/mandos/trunk : revision 833

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2016-03-17 20:40:55 UTC
Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu

Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.

files added:
DBUS-API

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

files removed:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-20">

<!ENTITY TIMESTAMP "2016-03-05">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

115

124

116

125

</group>

117

126

<sbr/>

118

<arg><option>--force</option></arg>

127

<group>

128

<arg choice="plain"><option>--force</option></arg>

129

130

</group>

119

131

</cmdsynopsis>

120

132

121

133

<command>&COMMANDNAME;</command>

141

153

<arg choice="plain"><option>-n

142

154

143

155

</group>

156

<group>

157

158

159

</group>

144

160

</cmdsynopsis>

145

161

146

162

<command>&COMMANDNAME;</command>

211

227

212

228

<para>

213

229

Target directory for key files. Default is

214

<filename>/etc/mandos</filename>.

230

<filename class="directory">/etc/mandos</filename>.

215

231

</para>

216

232

</listitem>

217

233

</varlistentry>

223

239

224

240

225

241

<para>

226

Key type. Default is <quote>DSA</quote>.

242

Key type. Default is <quote>RSA</quote>.

227

243

</para>

228

244

</listitem>

229

245

</varlistentry>

235

251

236

252

237

253

<para>

238

Key length in bits. Default is 2048.

254

Key length in bits. Default is 4096.

239

255

</para>

240

256

</listitem>

241

257

</varlistentry>

247

263

<replaceable>KEYTYPE</replaceable></option></term>

248

264

249

265

<para>

250

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

266

Subkey type. Default is <quote>RSA</quote> (Elgamal

251

267

encryption-only).

252

268

</para>

253

269

</listitem>

260

276

261

277

262

278

<para>

263

Subkey length in bits. Default is 2048.

279

Subkey length in bits. Default is 4096.

264

280

</para>

265

281

</listitem>

266

282

</varlistentry>

284

300

285

301

286

302

<para>

287

Comment field for key. The default value is

288

<quote><literal>Mandos client key</literal></quote>.

303

Comment field for key. Default is empty.

289

304

</para>

290

305

</listitem>

291

306

</varlistentry>

343

358

</para>

344

359

</listitem>

345

360

</varlistentry>

361

362

363

364

365

<para>

366

When <option>--password</option> or

367

<option>--passfile</option> is given, this option will

368

prevent <command>&COMMANDNAME;</command> from calling

369

<command>ssh-keyscan</command> to get an SSH fingerprint

370

for this host and, if successful, output suitable config

371

options to use this fingerprint as a

372

<option>checker</option> option in the output. This is

373

otherwise the default behavior.

374

</para>

375

</listitem>

376

</varlistentry>

346

377

</variablelist>

347

378

</refsect1>

348

379

381

412

</variablelist>

382

413

</refsect1>

383

414

384

415

385

416

<title>FILES</title>

386

417

<para>

387

418

Use the <option>--dir</option> option to change where

408

439

</listitem>

409

440

</varlistentry>

410

441

411

442

412

443

413

444

<para>

414

445

Temporary files will be written here if

419

450

</variablelist>

420

451

</refsect1>

421

452

422

423

424

425

426

453

454

455

<xi:include href="bugs.xml"/>

456

</refsect1>

427

457

428

458

429

459

<title>EXAMPLE</title>

449

479

</informalexample>

450

480

451

481

<para>

452

Prompt for a password, encrypt it with the key in

453

<filename>/etc/mandos</filename> and output a section suitable

454

for <filename>clients.conf</filename>.

482

Prompt for a password, encrypt it with the key in <filename

483

class="directory">/etc/mandos</filename> and output a section

484

suitable for <filename>clients.conf</filename>.

455

485

</para>

456

486

<para>

457

487

<userinput>&COMMANDNAME; --password</userinput>

490

520

491

521

492

522

<para>

523

<citerefentry><refentrytitle>intro</refentrytitle>

524

<manvolnum>8mandos</manvolnum></citerefentry>,

493

525

494

526

<manvolnum>1</manvolnum></citerefentry>,

495

527

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

497

529

<citerefentry><refentrytitle>mandos</refentrytitle>

498

530

<manvolnum>8</manvolnum></citerefentry>,

499

531

<citerefentry><refentrytitle>mandos-client</refentrytitle>

500

<manvolnum>8mandos</manvolnum></citerefentry>

532

<manvolnum>8mandos</manvolnum></citerefentry>,

533

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

534

501

535

</para>

502

536

</refsect1>

503

537

Older »