=== modified file 'Makefile'
--- Makefile 2011-11-26 20:59:56 +0000
+++ Makefile 2011-11-26 22:22:20 +0000
@@ -26,12 +26,16 @@
version=1.4.1
SED=sed
+USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
+GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
+
## Use these settings for a traditional /usr/local install
# PREFIX=$(DESTDIR)/usr/local
# CONFDIR=$(DESTDIR)/etc/mandos
# KEYDIR=$(DESTDIR)/etc/mandos/keys
# MANDIR=$(PREFIX)/man
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
+# STATEDIR=$(DESTDIR)/var/lib/mandos
##
## These settings are for a package-type install
@@ -40,6 +44,7 @@
KEYDIR=$(DESTDIR)/etc/keys/mandos
MANDIR=$(PREFIX)/share/man
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
+STATEDIR=$(DESTDIR)/var/lib/mandos
##
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
@@ -230,7 +235,7 @@
distclean: clean
mostlyclean: clean
maintainer-clean: clean
- -rm --force --recursive keydir confdir
+ -rm --force --recursive keydir confdir statedir
check: all
./mandos --check
@@ -260,8 +265,8 @@
# Run the server with a local config
run-server: confdir/mandos.conf confdir/clients.conf
- ./mandos --debug --no-dbus --configdir=confdir --no-restore \
- $(SERVERARGS)
+ ./mandos --debug --no-dbus --configdir=confdir \
+ --statedir=statedir $(SERVERARGS)
# Used by run-server
confdir/mandos.conf: mandos.conf
@@ -272,6 +277,8 @@
install --mode=u=rw $< $@
# Add a client password
./mandos-keygen --dir keydir --password >> $@
+statedir:
+ install --directory statedir
install: install-server install-client-nokey
@@ -282,6 +289,8 @@
install-server: doc
install --directory $(CONFDIR)
+ install --directory --mode=u=rwx --owner=$(USER) \
+ --group=$(GROUP) $(STATEDIR)
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
mandos-ctl
=== modified file 'debian/mandos.dirs'
--- debian/mandos.dirs 2010-09-15 17:33:14 +0000
+++ debian/mandos.dirs 2011-11-26 22:22:20 +0000
@@ -4,3 +4,4 @@
etc/default
etc/dbus-1/system.d
usr/sbin
+var/lib/mandos
=== modified file 'debian/mandos.postinst'
--- debian/mandos.postinst 2011-10-10 20:29:58 +0000
+++ debian/mandos.postinst 2011-11-26 22:22:20 +0000
@@ -35,11 +35,12 @@
--disabled-password --gecos "Mandos password system" \
_mandos
fi
+ chown _mandos:_mandos /var/lib/mandos
;;
-
+
abort-upgrade|abort-deconfigure|abort-remove)
;;
-
+
*)
echo "$0 called with unknown argument '$1'" 1>&2
exit 1
=== modified file 'mandos'
--- mandos 2011-11-26 20:59:56 +0000
+++ mandos 2011-11-26 22:22:20 +0000
@@ -87,7 +87,7 @@
version = "1.4.1"
-stored_state_path = "/var/lib/mandos/clients.pickle"
+stored_state_file = "clients.pickle"
logger = logging.getLogger()
syslogger = (logging.handlers.SysLogHandler
@@ -1972,7 +1972,9 @@
dest="use_ipv6", help="Do not use IPv6")
parser.add_argument("--no-restore", action="store_false",
dest="restore", help="Do not restore stored"
- " state", default=True)
+ " state")
+ parser.add_argument("--statedir", metavar="DIR",
+ help="Directory to save/restore state in")
options = parser.parse_args()
@@ -1992,6 +1994,8 @@
"use_dbus": "True",
"use_ipv6": "True",
"debuglevel": "",
+ "restore": "True",
+ "statedir": "/var/lib/mandos"
}
# Parse config file for server-global settings
@@ -2014,7 +2018,8 @@
# options, if set.
for option in ("interface", "address", "port", "debug",
"priority", "servicename", "configdir",
- "use_dbus", "use_ipv6", "debuglevel", "restore"):
+ "use_dbus", "use_ipv6", "debuglevel", "restore",
+ "statedir"):
value = getattr(options, option)
if value is not None:
server_settings[option] = value
@@ -2032,6 +2037,8 @@
debuglevel = server_settings["debuglevel"]
use_dbus = server_settings["use_dbus"]
use_ipv6 = server_settings["use_ipv6"]
+ stored_state_path = os.path.join(server_settings["statedir"],
+ stored_state_file)
if debug:
initlogger(logging.DEBUG)
=== modified file 'mandos-options.xml'
--- mandos-options.xml 2011-11-09 17:16:03 +0000
+++ mandos-options.xml 2011-11-26 22:22:20 +0000
@@ -85,10 +85,16 @@
to the server if this option is turned off. Only
advanced users should consider changing this option.
