/mandos/trunk : revision 29

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2008-07-31 19:48:05 UTC
Revision ID: teddy@fukt.bsnet.se-20080731194805-mseis21dxwrdfqhk

* plugins.d/mandosclient.c (start_mandos_communication): Changed
                                                        "if_index" to
                                                        be of type
                                                        "AvahiIfIndex".
                                                        All callers
                                                        changed.
(main): Add default values to "interface" and "if_index".  Only
         change if_index from default if "interface" was given.

* server.py (IPv6_TCPServer.server_bind): Bug fix: test if interface
                                          is empty, not if equal to
                                          avahi.IF_UNSPEC.
  (if_nametoindex): Bug fix; typo: assign to _func[0], not func[0].
  (main): Bug fix: Do not set service.interface unless the interface
          setting has been given.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos.conf => server.conf

mandos => server.py

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2011-10-03">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

</group>

<sbr/>

<group>

<arg choice="plain"><option>--extended-timeout

100

</group>

101

<sbr/>

102

<group>

103

<arg choice="plain"><option>--interval

104

105

<arg choice="plain"><option>-i

106

107

</group>

108

<sbr/>

109

<group>

110

<arg choice="plain"><option>--approve-by-default</option

111

></arg>

112

<sbr/>

113

<arg choice="plain"><option>--deny-by-default</option></arg>

114

</group>

115

<sbr/>

116

<group>

117

<arg choice="plain"><option>--approval-delay

118

119

</group>

120

<sbr/>

121

<group>

122

<arg choice="plain"><option>--approval-duration

123

124

</group>

125

<sbr/>

126

<group>

127

<arg choice="plain"><option>--interval

128

129

<arg choice="plain"><option>-i

130

131

</group>

132

<sbr/>

133

<group>

134

<arg choice="plain"><option>--host

135

<replaceable>STRING</replaceable></option></arg>

136

<arg choice="plain"><option>-H

137

<replaceable>STRING</replaceable></option></arg>

138

</group>

139

<sbr/>

140

<group>

141

<arg choice="plain"><option>--secret

142

<replaceable>FILENAME</replaceable></option></arg>

143

<arg choice="plain"><option>-s

144

<replaceable>FILENAME</replaceable></option></arg>

145

</group>

146

<sbr/>

147

<group>

148

<arg choice="plain"><option>--approve</option></arg>

149

150

<sbr/>

151

152

153

</group>

154

<sbr/>

155

156

157

158

159

<replaceable>CLIENT</replaceable>

160

</arg>

161

</group>

162

</cmdsynopsis>

163

164

<command>&COMMANDNAME;</command>

165

<group>

166

<arg choice="plain"><option>--verbose</option></arg>

167

168

</group>

169

<group>

170

171

<replaceable>CLIENT</replaceable>

172

</arg>

173

</group>

174

</cmdsynopsis>

175

176

<command>&COMMANDNAME;</command>

177

178

<arg choice="plain"><option>--is-enabled</option></arg>

179

180

</group>

181

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

182

</cmdsynopsis>

183

184

<command>&COMMANDNAME;</command>

185

186

187

188

</group>

189

</cmdsynopsis>

190

191

<command>&COMMANDNAME;</command>

192

193

<arg choice="plain"><option>--version</option></arg>

194

195

</group>

196

</cmdsynopsis>

197

</refsynopsisdiv>

198

199

200

<title>DESCRIPTION</title>

201

<para>

202

<command>&COMMANDNAME;</command> is a program to control the

203

operation of the Mandos server <citerefentry><refentrytitle

204

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

205

</para>

206

<para>

207

This program can be used to change client settings, approve or

208

deny client requests, and to remove clients from the server.

209

</para>

210

</refsect1>

211

212

213

<title>PURPOSE</title>

214

<para>

215

The purpose of this is to enable <emphasis>remote and unattended

216

rebooting</emphasis> of client host computer with an

217

<emphasis>encrypted root file system</emphasis>. See <xref

218

linkend="overview"/> for details.

219

</para>

220

</refsect1>

221

222

223

<title>OPTIONS</title>

224

225

226

227

228

229

230

<para>

231

Show a help message and exit

232

</para>

233

</listitem>

234

</varlistentry>

235

236

237

<term><option>--enable</option></term>

238

239

240

<para>

241

Enable client(s). An enabled client will be eligble to

242

receive its secret.

