/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2021-02-03 23:10:42 UTC
  • Revision ID: teddy@recompile.se-20210203231042-2z3egrvpo1zt7nej
mandos-ctl: Fix bad test for command.Remove and related minor issues

The test for command.Remove removes all clients from the spy server,
and then loops over all clients, looking for the corresponding Remove
command as recorded by the spy server.  But since since there aren't
any clients left after they were removed, no assertions are made, and
the test therefore does nothing.  Fix this.

In tests for command.Approve and command.Deny, add checks that clients
were not somehow removed by the command (in which case, likewise, no
assertions are made).

Add related checks to TestPropertySetterCmd.runTest; i.e. test that a
sequence is not empty before looping over it and making assertions.

* mandos-ctl (TestBaseCommands.test_Remove): Save a copy of the
  original "clients" dict, and loop over those instead.  Add assertion
  that all clients were indeed removed.  Also fix the code which looks
  for the Remove command, which now needs to actually work.
  (TestBaseCommands.test_Approve, TestBaseCommands.test_Deny): Add
  assertion that there are still clients before looping over them.
  (TestPropertySetterCmd.runTest): Add assertion that the list of
  values to get is not empty before looping over them.  Also add check
  that there are still clients before looping over clients.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.conf.xml
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
7
 
<!ENTITY TIMESTAMP "2008-08-29">
 
6
<!ENTITY TIMESTAMP "2019-06-20">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
8
9
]>
9
10
 
10
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
13
    <title>Mandos Manual</title>
13
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
15
    <productname>Mandos</productname>
15
 
    <productnumber>&VERSION;</productnumber>
 
16
    <productnumber>&version;</productnumber>
16
17
    <date>&TIMESTAMP;</date>
17
18
    <authorgroup>
18
19
      <author>
19
20
        <firstname>Björn</firstname>
20
21
        <surname>Påhlsson</surname>
21
22
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
23
24
        </address>
24
25
      </author>
25
26
      <author>
26
27
        <firstname>Teddy</firstname>
27
28
        <surname>Hogeborn</surname>
28
29
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
30
31
        </address>
31
32
      </author>
32
33
    </authorgroup>
33
34
    <copyright>
34
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2010</year>
 
38
      <year>2011</year>
 
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
 
44
      <year>2017</year>
 
45
      <year>2018</year>
 
46
      <year>2019</year>
35
47
      <holder>Teddy Hogeborn</holder>
36
48
      <holder>Björn Påhlsson</holder>
37
49
    </copyright>
38
 
    <legalnotice>
39
 
      <para>
40
 
        This manual page is free software: you can redistribute it
41
 
        and/or modify it under the terms of the GNU General Public
42
 
        License as published by the Free Software Foundation,
43
 
        either version 3 of the License, or (at your option) any
44
 
        later version.
45
 
      </para>
46
 
 
47
 
      <para>
48
 
        This manual page is distributed in the hope that it will
49
 
        be useful, but WITHOUT ANY WARRANTY; without even the
50
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
51
 
        PARTICULAR PURPOSE.  See the GNU General Public License
52
 
        for more details.
53
 
      </para>
54
 
 
55
 
      <para>
56
 
        You should have received a copy of the GNU General Public
57
 
        License along with this program; If not, see
58
 
        <ulink url="http://www.gnu.org/licenses/"/>.
59
 
      </para>
60
 
    </legalnotice>
 
50
    <xi:include href="legalnotice.xml"/>
61
51
  </refentryinfo>
62
 
 
 
52
  
63
53
  <refmeta>
64
54
    <refentrytitle>&CONFNAME;</refentrytitle>
65
55
    <manvolnum>5</manvolnum>
71
61
      Configuration file for the Mandos server
72
62
    </refpurpose>
73
63
  </refnamediv>
74
 
 
 
64
  
75
65
  <refsynopsisdiv>
76
 
    <synopsis>
77
 
      &CONFPATH;
78
 
    </synopsis>
 
66
    <synopsis>&CONFPATH;</synopsis>
79
67
  </refsynopsisdiv>
80
 
 
 
68
  
81
69
  <refsect1 id="description">
82
70
    <title>DESCRIPTION</title>
83
71
    <para>
95
83
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
96
84
      to provide comments.
97
85
    </para>
98
 
 
 
86
    
99
87
  </refsect1>
100
88
  <refsect1>
101
89
    <title>OPTIONS</title>
102
90
    
103
91
    <variablelist>
104
92
      <varlistentry>
105
 
        <term><varname>interface</varname></term>
 
93
        <term><option>interface<literal> = </literal><replaceable
 
94
        >NAME</replaceable></option></term>
106
95
        <listitem>
107
 
          <synopsis><literal>interface = </literal><replaceable
108
 
          >NAME</replaceable>
109
 
          </synopsis>
110
96
          <xi:include href="mandos-options.xml" xpointer="interface"/>
111
97
        </listitem>
112
98
      </varlistentry>
113
 
 
 
99
      
114
100
      <varlistentry>
115
 
        <term><varname>address</varname></term>
 
101
        <term><option>address<literal> = </literal><replaceable
 
102
          >ADDRESS</replaceable></option></term>
116
103
        <listitem>
117
 
          <synopsis><literal>address = </literal><replaceable
118
 
          >ADDRESS</replaceable>
119
 
          </synopsis>
120
104
          <xi:include href="mandos-options.xml" xpointer="address"/>
121
105
        </listitem>
122
106
      </varlistentry>
123
 
 
 
107
      
124
108
      <varlistentry>
125
 
        <term><varname>port</varname></term>
 
109
        <term><option>port<literal> = </literal><replaceable
 
110
        >NUMBER</replaceable></option></term>
126
111
        <listitem>
127
 
          <synopsis><literal>port = </literal><replaceable
128
 
          >NUMBER</replaceable>
129
 
          </synopsis>
130
112
          <xi:include href="mandos-options.xml" xpointer="port"/>
131
113
        </listitem>
132
114
      </varlistentry>
133
 
 
 
115
      
134
116
      <varlistentry>
135
 
        <term><varname>debug</varname></term>
136
 
        <listitem>
137
 
          <synopsis><literal>debug = </literal>{ <literal
 
117
        <term><option>debug<literal> = </literal>{ <literal
138
118
          >1</literal> | <literal>yes</literal> | <literal
139
119
          >true</literal> | <literal>on</literal> | <literal
140
120
          >0</literal> | <literal>no</literal> | <literal
141
 
          >false</literal> | <literal>off</literal> }
142
 
          </synopsis>
 
121
          >false</literal> | <literal>off</literal> }</option></term>
 
122
        <listitem>
143
123
          <xi:include href="mandos-options.xml" xpointer="debug"/>
144
124
        </listitem>
145
125
      </varlistentry>
146
 
 
 
126
      
147
127
      <varlistentry>
148
 
        <term><varname>priority</varname></term>
 
128
        <term><option>priority<literal> = </literal><replaceable
 
129
        >STRING</replaceable></option></term>
149
130
        <listitem>
150
 
          <synopsis><literal>priority = </literal><replaceable
151
 
          >STRING</replaceable>
152
 
          </synopsis>
153
131
          <xi:include href="mandos-options.xml" xpointer="priority"/>
154
132
        </listitem>
155
133
      </varlistentry>
156
 
 
 
134
      
157
135
      <varlistentry>
158
 
        <term><varname>servicename</varname></term>
 
136
        <term><option>servicename<literal> = </literal
 
137
        ><replaceable>NAME</replaceable></option></term>
159
138
        <listitem>
160
 
          <synopsis><literal>servicename = </literal><replaceable
161
 
          >NAME</replaceable>
162
 
          </synopsis>
163
139
          <xi:include href="mandos-options.xml"
164
140
                      xpointer="servicename"/>
165
141
        </listitem>
166
142
      </varlistentry>
167
143
      
