice="plain"><option>-t

111

112

</group>

113

<sbr/>

114

<group>

115

<arg choice="plain"><option>--extended-timeout

116

117

</group>

118

<sbr/>

119

<group>

120

<arg choice="plain"><option>--interval

121

122

<arg choice="plain"><option>-i

123

124

</group>

125

<sbr/>

126

<group>

127

<arg choice="plain"><option>--approve-by-default</option

128

></arg>

129

<sbr/>

130

<arg choice="plain"><option>--deny-by-default</option></arg>

131

</group>

132

<sbr/>

133

<group>

134

<arg choice="plain"><option>--approval-delay

135

136

</group>

137

<sbr/>

138

<group>

139

<arg choice="plain"><option>--approval-duration

140

141

</group>

142

<sbr/>

143

<group>

144

<arg choice="plain"><option>--host

145

<replaceable>STRING</replaceable></option></arg>

146

<arg choice="plain"><option>-H

147

<replaceable>STRING</replaceable></option></arg>

148

</group>

149

<sbr/>

150

<group>

151

<arg choice="plain"><option>--secret

152

<replaceable>FILENAME</replaceable></option></arg>

153

<arg choice="plain"><option>-s

154

<replaceable>FILENAME</replaceable></option></arg>

155

</group>

156

<sbr/>

157

<group>

158

<arg choice="plain"><option>--approve</option></arg>

159

160

<sbr/>

161

162

163

</group>

164

</group>

165

<sbr/>

166

<arg><option>--debug</option></arg>

167

168

169

170

171

<replaceable>CLIENT</replaceable>

172

</arg>

173

</group>

174

</cmdsynopsis>

175

176

<command>&COMMANDNAME;</command>

177

<group>

121

178

122

179

123

180

</group>

181

182

<arg choice="plain"><option>--remove</option></arg>

183

184

</group>

124

185

<sbr/>

186

<arg><option>--debug</option></arg>

125

187

126

188

127

189

132

194

</cmdsynopsis>

133

195

134

196

<command>&COMMANDNAME;</command>

135

<group>

136

<arg choice="plain"><option>--verbose</option></arg>

137

138

</group>

139

<group>

140

141

<replaceable>CLIENT</replaceable>

142

</arg>

143

</group>

144

</cmdsynopsis>

145

146

<command>&COMMANDNAME;</command>

147

197

148

198

<arg choice="plain"><option>--is-enabled</option></arg>

149

199

150

200

</group>

201

<arg><option>--debug</option></arg>

151

202

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

152

203

</cmdsynopsis>

153

204

164

215

165

216

</group>

166

217

</cmdsynopsis>

218

219

<command>&COMMANDNAME;</command>

220

<arg choice="plain"><option>--check</option></arg>

221

</cmdsynopsis>

167

222

</refsynopsisdiv>

168

223

169

224

170

225

<title>DESCRIPTION</title>

171

226

<para>

172

<command>&COMMANDNAME;</command> is a program to control the

173

operation of the Mandos server <citerefentry><refentrytitle

174

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

227

<command>&COMMANDNAME;</command> is a program to control or

228

query the operation of the Mandos server

229

<citerefentry><refentrytitle>mandos</refentrytitle><manvolnum

230

>8</manvolnum></citerefentry>.

175

231

</para>

176

232

<para>

177

233

This program can be used to change client settings, approve or

273

329

<para>

274

330

Set the <varname>checker</varname> option of the specified

275

331

client(s); see <citerefentry><refentrytitle

276

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

277

></citerefentry>.

332

>mandos-clients.conf</refentrytitle><manvolnum

333

>5</manvolnum></citerefentry>.

278

334

</para>

279

335

</listitem>

280

336

</varlistentry>

288

344

<para>

289

345

Set the <varname>timeout</varname> option of the specified

290

346

client(s); see <citerefentry><refentrytitle

291

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

292

></citerefentry>.

347

>mandos-clients.conf</refentrytitle><manvolnum

348

>5</manvolnum></citerefentry>.

349

</para>

350

</listitem>

351

</varlistentry>

352

353

354

<term><option>--extended-timeout

355

356

357

<para>

358

Set the <varname>extended_timeout</varname> option of the

359

specified client(s); see <citerefentry><refentrytitle

360

>mandos-clients.conf</refentrytitle><manvolnum

361

>5</manvolnum></citerefentry>.

293

362

</para>

294

363

</listitem>

295

364

</varlistentry>

301

370

302

371

303

372

<para>

304

Set the <varname>interval</varname> option of the specified

305

client(s); see <citerefentry><refentrytitle

306

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

307

></citerefentry>.

373

Set the <varname>interval</varname> option of the

374

specified client(s); see <citerefentry><refentrytitle

375

>mandos-clients.conf</refentrytitle><manvolnum

376

>5</manvolnum></citerefentry>.

