7
** [#A] check exit codes of all system calls
8
** [#B] header files/symbols tally
10
** use strsep instead of strtok?
11
** Do not depend on GPG key rings on disk
12
This would mean creating new GPG key rings with GPGME by importing
13
the key files from scratch every time we start the program.
20
** [#A] check exit codes of all system calls
21
** [#B] header files/symbols tally
22
** use strsep instead of strtok?
23
** use config file in addition to arguments
24
** pass things in environment, like device name, etc
28
** [#A] write PID file
29
** [#A] /etc/init.d/mandos-server
31
** /etc/mandos/clients.d/*.conf
32
Watch this directory and add/remove/update clients?
33
** config for TXT record
34
** Run-time communication with server
37
* Mandos-tools/utilities
38
All of this probably using D-Bus
44
** Change initrd.img file to not be publically readable
45
** Create GPG key ring files in initrd
3
* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
8
** TODO [#B] Use capabilities instead of seteuid().
9
** TODO [#B] Use struct sockaddr_storage instead of a union
10
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
11
** TODO [#B] Use getnameinfo(serv=NULL, NI_NUMERICHOST) instead of inet_ntop()
12
** TODO [#B] Prefer /run/tmp over /tmp, if it exists
13
** TODO [#C] Make start_mandos_communication() take "struct server".
16
** TODO [#B] use scandir(3) instead of readdir(3)
18
* usplash (Deprecated)
19
** TODO [#A] Make it work again
20
** TODO [#B] use scandir(3) instead of readdir(3)
23
** TODO [#B] Drop privileges after opening FIFO.
26
** TODO [#B] lock stdin (with flock()?)
33
** TODO handle printing for errors for plugins
34
*** Hook up stderr of plugins, buffer them, and prepend mandos pluig [plugin name]
35
** TODO [#B] use scandir(3) instead of readdir(3)
36
** TODO [#C] use same file name rules as run-parts(8)
37
** kernel command line option for debug info
38
** TODO [#B] Use openat()
41
** TODO [#B] Log level :BUGS:
42
*** TODO /etc/mandos/clients.d/*.conf
43
Watch this directory and add/remove/update clients?
44
** TODO [#C] config for TXT record
45
** TODO Log level dbus option
46
SetLogLevel D-Bus call
47
** TODO Implement --foreground :BUGS:
48
[[info:standards:Option%20Table][Table of Long Options]]
49
** TODO [#C] DBusServiceObjectUsingSuper
50
** TODO [#B] Global enable/disable flag
51
** TODO [#B] By-client countdown on number of secrets given
52
** TODO [#B] Support RFC 3339 time duration syntax
53
** D-Bus Client method NeedsPassword(50) - Timeout, default disapprove
54
+ SetPass(u"gazonk", True) -> Approval, persistent
55
+ Approve(False) -> Close client connection immediately
56
** TODO [#C] python-parsedatetime
57
** TODO [#C] systemd/launchd
58
http://0pointer.de/blog/projects/systemd.html
59
http://wiki.debian.org/systemd
60
** TODO Separate logging logic to own object
61
** TODO [#A] Limit approval_delay to max gnutls/tls timeout value
62
** TODO [#B] break the wait on approval_delay if connection dies
63
** TODO Generate Client.runtime_expansions from client options + extra
64
** TODO Allow %%(checker)s as a runtime expansion
65
** TODO Use python-tlslite?
66
** TODO D-Bus AddClient() method on server object
67
** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods.
68
** TODO Emit [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties][org.freedesktop.DBus.Properties.PropertiesChanged]] signal
69
TODO Deprecate se.recompile.Mandos.Client.PropertyChanged - annotate!
70
TODO Can use "invalidates" annotation to also emit on changed secret.
71
** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object
72
Deprecate methods GetAllClients(), GetAllClientsWithProperties()
73
and signals ClientAdded and ClientRemoved.
74
** TODO Save state periodically to recover better from hard shutdowns
75
** TODO CheckerCompleted method, deprecate CheckedOK
76
** TODO Secret Service API?
77
http://standards.freedesktop.org/secret-service/
80
** Add mandos contact info in manual pages
83
*** Handle "no D-Bus server" and/or "no Mandos server found" better
84
*** [#B] --dump option
85
** TODO Support RFC 3339 time duration syntax
87
* TODO mandos-dispatch
88
Listens for specified D-Bus signals and spawns shell commands with
92
** TODO help should be toggleable
93
** Urwid client data displayer
94
Better view of client data in the listing
96
** Print a nice "We are sorry" message, save stack trace to log.
97
** Show timeout countdown for approval
100
** TODO "--secfile" option
101
Using the "secfile" option instead of "secret"
102
** TODO [#B] "--test" option
103
For testing decryption before rebooting.
106
** TODO [#C] Implement DEB_BUILD_OPTIONS
107
http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
110
** /usr/share/initramfs-tools/hooks/mandos
111
*** TODO [#C] use same file name rules as run-parts(8)
112
*** TODO [#C] Do not install in initrd.img if configured not to.
113
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
114
** TODO [#C] /etc/bash_completion.d/mandos
115
From XML sources directly?
118
** TODO Locate which package moves the other bin/sh when busybox is deactivated
119
** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox
48
122
#+STARTUP: showall
added
removed
TODO
