/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
-*- org -*-

* Testing
** python-nemu

* mandos-applet

* mandos-client
** TODO A --server option which only adds to the server list.
   (Unlike --connect, which implicitly disables zeroconf.)
** TODO [#B] Use capabilities instead of seteuid().
   https://forums.grsecurity.net/viewtopic.php?f=7&t=2522
** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
** TODO [#C] Make start_mandos_communication() take "struct server".
** TODO [#C] --interfaces=regex,eth*,noregex (bridge-utils-interfaces(5))
** TODO [#A] Detect partial writes to stdout and exit with EX_TEMPFAIL

* splashy
** TODO [#B] use scandir(3) instead of readdir(3)
** TODO [#A] Detect partial writes to stdout and exit with EX_TEMPFAIL

* usplash (Deprecated)
** TODO [#B] Make it work again
** TODO [#B] use scandir(3) instead of readdir(3)
** TODO [#A] Detect partial writes to stdout and exit with EX_TEMPFAIL

* askpass-fifo
** TODO [#A] Detect partial writes to stdout and exit with EX_TEMPFAIL

* password-prompt
** TODO [#B] lock stdin (with flock()?)
** TODO [#A] Detect partial writes to stdout and exit with EX_TEMPFAIL

* plymouth
** TODO [#A] Detect partial writes to stdout and exit with EX_TEMPFAIL

* TODO [#B] passdev

* plugin-runner
** TODO handle printing for errors for plugins
*** Hook up stderr of plugins, buffer them, and prepend "Mandos Plugin [plugin name]"
** TODO [#C] use same file name rules as run-parts(8)
** kernel command line option for debug info
** TODO [#A] Restart plugins which exit with EX_TEMPFAIL

* mandos (server)
** TODO [#B] --notify-command
   This would allow the mandos.service to use
   --notify-command="systemd-notify --pid --ready"
** TODO [#B] python-systemd
*** import systemd.daemon; systemd.daemon.notify()
** TODO [#B] Log level							  :BUGS:
*** TODO /etc/mandos/clients.d/*.conf
    Watch this directory and add/remove/update clients?
** TODO [#C] config for TXT record
** TODO Log level dbus option
   SetLogLevel D-Bus call
** TODO [#C] DBusServiceObjectUsingSuper
** TODO [#B] Global enable/disable flag
** TODO [#B] By-client countdown on number of secrets given
** D-Bus Client method NeedsPassword(50) - Timeout, default disapprove
    + SetPass(u"gazonk", True) -> Approval, persistent
    + Approve(False) -> Close client connection immediately
** TODO [#C] python-parsedatetime
** TODO Separate logging logic to own object
** TODO [#B] Limit approval_delay to max gnutls/tls timeout value
** TODO [#B] break the wait on approval_delay if connection dies
** TODO Generate Client.runtime_expansions from client options + extra
** TODO Allow %%(checker)s as a runtime expansion
** TODO D-Bus AddClient() method on server object
** TODO Use org.freedesktop.DBus.Method.NoReply annotation on async methods. :2:
** TODO Save state periodically to recover better from hard shutdowns
** TODO CheckerCompleted method, deprecate CheckedOK
** TODO Secret Service API?
   https://standards.freedesktop.org/secret-service/
** TODO Remove D-Bus interfaces with old domain name			  :2:
** TODO Remove old string_to_delta format				  :2:
** TODO http://0pointer.de/blog/projects/stateless.html
*** File in /usr/lib/sysusers.d to create user+group "_mandos"
** TODO Error handling on error parsing config files
** TODO init.d script error handling
** TODO D-Bus server properties; address, port, interface, etc.		  :2:
** Python 3								  :2:
*** TODO [#C] In Python 3.3, use shlex.quote() instead of re.escape()

* mandos-ctl
*** Handle "no D-Bus server" and/or "no Mandos server found" better
** TODO Remove old string_to_delta format				  :2:

* TODO mandos-dispatch
  Listens for specified D-Bus signals and spawns shell commands with
  arguments.

* mandos-monitor
** TODO --servicename						       :BUGS:
** TODO help should be toggleable
** Urwid client data displayer
   Better view of client data in the listing
*** Properties popup
** Print a nice "We are sorry" message, save stack trace to log.

* mandos-keygen
** TODO "--secfile" option
   Using the "secfile" option instead of "secret"
** TODO [#B] "--test" option
   For testing decryption before rebooting.

* Package
** /usr/share/initramfs-tools/hooks/mandos
*** TODO [#C] use same file name rules as run-parts(8)
*** TODO [#C] Do not install in initrd.img if configured not to.
    Use "/etc/initramfs-tools/hooksconf.d/mandos"?
** TODO [#C] $(pkg-config --variable=completionsdir bash-completion)
   From XML sources directly?

* Side Stuff
** TODO Locate which package moves the other bin/sh when busybox is deactivated
** TODO contact owner of package, and ask them to have that shell static in position regardless of busybox

* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]

* TODO Use raw public keys (RFC 7250) for TLS communications 		  :2:
** Support for this is planned for GnuTLS version 3.6
   https://gitlab.com/gnutls/gnutls/issues/26
** Rationale
*** The client key is used both for communication and encryption
    Using raw keys in GnuTLS instead uses separate keys for
    communication and password decryption.
*** GnuTLS 3.5.9 has deprecated the OpenPGP functions
    The functions are still available, but deprecated:
    https://gitlab.com/gnutls/gnutls/issues/102


#+STARTUP: showall