 
144
      <varlistentry>
 
145
        <term><option>use_dbus<literal> = </literal>{ <literal
 
146
          >1</literal> | <literal>yes</literal> | <literal
 
147
          >true</literal> | <literal>on</literal> | <literal
 
148
          >0</literal> | <literal>no</literal> | <literal
 
149
          >false</literal> | <literal>off</literal> }</option></term>
 
150
        <listitem>
 
151
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
152
        </listitem>
 
153
      </varlistentry>
 
154
      
 
155
      <varlistentry>
 
156
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
157
          >1</literal> | <literal>yes</literal> | <literal
 
158
          >true</literal> | <literal>on</literal> | <literal
 
159
          >0</literal> | <literal>no</literal> | <literal
 
160
          >false</literal> | <literal>off</literal> }</option></term>
 
161
        <listitem>
 
162
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
163
        </listitem>
 
164
      </varlistentry>
 
165
      
 
166
      <varlistentry>
 
167
        <term><option>restore<literal> = </literal>{ <literal
 
168
          >1</literal> | <literal>yes</literal> | <literal
 
169
          >true</literal> | <literal>on</literal> | <literal
 
170
          >0</literal> | <literal>no</literal> | <literal
 
171
          >false</literal> | <literal>off</literal> }</option></term>
 
172
        <listitem>
 
173
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
174
        </listitem>
 
175
      </varlistentry>
 
176
      
 
177
      <varlistentry>
 
178
        <term><option>statedir<literal> = </literal><replaceable
 
179
        >DIRECTORY</replaceable></option></term>
 
180
        <listitem>
 
181
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
182
        </listitem>
 
183
      </varlistentry>
 
184
      
 
185
      <varlistentry>
 
186
        <term><option>socket<literal> = </literal><replaceable
 
187
        >NUMBER</replaceable></option></term>
 
188
        <listitem>
 
189
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
190
        </listitem>
 
191
      </varlistentry>
 
192
      
168
193
    </variablelist>
169
194
  </refsect1>
170
195
  
180
205
    <para>
181
206
      The <literal>[DEFAULT]</literal> is necessary because the Python
182
207
      built-in module <systemitem class="library">ConfigParser</systemitem>
183
 
      requres it.
 
208
      requires it.
184
209
    </para>
 
210
    <xi:include href="bugs.xml"/>
185
211
  </refsect1>
186
212
  
187
213
  <refsect1 id="example">
201
227
      <programlisting>
202
228
[DEFAULT]
203
229
# A configuration example
204
 
interface = eth0
205
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
230
interface = enp1s0
 
231
address = fe80::aede:48ff:fe71:f6f2
206
232
port = 1025
207
 
debug = true
208
 
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
233
debug = True
 
234
priority = SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA
209
235
servicename = Daena
 
236
use_dbus = False
 
237
use_ipv6 = True
 
238
restore = True
 
239
statedir = /var/lib/mandos
210
240
      </programlisting>
211
241
    </informalexample>
212
242
  </refsect1>
214
244
  <refsect1 id="see_also">
215
245
    <title>SEE ALSO</title>
216
246
    <para>
 
247
      <citerefentry><refentrytitle>intro</refentrytitle>
 
248
      <manvolnum>8mandos</manvolnum></citerefentry>,
217
249
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
218
250
      ><manvolnum>3</manvolnum></citerefentry>,
219
251
      <citerefentry><refentrytitle>mandos</refentrytitle>
221
253
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
222
254
      <manvolnum>5</manvolnum></citerefentry>
223
255
    </para>
224
 
 
 
256
    
225
257
    <variablelist>
226
258
      <varlistentry>
227
259
        <term>
247
279
              <para>
248
280
                The clients use IPv6 link-local addresses, which are
249
281
                immediately usable since a link-local addresses is
250
 
                automatically assigned to a network interfaces when it
 
282
                automatically assigned to a network interface when it
251
283
                is brought up.
252
284
              </para>
253
285
            </listitem>