/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-06 20:09:47 UTC
  • mto: This revision was merged to the branch mainline in revision 759.
  • Revision ID: teddy@recompile.se-20150706200947-w21u4eq74efgl6r5
Fix minor bugs and typos and add some more debug output.

* Makefile (install-client-nokey): Create plugin-helpers directory and
                                   the mandos-client-iprouteadddel
                                   helper program.
* initramfs-tools-hook (PLUGINHELPERDIR): Fix typo.
* plugins.d/mandos-client.c: Change terminology; routes are "deleted",
                             not "removed".  All occurences changed.
  (add_remove_local_route): Renamed to "add_delete_local_route".  All
                            callers changed.  Also pass "--debug" flag
                            to helper if in debug mode.
  (add_local_route): Add debugging output.
  (remove_local_route): Renamed to "delete_local_route".  All callers
                        changed.  Also pass "--debug" flag to helper
                        if in debug mode.
  (start_mandos_communication): Add debug output when adding route.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2013-10-20">
 
5
<!ENTITY TIMESTAMP "2015-06-29">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
37
37
      <year>2013</year>
 
38
      <year>2014</year>
 
39
      <year>2015</year>
38
40
      <holder>Teddy Hogeborn</holder>
39
41
      <holder>Björn Påhlsson</holder>
40
42
    </copyright>
219
221
            assumed to separate the address from the port number.
220
222
          </para>
221
223
          <para>
222
 
            This option is normally only useful for testing and
223
 
            debugging.
 
224
            Normally, Zeroconf would be used to locate Mandos servers,
 
225
            in which case this option would only be used when testing
 
226
            and debugging.
224
227
          </para>
225
228
        </listitem>
226
229
      </varlistentry>
259
262
          <para>
260
263
            <replaceable>NAME</replaceable> can be the string
261
264
            <quote><literal>none</literal></quote>; this will make
262
 
            <command>&COMMANDNAME;</command> not bring up
263
 
            <emphasis>any</emphasis> interfaces specified
264
 
            <emphasis>after</emphasis> this string.  This is not
265
 
            recommended, and only meant for advanced users.
 
265
            <command>&COMMANDNAME;</command> only bring up interfaces
 
266
            specified <emphasis>before</emphasis> this string.  This
 
267
            is not recommended, and only meant for advanced users.
266
268
          </para>
267
269
        </listitem>
268
270
      </varlistentry>
443
445
  
444
446
  <refsect1 id="environment">
445
447
    <title>ENVIRONMENT</title>
 
448
    <variablelist>
 
449
      <varlistentry>
 
450
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
 
451
        <listitem>
 
452
          <para>
 
453
            This environment variable will be assumed to contain the
 
454
            directory containing any helper executables.  The use and
 
455
            nature of these helper executables, if any, is
 
456
            purposefully not documented.
 
457
        </para>
 
458
        </listitem>
 
459
      </varlistentry>
 
460
    </variablelist>
446
461
    <para>
447
 
      This program does not use any environment variables, not even
448
 
      the ones provided by <citerefentry><refentrytitle
 
462
      This program does not use any other environment variables, not
 
463
      even the ones provided by <citerefentry><refentrytitle
449
464
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
450
465
    </citerefentry>.
451
466
    </para>
747
762
    <para>
748
763
      It will also help if the checker program on the server is
749
764
      configured to request something from the client which can not be
750
 
      spoofed by someone else on the network, unlike unencrypted
751
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
765
      spoofed by someone else on the network, like SSH server key
 
766
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
767
      echo (<quote>ping</quote>) replies.
752
768
    </para>
753
769
    <para>
754
770
      <emphasis>Note</emphasis>: This makes it completely insecure to