diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 299 |
1 files changed, 167 insertions, 132 deletions
@@ -2,206 +2,241 @@ Client: - * Handle duplicate kvnos in a newly returned keytab and an existing - keytab (such as when downloading an unchanging keytab and merging it - into an existing one) in some reasonable fashion. + * WALLET-5: Handle duplicate kvnos in a newly returned keytab and an + existing keytab (such as when downloading an unchanging keytab and + merging it into an existing one) in some reasonable fashion. - * Support removing old kvnos from a merged keytab (similar to kadmin - ktremove old). + * WALLET-6: Support removing old kvnos from a merged keytab (similar to + kadmin ktremove old). - * When reading configuration from krb5.conf, we should first try to - determine our principal from any existing K5 ticket cache (after - obtaining tickets if -u was given) and extract the realm from that - principal, using it as the default realm when reading configuration - information. + * WALLET-7: When reading configuration from krb5.conf, we should first + try to determine our principal from any existing Kerberos ticket cache + (after obtaining tickets if -u was given) and extract the realm from + that principal, using it as the default realm when reading + configuration information. - * Add readline support to the wallet client to make it easier to issue - multiple commands. + * WALLET-8: Add readline support to the wallet client to make it easier + to issue multiple commands. - * Support authenticating with a keytab. + * WALLET-9: Support authenticating with a keytab. - * Allow store data to contain nuls. Requires rewriting the command - processing for store to use iovecs. + * WALLET-10: When obtaining tickets in the wallet client with -u, + directly obtain the service ticket we're going to use for remctl. - * When obtaining tickets in the wallet client with -u, should we get a - TGT as we do now or just directly obtain the service ticket we're going - to use for remctl? + * WALLET-11: Provide a way to refresh a file object if and only if what's + stored on the server is different than what's on disk. This will + require server support as well for returning the checksum of a file. Server Interface: - * Provide a way to get history for deleted objects and ACLs. + * WALLET-13: Provide a way to get history for deleted objects and ACLs. - * Provide an interface to mass-change all instances of one ACL to another. + * WALLET-14: Provide an interface to mass-change all instances of one ACL + to another. - * Add help functions to wallet-backend, wallet-report, and wallet-admin - listing the commands. + * WALLET-15: Add help functions to wallet-backend, wallet-report, and + wallet-admin listing the commands. - * Catch exceptions on object creation in wallet-backend so that we can - log those as well. + * WALLET-16: Catch exceptions on object creation in wallet-backend so + that we can log those as well. - * Provide a way to list all objects for which the connecting user has - ACLs. + * WALLET-17: Provide a way to list all objects for which the connecting + user has ACLs. - * Support limiting returned history information by timestamp. + * WALLET-18: Support limiting returned history information by timestamp. - * Add a comment field for objects that can be set by the owner. + * WALLET-19: Provide a REST implementation of the wallet server. - * Provide a REST implementation of the wallet server. + * WALLET-20: Provide a CGI implementation of the wallet server. - * Provide a CGI implementation of the wallet server. + * WALLET-21: Support setting flags and attributes on autocreate. In + general, work out a Wallet::Object::Template Perl object that I can + return that specifies things other than just the ACL. - * Support setting flags and attributes on autocreate. In general, work - out a Wallet::Object::Template Perl object that I can return that - specifies things other than just the ACL. + * WALLET-22: Remove the hard-coded ADMIN ACL in the server with something + more configurable, perhaps a global ACL table or something. - * Remove the hard-coded ADMIN ACL in the server with something more - configurable, perhaps a global ACL table or something. + * WALLET-63: Support leap-of-faith keying of systems by registering an + object for one-time download (ideally from a specific IP address) and + then allowing that object to be downloaded anonymously from that IP. + Relies on support for Kerberos anonymous authentication. + + * WALLET-64: Split "get" and "update" in semantics, and only do keytab + rekeying on update. "get" would not be permitted unless the keytab was + flagged as unchanging, and update would still change even an unchanging + keytab (maybe). Or, alternately, maybe we allow get of any keytab? + Requires more thought. ACLs: - * Error messages from ACL operations should refer to the ACLs by name - instead of by ID. + * WALLET-23: Error messages from ACL operations should refer to the ACLs + by name instead of by ID. - * Write the LDAP entitlement ACL verifier. + * WALLET-24: Write the PTS ACL verifier. - * Write the PTS ACL verifier. + * WALLET-25: Rename Wallet::ACL::* to Wallet::Verifier::*. Add + Wallet::ACL as a generic interface with Wallet::ACL::Database and + Wallet::ACL::List implementations (or some similar name) so that we can + create and check an ACL without having to write it into the database. + Redo default ACL creation using that functionality. - * Rename Wallet::ACL::* to Wallet::Verifier::*. Add Wallet::ACL as a - generic interface with Wallet::ACL::Database and Wallet::ACL::List - implementations (or some similar name) so that we can create and check - an ACL without having to write it into the database. Redo default ACL - creation using that functionality. + * WALLET-26: Pass a reference to the object for which the ACL is + interpreted to the ACL API so that ACL APIs can make more complex + decisions. - * Pass a reference to the object for which the ACL is interpreted to the - ACL API so that ACL APIs can make more complex decisions. + * WALLET-27: A group-in-groups ACL schema. - * Support for pattern matching in ACLs. + * WALLET-28: Provide an API for verifiers to syntax-check the values + before an ACL is set and implement syntax checking for the krb5 and + ldap-attr verifiers. - * A group-in-groups ACL schema. + * WALLET-29: Investigate how best to support client authentication using + anonymous PKINIT for things like initial system keying. - * Provide an API for verifiers to syntax-check the values before an ACL - is set and implement syntax checking for the Krb5 verifier. +Database: - * Investigate how best to support client authentication using anonymous - PKINIT for things like initial system keying. + * WALLET-30: Fix case-insensitivity bug in unique keys with MySQL for + objects. -Database: + * WALLET-31: On upgrades, support adding new object types and ACL + verifiers to the class tables. - * Fix case-insensitivity bug in unique keys with MySQL for objects. +Objects: - * Add the database schema version to a global table so that we can use it - to support schema upgrades in the future. + * WALLET-32: Check whether we can just drop the realm restriction on + keytabs and allow the name to contain the realm if the Kerberos type is + Heimdal. - * On upgrades, support adding new object types and ACL verifiers to the - class tables. + * WALLET-4: Write a WebAuth keyring object store. It should support + attributes saying how long to keep old keys and how far in advance to + create new keys and update the keyring as needed on object download. -Objects: + * WALLET-33: Use the Perl Authen::Krb5::Admin module instead of rolling + our own kadmin code with Expect now that MIT Kerberos has made the + kadmin API public. - * Check whether we can just drop the realm restriction on keytabs and - allow the name to contain the realm if the Kerberos type is Heimdal. + * WALLET-34: Implement an ssh keypair wallet object. The server can run + ssh-keygen to generate a public/private key pair and return both to the + client, which would split them apart. Used primarily for host keys. + May need a side table to store key types, or a naming convention. - * Write a WebAuth keyring object store. It should support attributes - saying how long to keep old keys and how far in advance to create new - keys and update the keyring as needed on object download. + * WALLET-35: Implement an X.509 certificate object. I expect this would + store the public and private key as a single file in the same format + that Apache can read for combined public and private keys. There were + requests for storing the CSR, but I don't see why you'd want to do + that. Start with store support. The file code is mostly sufficient + here, but it would be nice to automatically support object expiration + based on the expiration time for the certificate. - * Use the Perl Authen::Krb5::Admin module instead of rolling our own - kadmin code with Expect now that MIT Kerberos has made the kadmin API - public. + * WALLET-36: Implement an X.509 CA so that you can get certificate + objects without storing them first. Need to resolve naming conventions + if you want to run multiple CAs on the same wallet server (but why?). + Should this be a different type than stored certificates? - * Implement an ssh keypair wallet object. The server can run ssh-keygen - to generate a public/private key pair and return both to the client, - which would split them apart. Used primarily for host keys. May need - a side table to store key types, or a naming convention. + * WALLET-37: Support returning the checksum of a file object stored in + wallet so that one can determine whether the version stored on disk is + identical. - * Implement an X.509 certificate object. I expect this would store the - public and private key as a single file in the same format that Apache - can read for combined public and private keys. There were requests for - storing the CSR, but I don't see why you'd want to do that. Start with - store support. The file code is mostly sufficient here, but it would - be nice to automatically support object expiration based on the - expiration time for the certificate. + * WALLET-60: Implement new password wallet object, which is like file + except that it generates a random, strong password when retrieved the + first time without being stored. - * Implement an X.509 CA so that you can get certificate objects without - storing them first. Need to resolve naming conventions if you want to - run multiple CAs on the same wallet server (but why?). Should this be - a different type than stored certificates? + * WALLET-61: Support interrogating objects to find all host-based objects + for a particular host, allowing cleanup of all of those host's objects + after retiring the host. Reports: - * Add audit for references to unknown ACLs, possibly introduced by - previous versions before ACL deletion was checked with database - backends that don't do referential integrity. + * WALLET-38: Add audit for references to unknown ACLs, possibly + introduced by previous versions before ACL deletion was checked with + database backends that don't do referential integrity. - * Add report for all objects that have never been stored. + * WALLET-39: Add report for all objects that have never been stored. - * Add report of all ACLs with identical contents. + * WALLET-40: For objects tied to hostnames, report on objects referring + to hosts which do not exist. For the initial pass, this is probably + only keytab objects with names containing a slash where the part after + the slash looks like a hostname. This may need some configuration + help. - * For objects