/mandos/trunk : revision 140

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-09-02 13:04:42 UTC
Revision ID: teddy@fukt.bsnet.se-20080902130442-ytnjsmllaph18e20

* plugin-runner.xml (PLUGINS/WRITING PLUGINS): New section.
  (BUGS): Commented out.  There are no bugs.
  (EXAMPLE): Added lots of examples.
  (SECURITY): Added text.
  (SEE ALSO): Added "crypttab(5)" and "execve(2)".

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

TODO

-*- org -*-

* mandos-client

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO [#B] Retry a server which has a non-definite reply:

*** A closed connection during the TLS handshake

*** A TCP timeout

** TODO [#B] Use capabilities instead of seteuid().

** TODO use EX_* from <sysexits.h>

* splashy

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

* usplash

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO use EX_* from <sysexits.h>

* askpass-fifo

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO [#B] Drop privileges after opening FIFO.

* [#A] README file

* plugin-runner

** [#B] Add more comments to code

** [#B] Add more if(debug) calls

** [#B] Seperate more code to function for more readability

** [#A] Man page: man8/plugin-runner.8mandos

*** SEE ALSO

Explaining text on what you can read

* password-request

** [#A] Man page: man8/password-request.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

State that this command is not meant to be invoked directly, but

is run as a plugin from mandos-client(8) and only run in the

initrd environment, not the real system.

*** PURPOSE

As in mandos.xml

*** OVERVIEW

As in mandos.xml

*** EXIT STATUS

*** ENVIRONMENT

Note that it does *not* currently use cryptsource or crypttarget.

*** FILES

Describe the key files and the key ring files. Also note that

they should normally have been automatically created.

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, debugging by connecting

directly, etc.

*** SECURITY

*** SEE ALSO

Update from mandos.xml

** [#B] Temporarily lower kernel log level

for less printouts during sucessfull boot.

** IPv4 support

** use strsep instead of strtok?

** Do not depend on GnuPG key rings on disk

This would mean creating new GnuPG key rings with GPGME by

importing the key files from scratch on every program start.

** Keydir move: /etc/mandos -> /etc/keys/mandos

Must create in preinst if not pre-depending on cryptsetup

* password-prompt

** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name

** TODO use error() instead of perror()

** TODO lock stdin (with flock()?)

* TODO passdev

* plugin-runner

** TODO [#B] use scandir(3) instead of readdir(3)

** TODO [#C] use same file name rules as run-parts(8)

** TODO use EX_* from <sysexits.h>

** TODO use error() instead of perror()

** [#C] Use getpass(3)?

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

* mandos (server)

** TODO [#B] Log level :BUGS:

** TODO /etc/mandos/clients.d/*.conf

** [#A] /etc/init.d/mandos-server :teddy:

** [#B] Log level :bugs:

** /etc/mandos/clients.d/*.conf

Watch this directory and add/remove/update clients?

** TODO config for TXT record

** TODO [#B] Run-time communication with server :BUGS:

** config for TXT record

** [#B] Run-time communication with server :bugs:

Probably using D-Bus

*** Client class

*** Main server

+ SetLogLevel

syslogger.setLevel(logging.WARNING)

+ [[http://log.ometer.com/2007-05.html][Best D-Bus practices]]

** TODO Implement --foreground :BUGS:

[[info:standards:Option%20Table][Table of Long Options]]

** TODO Implement --socket

[[info:standards:Option%20Table][Table of Long Options]]

** TODO Date+time on console log messages :BUGS: