=== modified file 'TODO' --- TODO 2009-01-19 05:56:10 +0000 +++ TODO 2009-01-19 05:59:35 +0000 @@ -48,16 +48,13 @@ ** TODO [#B] "--test" option For testing decryption before rebooting. -* [#A] Package +* Package ** /usr/share/initramfs-tools/hooks/mandos *** TODO [#C] Do not install in initrd.img if configured not to. Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf question. ** TODO [#C] /etc/bash_completion.d/mandos From XML sources directly? -** TODO initramfs-tools-script :test: - Do not insert plugin-runner as keyscript if a kernel parameter - "mandos=off" is passed. #+STARTUP: showall === modified file 'debian/mandos-client.lintian-overrides' --- debian/mandos-client.lintian-overrides 2008-10-01 15:29:01 +0000 +++ debian/mandos-client.lintian-overrides 2009-01-18 06:41:57 +0000 @@ -1,8 +1,3 @@ -# This example command line is long without spaces, but it must be -# that way; it's part of the point of showing it. -# -mandos-client binary: manpage-has-errors-from-man usr/share/man/man8/plugin-runner.8mandos.gz 297: warning [p 4, 5.8i]: can't break line - # This directory contains secret client key files. # mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755 @@ -16,7 +11,7 @@ # These binaries must be setuid root, since they need root powers, but # are started by plugin-runner(8mandos), which runs all plugins as -# user/group "mandos". These binaries are not run in a running +# user/group "_mandos". These binaries are not run in a running # system, but in an initial RAM disk environment. Here they are # protected from non-root access by the directory permissions, above. # === modified file 'debian/mandos-client.postinst' --- debian/mandos-client.postinst 2009-01-06 05:08:37 +0000 +++ debian/mandos-client.postinst 2009-01-18 00:16:57 +0000 @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e # This script can be called in the following ways: # # After the package was installed: @@ -26,7 +26,7 @@ # Add user and group add_mandos_user(){ # Rename old "mandos" user and group - case "$(getent passwd mandos)" in + case "`getent passwd mandos`" in *:Mandos\ password\ system,,,:/nonexistent:/bin/false) usermod --login _mandos mandos groupmod --new-name _mandos mandos @@ -62,7 +62,7 @@ ;; *) - echo "$0 called with unknown argument \`$1'" 1>&2 + echo "$0 called with unknown argument '$1'" 1>&2 exit 1 ;; esac === modified file 'debian/mandos-client.postrm' --- debian/mandos-client.postrm 2008-09-19 20:54:58 +0000 +++ debian/mandos-client.postrm 2009-01-18 00:16:57 +0000 @@ -50,7 +50,7 @@ ;; *) - echo "$0 called with unknown argument \`$1'" 1>&2 + echo "$0 called with unknown argument '$1'" 1>&2 exit 1 ;; esac === modified file 'debian/mandos.postinst' --- debian/mandos.postinst 2009-01-06 05:08:37 +0000 +++ debian/mandos.postinst 2009-01-18 00:16:57 +0000 @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e # This script can be called in the following ways: # # After the package was installed: @@ -18,7 +18,7 @@ case "$1" in configure) # Rename old "mandos" user and group - case "$(getent passwd mandos)" in + case "`getent passwd mandos`" in *:Mandos\ password\ system,,,:/nonexistent:/bin/false) usermod --login _mandos mandos groupmod --new-name _mandos mandos @@ -37,7 +37,7 @@ ;; *) - echo "$0 called with unknown argument \`$1'" 1>&2 + echo "$0 called with unknown argument '$1'" 1>&2 exit 1 ;; esac === modified file 'debian/mandos.prerm' --- debian/mandos.prerm 2008-09-21 13:42:34 +0000 +++ debian/mandos.prerm 2009-01-18 00:16:57 +0000 @@ -6,12 +6,12 @@ set -e # summary of how this script can be called: -# * `remove' -# * `upgrade' -# * `failed-upgrade' -# * `remove' `in-favour' -# * `deconfigure' `in-favour' -# `removing' +# * 'remove' +# * 'upgrade' +# * 'failed-upgrade' +# * 'remove' 'in-favour' +# * 'deconfigure' 'in-favour' +# 'removing' # # for details, see /usr/share/doc/packaging-manual/ @@ -28,7 +28,7 @@ upgrade|failed-upgrade) ;; *) - echo "prerm called with unknown argument \`$1'" >&2 + echo "prerm called with unknown argument '$1'" >&2 exit 0 ;; esac === modified file 'debian/rules' --- debian/rules 2009-01-04 22:26:07 +0000 +++ debian/rules 2009-01-18 00:18:50 +0000 @@ -47,7 +47,7 @@ dh_installdirs --indep $(MAKE) DESTDIR=$(CURDIR)/debian/mandos install-server dh_lintian - dh_installinit --onlyscripts --no-start \ + dh_installinit --onlyscripts \ --update-rcd-params="defaults 25 15" dh_install --indep === modified file 'mandos' --- mandos 2009-01-17 02:34:57 +0000 +++ mandos 2009-01-18 10:56:33 +0000 @@ -178,7 +178,8 @@ class Client(dbus.service.Object): """A representation of a client host served by this server. Attributes: - name: string; from the config file, used in log messages + name: string; from the config file, used in log messages and + D-Bus identifiers fingerprint: string (40 or 32 hexadecimal digits); used to uniquely identify the client secret: bytestring; sent verbatim (over TLS) to client @@ -503,6 +504,9 @@ dbus.String("checker_running"): dbus.Boolean(self.checker is not None, variant_level=1), + dbus.String("object_path"): + dbus.ObjectPath(self.dbus_object_path, + variant_level=1) }, signature="sv") # IsStillValid - method @@ -1095,28 +1099,28 @@ dbus.service.Object.__init__(self, bus, "/Mandos") _interface = u"org.mandos_system.Mandos" - + @dbus.service.signal(_interface, signature="oa{sv}") def ClientAdded(self, objpath, properties): "D-Bus signal" pass - - @dbus.service.signal(_interface, signature="o") - def ClientRemoved(self, objpath): + + @dbus.service.signal(_interface, signature="os") + def ClientRemoved(self, objpath, name): "D-Bus signal" pass - + @dbus.service.method(_interface, out_signature="ao") def GetAllClients(self): return dbus.Array(c.dbus_object_path for c in clients) - + @dbus.service.method(_interface, out_signature="a{oa{sv}}") def GetAllClientsWithProperties(self): return dbus.Dictionary( ((c.dbus_object_path, c.GetAllProperties()) for c in clients), signature="oa{sv}") - + @dbus.service.method(_interface, in_signature="o") def RemoveClient(self, object_path): for c in clients: @@ -1126,15 +1130,29 @@ c.use_dbus = False c.disable() # Emit D-Bus signal - self.ClientRemoved(object_path) - return - raise KeyError + self.ClientRemoved(object_path, c.name) + return + raise KeyError + + @dbus.service.method(_interface, in_signature="s") + def RemoveClientByName(self, name): + for c in clients: + if c.name == name: + clients.remove(c) + # Don't signal anything except ClientRemoved + c.use_dbus = False + c.disable() + # Emit D-Bus signal + self.ClientRemoved(c.dbus_object_path, name) + return + raise KeyError + @dbus.service.method(_interface) def Quit(self): main_loop.quit() - + del _interface - + mandos_server = MandosServer() for client in clients: === modified file 'plugin-runner.xml' --- plugin-runner.xml 2009-01-04 21:54:55 +0000 +++ plugin-runner.xml 2009-01-18 06:41:57 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -579,7 +579,7 @@ -&COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt +cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt