diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 373 |
1 files changed, 174 insertions, 199 deletions
@@ -2,290 +2,265 @@ Client: - * KERB-94: Handle duplicate kvnos in a newly returned keytab and an - existing keytab (such as when downloading an unchanging keytab and - merging it into an existing one) in some reasonable fashion. + * Handle duplicate kvnos in a newly returned keytab and an existing + keytab (such as when downloading an unchanging keytab and merging it + into an existing one) in some reasonable fashion. - * KERB-90: Support removing old kvnos from a merged keytab (similar to - kadmin ktremove old). + * Support removing old kvnos from a merged keytab (similar to kadmin + ktremove old). - * KERB-88: When reading configuration from krb5.conf, we should first try - to determine our principal from any existing Kerberos ticket cache - (after obtaining tickets if -u was given) and extract the realm from - that principal, using it as the default realm when reading - configuration information. + * When reading configuration from krb5.conf, we should first try to + determine our principal from any existing Kerberos ticket cache (after + obtaining tickets if -u was given) and extract the realm from that + principal, using it as the default realm when reading configuration + information. - * KERB-89: Add readline support to the wallet client to make it easier to - issue multiple commands. + * Add readline support to the wallet client to make it easier to issue + multiple commands. - * KERB-115: Support authenticating with a keytab. + * Support authenticating with a keytab. - * KERB-97: When obtaining tickets in the wallet client with -u, directly - obtain the service ticket we're going to use for remctl. + * When obtaining tickets in the wallet client with -u, directly obtain + the service ticket we're going to use for remctl. - * KERB-95: Provide a way to refresh a file object if and only if what's - stored on the server is different than what's on disk. This will - require server support as well for returning the checksum of a file. + * Provide a way to refresh a file object if and only if what's stored on + the server is different than what's on disk. This will require server + support as well for returning the checksum of a file. - * KERB-104: Incorporate the wallet-rekey-periodic script (currently in - contrib) into the package and teach it how to ignore foreign - credentials. + * Incorporate the wallet-rekey-periodic script (currently in contrib) + into the package and teach it how to ignore foreign credentials. Server Interface: - * KERB-126: Provide a way to get history for deleted objects and ACLs. + * Provide a way to get history for deleted objects and ACLs. - * KERB-66: Provide an interface to mass-change all instances of one ACL - to another. + * Provide an interface to mass-change all instances of one ACL to + another. (Owner changes are currently supported, but not the other + ACLs.) - * KERB-96: Add help functions to wallet-backend, wallet-report, and - wallet-admin listing the commands. + * Add help functions to wallet-backend and wallet-admin listing the + commands. - * KERB-52: Catch exceptions on object creation in wallet-backend so that - we can log those as well. + * Catch exceptions on object creation in wallet-backend so that we can + log those as well. - * KERB-114: Provide a way to list all objects for which the connecting - user has ACLs. + * Provide a way to list all objects for which the connecting user has + ACLs. - * KERB-101: Support limiting returned history information by timestamp. + * Support limiting returned history information by timestamp. - * KERB-128: Provide a REST implementation of the wallet server. + * Provide a REST implementation of the wallet server. - * KERB-79: Provide a CGI implementation of the wallet server. + * Provide a CGI implementation of the wallet server. - * KERB-111: Support setting flags and attributes on autocreate. In - general, work out a Wallet::Object::Template Perl object that I can - return that specifies things other than just the ACL. + * Support setting flags and attributes on autocreate. In general, work + out a Wallet::Object::Template Perl object that I can return that + specifies things other than just the ACL. - * KERB-93: Remove the hard-coded ADMIN ACL in the server with something - more configurable, perhaps a global ACL table or something. + * Remove the hard-coded ADMIN ACL in the server with something more + configurable, perhaps a global ACL table or something. - * KERB-68: Support leap-of-faith keying of systems by registering an - object for one-time download (ideally from a specific IP address) and - then allowing that object to be downloaded anonymously from that IP. - Relies on support for Kerberos anonymous authentication. + * Support leap-of-faith keying of systems by registering an object for + one-time download (ideally from a specific IP address) and then + allowing that object to be downloaded anonymously from that IP. Relies + on support for Kerberos anonymous authentication. - * KERB-84: Split "get" and "update" in semantics, and only do keytab - rekeying on update. "get" would not be permitted unless the keytab was - flagged as unchanging, and update would still change even an unchanging - keytab (maybe). Or, alternately, maybe we allow get of any keytab? - Requires more thought. + * Split "get" and "update" in semantics, and only do keytab rekeying on + update. "get" would not be permitted unless the keytab was flagged as + unchanging, and update would still change even an unchanging keytab + (maybe). Or, alternately, maybe