1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
wallet To-Do List
Required to replace leland_srvtab:
* Add an ACL list function to display an ACL in human-readable form and
call it from wallet-backend.
* Display ACL details when displaying objects.
* Write new files atomically in the wallet client and save backups unless
told not to (write to file.new, link the old file to file.old, and do
an atomic rename).
* Implement creation of srvtabs from keytabs in the wallet client.
* Add kasetkey support to the keytab object backend.
* Implement flag setting and retrieval.
* Implement support for the unchanging flag on keytabs and the backend
remctl calls to retrieve the existing keytab.
* Implement the locked flag.
* Add support to the test suite for specifying a different database than
SQLite for testing. For MySQL and other database types that we can't
just delete, also requires adding a method to Wallet::Schema to drop all
of our tables and indices in reverse order of creation.
* Add README and NEWS files and update web page.
* Write the remctl configuration and finish Debian packaging of the
wallet client and server.
Future work:
* Add POD testing for the client and server programs.
* Add POD coverage testing using Test::POD::Coverage for the server
modules.
* Provide some way of getting at the history tables. Need to get object
and ACL history either by object or for all objects, at least. Global
history should be by timestamp and possibly limit by timestamp.
* Provide an interface to list all objects in the database by type, by
owner (including null), or by all uses of an ACL.
* Provide an interface to list all ACLs in the database. Most
interestingly, an interface to list all empty ACLs.
* Log all actions to syslog.
* Write the NetDB ACL verifier.
* Write the LDAP entitlement ACL verifier.
* Write the PTS ACL verifier.
* Add a help function to wallet-backend listing the commands.
* Write a conventions document for ACL naming, object naming, and similar
issues.
* Write a future design and roadmap document to collect notes about how
unimplemented features should be handled.
* Support displaying and possibly specifying dates in some format more
normal than seconds since epoch.
* Log failures in the wallet-backend properly, which also requires
catching all exceptions.
* Implement default ACL policy to allow dynamic object creation on first
request for keytabs.
* Implement special handling for keytabs in the wallet client.
* Add support to the wallet client for getting Kerberos tickets, using the
-u option similar to leland_srvtab. Needs good error messages on
Kerberos failures.
* The wallet client should read configuration information from krb5.conf,
and possibly from some other configuration as well.
* Add support for a default creation policy and default ACLs. The policy
function needs to return a list of ACLs, and we'll need an ACL function
to check the user against such a list rather than an ACL that already
exists in the database. When we create such an object, we'll also need
to name the ACL, which may require fallback logic if the name was
already taken.
* Use the class names in the database tables when loading object and
ACL verifier implementations.
* Error messages from ACL operations should refer to the ACLs by name
instead of by ID.
* The ACL implementation is currently rather inefficient for ACL
verifiers that need to maintain state (such as LDAP binds). Now
they're created and destroyed when verifying each ACL. We need to
somehow return global verifiers, probably through a factory
implementation.
* There is a lot of duplicate code in wallet-backend. Convert that to
use some sort of data-driven model with argument count and flags so
that the method calls can be written only once.
* There's a lot of code duplication in the dispatch functions in the
Wallet::Server class. Find a way to rewrite that so that the dispatch
doesn't duplicate the same code patterns.
* Remove the hard-coded ADMIN ACL in the server with something more
configurable, perhaps a global ACL table or something.
* Add the database schema version to a global table so that we can use it
to support schema upgrades in the future.
* On upgrades, support adding new object types and ACL verifiers to the
class tables.
* Write a wallet-admin program to provide an interface to things like
database initialization and, eventually, upgrades.
* Add a function to wallet-admin to purge expired entries. Possibly also
check expiration before allowing anyone to get or store objects.
* Compiling kasetkey should be optional and probably not enabled by
default.
* Add a comment field for objects that can be set by the owner.
* Implement store support in the wallet client. Add an option to read the
data from a file. The initial implementation, depending on the
underlying remctl support, may have to ban nul characters in the
uploaded data.
* Implement a simple file wallet object. Document a naming convention for
those files (group-service, perhaps).
* Implement an ssh keypair wallet object. The server can run ssh-keygen
to generate a public/private key pair and return both to the client,
which would split them apart. Used primarily for host keys. May need a
side table to store key types, or a naming convention.
* Implement an X.509 certificate object. I expect this would store the
public and private key as a single file in the same format that Apache
can read for combined public and private keys. There were requests for
storing the CSR, but I don't see why you'd want to do that. Start with
store support.
* Implement an X.509 CA so that you can get certificate objects without
storing them first. Need to resolve naming conventions if you want to
run multiple CAs on the same wallet server (but why?). Should this be a
different type than stored certificates?
* Add details to design-api on how to write one's own ACL verifiers and
object implementations.
* Add support for enforcing a naming policy through another policy
function.
* Add readline support to the wallet client to make it easier to issue
multiple commands.
* The keytab backend currently only supports MIT Kerberos. Add support
for Heimdal.
* The wallet-backend and wallet documentation share the COMMANDS section.
Work out some means to assemble the documentation without duplicating
content.
* Add support for rekeying in the wallet client. Need to resolve how to
get a list of principals to rekey and which keytabs to work on. This
possibly should be a separate binary from the regular wallet client
binary.
* Document using the wallet system over something other than remctl.
* Provide a REST implementation of the wallet server.
* Document all diagnostics for all wallet APIs.
* Write a test suite to scan all wallet code looking for diagnostics that
aren't in the documentation and warn about them.
|
