/mandos/trunk : revision 833

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2016-03-17 20:40:55 UTC
Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu

Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.

files added:
DBUS-API

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos.README.Debian

debian/mandos.prerm

debian/po

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
etc-plugins.d-README

plugins.d/usplash

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-12">

<!ENTITY TIMESTAMP "2016-03-05">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

115

124

116

125

</group>

117

126

<sbr/>

118

<arg><option>--force</option></arg>

127

<group>

128

<arg choice="plain"><option>--force</option></arg>

129

130

</group>

119

131

</cmdsynopsis>

120

132

121

133

<command>&COMMANDNAME;</command>

122

134

123

135

<arg choice="plain"><option>--password</option></arg>

124

136

137

<arg choice="plain"><option>--passfile

138

139

140

125

141

</group>

126

142

<sbr/>

127

143

<group>

137

153

<arg choice="plain"><option>-n

138

154

139

155

</group>

156

<group>

157

158

159

</group>

140

160

</cmdsynopsis>

141

161

142

162

<command>&COMMANDNAME;</command>

167

187

</para>

168

188

<para>

169

189

This program can also be used with the

170

<option>--password</option> option to generate a ready-made

171

section for <filename>clients.conf</filename> (see

190

<option>--password</option> or <option>--passfile</option>

191

options to generate a ready-made section for

192

<filename>clients.conf</filename> (see

172

193

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

173

194

<manvolnum>5</manvolnum></citerefentry>).

174

195

</para>

206

227

207

228

<para>

208

229

Target directory for key files. Default is

209

<filename>/etc/mandos</filename>.

230

<filename class="directory">/etc/mandos</filename>.

210

231

</para>

211

232

</listitem>

212

233

</varlistentry>

218

239

219

240

220

241

<para>

221

Key type. Default is <quote>DSA</quote>.

242

Key type. Default is <quote>RSA</quote>.

222

243

</para>

223

244

</listitem>

224

245

</varlistentry>

230

251

231

252

232

253

<para>

233

Key length in bits. Default is 2048.

254

Key length in bits. Default is 4096.

234

255

</para>

235

256

</listitem>

236

257

</varlistentry>

242

263

<replaceable>KEYTYPE</replaceable></option></term>

243

264

244

265

<para>

245

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

266

Subkey type. Default is <quote>RSA</quote> (Elgamal

246

267

encryption-only).

247

268

</para>

248

269

</listitem>

255

276

256

277

257

278

<para>

258

Subkey length in bits. Default is 2048.

279

Subkey length in bits. Default is 4096.

259

280

</para>

260

281

</listitem>

261

282

</varlistentry>

279

300

280

301

281

302

<para>

282

Comment field for key. The default value is

283

<quote><literal>Mandos client key</literal></quote>.

303

Comment field for key. Default is empty.

284

304

</para>

285

305

</listitem>

286

306

</varlistentry>

326

346

</para>

327

347

</listitem>

328

348

</varlistentry>

349

350

<term><option>--passfile

351

352

<term><option>-F

353

354

355

<para>

356

The same as <option>--password</option>, but read from

357

<replaceable>FILE</replaceable>, not the terminal.

358

</para>

359

</listitem>

360

</varlistentry>

361

362

363

364

365

<para>

366

When <option>--password</option> or

367

<option>--passfile</option> is given, this option will

368

prevent <command>&COMMANDNAME;</command> from calling

369

<command>ssh-keyscan</command> to get an SSH fingerprint

370

for this host and, if successful, output suitable config

371

options to use this fingerprint as a

372

<option>checker</option> option in the output. This is

373

otherwise the default behavior.

374

</para>

375

</listitem>

376

</varlistentry>

329

377

</variablelist>

330

378

</refsect1>

331

379

364

412

</variablelist>

365

413

</refsect1>

366

414

367

415

368

416

<title>FILES</title>

369

417

<para>

370

418

Use the <option>--dir</option> option to change where

391

439

</listitem>

392

440

</varlistentry>

393

441

394

442

395

443

396

444

<para>

397

445

Temporary files will be written here if

402

450

</variablelist>

403

451

</refsect1>

404

452

405

406

407

408

409

453

454

455

<xi:include href="bugs.xml"/>

456

</refsect1>

410

457

411

458

412

459

<title>EXAMPLE</title>

432

479

</informalexample>

433

480

434

481

<para>

435

Prompt for a password, encrypt it with the key in

436

<filename>/etc/mandos</filename> and output a section suitable

437

for <filename>clients.conf</filename>.

482

Prompt for a password, encrypt it with the key in <filename

483

class="directory">/etc/mandos</filename> and output a section

484

suitable for <filename>clients.conf</filename>.

438

485

</para>

439

486

<para>

440

487

<userinput>&COMMANDNAME; --password</userinput>

473

520

474

521

475

522

<para>

523

<citerefentry><refentrytitle>intro</refentrytitle>

524

<manvolnum>8mandos</manvolnum></citerefentry>,

476

525

477

526

<manvolnum>1</manvolnum></citerefentry>,

478

527

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

480

529

<citerefentry><refentrytitle>mandos</refentrytitle>

481

530

<manvolnum>8</manvolnum></citerefentry>,

482

531

<citerefentry><refentrytitle>mandos-client</refentrytitle>

483

<manvolnum>8mandos</manvolnum></citerefentry>

532

<manvolnum>8mandos</manvolnum></citerefentry>,

533

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

534

484

535

</para>

485

536

</refsect1>

486

537

Older »