tied to hostnames, report on objects referring to hosts - which do not exist. For the initial pass, this is probably only keytab - objects with names containing a slash where the part after the slash - looks like a hostname. This may need some configuration help. + * WALLET-41: Make contrib/wallet-summary generic and include it in + wallet-report, with additional configuration in Wallet::Config. + Enhance it to report on any sort of object, not just on keytabs, and to + give numbers on downloaded versus not downloaded objects. - * Make contrib/wallet-summary generic and include it in wallet-report, - with additional configuration in Wallet::Config. Enhance it to report - on any sort of object, not just on keytabs, and to give numbers on - downloaded versus not downloaded objects. + * WALLET-62: Write a tool to mail the owners of wallet objects, taking + the list of objects and the mail message to send as inputs. This could + possibly use the notification service, although a version that sends + mail directly would be useful external to Stanford. Administrative Interface: - * Add a function to wallet-admin to purge expired entries. Possibly also - check expiration before allowing anyone to get or store objects. + * WALLET-42: Add a function to wallet-admin to purge expired entries. + Possibly also check expiration before allowing anyone to get or store + objects. + + * WALLET-3: Add a function or separate script to automate removal of + DNS-based objects for which the hosts no longer exist. Will need to + support a site-specific callout to determine whether the host exists. + + * WALLET-66: Database creation appears not to work without the SQL files, + but it's supposed to work directly from the classes. Double-check + this. Documentation: - * Write a conventions document for ACL naming, object naming, and similar - issues. + * WALLET-43: Write a conventions document for ACL naming, object naming, + and similar issues. - * Write a future design and roadmap document to collect notes about how - unimplemented features should be handled. + * WALLET-44: Write a future design and roadmap document to collect notes + about how unimplemented features should be handled. - * Document using the wallet system over something other than remctl. + * WALLET-45: Document using the wallet system over something other than + remctl. - * Document all diagnostics for all wallet APIs. + * WALLET-46: Document all diagnostics for all wallet APIs. Code Style and Cleanup: - * There is a lot of duplicate code in wallet-backend. Convert that to - use some sort of data-driven model with argument count and flags so - that the method calls can be written only once. Convert wallet-admin - to use the same code. - - * There's a lot of code duplication in the dispatch functions in the - Wallet::Server class. Find a way to rewrite that so that the dispatch - doesn't duplicate the same code patterns. + * WALLET-47: There is a lot of duplicate code in wallet-backend. Convert + that to use some sort of data-driven model with argument count and + flags so that the method calls can be written only once. Convert + wallet-admin to use the same code. - * The wallet-backend and wallet documentation share the COMMANDS section. - Work out some means to assemble the documentation without duplicating - content. + * WALLET-48: There's a lot of code duplication in the dispatch functions + in the Wallet::Server class. Find a way to rewrite that so that the + dispatch doesn't duplicate the same code patterns. - * The Wallet::Config class is very ugly and could use some better - internal API to reference the variables in it. + * WALLET-49: The wallet-backend and wallet documentation share the + COMMANDS section. Work out some means to assemble the documentation + without duplicating content. - * Use Class::DBI and Class::Trigger to handle the data access layer - rather than writing SQL directly, and implement the logging - requirements with triggers rather than explicit SQL. This may also - replace Wallet::Schema. + * WALLET-50: The Wallet::Config class is very ugly and could use some + better internal API to reference the variables in it. - * Consider using Class::Accessor to get rid of the scaffolding code to - access object data, and a Wallet::Base class to handle things like the - error() method common to many classes. + * WALLET-52: Consider using Class::Accessor to get rid of the scaffolding + code to access object data, and a Wallet::Base class to handle things + like the error() method common to many classes. Test Suite: - * Add POD coverage testing using Test::POD::Coverage for the server - modules. + * WALLET-53: The ldap-attr verifier test case is awful and completely + specific to people with admin access to the Stanford LDAP tree. Write + a real test. + + * WALLET-54: Rename the tests to use a subdirectory organization. + + * WALLET-55: Add POD coverage testing using Test::POD::Coverage for the + server modules. - * Rewrite the client test suite to use Perl and to make better use of - shared code so that it can be broken into function components. + * WALLET-56: Rewrite the client test suite to use Perl and to make better + use of shared code so that it can be broken into function components. - * Refactor the test suite for the wallet backend to try to reduce the - duplicated code. + * WALLET-57: Refactor the test suite for the wallet backend to try to + reduce the duplicated code. - * Pull common test suite code into a Perl library that can be reused. + * WALLET-58: Pull common test suite code into a Perl library that can be + reused. - * Write a test suite to scan all wallet code looking for diagnostics that - aren't in the documentation and warn about them. + * WALLET-59: Write a test suite to scan all wallet code looking for + diagnostics that aren't in the documentation and warn about them. |