/mandos/release : revision 24.1.18

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Björn Påhlsson
Date: 2008-08-04 20:45:38 UTC
mfrom: (44 mandos)
mto: (237.7.1 mandos) (24.1.154 mandos)
mto: This revision was merged to the branch mainline in revision 46.
Revision ID: belorn@braxen-20080804204538-wom27iwv1fg8xiuh

Merge

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos.conf => server.conf

mandos => server.py

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

TODO

-*- org -*-

* Use _attribute_((nonnull)) wherever possible.

* Use __attribute__((pure)) or __attribute__((const)) where possible.

* Use __attribute__((signal)) on signal handlers.

* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]

* mandos-applet

* mandos-client

** TODO [#A] OpenVPN network hook

** TODO [#A] Wireless network hook

** TODO [#B] Use capabilities instead of seteuid().

** TODO [#B] Use struct sockaddr_storage instead of a union

** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()

** TODO [#B] Use getnameinfo(serv=NULL, NI_NUMERICHOST) instead of inet_ntop()

** TODO [#B] Prefer /run/tmp over /tmp, if it exists

* splashy

** TODO [#B] use scandir(3) instead of readdir(3)

* usplash (Deprecated)

** TODO [#A] Make it work again

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO Use [[info:libc:Argz%20Functions][argz_extract]]

* askpass-fifo

** TODO [#B] Drop privileges after opening FIFO.

* password-prompt

** TODO [#B] lock stdin (with flock()?)

* plymouth

* TODO [#B] passdev

* plugin-runner

** TODO handle printing for errors for plugins

*** Hook up stderr of plugins, buffer them, and prepend mandos pluig [plugin name]

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#C] use same file name rules as run-parts(8)

** kernel command line option for debug info

** TODO [#B] Use openat()

* mandos (server)

** TODO Document why we ignore sigint

** TODO [#B] Log level :BUGS:

*** TODO /etc/mandos/clients.d/*.conf

Watch this directory and add/remove/update clients?

** TODO [#C] config for TXT record

** TODO Log level dbus option

SetLogLevel D-Bus call

** TODO Implement --foreground :BUGS:

[[info:standards:Option%20Table][Table of Long Options]]

** TODO Implement --socket

[[info:standards:Option%20Table][Table of Long Options]]

** TODO [#C] DBusServiceObjectUsingSuper

** TODO [#B] Global enable/disable flag

** TODO [#B] By-client countdown on number of secrets given

** TODO [#B] Support RFC 3339 time duration syntax

** More D-Bus methods

*** NeedsPassword(50) - Timeout, default disapprove

+ SetPass(u"gazonk", True) -> Approval, persistent

+ Approve(False) -> Close client connection immediately

** TODO [#C] python-parsedatetime

** TODO [#C] systemd/launchd

http://0pointer.de/blog/projects/systemd.html

http://wiki.debian.org/systemd

** TODO Separate logging logic to own object

** TODO [#A] Limit approval_delay to max gnutls/tls timeout value

** TODO [#B] break the wait on approval_delay if connection dies

** TODO Generate Client.runtime_expansions from client options + extra

** TODO Allow %%(checker)s as a runtime expansion

** TODO Use python-tlslite?

** TODO D-Bus AddClient() method on server object

* mandos.xml

** Add mandos contact info in manual pages

* mandos-ctl

*** Handle "no D-Bus server" and/or "no Mandos server found" better

*** [#B] --dump option

** TODO Support RFC 3339 time duration syntax

** TODO Send milliseconds if bare integer is passed as time duration

* TODO mandos-dispatch

Listens for specified D-Bus signals and spawns shell commands with

arguments.

* mandos-monitor

** TODO help should be toggleable

** Urwid client data displayer

Better view of client data in the listing

*** Properties popup

** Nicer crashes. Stack traces Messes up shell.

*** Print a nice "We are sorry" message, save stack trace to log.

** Show timeout countdown for approval

100

* mandos-keygen

101

** TODO "--secfile" option

102

Using the "secfile" option instead of "secret"

103

** TODO [#B] "--test" option

104

For testing decryption before rebooting.

105

106

* Makefile

107

** TODO [#C] Implement DEB_BUILD_OPTIONS

108

http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options

109

110

* Package

111

** /usr/share/initramfs-tools/hooks/mandos

112

*** TODO [#C] use same file name rules as run-parts(8)

113

*** TODO [#C] Do not install in initrd.img if configured not to.

114

Use "/etc/initramfs-tools/hooksconf.d/mandos"?

115

** TODO [#C] /etc/bash_completion.d/mandos

116

From XML sources directly?

117

118

* Side Stuff

119

** TODO Locate which package moves the other bin/sh when busybox is deactivated

120

** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox

* README file

* Mandos client

** [#A] Man page

** [#A] check exit codes of all system calls

** [#B] header files/symbols tally

** IPv4 support

** use strsep instead of strtok?

** Do not depend on GPG key rings on disk

This would mean creating new GPG key rings with GPGME by importing

the key files from scratch every time we start the program.

* Passprompt

** [#A] Man page

* Pluginbasedclient

** [#A] Man page

** [#A] check exit codes of all system calls

** [#B] header files/symbols tally

** use strsep instead of strtok?

** use config file in addition to arguments

** pass things in environment, like device name, etc

* Server

** [#A] Man page

** [#A] write PID file

** [#A] /etc/init.d/mandos-server

** Log level

** /etc/mandos/clients.d/*.conf

Watch this directory and add/remove/update clients?

** config for TXT record

** Run-time communication with server

probably using D-Bus

* Mandos-tools/utilities

All of this probably using D-Bus

** List clients

** Enable client

** Disable client

* Installer

** Change initrd.img file to not be publically readable

** Create GPG key ring files in initrd

121

122

123

#+STARTUP: showall

Older »