/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-05 18:36:23 UTC
  • mto: This revision was merged to the branch mainline in revision 759.
  • Revision ID: teddy@recompile.se-20150705183623-k7yokhi0wpvs61iw
Add plugin for mandos-client to add and delete local routes.

* Makefile (LIBNL3_CFLAGS, LIBNL3_LIBS): New; add for netlink library.
  (PLUGIN_HELPERS): Add "plugin-helpers/mandos-client-iprouteadddel".
  (plugin-helpers/mandos-client-iprouteadddel): New.
* plugin-helpers/mandos-client-iprouteadddel.c: New.
* plugins.d/mandos_client (add_remove_local_route): Rename
                                                    "remove_arg" to
                                                    "delete_arg".  All
                                                    users changed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2014-03-05">
 
5
<!ENTITY TIMESTAMP "2015-06-29">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
36
36
      <year>2012</year>
37
37
      <year>2013</year>
38
38
      <year>2014</year>
 
39
      <year>2015</year>
39
40
      <holder>Teddy Hogeborn</holder>
40
41
      <holder>Björn Påhlsson</holder>
41
42
    </copyright>
444
445
  
445
446
  <refsect1 id="environment">
446
447
    <title>ENVIRONMENT</title>
 
448
    <variablelist>
 
449
      <varlistentry>
 
450
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
 
451
        <listitem>
 
452
          <para>
 
453
            This environment variable will be assumed to contain the
 
454
            directory containing any helper executables.  The use and
 
455
            nature of these helper executables, if any, is
 
456
            purposefully not documented.
 
457
        </para>
 
458
        </listitem>
 
459
      </varlistentry>
 
460
    </variablelist>
447
461
    <para>
448
 
      This program does not use any environment variables, not even
449
 
      the ones provided by <citerefentry><refentrytitle
 
462
      This program does not use any other environment variables, not
 
463
      even the ones provided by <citerefentry><refentrytitle
450
464
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
451
465
    </citerefentry>.
452
466
    </para>
748
762
    <para>
749
763
      It will also help if the checker program on the server is
750
764
      configured to request something from the client which can not be
751
 
      spoofed by someone else on the network, unlike unencrypted
752
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
765
      spoofed by someone else on the network, like SSH server key
 
766
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
767
      echo (<quote>ping</quote>) replies.
753
768
    </para>
754
769
    <para>
755
770
      <emphasis>Note</emphasis>: This makes it completely insecure to