4
** TODO [#B] use scandir(3) instead of readdir(3)
5
** TODO [#B] Prefix all debug output with argv[0]
6
** TODO [#B] Retry a server which has a non-definite reply:
7
*** A closed connection during the TLS handshake
9
** TODO [#B] Use capabilities instead of seteuid().
12
** TODO [#B] use scandir(3) instead of readdir(3)
13
** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]
16
** TODO [#B] use scandir(3) instead of readdir(3)
17
** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]
20
** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]
21
** TODO [#B] Drop privileges after opening FIFO.
6
** [#B] Add more comments to code
7
** [#B] Add more if(debug) calls
8
** [#B] Seperate more code to function for more readability
11
** [#A] Man page: man8/password-request.8mandos
13
Describe the key files and the key ring files. Also note that
14
they should normally have been automatically created.
17
Examples of normal usage, debug usage, debugging by connecting
21
Update from mandos.xml
22
** [#B] Temporarily lower kernel log level
23
for less printouts during sucessfull boot.
25
** use strsep instead of strtok?
26
** Do not depend on GnuPG key rings on disk
27
This would mean creating new GnuPG key rings with GPGME by
28
importing the key files from scratch on every program start.
29
** Keydir move: /etc/mandos -> /etc/keys/mandos
30
Must create in preinst if not pre-depending on cryptsetup
24
** TODO [#B] Prefix all debug output with "Mandos plugin " + argv[0]
29
** TODO [#B] use scandir(3) instead of readdir(3)
30
** TODO [#C] use same file name rules as run-parts(8)
33
** [#C] Use getpass(3)?
34
Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]
35
does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and
36
[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also
37
[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]
33
** TODO [#B] Log level :BUGS:
34
** TODO /etc/mandos/clients.d/*.conf
40
** [#A] /etc/init.d/mandos-server :teddy:
41
** [#B] Log level :bugs:
42
** /etc/mandos/clients.d/*.conf
35
43
Watch this directory and add/remove/update clients?
36
** TODO config for TXT record
37
** TODO [#B] Run-time communication with server :BUGS:
44
** config for TXT record
45
** [#B] Run-time communication with server :bugs:
38
46
Probably using D-Bus
42
syslogger.setLevel(logging.WARNING)
43
+ [[http://log.ometer.com/2007-05.html][Best D-Bus practices]]
44
** TODO Implement --foreground :BUGS:
45
[[info:standards:Option%20Table][Table of Long Options]]
46
** TODO Implement --socket
47
[[info:standards:Option%20Table][Table of Long Options]]
48
** TODO Date+time on console log messages :BUGS:
47
See also [[*Mandos-tools]]
48
** Implement --foreground :bugs:
49
[[info:standards:Option%20Table][Table of Long Options]]
51
[[info:standards:Option%20Table][Table of Long Options]]
52
** Date+time on console log messages :bugs:
49
53
Is this the default?
50
** TODO DBusServiceObjectUsingSuper
51
** TODO Global enable/disable flag
52
** TODO By-client countdown on secrets given
53
** TODO Fix problem with fsck taking a really long time
54
Whenever a client successfully gets a secret it could get a
55
one-time timeout boost to allow for an fsck-incurred delay
56
** TODO Delay before client receives key
57
This would give an operator opportunity to cancel the request if
59
** TODO Client manual approval mode
60
A client needs manual approval on the server before it gets the
62
** TODO Persistent state
66
** [[file:mandos.xml::XXX][Document D-Bus interface]]
67
** Add mandos contact info in manual pages
69
* Provide and install /etc/dbus-1/system.d/mandos.conf
72
*** Handle "no D-Bus server" and/or "no Mandos server found" better
73
*** [#B] --dump option
75
* TODO mandos-dispatch
76
Listens for specified D-Bus signals and spawns shell commands with
80
** D-Bus mail loop w/ signal receiver
81
** Snack/Newt client data displayer
86
** TODO Loop until passwords match when run interactively
87
** TODO "--secfile" option
88
Using the "secfile" option instead of "secret"
89
** TODO [#B] "--test" option
90
For testing decryption before rebooting.
93
** Implement DEB_BUILD_OPTIONS
94
http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
55
* Mandos-tools/utilities
56
All of this probably using D-Bus
62
** Use xinclude for common sections
68
*** Update initrd.img after installation
69
This seems to use some kind of "trigger" system
70
[[file:/usr/share/doc/dpkg/triggers.txt.gz]]
71
dpkg-trigger(1), deb-triggers(5)
72
*** Keydir move: /etc/mandos -> /etc/keys/mandos
73
Must create in preinst if not pre-depending on cryptsetup
75
**** "--passfile" option
76
Using the "secfile" option instead of "secret"
77
**** [#A] "--test" option
78
For testing decryption before rebooting.
80
*** [#A] Create mandos user and group for server
81
*** [#A] Create /var/run/mandos directory with perm and ownership
97
84
** /usr/share/initramfs-tools/hooks/mandos
98
*** TODO [#C] use same file name rules as run-parts(8)
99
*** TODO [#C] Do not install in initrd.img if configured not to.
100
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
101
** TODO [#C] /etc/bash_completion.d/mandos
85
*** Do not install in initrd.img if configured not to.
86
Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf
88
** /etc/bash_completion.d/mandos
102
89
From XML sources directly?
99
* Announce project on news
100
[[news:comp.os.linux.announce]]
105
103
#+STARTUP: showall
added
removed
TODO
