/mandos/release : revision 237.7.333

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2015-08-10 09:00:23 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 325.
Revision ID: teddy@recompile.se-20150810090023-fz6vjqr7zf33e2tf

Support the standard org.freedesktop.DBus.ObjectManager interface.

Now that the D-Bus standard has an interface to keep track of new and
removed objects, use that instead of our own methods.  This deprecates
our D-Bus methods "GetAllClients" and "GetAllClientsWithProperties"
and the signals "ClientAdded" and "ClientRemoved", all on the server
interface "se.recompile.Mandos".

* DBUS-API: Removed references to deprecated methods and signals;
  insert reference to the org.freedesktop.DBus.ObjectManager
  interface.
* mandos (DBusObjectWithProperties._get_all_interface_names): New.
  (dbus.OBJECT_MANAGER_IFACE): If not present, monkey patch.
  (DBusObjectWithObjectManager): New.
  (main/MandosDBusService): Inherit from DBusObjectWithObjectManager.
  (main/MandosDBusService.ClientRemoved): Annotate as deprecated.
  (main/MandosDBusService.GetAllClients): - '' -
  (main/MandosDBusService.GetAllClientsWithProperties): Annotate as
                                                        deprecated.
                                                        Also only
                                                        return
                                                        properties on
                                                        client
                                                        interface.
  (main/MandosDBusService.RemoveClient): Call client_removed_signal
                                         instead of ClientRemoved.
  (main/MandosDBusService.GetManagedObjects): New.
  (main/MandosDBusService.client_added_signal): New.
  (main/MandosDBusService.client_removed_signal): - '' -
  (main/cleanup): Call "client_removed_signal" instead of sending
                  "ClientRemoved" signal directly.
  (main): Call "client_added_signal" instead of sending "ClientAdded"
          signal directly.
* mandos-ctl: Use GetManagedObjects instead of
              GetAllClientsWithProperties.  Also, show better error
              message in case of failure to connect to the D-Bus

* mandos-monitor (MandosClientPropertyCache.properties_changed):
  Bug fix; only update properties on client interface.
  (UserInterface.find_and_remove_client): Change to accept arguments
                                          from InterfacesRemoved
                                          signal.  Also, bug fix:
                                          working error message when
                                          removing unknown client.
  (UserInterface.add_new_client): Change to accept arguments from
                                  InterfacesRemoved signal.  Pass
                                  properties to MandosClientWidget
                                  constructor.
  (UserInterface.run): Connect find_and_remove_client method to
                       InterfacesRemoved signal and the add_new_client
                       method to the InterfacesAdded signal.

files added:
plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
DBUS-API

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.prerm

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

TODO

-*- org -*-

* GIT

** General: [[https://www.atlassian.com/git/workflows][Git Workflows]], [[http://gitimmersion.com/][Git Immersion]], [[https://news.ycombinator.com/item?id=7036628][Simple git workflow is simple]]

** General: [[https://www.atlassian.com/git/workflows][Git Workflows]], [[http://gitimmersion.com/][Git Immersion]], [[https://news.ycombinator.com/item?id=7036628][Simple git workflow is simple]] [[https://news.ycombinator.com/item?id=9661349][On undoing, fixing, or removing commits in git]]

** Intro: [[http://www.eyrie.org/~eagle/notes/debian/git.html#combine][Using Git for Debian Packaging]]

** Use: [[https://honk.sigxcpu.org/piki/projects/git-buildpackage/][git-buildpackage]]

** Migration

* mandos-client

** TODO [#B] Use capabilities instead of seteuid().

https://forums.grsecurity.net/viewtopic.php?f=7&t=2522

** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()

** TODO [#C] Make start_mandos_communication() take "struct server".

** TODO [#C] --interfaces=regex,eth*,noregex (bridge-utils-interfaces(5))

** TODO [#C] Remove code for GNU libc < 2.15

* splashy

** TODO [#B] use scandir(3) instead of readdir(3)

* usplash (Deprecated)

** TODO [#A] Make it work again

** TODO [#B] Make it work again

** TODO [#B] use scandir(3) instead of readdir(3)

* askpass-fifo

*** Hook up stderr of plugins, buffer them, and prepend "Mandos Plugin [plugin name]"

** TODO [#C] use same file name rules as run-parts(8)

** kernel command line option for debug info

** TODO [#C] Remove code for GNU libc < 2.15

* mandos (server)

** TODO [#B] --notify-command

This would allow the mandos.service to use

--notify-command="systemd-notify --pid READY=1"

** TODO [#B] Log level :BUGS:

*** TODO /etc/mandos/clients.d/*.conf

Watch this directory and add/remove/update clients?

+ Approve(False) -> Close client connection immediately

** TODO [#C] python-parsedatetime

** TODO Separate logging logic to own object

** TODO [#A] Limit approval_delay to max gnutls/tls timeout value

** TODO [#B] Limit approval_delay to max gnutls/tls timeout value

** TODO [#B] break the wait on approval_delay if connection dies

** TODO Generate Client.runtime_expansions from client options + extra

** TODO Allow %%(checker)s as a runtime expansion

** TODO Use python-tlslite?

** TODO D-Bus AddClient() method on server object

** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods. :2:

** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object :2:

Deprecate methods GetAllClients(), GetAllClientsWithProperties()

and signals ClientAdded and ClientRemoved.

** TODO Save state periodically to recover better from hard shutdowns

** TODO CheckerCompleted method, deprecate CheckedOK

** TODO Secret Service API?

** TODO Error handling on error parsing config files

** TODO init.d script error handling

** TODO D-Bus server properties; address, port, interface, etc. :2:

** TODO [#C] In Python 3.3, use shlex.quote() instead of re.escape()

* mandos.xml

** Add mandos contact info in manual pages

115

120

*** TODO [#C] use same file name rules as run-parts(8)

116

121

*** TODO [#C] Do not install in initrd.img if configured not to.

117

122

Use "/etc/initramfs-tools/hooksconf.d/mandos"?

118

** TODO [#C] /etc/bash_completion.d/mandos

123

** TODO [#C] $(pkg-config --variable=completionsdir bash-completion)

119

124

From XML sources directly?

120

125

121

126

* Side Stuff

Older »