3
* Use _attribute_((nonnull)) wherever possible.
4
* Use __attribute__((pure)) or __attribute__((const)) where possible.
5
* Use __attribute__((signal)) on signal handlers.
7
* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
6
** [#B] Temporarily lower kernel log level
7
for less printouts during sucessfull boot.
9
** use strsep instead of strtok?
10
** Do not depend on GnuPG key rings on disk
11
This would mean creating new GnuPG key rings with GPGME by
12
importing the key files from scratch on every program start.
13
** Keydir move: /etc/mandos -> /etc/keys/mandos
14
Must create in preinst if not pre-depending on cryptsetup
12
** TODO [#A] OpenVPN network hook
13
** TODO [#A] Wireless network hook
14
** TODO [#B] Use capabilities instead of seteuid().
15
** TODO [#B] Use struct sockaddr_storage instead of a union
16
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
17
** TODO [#B] Use getnameinfo(serv=NULL, NI_NUMERICHOST) instead of inet_ntop()
18
** TODO [#B] Prefer /run/tmp over /tmp, if it exists
21
** TODO [#B] use scandir(3) instead of readdir(3)
23
* usplash (Deprecated)
24
** TODO [#A] Make it work again
25
** TODO [#B] use scandir(3) instead of readdir(3)
26
** TODO Use [[info:libc:Argz%20Functions][argz_extract]]
29
** TODO [#B] Drop privileges after opening FIFO.
32
** TODO [#B] lock stdin (with flock()?)
39
** TODO handle printing for errors for plugins
40
*** Hook up stderr of plugins, buffer them, and prepend mandos pluig [plugin name]
41
** TODO [#B] use scandir(3) instead of readdir(3)
42
** TODO [#C] use same file name rules as run-parts(8)
43
** kernel command line option for debug info
44
** TODO [#B] Use openat()
19
** [#A] /etc/init.d/mandos-server :teddy:
20
** [#B] Log level :bugs:
21
** /etc/mandos/clients.d/*.conf
22
Watch this directory and add/remove/update clients?
23
** config for TXT record
24
** [#B] Run-time communication with server :bugs:
26
See also [[*Mandos-tools]]
27
** Implement --foreground :bugs:
28
[[info:standards:Option%20Table][Table of Long Options]]
30
[[info:standards:Option%20Table][Table of Long Options]]
31
** Date+time on console log messages :bugs:
33
** delete hook when clients fall out by timeout
35
* Mandos-tools/utilities
36
All of this probably using D-Bus
43
** Use xinclude for common sections
49
*** Update initrd.img after installation
50
This seems to use some kind of "trigger" system
51
[[file:/usr/share/doc/dpkg/triggers.txt.gz]]
52
dpkg-trigger(1), deb-triggers(5)
54
**** "--passfile" option
55
Using the "secfile" option instead of "secret"
56
**** [#A] "--test" option
57
For testing decryption before rebooting.
59
*** [#A] Create mandos user and group for server
60
*** [#A] Create /var/run/mandos directory with perm and ownership
61
*** [#A] install rc.d script and do update-rc.d
62
between config files and man pages
47
** TODO Document why we ignore sigint
48
** TODO [#B] Log level :BUGS:
49
*** TODO /etc/mandos/clients.d/*.conf
50
Watch this directory and add/remove/update clients?
51
** TODO [#C] config for TXT record
52
** TODO Log level dbus option
53
SetLogLevel D-Bus call
54
** TODO Implement --foreground :BUGS:
55
[[info:standards:Option%20Table][Table of Long Options]]
56
** TODO Implement --socket
57
[[info:standards:Option%20Table][Table of Long Options]]
58
** TODO [#C] DBusServiceObjectUsingSuper
59
** TODO [#B] Global enable/disable flag
60
** TODO [#B] By-client countdown on number of secrets given
61
** TODO [#B] Support RFC 3339 time duration syntax
63
*** NeedsPassword(50) - Timeout, default disapprove
64
+ SetPass(u"gazonk", True) -> Approval, persistent
65
+ Approve(False) -> Close client connection immediately
66
** TODO [#C] python-parsedatetime
67
** TODO [#C] systemd/launchd
68
http://0pointer.de/blog/projects/systemd.html
69
http://wiki.debian.org/systemd
70
** TODO Separate logging logic to own object
71
** TODO [#A] Limit approval_delay to max gnutls/tls timeout value
72
** TODO [#B] break the wait on approval_delay if connection dies
73
** TODO Generate Client.runtime_expansions from client options + extra
74
** TODO Allow %%(checker)s as a runtime expansion
75
** TODO Use python-tlslite?
76
** TODO D-Bus AddClient() method on server object
79
** Add mandos contact info in manual pages
82
*** Handle "no D-Bus server" and/or "no Mandos server found" better
83
*** [#B] --dump option
84
** TODO Support RFC 3339 time duration syntax
85
** TODO Send milliseconds if bare integer is passed as time duration
87
* TODO mandos-dispatch
88
Listens for specified D-Bus signals and spawns shell commands with
92
** TODO help should be toggleable
93
** Urwid client data displayer
94
Better view of client data in the listing
96
** Nicer crashes. Stack traces Messes up shell.
97
*** Print a nice "We are sorry" message, save stack trace to log.
98
** Show timeout countdown for approval
101
** TODO "--secfile" option
102
Using the "secfile" option instead of "secret"
103
** TODO [#B] "--test" option
104
For testing decryption before rebooting.
107
** TODO [#C] Implement DEB_BUILD_OPTIONS
108
http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
66
111
** /usr/share/initramfs-tools/hooks/mandos
67
*** Do not install in initrd.img if configured not to.
68
Use "/etc/initramfs-tools/conf.d/mandos"? Definitely a debconf
70
** /etc/bash_completion.d/mandos
112
*** TODO [#C] use same file name rules as run-parts(8)
113
*** TODO [#C] Do not install in initrd.img if configured not to.
114
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
115
** TODO [#C] /etc/bash_completion.d/mandos
71
116
From XML sources directly?
81
* Announce project on news
82
[[news:comp.os.linux.announce]]
119
** TODO Locate which package moves the other bin/sh when busybox is deactivated
120
** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox
85
123
#+STARTUP: showall
added
removed
TODO
