/mandos/release : revision 87

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-08-18 05:24:20 UTC
Revision ID: teddy@fukt.bsnet.se-20080818052420-ab5eurrioz8n2qy6

* Makefile: Bug fix: fixed creation of man pages in "plugins.d".

* mandos-keygen Bug fix: make the --expire option modify
                KEYEXPIRE, not KEYCOMMENT.  Use the "--no-options"
                option to gpg when exporting keys from the temporary
                key ring files.

* mandos-keygen.xml (EXIT STATUS): Filled in.
  (ENVIRONMENT): New section, documenting use of TMPDIR.
  (FILES): Document use of key files and /tmp.
  (BUGS): Filled in.
  (EXAMPLE): Added two examples.
  (SECURITY): Added some text.

* plugins.d/password-prompt.xml (NOTES): Removed, since this is
                                         created automatically for
                                         footnotes.
  (ENVIRONMENT, FILES): Added empty sections.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).

* plugins.d/password-request.xml: Reordered sections.
  (ENVIRONMENT): New empty section.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos-options.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

TODO

-*- org -*-

* mandos-client

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO [#B] Retry a server which has a non-definite reply:

*** A closed connection during the TLS handshake

*** A TCP timeout

** TODO [#B] Use capabilities instead of seteuid().

** TODO use EX_* from <sysexits.h>

* splashy

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

* usplash

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO use EX_* from <sysexits.h>

* askpass-fifo

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO [#B] Drop privileges after opening FIFO.

* [#A] README file

* plugin-runner

** [#B] Add more comments to code

** [#B] Add more if(debug) calls

** [#B] Seperate more code to function for more readability

** [#A] Man page: man8/plugin-runner.8mandos

*** EXIT STATUS

*** EXAMPLES

Examples of normal usage, debug usage, debugging single or all

plugins, etc.

*** FILES

*** SECURITY

*** BUGS

*** SEE ALSO

Explaining text on what you can read

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-request

** [#A] Man page: man8/password-request.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

State that this command is not meant to be invoked directly, but

is run as a plugin from mandos-client(8) and only run in the

initrd environment, not the real system.

*** PURPOSE

As in mandos.xml

*** OVERVIEW

As in mandos.xml

*** EXIT STATUS

*** ENVIRONMENT

Note that it does *not* currently use cryptsource or crypttarget.

*** FILES

Describe the key files and the key ring files. Also note that

they should normally have been automatically created.

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, debugging by connecting

directly, etc.

*** SECURITY

*** SEE ALSO

Update from mandos.xml

** [#B] Temporarily lower kernel log level

for less printouts during sucessfull boot.

** IPv4 support

** use strsep instead of strtok?

** Do not depend on GnuPG key rings on disk

This would mean creating new GnuPG key rings with GPGME by

importing the key files from scratch on every program start.

* password-prompt

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO lock stdin (with flock()?)

* TODO passdev

* plugin-runner

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#C] use same file name rules as run-parts(8)

** TODO use EX_* from <sysexits.h>

** TODO use error() instead of perror()

** [#A] Man page: man8/password-prompt.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

Note that this is more or less a simple getpass(3) wrapper, even

though actual use of getpass(3) is not guaranteed.

*** EXIT STATUS

*** ENVIRONMENT

Document use of "cryptsource" and "crypttarget".

*** FILES

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, with a prefix, etc.

*** SECURITY

Not much to do here but it is noteworthy to state the danger of

not having a fallback option.

*** SEE ALSO

Refer to mandos-client(8mandos) and password-request(8mandos)

and also, perhaps, to cryptsetup(8)?

** Use getpass(3)?

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

* mandos (server)

** TODO [#B] Log level :BUGS:

** TODO /etc/mandos/clients.d/*.conf

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

** [#A] /etc/init.d/mandos-server :teddy:

** [#B] Log level :bugs:

** /etc/mandos/clients.d/*.conf

Watch this directory and add/remove/update clients?

** TODO config for TXT record

** TODO [#B] Run-time communication with server :BUGS:

** config for TXT record

** [#B] Run-time communication with server :bugs:

Probably using D-Bus

*** Client class

*** Main server

+ SetLogLevel

syslogger.setLevel(logging.WARNING)

+ [[http://log.ometer.com/2007-05.html][Best D-Bus practices]]

** TODO Implement --foreground :BUGS:

[[info:standards:Option%20Table][Table of Long Options]]

** TODO Implement --socket

[[info:standards:Option%20Table][Table of Long Options]]

** TODO Date+time on console log messages :BUGS: