** ** beta_0.9 requirements ** ** ** Release 1.0 requirements ** * Complete admin program - Admin program should use eurephiaDB (done) - Add / Delete / Modify users (done) - Add / Delete / Modify certificates (by loading the certfile) (done) - Add / Remove user->certlink (done) - Add / Remove access profiles (done) - Show Add / Delete blacklisted users/cert/IP addr - Show complete lastlog (done, need to improve filtering >=, <=) ** ** Release 1.1 requirements ** * Logging to syslog * enhanced firewall thread (fork) - Write a binary which is executed via execve(...) after fork (this should release memory kept by openvpn in the forked process) - This binary will be started by the eurephia plug-in - This binary loads the firewall interface (dlopen) - This binary takes care of opening up and destructing of message queues and semaphores * Separate database API and openvpn plug-in - Have a separate eurephia daemon which can be chrooted and locked down. Communicate via SSL, a unix socket or Posix MQ. - The eurephia daemon will load the database driver and do all authentication and DB work. - The openvpn plug-in wil only implement an API to the eurephia daemon and will never do decisions by itself. - Firewall changes will be propagated from the openvpn plug-in at this phase * Admin utility - add ePasswd program - Changes password in the eurephia user database for the eurephia authenticated user - This utility will communicate with the eurephia daemon, so all authentication is taken care of outside this program. ** ** Release 1.2 ** * Write PostgreSQL driver (David S.) * Write web based admin GUI, using libmicrohttpd ** ** Wish list ** * A lot of QA utilities (release 1.1?) - Writing test program for DB drivers - which tests only the driver (loads .so file) - which tests the API, simulating openvpn calls - Check that user gets blocked and blacklisted on too many failing attempts - Check that right connection profiles are used - Check that user/cert matches * Write MySQL driver (release 1.3?) * Implement Kerberos user authentication (release 1.3?) - User/password authentication is done via Kerberos, using userID(?) from Kerberos ... to replace openvpn_users * Consider some way of LDAP integration as well