377

</para>

378

</listitem>

379

</varlistentry>

380

381

382

<term><option>--approve-by-default</option></term>

383

<term><option>--deny-by-default</option></term>

384

385

<para>

386

Set the <varname>approved_by_default</varname> option of

387

the specified client(s) to <literal>True</literal> or

388

<literal>False</literal>, respectively; see

389

<citerefentry><refentrytitle

390

>mandos-clients.conf</refentrytitle><manvolnum

391

>5</manvolnum></citerefentry>.

392

</para>

393

</listitem>

394

</varlistentry>

395

396

397

<term><option>--approval-delay

398

399

400

<para>

401

Set the <varname>approval_delay</varname> option of the

402

specified client(s); see <citerefentry><refentrytitle

403

>mandos-clients.conf</refentrytitle><manvolnum

404

>5</manvolnum></citerefentry>.

405

</para>

406

</listitem>

407

</varlistentry>

408

409

410

<term><option>--approval-duration

411

412

413

<para>

414

Set the <varname>approval_duration</varname> option of the

415

specified client(s); see <citerefentry><refentrytitle

416

>mandos-clients.conf</refentrytitle><manvolnum

417

>5</manvolnum></citerefentry>.

308

418

</para>

309

419

</listitem>

310

420

</varlistentry>

318

428

<para>

319

429

Set the <varname>host</varname> option of the specified

320

430

client(s); see <citerefentry><refentrytitle

321

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

322

></citerefentry>.

431

>mandos-clients.conf</refentrytitle><manvolnum

432

>5</manvolnum></citerefentry>.

323

433

</para>

324

434

</listitem>

325

435

</varlistentry>

333

443

<para>

334

444

Set the <varname>secfile</varname> option of the specified

335

445

client(s); see <citerefentry><refentrytitle

336

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

337

></citerefentry>.

446

>mandos-clients.conf</refentrytitle><manvolnum

447

>5</manvolnum></citerefentry>.

338

448

</para>

339

449

</listitem>

340

450

</varlistentry>

381

491

</varlistentry>

382

492

383

493

494

495

496

497

<para>

498

Dump client settings as JSON to standard output.

499

</para>

500

</listitem>

501

</varlistentry>

502

503

384

504

<term><option>--is-enabled</option></term>

385

505

386

506

391

511

</listitem>

392

512

</varlistentry>

393

513

514

515

<term><option>--debug</option></term>

516

517

<para>

518

Show debug output; currently, this means show D-Bus calls.

519

</para>

520

</listitem>

521

</varlistentry>

522

523

524

<term><option>--check</option></term>

525

526

<para>

527

Run self-tests. This includes any unit tests, etc.

528

</para>

529

</listitem>

530

</varlistentry>

531

394

532

</variablelist>

395

533

</refsect1>

396

534

412

550

</para>

413

551

</refsect1>

414

552

415

416

417

418

419

553

554

555

<xi:include href="bugs.xml"/>

556

</refsect1>

420

557

421

558

422

559

<title>EXAMPLE</title>

560

<!-- Name of test methods in class Test_commands_from_options are

561

written in comments below. When adding an example, add a

562

test too which tests the documented behavior. -->

423

563

564

424

565

<para>

425

List all clients with some of their settings:

566

To list all clients:

426

567

</para>

427

568

<para>

428

569

<userinput>&COMMANDNAME;</userinput>

429

570

</para>

430

571

</informalexample>

431

432

<para>

433

Show all settings for the clients named <quote>foo</quote> and

434

<quote>bar</quote>:

435

</para>

436

<para>

437

438

439

<userinput>&COMMANDNAME; --verbose foo bar</userinput>

440

572

573

574

575

<para>

576

To list <emphasis>all</emphasis> settings for the clients

577

named <quote>foo1.example.org</quote> and <quote

578

>foo2.example.org</quote>:

579

</para>

580

<para>

581

582

583

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

584

585

</para>

586

</informalexample>

587

588

589

590

<para>

591

To enable all clients:

592

</para>

593

<para>

594

<userinput>&COMMANDNAME; --enable --all</userinput>

595

</para>

596

</informalexample>

597

598

599

600

<para>

601

To change timeout and interval value for the clients

602

named <quote>foo1.example.org</quote> and <quote

603

>foo2.example.org</quote>:

604

</para>

605

<para>

606

607

608

<userinput>&COMMANDNAME; --timeout=PT5M --interval=PT1M foo1.example.org foo2.example.org</userinput>

609

610

</para>

611

</informalexample>

612

613

614

615

<para>

616

To approve all clients currently waiting for approval:

617

</para>

618

<para>

619

<userinput>&COMMANDNAME; --approve --all</userinput>

441

620

</para>

442

621

</informalexample>

443

622

</refsect1>

454

633

455

634

456

635

<para>

636

<citerefentry><refentrytitle>intro</refentrytitle>

637

<manvolnum>8mandos</manvolnum></citerefentry>,

457

638

<citerefentry><refentrytitle>mandos</refentrytitle>

458

639

<manvolnum>8</manvolnum></citerefentry>,

459

640

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

Older »