243

</para>

244

</listitem>

245

</varlistentry>

246

247

248

<term><option>--disable</option></term>

249

250

251

<para>

252

Disable client(s). A disabled client will not be eligble

253

to receive its secret, and no checkers will be started for

254

it.

255

</para>

256

</listitem>

257

</varlistentry>

258

259

260

<term><option>--bump-timeout</option></term>

261

262

<para>

263

Bump the timeout of the specified client(s), just as if a

264

checker had completed successfully for it/them.

265

</para>

266

</listitem>

267

</varlistentry>

268

269

270

<term><option>--start-checker</option></term>

271

272

<para>

273

Start a new checker now for the specified client(s).

274

</para>

275

</listitem>

276

</varlistentry>

277

278

279

<term><option>--stop-checker</option></term>

280

281

<para>

282

Stop any running checker for the specified client(s).

283

</para>

284

</listitem>

285

</varlistentry>

286

287

288

<term><option>--remove</option></term>

289

290

291

<para>

292

Remove the specified client(s) from the server.

293

</para>

294

</listitem>

295

</varlistentry>

296

297

298

<term><option>--checker

299

<replaceable>COMMAND</replaceable></option></term>

300

<term><option>-c

301

<replaceable>COMMAND</replaceable></option></term>

302

303

<para>

304

Set the <varname>checker</varname> option of the specified

305

client(s); see <citerefentry><refentrytitle

306

>mandos-clients.conf</refentrytitle><manvolnum

307

>5</manvolnum></citerefentry>.

308

</para>

309

</listitem>

310

</varlistentry>

311

312

313

<term><option>--timeout

314

315

<term><option>-t

316

317

318

<para>

319

Set the <varname>timeout</varname> option of the specified

320

client(s); see <citerefentry><refentrytitle

321

>mandos-clients.conf</refentrytitle><manvolnum

322

>5</manvolnum></citerefentry>.

323

</para>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--extended-timeout

329

330

331

<para>

332

Set the <varname>extended_timeout</varname> option of the

333

specified client(s); see <citerefentry><refentrytitle

334

>mandos-clients.conf</refentrytitle><manvolnum

335

>5</manvolnum></citerefentry>.

336

</para>

337

</listitem>

338

</varlistentry>

339

340

341

<term><option>--interval

342

343

<term><option>-i

344

345

346

<para>

347

Set the <varname>interval</varname> option of the

348

specified client(s); see <citerefentry><refentrytitle

349

>mandos-clients.conf</refentrytitle><manvolnum

350

>5</manvolnum></citerefentry>.

351

</para>

352

</listitem>

353

</varlistentry>

354

355

356

<term><option>--approve-by-default</option></term>

357

<term><option>--deny-by-default</option></term>

358

359

<para>

360

Set the <varname>approved_by_default</varname> option of

361

the specified client(s) to <literal>True</literal> or

362

<literal>False</literal>, respectively; see

363

<citerefentry><refentrytitle

364

>mandos-clients.conf</refentrytitle><manvolnum

365

>5</manvolnum></citerefentry>.

366

</para>

367

</listitem>

368

</varlistentry>

369

370

371

<term><option>--approval-delay

372

373

374

<para>

375

Set the <varname>approval_delay</varname> option of the

376

specified client(s); see <citerefentry><refentrytitle

377

>mandos-clients.conf</refentrytitle><manvolnum

378

>5</manvolnum></citerefentry>.

379

</para>

380

</listitem>

381

</varlistentry>

382

383

384

<term><option>--approval-duration

385

386

387

<para>

388

Set the <varname>approval_duration</varname> option of the

389

specified client(s); see <citerefentry><refentrytitle

390

>mandos-clients.conf</refentrytitle><manvolnum

391

>5</manvolnum></citerefentry>.

392

</para>

393

</listitem>

394

</varlistentry>

395

396

397

<term><option>--host

398

<replaceable>STRING</replaceable></option></term>

399

<term><option>-H

400

<replaceable>STRING</replaceable></option></term>

401

402

<para>

403

Set the <varname>host</varname> option of the specified

404

client(s); see <citerefentry><refentrytitle

405

>mandos-clients.conf</refentrytitle><manvolnum

406

>5</manvolnum></citerefentry>.

