/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

* Makefile (run-client): Add "--network-hook-dir" option.
* plugin-runner.c (main): Only try to work around Debian bug #633582
                          if started as root.
* plugins.d/mandos-client.c (run_network_hooks): Bug fix: Run all
                                                 network hooks, not
                                                 just the first one.
                                                 Also add debug output.
  (main): Only try to work around Debian bug #633582 or run network
          hooks as root if started as root.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2009-02-09">
 
5
<!ENTITY TIMESTAMP "2011-10-03">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2011</year>
36
37
      <holder>Teddy Hogeborn</holder>
37
38
      <holder>Björn Påhlsson</holder>
38
39
    </copyright>
97
98
      </arg>
98
99
      <sbr/>
99
100
      <arg>
 
101
        <option>--retry <replaceable>SECONDS</replaceable></option>
 
102
      </arg>
 
103
      <sbr/>
 
104
      <arg>
 
105
        <option>--network-hook-dir<replaceable>DIR</replaceable></option>
 
106
      </arg>
 
107
      <sbr/>
 
108
      <arg>
100
109
        <option>--debug</option>
101
110
      </arg>
102
111
    </cmdsynopsis>
133
142
      using TLS with an OpenPGP key to ensure authenticity and
134
143
      confidentiality.  This client program keeps running, trying all
135
144
      servers on the network, until it receives a satisfactory reply
136
 
      or a TERM signal is received.  If no servers are found, or after
137
 
      all servers have been tried, it waits indefinitely for new
138
 
      servers to appear.
 
145
      or a TERM signal.  After all servers have been tried, all
 
146
      servers are periodically retried.  If no servers are found it
 
147
      will wait indefinitely for new servers to appear.
139
148
    </para>
140
149
    <para>
141
150
      This program is not meant to be run directly; it is really meant
202
211
        <listitem>
203
212
          <para>
204
213
            Network interface that will be brought up and scanned for
205
 
            Mandos servers to connect to.  The default is
206
 
            <quote><literal>eth0</literal></quote>.
 
214
            Mandos servers to connect to.  The default is the empty
 
215
            string, which will automatically choose an appropriate
 
216
            interface.
207
217
          </para>
208
218
          <para>
209
219
            If the <option>--connect</option> option is used, this
220
230
            by this program.
221
231
          </para>
222
232
          <para>
223
 
            <replaceable>NAME</replaceable> can be the empty string;
224
 
            this will not use any specific interface, and will not
225
 
            bring up an interface on startup.  This is not
226
 
            recommended, and only meant for advanced users.
 
233
            <replaceable>NAME</replaceable> can be the string
 
234
            <quote><literal>none</literal></quote>; this will not use
 
235
            any specific interface, and will not bring up an interface
 
236
            on startup.  This is not recommended, and only meant for
 
237
            advanced users.
227
238
          </para>
228
239
        </listitem>
229
240
      </varlistentry>
291
302
          </para>
292
303
        </listitem>
293
304
      </varlistentry>
 
305
 
 
306
      <varlistentry>
 
307
        <term><option>--retry=<replaceable
 
308
        >SECONDS</replaceable></option></term>
 
309
        <listitem>
 
310
          <para>
 
311
            All Mandos servers are tried repeatedly until a password
 
312
            is received.  This value specifies, in seconds, how long
 
313
            between each successive try <emphasis>for the same
 
314
            server</emphasis>.  The default is 10 seconds.
 
315
          </para>
 
316
        </listitem>
 
317
      </varlistentry>
 
318
 
 
319
      <varlistentry>
 
320
        <term><option>--network-hook-dir=<replaceable
 
321
        >DIR</replaceable></option></term>
 
322
        <listitem>
 
323
          <para>
 
324
            Network hook directory.  The default directory is
 
325
            <quote><filename class="directory"
 
326
            >/lib/mandos/network-hooks.d</filename></quote>.
 
327
          </para>
 
328
        </listitem>
 
329
      </varlistentry>
294
330
      
295
331
      <varlistentry>
296
332
        <term><option>--debug</option></term>
369
405
      server could be found and the password received from it could be
370
406
      successfully decrypted and output on standard output.  The
371
407
      program will exit with a non-zero exit status only if a critical
372
 
      error occurs.  Otherwise, it will forever connect to new
373
 
      <application>Mandos</application> servers as they appear, trying
374
 
      to get a decryptable password and print it.
 
408
      error occurs.  Otherwise, it will forever connect to any
 
409
      discovered <application>Mandos</application> servers, trying to
 
410
      get a decryptable password and print it.
375
411
    </para>
376
412
  </refsect1>
377
413
  
516
552
  <refsect1 id="see_also">
517
553
    <title>SEE ALSO</title>
518
554
    <para>
 
555
      <citerefentry><refentrytitle>intro</refentrytitle>
 
556
      <manvolnum>8mandos</manvolnum></citerefentry>,
519
557
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
520
558
      <manvolnum>8</manvolnum></citerefentry>,
521
559
      <citerefentry><refentrytitle>crypttab</refentrytitle>