--- /dev/null
+.\"
+.\" caspol manual page.
+.\" Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+.\" Author:
+.\" Sebastien Pouliot (sebastien@ximian.com)
+.\"
+.TH Mono "caspol"
+.SH NAME
+caspol \- Command line tool to modify Code Access Security policies.
+.SH SYNOPSIS
+.PP
+.B caspol [options] [policy level] [actions] [parameters] ...
+.SH DESCRIPTION
+This tools allow to list and modify the different policy levels (user,
+machine and enterprise).
+.SH OPTIONS
+.TP
+.I -q[uiet]
+Do not ask confirmation to change the policy level.
+.TP
+.I -f[orce]
+Caspol.exe is a managed tool. Changing the security policies could affect
+it's ability to work properly. This option permit changes that could
+disallow caspol.exe from working properly.
+.TP
+.I -? | /? | -h[elp]
+Display help about the Code Access Security policies tool
+
+.SH POLICY LEVELS
+.TP
+.I -en[terprise]
+Use the enterprise policy level for the next actions
+.TP
+.I -m[achine]
+Use the machine policy level for the next actions. This is the default
+level for administrators (i.e. with write access to the machine policy
+files).
+.TP
+.I -u[ser]
+Use the user policy level for the next actions. This is the default
+level for users (i.e. without write access to the machine policy files).
+.TP
+.I -ca policyfile | -customall policyfile
+Use the specified file as the machine policy level for other arguments
+Use the policy levels Enterprise, Machine and the custom (specified)
+user policy level for the next actions
+.TP
+.I -cu[stomuser] policyfile
+Use the specified file as the user policy level for next actions
+.TP
+.I -a[ll]
+Use all the policy levels (Enterprise, Machine and User) for the next
+actions
+
+.SH ACTIONS
+.I -l[ist]
+List all code groups in their hierarchical structure, all named
+permissions sets and all fully trusted assemblies
+.TP
+.I -ld | -listdescription
+List all code groups, in their hierarchical structure, with their
+descriptions
+.TP
+.I -lg | -listgroups
+List all the code groups in their hierarchical structure
+.TP
+.I -lp | -listpset
+List all the permission sets including their names and XML representation
+.TP
+.I -lf | -listfulltrust
+List all fully trusted assemblies
+
+.TP
+.I -rsg | -resolvegroup assemblyname
+List all code groups that the assembly is part of for the policy level
+.TP
+.I -rsp | -resolveperm assemblyname
+List all permissions granted to the specified assembly by the policy level
+
+.TP
+.I -ap | -addpset namedxmlfile | (xmlfile name)
+Add a named permission set to the policy level
+.TP
+.I -cp | -chgpset xmlfile psetname
+Change a named permission set in the policy level
+.TP
+.I -rp | -rempset psetname
+Remove the specified named permission set from the policy level
+
+.TP
+.I -af | -addfulltrust assemblyname
+Add the specified assembly to the fully trusted assembly list in the
+policy level. If a policy use some custom security permissions then the
+assembly containing the custom permissions must be in the fully trusted
+list. Note that this requirement is recursive (all assemblies required
+by the specified assembly must also be in the list). The assembly must be
+strongnamed to be included in the fully trusted list
+.TP
+.I -rf | -remfulltrust assemblyname
+Remove the specified assembly from the fully trusted assembly list in the
+policy level
+
+.TP
+.I -ag | -addgroup label|name membership psetname flag
+Add the specified code group with the supplied membership, permissions and
+flags informations
+.TP
+.I -cg | -chggroup label|name membership|psetname|flag
+Change the specified code group with the supplied informations
+.TP
+.I -rg | -remgroup label|name
+Remove the specified code group
+
+.TP
+.I -r[ecover]
+Recover from previous version of the policy level (if available)
+.TP
+.I -rs | -reset
+Reset the current policy level to it's default - or to the .default file
+if available
+
+.SH CONFIGURATION SETTINGS
+.TP
+.I -s[ecurity] on | off
+Turn Code Access Security (CAS) on or off. Note: This doesn't affect
+non-CAS permissions
+.TP
+.I -e[xecution] on | off
+Turn execution rights on or off
+.TP
+.I -b[uildcache]
+Build a cache (serialized version) of the policy level (.CCH files)
+.TP
+.I -pp | -polchgprompt on | off
+Turn on or off policy changes prompt for future commands
+
+.SH GROUPS SUB OPTIONS - MEMBERSHIP
+.TP
+.I -all
+This condition applies to all code.
+.TP
+.I -appdir
+This condition applies only for assemblies that URL evidence match the
+application directory.
+.TP
+.I -custom xmlfile
+Use the option to load a custom condition into the policy. The class that
+will deserialize the XML policy must be in a fully trusted assembly.
+.TP
+.I -hash algo [-hex hash | -file assemblyname]
+This condition specify a specific hash that an assembly must generate
+(from itself) to be satisfied. Any change to the assembly will require the
+policy to be updated (as the hash value will have changed).
+.TP
+.I -pub [-cert certificate | -file signedfile | -hex rawdata]
+This condition specify a specific X.509 Authenticode(r) certificate that
+must signed an assembly to be satisfied. The certificate can be referenced
+as a file (binary DER), a signed file (containing the certificate) or with
+the hexadecimal value of the certificate. Note that files outside the
+policy must also be protected against tempering.
+.TP
+.I -site hostname
+This condition specify the site from where the assembly must come from to
+be satisfied.
+.TP
+.I -url URL
+This condition specify the URL from where the assembly must come from to
+be satisfied.
+.TP
+.I -zone zonename
+This condition specify the zone from where the assembly must come from to
+be satisfied. Existing zones are MyComputer, Internet, Intranet, Trusted
+and Untrusted.
+
+.SH GROUPS SUB OPTIONS - FLAGS
+.TP
+.I -d[escription] description
+Add (-ag) or change (-cg) the description for the specified code group
+.TP
+.I -exclusive on | off
+If on (default is off) then only this permission set will be processed
+for this code group (on this level).
+.TP
+.I -levelfinal on | off
+If on (default is off) then no other level will be processed for this
+code group.
+.TP
+.I -n[ame] name
+Add (-ag) or change (-cg) the name of the specified code group. A code
+group can be found by using it's name or it's label - but the later can
+change as it is based on it's position in the policy level hierarchy.
+
+.SH EXAMPLES
+.TP
+It is possible to chain several commands with the tool, like:
+.TP
+.B caspol -m -lg -rg 1.6 -lg -rs -lg
+.TP
+This will list all machine level code groups, then remove the code group
+labeled 1.6, list again all code groups (missing 1.6), reset the policy
+and finally showing all code groups (where 1.6 is back).
+
+.SH KNOWN ISSUES
+.TP
+.B Hash Membership Condition
+Mono implementation of the Hash evidence isn't compatible with Fx 1.0/1.1.
+However it seems compatible with Fx 2.0. You are suggested to use a
+StrongName evidence if comptaibility is an issue for your policy.
+
+.SH AUTHOR
+Written by Sebastien Pouliot
+.SH COPYRIGHT
+Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+.SH MAILING LISTS
+Visit http://mail.ximian.com/mailman/mono-list for details.
+.SH WEB SITE
+Visit: http://www.mono-project.com for details
projects / mono.git / commitdiff