1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
-*- org -*-
* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
* mandos-applet
* mandos-client
** TODO [#A] Wireless network hook
** TODO [#B] Use capabilities instead of seteuid().
** TODO [#B] Use struct sockaddr_storage instead of a union
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
** TODO [#B] Use getnameinfo(serv=NULL, NI_NUMERICHOST) instead of inet_ntop()
** TODO [#B] Prefer /run/tmp over /tmp, if it exists
** TODO [#B] Use in_port_t instead of uint16_t for port numbers.
* splashy
** TODO [#B] use scandir(3) instead of readdir(3)
* usplash (Deprecated)
** TODO [#A] Make it work again
** TODO [#B] use scandir(3) instead of readdir(3)
** TODO Use [[info:libc:Argz%20Functions][argz_extract]]
* askpass-fifo
** TODO [#B] Drop privileges after opening FIFO.
* password-prompt
** TODO [#B] lock stdin (with flock()?)
* plymouth
* TODO [#B] passdev
* plugin-runner
** TODO handle printing for errors for plugins
*** Hook up stderr of plugins, buffer them, and prepend mandos pluig [plugin name]
** TODO [#B] use scandir(3) instead of readdir(3)
** TODO [#C] use same file name rules as run-parts(8)
** kernel command line option for debug info
** TODO [#B] Use openat()
* mandos (server)
** TODO Document why we ignore sigint
** TODO [#B] Log level :BUGS:
*** TODO /etc/mandos/clients.d/*.conf
Watch this directory and add/remove/update clients?
** TODO [#C] config for TXT record
** TODO Log level dbus option
SetLogLevel D-Bus call
** TODO Implement --foreground :BUGS:
[[info:standards:Option%20Table][Table of Long Options]]
** TODO Implement --socket
[[info:standards:Option%20Table][Table of Long Options]]
** TODO [#C] DBusServiceObjectUsingSuper
** TODO [#B] Global enable/disable flag
** TODO [#B] By-client countdown on number of secrets given
** TODO [#B] Support RFC 3339 time duration syntax
** More D-Bus methods
*** NeedsPassword(50) - Timeout, default disapprove
+ SetPass(u"gazonk", True) -> Approval, persistent
+ Approve(False) -> Close client connection immediately
** TODO [#C] python-parsedatetime
** TODO [#C] systemd/launchd
http://0pointer.de/blog/projects/systemd.html
http://wiki.debian.org/systemd
** TODO Separate logging logic to own object
** TODO [#A] Limit approval_delay to max gnutls/tls timeout value
** TODO [#B] break the wait on approval_delay if connection dies
** TODO Generate Client.runtime_expansions from client options + extra
** TODO Allow %%(checker)s as a runtime expansion
** TODO Use python-tlslite?
** TODO D-Bus AddClient() method on server object
** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods.
** TODO Emit [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties][org.freedesktop.DBus.Properties.PropertiesChanged]] signal
TODO Deprecate se.recompile.Mandos.Client.PropertyChanged - annotate!
TODO Can use "invalidates" annotation to also emit on changed secret.
** TODO Support [[http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager][org.freedesktop.DBus.ObjectManager]] interface on server object
Deprecate methods GetAllClients(), GetAllClientsWithProperties()
and signals ClientAdded and ClientRemoved.
** TODO Save state periodically to recover better from hard shutdowns
** TODO CheckerCompleted method, deprecate CheckedOK
** TODO Secret Service API?
http://standards.freedesktop.org/secret-service/
** TODO [[info:python:What's%20New%20in%20Python%202%206][What's New in Python 2.6]]
*** Start at [[info:python:PEP%203101%20Advanced%20String%20Formatting][PEP 3101 Advanced String Formatting]]
* mandos.xml
** Add mandos contact info in manual pages
* mandos-ctl
*** Handle "no D-Bus server" and/or "no Mandos server found" better
*** [#B] --dump option
** TODO Support RFC 3339 time duration syntax
* TODO mandos-dispatch
Listens for specified D-Bus signals and spawns shell commands with
arguments.
* mandos-monitor
** TODO help should be toggleable
** Urwid client data displayer
Better view of client data in the listing
*** Properties popup
** Print a nice "We are sorry" message, save stack trace to log.
** Show timeout countdown for approval
* mandos-keygen
** TODO "--secfile" option
Using the "secfile" option instead of "secret"
** TODO [#B] "--test" option
For testing decryption before rebooting.
* Makefile
** TODO [#C] Implement DEB_BUILD_OPTIONS
http://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
* Package
** /usr/share/initramfs-tools/hooks/mandos
*** TODO [#C] use same file name rules as run-parts(8)
*** TODO [#C] Do not install in initrd.img if configured not to.
Use "/etc/initramfs-tools/hooksconf.d/mandos"?
** TODO [#C] /etc/bash_completion.d/mandos
From XML sources directly?
* Side Stuff
** TODO Locate which package moves the other bin/sh when busybox is deactivated
** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox
�
#+STARTUP: showall
|