we allow get of any keytab? Requires + more thought. - * KERB-118: Add command to list available types and schemes. + * Add a mechanism to automate owner updates based on default_owner. - * KERB-75: Add a mechanism to automate owner updates based on - default_owner. + * Partially merge create and autocreate. create and autocreate should do + the same thing provided there is an autocreation configuration + available. If not, autocreate should fail and create should fall back + on checking for ADMIN privileges. - * KERB-64: Partially merge create and autocreate. create and autocreate - should do the same thing provided there is an autocreation - configuration available. If not, autocreate should fail and create - should fall back on checking for ADMIN privileges. + * Rewrite server backends to use Net::Remctl::Backend. - * KERB-116: Support file object renaming. + * Merge the Wallet::Logger support written by Commerzbank AG: create a + new class that handles logging, probably based on Log::Log4perl, and + add logging points to all of the core classes. - * KERB-131: Rewrite server backends to use Net::Remctl::Backend. - - * KERB-132: Merge the Wallet::Logger support written by Commerzbank AG: - create a new class that handles logging, probably based on - Log::Log4perl, and add logging points to all of the core classes. - - * KERB-133: Support an authorization hook to determine whether or not to - permit autocreate. One requested example feature is to limit - autocreate of keytab objects to certain hosts involved in deployment. - It should be possible to write a hook that takes the information about - what object is being autocreated and can accept or decline. + * Support an authorization hook to determine whether or not to permit + autocreate. One requested example feature is to limit autocreate of + keytab objects to certain hosts involved in deployment. It should be + possible to write a hook that takes the information about what object + is being autocreated and can accept or decline. ACLs: - * KERB-119: Error messages from ACL operations should refer to the ACLs - by name instead of by ID. - - * KERB-121: Write the PTS ACL verifier. + * Error messages from ACL operations should refer to the ACLs by name + instead of by ID. - * KERB-123: Rename Wallet::ACL::* to Wallet::Verifier::*. Add - Wallet::ACL as a generic interface with Wallet::ACL::Database and - Wallet::ACL::List implementations (or some similar name) so that we can - create and check an ACL without having to write it into the database. - Redo default ACL creation using that functionality. + * Write the PTS ACL verifier. - * KERB-67: Pass a reference to the object for which the ACL is - interpreted to the ACL API so that ACL APIs can make more complex - decisions. + * Rename Wallet::ACL::* to Wallet::Verifier::*. Add Wallet::ACL as a + generic interface with Wallet::ACL::Database and Wallet::ACL::List + implementations (or some similar name) so that we can create and check + an ACL without having to write it into the database. Redo default ACL + creation using that functionality. - * KERB-109: A group-in-groups ACL schema. + * Pass a reference to the object for which the ACL is interpreted to the + ACL API so that ACL APIs can make more complex decisions. - * KERB-113: Provide an API for verifiers to syntax-check the values - before an ACL is set and implement syntax checking for the krb5 and - ldap-attr verifiers. + * Provide an API for verifiers to syntax-check the values before an ACL + is set and implement syntax checking for the krb5 and ldap-attr + verifiers. - * KERB-60: Investigate how best to support client authentication using - anonymous PKINIT for things like initial system keying. + * Investigate how best to support client authentication using anonymous + PKINIT for things like initial system keying. - * KERB-72: Generalize the current NetDB ACL type to allow a generic - remctl query for whether a particular user is authorized to create - host-based objects for a particular host. + * Generalize the current NetDB ACL type to allow a generic remctl query + for whether a particular user is authorized to create host-based + objects for a particular host. - * KERB-78: Add ldap-group ACL scheme. + * Add ldap-group ACL scheme (and possibly a root-only version). - * KERB-63: Provide a root-instance version of the ldap-attr (and possibly - the ldap-group) ACL schemes. + * Add a comment field to ACLs. - * KERB-86: Add a comment field to ACLs. + * Support external ACLs under a backend other than remctl. This will + require some way of re-exporting the authenticated user identity + instead of relying on the existence of the remctl variables. Database: - * KERB-55: Fix case-insensitivity bug in unique keys with MySQL for - objects. When creating an http/<host> principal when an HTTP/<host> - principal already existed, MySQL rejected the row entry as a duplicate. - The name should be case-sensitive. + * Fix case-insensitivity bug in unique keys with MySQL for objects. When + creating an http/<host> principal when an HTTP/<host> principal already + existed, MySQL rejected the row entry as a duplicate. The name should + be case-sensitive. - * KERB-103: On upgrades, support adding new object types and ACL - verifiers to the class tables. + * On upgrades, support adding new object types and ACL verifiers to the + class tables. Objects: - * KERB-120: Check whether we can just drop the realm restriction on - keytabs and allow the name to contain the realm if the Kerberos type is - Heimdal. + * Check whether we can just drop the realm restriction on keytabs and + allow