1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
wallet To-Do List
Client:
* WALLET-5: Handle duplicate kvnos in a newly returned keytab and an
existing keytab (such as when downloading an unchanging keytab and
merging it into an existing one) in some reasonable fashion.
* WALLET-6: Support removing old kvnos from a merged keytab (similar to
kadmin ktremove old).
* WALLET-7: When reading configuration from krb5.conf, we should first
try to determine our principal from any existing Kerberos ticket cache
(after obtaining tickets if -u was given) and extract the realm from
that principal, using it as the default realm when reading
configuration information.
* WALLET-8: Add readline support to the wallet client to make it easier
to issue multiple commands.
* WALLET-9: Support authenticating with a keytab.
* WALLET-10: When obtaining tickets in the wallet client with -u,
directly obtain the service ticket we're going to use for remctl.
* WALLET-11: Provide a way to refresh a file object if and only if what's
stored on the server is different than what's on disk. This will
require server support as well for returning the checksum of a file.
Server Interface:
* WALLET-12: Add check command for ACLs similar to the check command for
objects.
* WALLET-13: Provide a way to get history for deleted objects and ACLs.
* WALLET-14: Provide an interface to mass-change all instances of one ACL
to another.
* WALLET-15: Add help functions to wallet-backend, wallet-report, and
wallet-admin listing the commands.
* WALLET-16: Catch exceptions on object creation in wallet-backend so
that we can log those as well.
* WALLET-17: Provide a way to list all objects for which the connecting
user has ACLs.
* WALLET-18: Support limiting returned history information by timestamp.
* WALLET-19: Provide a REST implementation of the wallet server.
* WALLET-20: Provide a CGI implementation of the wallet server.
* WALLET-21: Support setting flags and attributes on autocreate. In
general, work out a Wallet::Object::Template Perl object that I can
return that specifies things other than just the ACL.
* WALLET-22: Remove the hard-coded ADMIN ACL in the server with something
more configurable, perhaps a global ACL table or something.
* WALLET-63: Support leap-of-faith keying of systems by registering an
object for one-time download (ideally from a specific IP address) and
then allowing that object to be downloaded anonymously from that IP.
Relies on support for Kerberos anonymous authentication.
ACLs:
* WALLET-23: Error messages from ACL operations should refer to the ACLs
by name instead of by ID.
* WALLET-24: Write the PTS ACL verifier.
* WALLET-25: Rename Wallet::ACL::* to Wallet::Verifier::*. Add
Wallet::ACL as a generic interface with Wallet::ACL::Database and
Wallet::ACL::List implementations (or some similar name) so that we can
create and check an ACL without having to write it into the database.
Redo default ACL creation using that functionality.
* WALLET-26: Pass a reference to the object for which the ACL is
interpreted to the ACL API so that ACL APIs can make more complex
decisions.
* WALLET-27: A group-in-groups ACL schema.
* WALLET-28: Provide an API for verifiers to syntax-check the values
before an ACL is set and implement syntax checking for the krb5 and
ldap-attr verifiers.
* WALLET-29: Investigate how best to support client authentication using
anonymous PKINIT for things like initial system keying.
Database:
* WALLET-30: Fix case-insensitivity bug in unique keys with MySQL for
objects.
* WALLET-31: On upgrades, support adding new object types and ACL
verifiers to the class tables.
Objects:
* WALLET-32: Check whether we can just drop the realm restriction on
keytabs and allow the name to contain the realm if the Kerberos type is
Heimdal.
* WALLET-4: Write a WebAuth keyring object store. It should support
attributes saying how long to keep old keys and how far in advance to
create new keys and update the keyring as needed on object download.
* WALLET-33: Use the Perl Authen::Krb5::Admin module instead of rolling
our own kadmin code with Expect now that MIT Kerberos has made the
kadmin API public.
* WALLET-34: Implement an ssh keypair wallet object. The server can run
ssh-keygen to generate a public/private key pair and return both to the
client, which would split them apart. Used primarily for host keys.
May need a side table to store key types, or a naming convention.
* WALLET-35: Implement an X.509 certificate object. I expect this would
store the public and private key as a single file in the same format
that Apache can read for combined public and private keys. There were
requests for storing the CSR, but I don't see why you'd want to do
that. Start with store support. The file code is mostly sufficient
here, but it would be nice to automatically support object expiration
based on the expiration time for the certificate.
* WALLET-36: Implement an X.509 CA so that you can get certificate
objects without storing them first. Need to resolve naming conventions
if you want to run multiple CAs on the same wallet server (but why?).
Should this be a different type than stored certificates?
* WALLET-37: Support returning the checksum of a file object stored in
wallet so that one can determine whether the version stored on disk is
identical.
* WALLET-60: Implement new password wallet object, which is like file
except that it generates a random, strong password when retrieved the
first time without being stored.
* WALLET-61: Support interrogating objects to find all host-based objects
for a particular host, allowing cleanup of all of those host's objects
after retiring the host.
Reports:
* WALLET-38: Add audit for references to unknown ACLs, possibly
introduced by previous versions before ACL deletion was checked with
database backends that don't do referential integrity.
* WALLET-39: Add report for all objects that have never been stored.
* WALLET-40: For objects tied to hostnames, report on objects referring
to hosts which do not exist. For the initial pass, this is probably
only keytab objects with names containing a slash where the part after
the slash looks like a hostname. This may need some configuration
help.
* WALLET-41: Make contrib/wallet-summary generic and include it in
wallet-report, with additional configuration in Wallet::Config.
Enhance it to report on any sort of object, not just on keytabs, and to
give numbers on downloaded versus not downloaded objects.
* WALLET-62: Write a tool to mail the owners of wallet objects, taking
the list of objects and the mail message to send as inputs. This could
possibly use the notification service, although a version that sends
mail directly would be useful external to Stanford.
Administrative Interface:
* WALLET-42: Add a function to wallet-admin to purge expired entries.
Possibly also check expiration before allowing anyone to get or store
objects.
* WALLET-3: Add a function or separate script to automate removal of
DNS-based objects for which the hosts no longer exist. Will need to
support a site-specific callout to determine whether the host exists.
Documentation:
* WALLET-43: Write a conventions document for ACL naming, object naming,
and similar issues.
* WALLET-44: Write a future design and roadmap document to collect notes
about how unimplemented features should be handled.
* WALLET-45: Document using the wallet system over something other than
remctl.
* WALLET-46: Document all diagnostics for all wallet APIs.
Code Style and Cleanup:
* WALLET-47: There is a lot of duplicate code in wallet-backend. Convert
that to use some sort of data-driven model with argument count and
flags so that the method calls can be written only once. Convert
wallet-admin to use the same code.
* WALLET-48: There's a lot of code duplication in the dispatch functions
in the Wallet::Server class. Find a way to rewrite that so that the
dispatch doesn't duplicate the same code patterns.
* WALLET-49: The wallet-backend and wallet documentation share the
COMMANDS section. Work out some means to assemble the documentation
without duplicating content.
* WALLET-50: The Wallet::Config class is very ugly and could use some
better internal API to reference the variables in it.
* WALLET-51: Use Class::DBI and Class::Trigger (or DBIx::Class) to handle
the data access layer rather than writing SQL directly, and implement
the logging requirements with triggers rather than explicit SQL. This
may also replace Wallet::Schema.
* WALLET-52: Consider using Class::Accessor to get rid of the scaffolding
code to access object data, and a Wallet::Base class to handle things
like the error() method common to many classes.
Test Suite:
* WALLET-53: The ldap-attr verifier test case is awful and completely
specific to people with admin access to the Stanford LDAP tree. Write
a real test.
* WALLET-54: Rename the tests to use a subdirectory organization.
* WALLET-55: Add POD coverage testing using Test::POD::Coverage for the
server modules.
* WALLET-56: Rewrite the client test suite to use Perl and to make better
use of shared code so that it can be broken into function components.
* WALLET-57: Refactor the test suite for the wallet backend to try to
reduce the duplicated code.
* WALLET-58: Pull common test suite code into a Perl library that can be
reused.
* WALLET-59: Write a test suite to scan all wallet code looking for
diagnostics that aren't in the documentation and warn about them.
|
