/mandos/trunk : revision 15

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-07-20 06:33:48 UTC
Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8

* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

TODO

-*- org -*-

* GIT

** General: [[https://www.atlassian.com/git/workflows][Git Workflows]], [[http://gitimmersion.com/][Git Immersion]], [[https://news.ycombinator.com/item?id=7036628][Simple git workflow is simple]]

** Intro: [[http://www.eyrie.org/~eagle/notes/debian/git.html#combine][Using Git for Debian Packaging]]

** Use: [[https://honk.sigxcpu.org/piki/projects/git-buildpackage/][git-buildpackage]]

** Migration

tailor?

Using bzr-fastimport: [[http://www.fusonic.net/en/blog/2013/03/26/migrating-from-bazaar-to-git/][Migrating from Bazaar to Git]]

** Unresolved: [[http://jameswestby.net/bzr/builddeb/user_manual/split.html][bzr builddeb split mode]]

Maybe: [[http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.import.html#GBP.IMPORT.UPSTREAM.GIT.NOTARBALL][git-buildpackage - No upstream tarballs]]

[[http://www.python.org/dev/peps/pep-0374/][PEP 374 - Choosing a distributed VCS for the Python project]]

[[http://www.emacswiki.org/emacs/GitForEmacsDevs][Git For Emacs Devs]]

* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]

* Testing

** python-nemu

* mandos-applet

* mandos-client

** TODO [#B] Use capabilities instead of seteuid().

https://forums.grsecurity.net/viewtopic.php?f=7&t=2522

** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()

** TODO [#C] Make start_mandos_communication() take "struct server".

** TODO [#C] --interfaces=regex,eth*,noregex (bridge-utils-interfaces(5))

* splashy

** TODO [#B] use scandir(3) instead of readdir(3)

* usplash (Deprecated)

** TODO [#A] Make it work again

** TODO [#B] use scandir(3) instead of readdir(3)

* askpass-fifo

* password-prompt

** TODO [#B] lock stdin (with flock()?)

* plymouth

* TODO [#B] passdev

* plugin-runner

** TODO handle printing for errors for plugins

*** Hook up stderr of plugins, buffer them, and prepend "Mandos Plugin [plugin name]"

** TODO [#C] use same file name rules as run-parts(8)

** kernel command line option for debug info

* mandos (server)

** TODO [#B] Work around Avahi issue

Avahi does not announce link-local addresses if any global

addresses exist: http://lists.freedesktop.org/archives/avahi/2010-March/001863.html

** TODO [#B] Log level :BUGS:

*** TODO /etc/mandos/clients.d/*.conf

Watch this directory and add/remove/update clients?

** TODO [#C] config for TXT record

** TODO Log level dbus option

SetLogLevel D-Bus call

** TODO [#C] DBusServiceObjectUsingSuper

** TODO [#B] Global enable/disable flag

** TODO [#B] By-client countdown on number of secrets given

** D-Bus Client method NeedsPassword(50) - Timeout, default disapprove

+ SetPass(u"gazonk", True) -> Approval, persistent

+ Approve(False) -> Close client connection immediately

** TODO [#C] python-parsedatetime

** TODO Separate logging logic to own object

** TODO [#A] Limit approval_delay to max gnutls/tls timeout value

** TODO [#B] break the wait on approval_delay if connection dies

** TODO Generate Client.runtime_expansions from client options + extra

** TODO Allow %%(checker)s as a runtime expansion

** TODO Use python-tlslite?

** TODO D-Bus AddClient() method on server object

** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods. :2:

** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object :2:

Deprecate methods GetAllClients(), GetAllClientsWithProperties()

and signals ClientAdded and ClientRemoved.

** TODO Save state periodically to recover better from hard shutdowns

** TODO CheckerCompleted method, deprecate CheckedOK

** TODO Secret Service API?

http://standards.freedesktop.org/secret-service/

** TODO Remove D-Bus interfaces with old domain name :2:

** TODO Remove old string_to_delta format :2:

** TODO http://0pointer.de/blog/projects/stateless.html

*** tmpfiles snippet to create /var/lib/mandos with right user+perms

*** File in /usr/lib/sysusers.d to create user+group "_mandos"

** TODO Error handling on error parsing config files

** TODO init.d script error handling

** TODO D-Bus server properties; address, port, interface, etc. :2:

* mandos.xml

** Add mandos contact info in manual pages

* mandos-ctl

*** Handle "no D-Bus server" and/or "no Mandos server found" better

*** [#B] --dump option

** TODO Remove old string_to_delta format :2:

100

* TODO mandos-dispatch

101

Listens for specified D-Bus signals and spawns shell commands with

102

arguments.

103

104

* mandos-monitor

105

** TODO help should be toggleable

106

** Urwid client data displayer

107

Better view of client data in the listing

108

*** Properties popup

109

** Print a nice "We are sorry" message, save stack trace to log.

110

** Rename module "gobject" to "GObject".

111

112

* mandos-keygen

113

** TODO "--secfile" option

114

Using the "secfile" option instead of "secret"

115

** TODO [#B] "--test" option

116

For testing decryption before rebooting.

117

118

* Package

119

** /usr/share/initramfs-tools/hooks/mandos

120

*** TODO [#C] use same file name rules as run-parts(8)

121

*** TODO [#C] Do not install in initrd.img if configured not to.

122

Use "/etc/initramfs-tools/hooksconf.d/mandos"?

123

** TODO [#C] /etc/bash_completion.d/mandos

124

From XML sources directly?

125

126

* Side Stuff

127

** TODO Locate which package moves the other bin/sh when busybox is deactivated

128

** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox

129

130

131

#+STARTUP: showall

[Client]

configuration for OpenPGP key and interface

IPv4 support

[Server]

config file

run-time communication with server

[Mandos-tools/utilities]

List clients

Enable client

Disable client

Older »