1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
wallet To-Do List
Required to replace leland_srvtab:
* Testing. Most of the classes have no tests at all right now. Doing
meaningful testing will require finding a way to set up a database
for testing purposes, probably using sqlite.
* Documentation missing for Wallet::Server, Wallet::ACL, Wallet::Config,
Wallet::Object::Keytab, wallet-backend, and wallet.
* Add an ACL list function to display an ACL in human-readable form and
call it from wallet-backend.
* Display ACL details when displaying objects.
* Write new files atomically in the wallet client and save backups unless
told not to (write to file.new, link the old file to file.old, and do
an atomic rename).
* Implement creation of srvtabs from keytabs in the wallet client.
* Add kasetkey support to the keytab object backend.
* Implement flag setting and retrieval.
* Implement support for the unchanging flag on keytabs and the backend
remctl calls to retrieve the existing keytab.
* Implement the locked flag.
* Write the remctl configuration and finish Debian packaging of the
wallet client and server.
Future work:
* Provide some way of getting at the history tables. Need to get object
and ACL history either by object or for all objects, at least.
* Write the NetDB ACL verifier.
* Write the LDAP entitlement ACL verifier.
* Write the PTS ACL verifier.
* Log failures in the wallet-backend properly, which also requires
catching all exceptions.
* Implement default ACL policy to allow dynamic object creation on first
request for keytabs.
* Implement special handling for keytabs in the wallet client.
* Use the class names in the database tables when loading object and
ACL verifier implementations.
* The ACL implementation is currently rather inefficient for ACL
verifiers that need to maintain state (such as LDAP binds). Now
they're created and destroyed when verifying each ACL. We need to
somehow return global verifiers, probably through a factory
implementation.
* There is a lot of duplicate code in wallet-backend. Convert that to
use some sort of data-driven model with argument count and flags so
that the method calls can be written only once.
* There's a lot of code duplication in the dispatch functions in the
Wallet::Server class. Find a way to rewrite that so that the dispatch
doesn't duplicate the same code patterns.
* Remove the hard-coded ADMIN ACL in the server with something more
configurable, perhaps a global ACL table or something.
* Write a wallet-admin program to provide an interface to things like
database initialization and, eventually, upgrades.
* Compiling kasetkey should be optional and probably not enabled by
default.
|
