/mandos/trunk : revision 109

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-08-27 01:18:25 UTC
Revision ID: teddy@fukt.bsnet.se-20080827011825-ka3ni6xvy2ehi1y8

* .bzrignore: New.

* clients.conf ([foo]): Remove Radix-64 checksum.

* mandos (AvahiService.rename, server_state_changed,
          entry_group_state_changed): Make Avahi log messages more
                                      clear that they are about
                                      Zeroconf.
  (fingerprint): Use plain "0" instead of "ctypes.c_uint(0)".

files added:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-keygen

mandos-keygen.xml

mandos-options.xml

overview.xml

plugins.d/usplash

files removed:
network-protocol.txt

files renamed:
mandos-client.c => plugin-runner.c

mandos-client.xml => plugin-runner.xml

files modified:
Makefile

TODO

clients.conf

mandos

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

TODO

* [#A] README file

* [#A] COPYING file

[[file:/usr/share/common-licenses/GPL-3][GPLv3]]

* Mandos-client

** [#A] Man page: man8/mandos-client.8mandos

*** SYNOPSIS

Needs options listed, not just "[OPTION...]"

*** DESCRIPTION

Move options to new OPTIONS section.

State that this command is not meant to be invoked directly, but

is meant to be run by cryptsetup by being specified in

/etc/crypttab and only run in the initrd environment, not the real

system.

* plugin-runner

** [#B] Add more comments to code

** [#B] Add more if(debug) calls

** [#B] Seperate more code to function for more readability

** [#A] Man page: man8/plugin-runner.8mandos

*** EXIT STATUS

Create this section

*** USAGE

Describe the plus sign syntax for passing options from crypttab

*** EXAMPLES

*** ENVIRONMENT

Environment is modified according to options and passed to plugins

*** EXAMPLE

Examples of normal usage, debug usage, debugging single or all

plugins, examples of crypttab lines with plus syntax, etc.

plugins, etc.

*** FILES

Describe plugin directory

*** DIAGNOSTICS

Create this section

*** SECURITY

Create this section

*** NOTES

Create this section (if needed)

Note the danger of using this program, since you might lock

yourself out of your system without any means of entering the root

file system password. This is, however, very unlikely considering

the fallback to getpass(3).

*** BUGS

Create this section

*** SEE ALSO

Refer to mandos(8), password-request(8mandos), and

password-prompt(8mandos)

** [#B] Fix %d format strings to use [[https://secure.wikimedia.org/wikipedia/en/wiki/Inttypes.h][<inttypes.h>]]

** use strsep instead of strtok?

** use config file in addition to arguments

** pass things in environment, like device name, etc

** Fallback

As a fallback, if no plugins can be found or if all of them failed,

run getpass(3) itself.

Explaining text on what you can read

* Password-request

* password-request

** [#A] Man page: man8/password-request.8mandos

*** SYNOPSIS

Needs options listed, not just "[OPTION...]"

Document short options

*** DESCRIPTION

Move options to new OPTIONS section.

State that this command is not meant to be invoked directly, but

is run as a plugin from mandos-client(8) and only run in the

initrd environment, not the real system.

*** PURPOSE

As in mandos.xml

*** OVERVIEW

As in mandos.xml

*** EXIT STATUS

Create this section

*** EXAMPLES

*** ENVIRONMENT

Note that it does *not* currently use cryptsource or crypttarget.

*** FILES

Describe the key files and the key ring files. Also note that

they should normally have been automatically created.

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, debugging by connecting

directly, etc.

*** FILES

Describe the key files and the key ring files. Also note that

they should normally have been automatically created.

*** DIAGNOSTICS

Create this section

*** SECURITY

Create this section

*** NOTES

Create this section (if needed)

*** BUGS

Create this section

*** SEE ALSO

Refer to mandos-client(8mandos) and password-prompt(8mandos)

** [#B] Fix %d format strings to use [[https://secure.wikimedia.org/wikipedia/en/wiki/Inttypes.h][<inttypes.h>]]

** start_mandos_communication: loop around gnutls_handshake

[[info:gnutls.info.gz:Core%20functions][gnutls_handshake]]

Update from mandos.xml

** [#B] Temporarily lower kernel log level

for less printouts during sucessfull boot.

** IPv4 support

** use strsep instead of strtok?

** Do not depend on GPG key rings on disk

This would mean creating new GPG key rings with GPGME by importing

the key files from scratch on every program start.

** Do not depend on GnuPG key rings on disk

This would mean creating new GnuPG key rings with GPGME by

importing the key files from scratch on every program start.

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* Password-prompt

* password-prompt

** [#A] Man page: man8/password-prompt.8mandos

*** SYNOPSIS

Needs options listed, not just "[OPTION...]"

Document short options

*** DESCRIPTION

Move options to new OPTIONS section.

Note that this is more or less a simple getpass(3) wrapper, even

though actual use of getpass(3) is not guaranteed.

*** EXIT STATUS

Create this section

*** EXAMPLES

*** ENVIRONMENT

Document use of "cryptsource" and "crypttarget".

*** FILES

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, with a prefix, etc.

*** DIAGNOSTICS

Create this section

*** SECURITY

Create this section

Not much to do here but it is noteworthy to state the danger of

not having a fallback option.

*** NOTES

Note that this is more or less a simple getpass(3) wrapper, even

100

though actual use of getpass(3) is not guaranteed.

101

*** BUGS

102

Create this section

103

*** SEE ALSO

104

Refer to mandos-client(8mandos) and password-request(8mandos)

and also, perhaps, to cryptsetup(8)?

105

** Use getpass(3)?

106

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

107

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

108

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

109

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

110

111

* Mandos (server)

112

** [#A] Command man page: man8/mandos.8

113

*** SYNOPSIS

114

Needs options listed, not just "[OPTION...]"

115

*** DESCRIPTION

116

Move options to new OPTIONS section

117

*** EXIT STATUS

118

Create this section

119

*** EXAMPLES

120

Create this section

121

*** FILES

122

Describe briefly that the server gets global settings from

123

mandos.conf and clients from clients.conf, but refer to their man

124

pages for more details.

125

*** DIAGNOSTICS

126

Create this section

127

*** SECURITY

128

Create this section

129

*** NOTES

130

Create this section (if needed)

131

*** BUGS

132

Create this section

133

*** SEE ALSO

134

Refer to the client man page

135

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

136

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

* mandos (server)

137

** [#A] /etc/init.d/mandos-server :teddy:

138

** Log level

** [#B] Log level :bugs:

139

** /etc/mandos/clients.d/*.conf

140

Watch this directory and add/remove/update clients?

141

** config for TXT record

142

** Run-time communication with server

** [#B] Run-time communication with server :bugs:

143

Probably using D-Bus

144