| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
 |                             wallet To-Do List
Release 1.0:
* Add POD coverage testing using Test::POD::Coverage for the server
  modules.
* Provide a way to get history for deleted objects and ACLs.
* Display ACL names rather than index numbers when displaying history of
  owner and acl_* settings.
* Provide a way to list all objects by type, by owner (including null), or
  by all uses of an ACL.
* Provide an interface to list all empty ACLs.
* Provide an interface to find all ACLs with a particular line.
* Add a help function to wallet-backend listing the commands.
* The client may not compile against Heimdal due to changes in how the
  krb5_keyblock structure is laid out, the freeing of keytab entries,
  and the use of WRFILE for keytab merging.  Check and fix.
* Rewrite the client test suite to use Perl and to make better use of
  shared code so that it can be broken into function components.
* Catch exceptions on object creation in wallet-backend so that we can log
  those as well.
* Error messages from ACL operations should refer to the ACLs by name
  instead of by ID.
* History records should list both ACL ID and ACL name if the name is
  still found in the database.
* Add the database schema version to a global table so that we can use it
  to support schema upgrades in the future.
* On upgrades, support adding new object types and ACL verifiers to the
  class tables.
* Write the LDAP entitlement ACL verifier.
* Write the PTS ACL verifier.
* Write a WebAuth keyring object store.  It should support attributes
  saying how long to keep old keys and how far in advance to create new
  keys and update the keyring as needed on object download.
* Rename Wallet::ACL::* to Wallet::Verifier::*.  Add Wallet::ACL as a
  generic interface with Wallet::ACL::Database and Wallet::ACL::List
  implementations (or some similar name) so that we can create and check
  an ACL without having to write it into the database.  Redo default ACL
  creation using that functionality.
* The wallet client currently sets sync kaserver whenever writing a keytab
  to a srvtab.  This is correct for sites using kaserver and wrong for
  everyone else.  Remove or rethink this once Stanford's kaserver
  migration is over.
* The wallet client currently hard-codes a kvno of 0 in srvtabs, which is
  correct for how kasetkey works but probably isn't correct for people
  using Heimdal or MIT to serve both K4 and K5 from the same KDC.  Rethink
  once Stanford's kaserver migration is over.
Future work:
* Provide a way to list all objects for which the connecting user has ACLs.
* Write a conventions document for ACL naming, object naming, and similar
  issues.
* Write a future design and roadmap document to collect notes about how
  unimplemented features should be handled.
* Support limiting returned history information by timestamp.
* Improve the error message for Kerberos authentication failures.
* Handle duplicate kvnos in a newly returned keytab and an existing keytab
  (such as when downloading an unchanging keytab and merging it into an
  existing one) in some reasonable fashion.
* Support removing old kvnos from a merged keytab (similar to kadmin
  ktremove old).
* There is a lot of duplicate code in wallet-backend.  Convert that to
  use some sort of data-driven model with argument count and flags so
  that the method calls can be written only once.  Convert wallet-admin to
  use the same code.
* There's a lot of code duplication in the dispatch functions in the
  Wallet::Server class.  Find a way to rewrite that so that the dispatch
  doesn't duplicate the same code patterns.
* Refactor the test suite for the wallet backend to try to reduce the
  duplicated code.
* Pull common test suite code into a Perl library that can be reused.
* Add a function to wallet-admin to purge expired entries.  Possibly also
  check expiration before allowing anyone to get or store objects.
* Add a comment field for objects that can be set by the owner.
* The keytab backend currently only supports MIT Kerberos.  Add support
  for Heimdal.  This should probably be done by writing a separate class
  that handles the kadmin operations that can be subclassed and that
  dynamically chooses its implementation based on run-time configuration.
* When reading configuration from krb5.conf, we should first try to
  determine our principal from any existing K5 ticket cache (after
  obtaining tickets if -u was given) and extract the realm from that
  principal, using it as the default realm when reading configuration
  information.
* Implement an ssh keypair wallet object.  The server can run ssh-keygen
  to generate a public/private key pair and return both to the client,
  which would split them apart.  Used primarily for host keys.  May need a
  side table to store key types, or a naming convention.
* Implement an X.509 certificate object.  I expect this would store the
  public and private key as a single file in the same format that Apache
  can read for combined public and private keys.  There were requests for
  storing the CSR, but I don't see why you'd want to do that.  Start with
  store support.
* Implement an X.509 CA so that you can get certificate objects without
  storing them first.  Need to resolve naming conventions if you want to
  run multiple CAs on the same wallet server (but why?).  Should this be a
  different type than stored certificates?
* Add details to design-api on how to write one's own ACL verifiers and
  object implementations and register them.
* Add readline support to the wallet client to make it easier to issue
  multiple commands.
* The wallet-backend and wallet documentation share the COMMANDS section.
  Work out some means to assemble the documentation without duplicating
  content.
* Add support for rekeying in the wallet client.  Need to resolve how to
  get a list of principals to rekey and which keytabs to work on.  This
  possibly should be a separate binary from the regular wallet client
  binary.
* Document using the wallet system over something other than remctl.
* Provide a REST implementation of the wallet server.
* Provide a CGI implementation of the wallet server.
* Document all diagnostics for all wallet APIs.
* Write a test suite to scan all wallet code looking for diagnostics that
  aren't in the documentation and warn about them.
* The Wallet::Config class is very ugly and could use some better internal
  API to reference the variables in it.
* Use Class::DBI and Class::Trigger to handle the data access layer rather
  than writing SQL directly, and implement the logging requirements with
  triggers rather than explicit SQL.  This may also replace
  Wallet::Schema.
* Make contrib/wallet-report generic and include it in wallet-admin, with
  additional configuration in Wallet::Config.  Enhance it to report on any
  sort of object, not just on keytabs, and to give numbers on downloaded
  versus not downloaded objects.
* Support setting flags and attributes on autocreate.  In general, work out
  a Wallet::Object::Template Perl object that I can return that specifies
  things other than just the ACL.
* Pass a reference to the object for which the ACL is interpreted to the
  ACL API so that ACL APIs can make more complex decisions.
* Support for pattern matching in ACLs.
* A group-in-groups ACL schema.
* Modify Authen::Krb5 to export krb5_524_conv_principal so that I can use
  it to determine the K4 equivalent of a K5 principal name.
* Provide an API for verifiers to syntax-check the values before an
  ACL is set and implement syntax checking for the Krb5 verifier.
* Support authenticating with a keytab.
* Allow store data to contain nuls.  Requires rewriting the command
  processing for store to use iovecs.
May or may not be good ideas:
* Consider using Class::Accessor to get rid of the scaffolding code to
  access object data, and a Wallet::Base class to handle things like the
  error() method common to many classes.
* Remove the hard-coded ADMIN ACL in the server with something more
  configurable, perhaps a global ACL table or something.
* When obtaining tickets in the wallet client with -u, should we get a TGT
  as we do now or just directly obtain the service ticket we're going to
  use for remctl?
 |