/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to network-protocol.txt

Committer: Teddy Hogeborn
Date: 2008-08-07 21:45:41 UTC
Revision ID: teddy@fukt.bsnet.se-20080807214541-pyg8itw6kphz1dy5

* plugbasedclient.c: Renamed to "mandos-client.c".  All users changed.

* plugins.d/mandosclient.c: Renamed to "plugins.d/password-request.c".
                            All users changed.

* plugins.d/passprompt.c: Renamed to "plugins.d/password-prompt.c".
                          All users changed.

* server.conf: Renamed to "mandos.conf".  All users changed.

* server.py: Renamed to "mandos".
  (daemon): Have default values for arguments. Caller changed.

* Makefile (distclean, mostlyclean, maintainer-clean): New aliases for
                                                       "clean".
  (check, run-client, run-server): New.

* network-protocol.txt: New.

files added:
network-protocol.txt

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-hook

initramfs-tools-script

initramfs-tools-script-stop

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files renamed:
plugin-runner.c => mandos-client.c

plugins.d/mandos-client.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

mandos

mandos.conf

plugins.d/password-prompt.c

Show diffs side-by-side

added added

removed removed

network-protocol.txt

1

The Mandos server announces itself as a Zeroconf service of type

2

"_mandos._tcp". The Mandos client sends a line of text where the first

3

whitespace-separated field is the protocol version, which currently is

4

"1". The client and server then start a TLS protocol handshake with a

5

slight quirk: the Mandos server program acts as a TLS "client" while

6

the connecting Mandos client acts as a TLS "server". The Mandos

7

client must supply an OpenPGP certificate, and the fingerprint of this

8

certificate is used by the Mandos server to look up (in a list read

9

from a file at start time) which binary blob to give the client. No

10

other authentication or authorization is done by the server.

11

12

| Mandos server | | Mandos client |

13

| | | <Connect> |

14

| | <- | "1\r\n" |

15

| <TLS handshake> | <-> | <TLS handshake> |

16

| | <- | OpenPGP public key (part of TLS handshake) |

17

| <Binary blob> | -> | |

18

| <Close> | | |

Older »