1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
|
**
** beta_0.9 requirements
**
**
** Release 1.0 requirements
**
* Logging to syslog (done)
* Complete admin program (done)
- Admin program should use eurephiaDB (done)
- Add / Delete / Modify users (done)
- Add / Delete / Modify certificates (by loading the certfile) (done)
- Add / Remove user->certlink (done)
- Add / Remove access profiles (done)
- Show Add / Delete blacklisted users/cert/IP addr (done)
- Show complete lastlog (done)
- Simplify all admin functions in dbdriver (done)
**
** Release 1.1 requirements
**
* enhanced firewall thread (fork)
- Write a binary which is executed via execve(...) after fork
(this should release memory kept by openvpn in the forked process)
- This binary will be started by the eurephia plug-in
- This binary loads the firewall interface (dlopen)
- This binary takes care of opening up and destructing of message
queues and semaphores
* Separate database API and openvpn plug-in
- Have a separate eurephia daemon which can be chrooted and locked
down. Communicate via SSL, a unix socket or Posix MQ.
- The eurephia daemon will load the database driver and do all
authentication and DB work.
- The openvpn plug-in wil only implement an API to the eurephia daemon
and will never do decisions by itself.
- Firewall changes will be propagated from the openvpn plug-in at this phase
* Admin utility - add ePasswd program
- Changes password in the eurephia user database for the eurephia
authenticated user
- This utility will communicate with the eurephia daemon, so all
authentication is taken care of outside this program.
**
** Release 1.1
**
* Write PostgreSQL driver
* Write MySQL driver
**
** Wish list
**
* A lot of QA utilities (release 1.1?)
- Writing test program for DB drivers
- which tests only the driver (loads .so file)
- which tests the API, simulating openvpn calls
- Check that user gets blocked and blacklisted on too many failing attempts
- Check that right connection profiles are used
- Check that user/cert matches
* Write web based admin GUI, using libmicrohttpd (release 1.2?)
* Implement Kerberos user authentication (release 1.3?)
- User/password authentication is done via Kerberos, using
userID(?) from Kerberos ... to replace openvpn_users
* Consider some way of LDAP integration as well
|