/mandos/release : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

files removed:
.bzrignore

mandos-keygen.xml

mandos-options.xml

overview.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

TODO

* [#A] README file

* plugin-runner

* Plugin-runner

** [#A] Free plugin name and args

[[file:plugin-runner.c::free%20plugin_list][file:plugin-runner.c::free plugin_list]] (both places)

** [#A] Change syntax for arguments

** [#B] Add more comments to code

** [#B] Add more if(debug) calls

** [#B] Seperate more code to function for more readability

** [#B] Make free_plugin_list() function

** [#A] Man page: man8/plugin-runner.8mandos

*** DESCRIPTION

Describe the plus sign syntax for passing options from crypttab

*** EXIT STATUS

*** ENVIRONMENT

Environment is modified according to options and passed to plugins

*** EXAMPLE

Text needed

*** EXAMPLES

Examples of normal usage, debug usage, debugging single or all

plugins, etc.

plugins, examples of crypttab lines with plus syntax, etc.

*** FILES

Text needed

*** SECURITY

Note the danger of using this program, since you might lock

yourself out of your system without any means of entering the root

file system password. This is, however, very unlikely considering

the fallback to getpass(3).

Text needed

*** NOTES

Text needed

*** BUGS

Text needed

*** SEE ALSO

Explaining text on what you can read

Explaining test on what you can read

** Support in configuration file for environment variables

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-request

* Password-request

** [#A] Man page: man8/password-request.8mandos

*** SYNOPSIS

Document short options

** Make prompt exactly like the normal prompt

Use environment variables:

"Enter passphrase to unlock the disk $cryptsource ($crypttarget): "

[[file:plugins.d/password-prompt.c::fprintf%20stderr%20s%20Password%20prefix][Here]]

** [#B] Temporarily lower kernel log level

for less printouts during sucessfull boot.

*** DESCRIPTION

Move options to new OPTIONS section.

State that this command is not meant to be invoked directly, but

is run as a plugin from mandos-client(8) and only run in the

initrd environment, not the real system.

*** PURPOSE

As in mandos.xml

*** OVERVIEW

As in mandos.xml

*** EXIT STATUS

*** ENVIRONMENT

Note that it does *not* currently use cryptsource or crypttarget.

Create this section

*** EXAMPLES

Examples of normal usage, debug usage, debugging by connecting

directly, etc.

*** FILES

Describe the key files and the key ring files. Also note that

they should normally have been automatically created.

*** DIAGNOSTICS

Create this section

*** SECURITY

Create this section

*** NOTES

Create this section (if needed)

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, debugging by connecting

directly, etc.

*** SECURITY

Create this section

*** SEE ALSO

Update from mandos.xml

** [#B] Temporarily lower kernel log level

for less printouts during sucessfull boot.

Refer to mandos-client(8mandos) and password-prompt(8mandos)

** IPv4 support

** use strsep instead of strtok?

** Do not depend on GnuPG key rings on disk

This would mean creating new GnuPG key rings with GPGME by

importing the key files from scratch on every program start.

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-prompt

** [#C] Use getpass(3)?

* Password-prompt

** [#A] Man page: man8/password-prompt.8mandos

** Show getenv("cryptsource") and getenv("crypttarget") if set

cryptsource will be the device, like "/dev/sda3", and crypttarget

will be the device mapper name, like "sda3_crypt".

*** DESCRIPTION

Move options to new OPTIONS section.

*** EXIT STATUS

Create this section

*** EXAMPLES

Examples of normal usage, debug usage, with a prefix, etc.

*** DIAGNOSTICS

Create this section

*** SECURITY

Create this section

Not much to do here but it is noteworthy to state the danger of

not having a fallback option.

*** NOTES

Note that this is more or less a simple getpass(3) wrapper, even

though actual use of getpass(3) is not guaranteed.

*** BUGS

Create this section

*** SEE ALSO

Refer to mandos-client(8mandos) and password-request(8mandos)

** Use getpass(3)?

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

100

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

101

** Replace completely with "/lib/cryptsetup/askpass"?

102

* mandos (server)

103

* Mandos (server)

104

** [#A] Command man page: man8/mandos.8

105

*** DESCRIPTION

106

Move options to new OPTIONS section

107

*** EXIT STATUS

108

Create this section

109

*** EXAMPLES

110

Create this section

111

*** FILES

112

Describe briefly that the server gets global settings from

113

mandos.conf and clients from clients.conf, but refer to their man

114

pages for more details.

115

*** DIAGNOSTICS

116

Create this section

117

*** SECURITY

118

Create this section

119

*** NOTES

120

Create this section (if needed)

121

*** BUGS

122

Create this section

123

*** SEE ALSO

124

Refer to the client man page

125

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

126

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

127

** [#A] /etc/init.d/mandos-server :teddy:

** [#B] Log level :bugs:

128

** Log level

129

** /etc/mandos/clients.d/*.conf

130

Watch this directory and add/remove/update clients?

131

** config for TXT record

** [#B] Run-time communication with server :bugs:

132

** Run-time communication with server

133

Probably using D-Bus

134