7
** [#A] check exit codes of all system calls
8
** [#B] header files/symbols tally
10
** use strsep instead of strtok?
11
** Do not depend on GPG key rings on disk
12
This would mean creating new GPG key rings with GPGME by importing
13
the key files from scratch every time we start the program.
20
** [#A] check exit codes of all system calls
21
** [#B] header files/symbols tally
22
** use strsep instead of strtok?
23
** use config file in addition to arguments
24
** pass things in environment, like device name, etc
28
** [#A] write PID file
29
** [#A] /etc/init.d/mandos-server
30
** Better comments in config files
32
** /etc/mandos/clients.d/*.conf
33
Watch this directory and add/remove/update clients?
34
** config for TXT record
35
** Run-time communication with server
38
* Mandos-tools/utilities
39
All of this probably using D-Bus
45
** Change initrd.img file to not be publically readable
46
** Create GPG key ring files in initrd
4
** TODO [#B] use scandir(3) instead of readdir(3)
5
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
6
** TODO use error() instead of perror()
7
** TODO [#B] Retry a server which has a non-definite reply:
8
*** A closed connection during the TLS handshake
10
** TODO [#B] Use capabilities instead of seteuid().
11
** TODO [#A] Retry --connect forever
14
** TODO [#B] use scandir(3) instead of readdir(3)
15
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
16
** TODO [#B] use error() instead of perror()
19
** TODO [#A] Make it work again
20
** TODO [#B] use scandir(3) instead of readdir(3)
21
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
22
** TODO [#B] use error() instead of perror()
25
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
26
** TODO [#B] use error() instead of perror()
27
** TODO [#B] Drop privileges after opening FIFO.
30
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
31
** TODO [#B] use error() instead of perror()
32
** TODO [#B] lock stdin (with flock()?)
37
** TODO [#B] use scandir(3) instead of readdir(3)
38
** TODO [#C] use same file name rules as run-parts(8)
39
** TODO [#B] use error() instead of perror()
42
** TODO [#B] Log level :BUGS:
43
** TODO Persistent state :BUGS:
45
*** TODO /etc/mandos/clients.d/*.conf
46
Watch this directory and add/remove/update clients?
47
** TODO [#C] config for TXT record
48
** TODO Log level option
49
syslogger.setLevel(logging.WARNING)
50
+ SetLogLevel D-Bus call
51
** TODO Implement --foreground :BUGS:
52
[[info:standards:Option%20Table][Table of Long Options]]
53
** TODO Implement --socket
54
[[info:standards:Option%20Table][Table of Long Options]]
55
** TODO Date+time on console log messages :BUGS:
57
** TODO [#C] DBusServiceObjectUsingSuper
58
** TODO [#B] Global enable/disable flag
59
** TODO [#B] By-client countdown on secrets given
60
** TODO [#B] Fix problem with fsck taking a really long time
61
Whenever a client successfully gets a secret it could get a
62
one-time timeout boost to allow for an fsck-incurred delay
63
** TODO [#A] Delay before client receives key
64
This would give an operator opportunity to cancel the request if
66
** TODO [#A] Client manual approval mode
67
A client needs manual approval on the server before it gets the
69
** TODO [#B] Support RFC 3339 time duration syntax
72
** [[file:mandos.xml::XXX][Document D-Bus interface]]
73
Remove mention of lack of such interface in BUGS section
75
* TODO [#A] Provide and install /etc/dbus-1/system.d/mandos.conf
78
*** Handle "no D-Bus server" and/or "no Mandos server found" better
79
*** [#B] --dump option
80
** TODO Support RFC 3339 time duration syntax
82
* TODO mandos-dispatch
83
Listens for specified D-Bus signals and spawns shell commands with
87
** Urwid client data displayer
88
Better view of client data in the listing
92
** TODO Loop until passwords match when run interactively
93
** TODO "--secfile" option
94
Using the "secfile" option instead of "secret"
95
** TODO [#B] "--test" option
96
For testing decryption before rebooting.
99
** TODO [#C] Implement DEB_BUILD_OPTIONS
100
http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
103
** /usr/share/initramfs-tools/hooks/mandos
104
*** TODO [#C] use same file name rules as run-parts(8)
105
*** TODO [#C] Do not install in initrd.img if configured not to.
106
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
107
** TODO [#C] /etc/bash_completion.d/mandos
108
From XML sources directly?
49
111
#+STARTUP: showall