-
+
This option controls whether the server will restore any state from
last time it ran. Default is to try restore last state.
+
+ Directory to save (and restore) state in. Default is
+ /var/lib/mandos.
+
+
=== modified file 'mandos.conf'
--- mandos.conf 2009-02-13 05:38:21 +0000
+++ mandos.conf 2011-11-26 22:22:20 +0000
@@ -4,33 +4,27 @@
# These are the default values for the server, uncomment and change
# them if needed.
-
# If "interface" is set, the server will only listen to a specific
# network interface.
;interface =
-
# If "address" is set, the server will only listen to a specific
# address. This must currently be an IPv6 address; an IPv4 address
# can be specified using the "::FFFF:192.0.2.3" syntax. Also, if this
# is a link-local address, an interface should be set above.
;address =
-
# If "port" is set, the server to bind to that port. By default, the
# server will listen to an arbitrary port.
;port =
-
# If "debug" is true, the server will run in the foreground and print
# a lot of debugging information.
;debug = False
-
# GnuTLS priority for the TLS handshake. See gnutls_priority_init(3).
;priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
-
# Zeroconf service name. You need to change this if you for some
# reason want to run more than one server on the same *host*.
# If there are name collisions on the same *network*, the server will
@@ -42,3 +36,9 @@
# Whether to use IPv6. (Changing this is NOT recommended.)
;use_ipv6 = True
+
+# Whether to restore saved state on startup
+;restore = True
+
+# The directory where state is saved
+;statedir = /var/lib/mandos
=== modified file 'mandos.conf.xml'
--- mandos.conf.xml 2011-10-05 16:00:56 +0000
+++ mandos.conf.xml 2011-11-26 22:22:20 +0000
@@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
/etc/mandos/mandos.conf">
-
+
%common;
]>
@@ -154,6 +154,25 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -198,6 +217,8 @@
servicename = Daena
use_dbus = False
use_ipv6 = True
+restore = True
+statedir = /var/lib/mandos
=== modified file 'mandos.xml'
--- mandos.xml 2011-11-09 17:16:03 +0000
+++ mandos.xml 2011-11-26 22:22:20 +0000
@@ -2,7 +2,7 @@
-
+
%common;
]>
@@ -96,6 +96,9 @@
+
+ &COMMANDNAME;
@@ -284,6 +287,14 @@
+
+
+
+
+
+
+
@@ -478,6 +489,17 @@
+ /var/lib/mandos
+
+
+ Directory where persistent state will be saved. Change
+ this with the option. See
+ also the option.
+
+
+
+ /dev/log
@@ -507,11 +529,6 @@
backtrace. This could be considered a feature.
- Currently, if a client is disabled due to having timed out, the
- server does not record this fact onto permanent storage. This
- has some security implications, see .
-
-
There is no fine-grained control over logging and debug output.
@@ -536,9 +553,9 @@
Run the server in debug mode, read configuration files from
- the ~/mandos directory, and use the
- Zeroconf service name Test to not collide with
- any other official Mandos server on this host:
+ the ~/mandos directory,
+ and use the Zeroconf service name Test to not
+ collide with any other official Mandos server on this host:
@@ -593,21 +610,6 @@
compromised if they are gone for too long.
- If a client is compromised, its downtime should be duly noted
- by the server which would therefore disable the client. But
- if the server was ever restarted, it would re-read its client
- list from its configuration file and again regard all clients
- therein as enabled, and hence eligible to receive their
- passwords. Therefore, be careful when restarting servers if
- it is suspected that a client has, in fact, been compromised
- by parties who may now be running a fake Mandos client with
- the keys from the non-encrypted initial RAM
- image of the client host. What should be done in that case
- (if restarting the server program really is necessary) is to
- stop the server program, edit the configuration file to omit
- any suspect clients, and restart the server program.
-
-
For more details on client-side security, see
mandos-client8mandos.