/mandos/trunk : revision 24.1.21

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to network-protocol.txt

Committer: Björn Påhlsson
Date: 2008-08-08 01:25:11 UTC
mfrom: (47 mandos)
mto: (24.1.154 mandos) (237.4.3 mandos-release)
mto: This revision was merged to the branch mainline in revision 50.
Revision ID: belorn@braxen-20080808012511-l6zhkmcp1geyaed0

merge

files added:
network-protocol.txt

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-hook

initramfs-tools-script

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files renamed:
plugin-runner.c => mandos-client.c

plugins.d/mandos-client.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

mandos

mandos.conf

plugins.d/password-prompt.c

Show diffs side-by-side

added added

removed removed

network-protocol.txt

The Mandos server announces itself as a Zeroconf service of type

"_mandos._tcp". The Mandos client sends a line of text where the first

whitespace-separated field is the protocol version, which currently is

"1". The client and server then start a TLS protocol handshake with a

slight quirk: the Mandos server program acts as a TLS "client" while

the connecting Mandos client acts as a TLS "server". The Mandos

client must supply an OpenPGP certificate, and the fingerprint of this

certificate is used by the Mandos server to look up (in a list read

from a file at start time) which binary blob to give the client. No

other authentication or authorization is done by the server.

| Mandos server | | Mandos client |

| | | <Connect> |

| | <- | "1\r\n" |

| <TLS handshake> | <-> | <TLS handshake> |

| | <- | OpenPGP public key (part of TLS handshake) |

| <Binary blob> | -> | |

| <Close> | | |

Older »