the name to contain the realm if the Kerberos type is Heimdal. - * KERB-59: Use the Perl Authen::Krb5::Admin module instead of rolling our - own kadmin code with Expect now that MIT Kerberos has made the kadmin - API public. + * Use the Perl Authen::Krb5::Admin module instead of rolling our own + kadmin code with Expect now that MIT Kerberos has made the kadmin API + public. - * KERB-85: Implement an ssh keypair wallet object. The server can run - ssh-keygen to generate a public/private key pair and return both to the - client, which would split them apart. Used primarily for host keys. - May need a side table to store key types, or a naming convention. + * Implement an ssh keypair wallet object. The server can run ssh-keygen + to generate a public/private key pair and return both to the client, + which would split them apart. Used primarily for host keys. May need + a side table to store key types, or a naming convention. - * KERB-124: Implement an X.509 certificate object. I expect this would - store the public and private key as a single file in the same format - that Apache can read for combined public and private keys. There were - requests for storing the CSR, but I don't see why you'd want to do - that. Start with store support. The file code is mostly sufficient - here, but it would be nice to automatically support object expiration - based on the expiration time for the certificate. + * Implement an X.509 certificate object. I expect this would store the + public and private key as a single file in the same format that Apache + can read for combined public and private keys. There were requests for + storing the CSR, but I don't see why you'd want to do that. Start with + store support. The file code is mostly sufficient here, but it would + be nice to automatically support object expiration based on the + expiration time for the certificate. - * KERB-106: Implement an X.509 CA so that you can get certificate objects - without storing them first. Need to resolve naming conventions if you - want to run multiple CAs on the same wallet server (but why?). Should - this be a different type than stored certificates? Consider using - hxtool as the underlying CA mechanism. + * Implement an X.509 CA so that you can get certificate objects without + storing them first. Need to resolve naming conventions if you want to + run multiple CAs on the same wallet server (but why?). Should this be + a different type than stored certificates? Consider using hxtool as + the underlying CA mechanism. - * KERB-77: Support returning the checksum of a file object stored in - wallet so that one can determine whether the version stored on disk is - identical. + * Support returning the checksum of a file object stored in wallet so + that one can determine whether the version stored on disk is identical. - * KERB-108: Implement new password wallet object, which is like file - except that it generates a random, strong password when retrieved the - first time without being stored. - - * KERB-71: Support interrogating objects to find all host-based objects - for a particular host, allowing cleanup of all of those host's objects - after retiring the host. - - * KERB-127: Support setting the disallow-svr flag on created principals. - In general, support setting arbitrary principal flags. + * Support setting the disallow-svr flag on created principals. In + general, support setting arbitrary principal flags. Reports: - * KERB-117: Add audit for references to unknown ACLs, possibly introduced - by previous versions before ACL deletion was checked with database + * Add audit for references to unknown ACLs, possibly introduced by + previous versions before ACL deletion was checked with database backends that don't do referential integrity. - * KERB-105: Add report for all objects that have never been stored. - - * KERB-122: For objects tied to hostnames, report on objects referring to - hosts which do not exist. For the initial pass, this is probably only - keytab objects with names containing a slash where the part after the - slash looks like a hostname. This may need some configuration help. + * For objects tied to hostnames, report on objects referring to hosts + which do not exist. For the initial pass, this is probably only keytab + objects with names containing a slash where the part after the slash + looks like a hostname. This may need some configuration help. - * KERB-102: Make contrib/wallet-summary generic and include it in - wallet-report, with additional configuration in Wallet::Config. - Enhance it to report on any sort of object, not just on keytabs, and to - give numbers on downloaded versus not downloaded objects. + * Make contrib/wallet-summary generic and include it in wallet-report, + with additional configuration in Wallet::Config. Enhance it to report + on any sort of object, not just on keytabs, and to give numbers on + downloaded versus not downloaded objects. - * KERB-69: Write a tool to mail the owners of wallet objects, taking the - list of objects and the mail message to send as inputs. This could - possibly use the notification service, although a version that sends - mail directly would be useful external to Stanford. + * Write a tool to mail the owners of wallet objects, taking the list of + objects and the mail message to send as inputs. This could possibly + use the notification service, although a version that sends mail + directly would be useful external to Stanford. - * KERB-134: Merge the Commerzbank AG work to dump all the object history, - applying various search criteria to it, or clear parts of the object - history. + * Merge the Commerzbank AG work to dump all the object history, applying + various search criteria to it, or clear parts of the object history. Administrative Interface: - * KERB-80: Add a function to wallet-admin to purge expired entries. - Possibly also check expiration before allowing anyone to get or store - objects. + * Add a function to wallet-admin to purge expired entries. Possibly also + check expiration before allowing anyone to get or store objects. - * KERB-58: Add a function or separate script to automate removal of - DNS-based objects for which the hosts no longer exist. Will need to - support a site-specific callout to determine whether the host exists. + * Add a function or separate script to automate removal of DNS-based + objects for which the hosts no longer exist. Will need to support a + site-specific callout to determine whether the host exists. - * KERB-54: Database creation appears not to work without the SQL files, - but it's supposed to work directly from the classes. Double-check - this. + * Database creation appears not to work without the SQL files, but it's + supposed to work directly from the classes. Double-check this. Documentation: - * KERB-82: Write a conventions document for ACL naming, object naming, - and similar issues. + * Write a conventions document for ACL naming, object naming, and similar + issues. - * KERB-125: Write a future design and roadmap document to collect notes - about how unimplemented features should be handled. + * Write a future design and roadmap document to collect notes about how + unimplemented features should be handled. - * KERB-65: Document using the wallet system over something other than - remctl. + * Document using the wallet system over something other than remctl. - * KERB-112: Document all diagnostics for all wallet APIs. + * Document all diagnostics for all wallet APIs. - * KERB-135: Document configuration with an Oracle database. + * Document configuration with an Oracle database. Code Style and Cleanup: - * KERB-98: There is a lot of duplicate code in wallet-backend. Convert - that to use some sort of data-driven model with argument count and - flags so that the method calls can be written only once. Convert - wallet-admin to use the same code. + * There is a lot of duplicate code in wallet-backend. Convert that to + use some sort of data-driven model with argument count and flags so + that the method calls can be written only once. Convert wallet-admin + to use the same code. - * KERB-100: There's a lot of code duplication in the dispatch functions - in the Wallet::Server class. Find a way to rewrite that so that the - dispatch doesn't duplicate the same code patterns. + * There's a lot of code duplication in the dispatch functions in the + Wallet::Server class. Find a way to rewrite that so that the dispatch + doesn't duplicate the same code patterns. - * KERB-73: The wallet-backend and wallet documentation share the COMMANDS - section. Work out some means to assemble the documentation without - duplicating content. + * The wallet-backend and wallet documentation share the COMMANDS section. + Work out some means to assemble the documentation without duplicating + content. - * KERB-110: The Wallet::Config class is very ugly and could use some - better internal API to reference the variables in it. + * The Wallet::Config class is very ugly and could use some better + internal API to reference the variables in it. - * KERB-76: Consider using Class::Accessor to get rid of the scaffolding - code to access object data. Alternately, consider using Moose. + * Consider using Class::Accessor to get rid of the scaffolding code to + access object data. Alternately, consider using Moose. - * KERB-130: Rewrite the error handling to use exceptions instead of the - C-style return value and separate error call. + * Rewrite the error handling to use exceptions instead of the C-style + return value and separate error call. Test Suite: - * KERB-92: The ldap-attr verifier test case is awful and completely - specific to people with admin access to the Stanford LDAP tree. Write - a real test. + * The ldap-attr verifier test case is awful and completely specific to + people with admin access to the Stanford LDAP tree. Write a real test. - * KERB-87: Rename the tests to use a subdirectory organization. + * Rename the tests to use a subdirectory organization. - * KERB-61: Add POD coverage testing using Test::POD::Coverage for the - server modules. + * Add POD coverage testing using Test::POD::Coverage for the server + modules. - * KERB-91: Rewrite the client test suite to use Perl and to make better - use of shared code so that it can be broken into function components. + * Rewrite the client test suite to use Perl and to make better use of + shared code so that it can be broken into function components. - * KERB-74: Refactor the test suite for the wallet backend to try to - reduce the duplicated code. Using a real mock infrastructure should - make this test suite much easier to write. + * Refactor the test suite for the wallet backend to try to reduce the + duplicated code. Using a real mock infrastructure should make this + test suite much easier to write. - * KERB-81: Pull common test suite code into a Perl library that can be - reused. + * Pull common test suite code into a Perl library that can be reused. - * KERB-99: Write a test suite to scan all wallet code looking for - diagnostics that aren't in the documentation and warn about them. + * Write a test suite to scan all wallet code looking for diagnostics that + aren't in the documentation and warn about them. |