407

</para>

408

</listitem>

409

</varlistentry>

410

411

412

<term><option>--secret

413

<replaceable>FILENAME</replaceable></option></term>

414

<term><option>-s

415

<replaceable>FILENAME</replaceable></option></term>

416

417

<para>

418

Set the <varname>secfile</varname> option of the specified

419

client(s); see <citerefentry><refentrytitle

420

>mandos-clients.conf</refentrytitle><manvolnum

421

>5</manvolnum></citerefentry>.

422

</para>

423

</listitem>

424

</varlistentry>

425

426

427

<term><option>--approve</option></term>

428

429

430

<para>

431

Approve client(s) if currently waiting for approval.

432

</para>

433

</listitem>

434

</varlistentry>

435

436

437

438

439

440

<para>

441

Deny client(s) if currently waiting for approval.

442

</para>

443

</listitem>

444

</varlistentry>

445

446

447

448

449

450

<para>

451

Make the client-modifying options modify <emphasis

452

>all</emphasis> clients.

453

</para>

454

</listitem>

455

</varlistentry>

456

457

458

<term><option>--verbose</option></term>

459

460

461

<para>

462

Show all client settings, not just a subset.

463

</para>

464

</listitem>

465

</varlistentry>

466

467

468

<term><option>--is-enabled</option></term>

469

470

471

<para>

472

Check if a single client is enabled or not, and exit with

473

a successful exit status only if the client is enabled.

474

</para>

475

</listitem>

476

</varlistentry>

477

478

</variablelist>

479

</refsect1>

480

481

482

<title>OVERVIEW</title>

483

<xi:include href="overview.xml"/>

484

<para>

485

This program is a small utility to generate new OpenPGP keys for

486

new Mandos clients, and to generate sections for inclusion in

487

<filename>clients.conf</filename> on the server.

488

</para>

489

</refsect1>

490

491

492

<title>EXIT STATUS</title>

493

<para>

494

If the <option>--is-enabled</option> option is used, the exit

495

status will be 0 only if the specified client is enabled.

496

</para>

497

</refsect1>

498

499

500

501

502

503

504

505

506

<title>EXAMPLE</title>

507

508

<para>

509

To list all clients:

510

</para>

511

<para>

512

<userinput>&COMMANDNAME;</userinput>

513

</para>

514

</informalexample>

515

516

517

<para>

518

To list <emphasis>all</emphasis> settings for the clients

519

named <quote>foo1.example.org</quote> and <quote

520

>foo2.example.org</quote>:

521

</para>

522

<para>

523

524

525

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

526

527

</para>

528

</informalexample>

529

530

531

<para>

532

To enable all clients:

533

</para>

534

<para>

535

<userinput>&COMMANDNAME; --enable --all</userinput>

536

</para>

537

</informalexample>

538

539

540

<para>

541

To change timeout and interval value for the clients

542

named <quote>foo1.example.org</quote> and <quote

543

>foo2.example.org</quote>:

544

</para>

545

<para>

546

547

548

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

549

550

</para>

551

</informalexample>

552

553

554

<para>

555

To approve all clients currently waiting for it:

556

</para>

557

<para>

558

<userinput>&COMMANDNAME; --approve --all</userinput>

559

</para>

560

</informalexample>

561

</refsect1>

562

563

564

<title>SECURITY</title>

565

<para>

566

This program must be permitted to access the Mandos server via

567

the D-Bus interface. This normally requires the root user, but

568

could be configured otherwise by reconfiguring the D-Bus server.

569

</para>

570

</refsect1>

571

572

573

574

<para>

575

<citerefentry><refentrytitle>intro</refentrytitle>

576

<manvolnum>8mandos</manvolnum></citerefentry>,

577

<citerefentry><refentrytitle>mandos</refentrytitle>

578

<manvolnum>8</manvolnum></citerefentry>,

579

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

580

<manvolnum>5</manvolnum></citerefentry>,

581

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

582

583

</para>

584

</refsect1>

585

586

</refentry>

587

588

589

590

591

Older »