3
* Use _attribute_((nonnull)) wherever possible.
3
* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
6
** TODO Change make-run-server to not include --no-dbus
9
** TODO [#B] use scandir(3) instead of readdir(3)
10
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
11
** TODO [#B] Retry a server which has a non-definite reply:
12
*** A closed connection during the TLS handshake
8
** TODO [#A] Wireless network hook
14
9
** TODO [#B] Use capabilities instead of seteuid().
15
** TODO [#A] Retry --connect forever
10
** TODO [#B] Use struct sockaddr_storage instead of a union
11
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
12
** TODO [#B] Use getnameinfo(serv=NULL, NI_NUMERICHOST) instead of inet_ntop()
13
** TODO [#B] Prefer /run/tmp over /tmp, if it exists
18
16
** TODO [#B] use scandir(3) instead of readdir(3)
19
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
18
* usplash (Deprecated)
22
19
** TODO [#A] Make it work again
23
20
** TODO [#B] use scandir(3) instead of readdir(3)
24
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
25
21
** TODO Use [[info:libc:Argz%20Functions][argz_extract]]
28
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
29
24
** TODO [#B] Drop privileges after opening FIFO.
32
** TODO [#B] Prefix all debug output with "Mandos plugin " + program_invocation_short_name
33
27
** TODO [#B] lock stdin (with flock()?)
36
** TODO Use [[info:libc:Argz%20Functions][argz_extract]]
38
31
* TODO [#B] passdev
34
** TODO handle printing for errors for plugins
35
*** Hook up stderr of plugins, buffer them, and prepend mandos pluig [plugin name]
41
36
** TODO [#B] use scandir(3) instead of readdir(3)
42
37
** TODO [#C] use same file name rules as run-parts(8)
43
38
** kernel command line option for debug info
44
39
** TODO [#B] Use openat()
42
** TODO Document why we ignore sigint
47
43
** TODO [#B] Log level :BUGS:
48
** TODO Persistent state :BUGS:
50
44
*** TODO /etc/mandos/clients.d/*.conf
51
45
Watch this directory and add/remove/update clients?
52
46
** TODO [#C] config for TXT record
53
** TODO Log level option
54
syslogger.setLevel(logging.WARNING)
55
+ SetLogLevel D-Bus call
47
** TODO Log level dbus option
48
SetLogLevel D-Bus call
56
49
** TODO Implement --foreground :BUGS:
57
50
[[info:standards:Option%20Table][Table of Long Options]]
58
51
** TODO Implement --socket
59
52
[[info:standards:Option%20Table][Table of Long Options]]
60
** TODO Date+time on console log messages :BUGS:
62
53
** TODO [#C] DBusServiceObjectUsingSuper
63
54
** TODO [#B] Global enable/disable flag
64
** TODO [#B] By-client countdown on secrets given
65
** TODO [#B] Fix problem with fsck taking a really long time
66
Whenever a client successfully gets a secret it could get a
67
one-time timeout boost to allow for an fsck-incurred delay
68
** TODO [#A] Delay before client receives key
69
This would give an operator opportunity to cancel the request if
71
** TODO [#A] Client manual approval mode
72
A client needs manual approval on the server before it gets the
55
** TODO [#B] By-client countdown on number of secrets given
74
56
** TODO [#B] Support RFC 3339 time duration syntax
75
57
** More D-Bus methods
76
*** NeedsApproval(50, True) -> timeout, default approve
77
Default approval is configurable, but True by default
78
+ Approve(True) -> approve sending saved
79
+ Approve(False) -> Close client connection immediately
80
58
*** NeedsPassword(50) - Timeout, default disapprove
81
59
+ SetPass(u"gazonk", True) -> Approval, persistent
82
60
+ Approve(False) -> Close client connection immediately
83
61
** TODO [#C] python-parsedatetime
84
62
** TODO [#C] systemd/launchd
85
63
http://0pointer.de/blog/projects/systemd.html
64
http://wiki.debian.org/systemd
86
65
** TODO Separate logging logic to own object
87
** TODO make clients to a dict!
88
66
** TODO [#A] Limit approval_delay to max gnutls/tls timeout value
67
** TODO [#B] break the wait on approval_delay if connection dies
68
** TODO Generate Client.runtime_expansions from client options + extra
69
** TODO Allow %%(checker)s as a runtime expansion
70
** TODO Use python-tlslite?
71
** TODO D-Bus AddClient() method on server object
72
** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods.
73
** TODO Emit [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties][org.freedesktop.DBus.Properties.PropertiesChanged]] signal
74
TODO Deprecate se.recompile.Mandos.Client.PropertyChanged - annotate!
75
TODO Can use "invalidates" annotation to also emit on changed secret.
76
** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object
77
Deprecate methods GetAllClients(), GetAllClientsWithProperties()
78
and signals ClientAdded and ClientRemoved.
91
81
** Add mandos contact info in manual pages
103
** TODO help should be toggable
93
** TODO help should be toggleable
104
94
** Urwid client data displayer
105
95
Better view of client data in the listing
106
96
*** Properties popup
107
** Nicer crashes. Stack traces Messes up shell.
108
*** Print a nice "We are sorry" message, save stack trace to log.
97
** Print a nice "We are sorry" message, save stack trace to log.
98
** Show timeout countdown for approval
111
** TODO Loop until passwords match when run interactively
112
101
** TODO "--secfile" option
113
102
Using the "secfile" option instead of "secret"
114
103
** TODO [#B] "--test" option
115
104
For testing decryption before rebooting.
118
** TODO Add "--Xlinker --as-needed"
119
http://udrepper.livejournal.com/19395.html
120
107
** TODO [#C] Implement DEB_BUILD_OPTIONS
121
108
http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
added
removed
TODO
