/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2011-08-08">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2010</year>
36
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
37
43
      <holder>Teddy Hogeborn</holder>
38
44
      <holder>Björn Påhlsson</holder>
39
45
    </copyright>
118
124
        <replaceable>TIME</replaceable></option></arg>
119
125
      </group>
120
126
      <sbr/>
121
 
      <arg><option>--force</option></arg>
 
127
      <group>
 
128
        <arg choice="plain"><option>--force</option></arg>
 
129
        <arg choice="plain"><option>-f</option></arg>
 
130
      </group>
122
131
    </cmdsynopsis>
123
132
    <cmdsynopsis>
124
133
      <command>&COMMANDNAME;</command>
144
153
        <arg choice="plain"><option>-n
145
154
        <replaceable>NAME</replaceable></option></arg>
146
155
      </group>
 
156
      <group>
 
157
        <arg choice="plain"><option>--no-ssh</option></arg>
 
158
        <arg choice="plain"><option>-S</option></arg>
 
159
      </group>
147
160
    </cmdsynopsis>
148
161
    <cmdsynopsis>
149
162
      <command>&COMMANDNAME;</command>
214
227
        <listitem>
215
228
          <para>
216
229
            Target directory for key files.  Default is
217
 
            <filename>/etc/mandos</filename>.
 
230
            <filename class="directory">/etc/mandos</filename>.
218
231
          </para>
219
232
        </listitem>
220
233
      </varlistentry>
226
239
        <replaceable>TYPE</replaceable></option></term>
227
240
        <listitem>
228
241
          <para>
229
 
            Key type.  Default is <quote>DSA</quote>.
 
242
            Key type.  Default is <quote>RSA</quote>.
230
243
          </para>
231
244
        </listitem>
232
245
      </varlistentry>
238
251
        <replaceable>BITS</replaceable></option></term>
239
252
        <listitem>
240
253
          <para>
241
 
            Key length in bits.  Default is 2048.
 
254
            Key length in bits.  Default is 4096.
242
255
          </para>
243
256
        </listitem>
244
257
      </varlistentry>
250
263
        <replaceable>KEYTYPE</replaceable></option></term>
251
264
        <listitem>
252
265
          <para>
253
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
266
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
254
267
            encryption-only).
255
268
          </para>
256
269
        </listitem>
263
276
        <replaceable>BITS</replaceable></option></term>
264
277
        <listitem>
265
278
          <para>
266
 
            Subkey length in bits.  Default is 2048.
 
279
            Subkey length in bits.  Default is 4096.
267
280
          </para>
268
281
        </listitem>
269
282
      </varlistentry>
287
300
        <replaceable>TEXT</replaceable></option></term>
288
301
        <listitem>
289
302
          <para>
290
 
            Comment field for key.  The default value is
291
 
            <quote><literal>Mandos client key</literal></quote>.
 
303
            Comment field for key.  Default is empty.
292
304
          </para>
293
305
        </listitem>
294
306
      </varlistentry>
346
358
          </para>
347
359
        </listitem>
348
360
      </varlistentry>
 
361
      <varlistentry>
 
362
        <term><option>--no-ssh</option></term>
 
363
        <term><option>-S</option></term>
 
364
        <listitem>
 
365
          <para>
 
366
            When <option>--password</option> or
 
367
            <option>--passfile</option> is given, this option will
 
368
            prevent <command>&COMMANDNAME;</command> from calling
 
369
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
370
            for this host and, if successful, output suitable config
 
371
            options to use this fingerprint as a
 
372
            <option>checker</option> option in the output.  This is
 
373
            otherwise the default behavior.
 
374
          </para>
 
375
        </listitem>
 
376
      </varlistentry>
349
377
    </variablelist>
350
378
  </refsect1>
351
379
  
411
439
        </listitem>
412
440
      </varlistentry>
413
441
      <varlistentry>
414
 
        <term><filename>/tmp</filename></term>
 
442
        <term><filename class="directory">/tmp</filename></term>
415
443
        <listitem>
416
444
          <para>
417
445
            Temporary files will be written here if
422
450
    </variablelist>
423
451
  </refsect1>
424
452
  
425
 
<!--   <refsect1 id="bugs"> -->
426
 
<!--     <title>BUGS</title> -->
427
 
<!--     <para> -->
428
 
<!--     </para> -->
429
 
<!--   </refsect1> -->
 
453
  <refsect1 id="bugs">
 
454
    <title>BUGS</title>
 
455
    <xi:include href="bugs.xml"/>
 
456
  </refsect1>
430
457
  
431
458
  <refsect1 id="example">
432
459
    <title>EXAMPLE</title>
452
479
    </informalexample>
453
480
    <informalexample>
454
481
      <para>
455
 
        Prompt for a password, encrypt it with the key in
456
 
        <filename>/etc/mandos</filename> and output a section suitable
457
 
        for <filename>clients.conf</filename>.
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
458
485
      </para>
459
486
      <para>
460
487
        <userinput>&COMMANDNAME; --password</userinput>
502
529
      <citerefentry><refentrytitle>mandos</refentrytitle>
503
530
      <manvolnum>8</manvolnum></citerefentry>,
504
531
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
505
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
532
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
533
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
 
534
      <manvolnum>1</manvolnum></citerefentry>
506
535
    </para>
507
536
  </refsect1>
508
537