source: web/old/remctl-2.14/TODO @ f6f3e91

web
Last change on this file since f6f3e91 was f6f3e91, checked in by Jessica B. Hamrick <jhamrick@…>, 15 years ago

Preserve directory hierarchy (not sure what happened to it)

  • Property mode set to 100644
File size: 6.5 KB
Line 
1                            remctl To-Do List
2
3Protocol:
4
5 * Add support for running commands as filters, passing standard input
6   asynchronously from the client.  This requires significant
7   re-engineering of the client loop and should wait for better
8   configuration since we don't want to do this with every command.  It
9   also introduces out-of-order responses and possible deadlocks to the
10   protocol.  docs/protocol-v3 has an initial draft.
11
12Server:
13
14 * Add support for built-in command summaries.  A command of help with no
15   subcommand would provide a list of all commands that the authenticated
16   user is permitted to run.  To do this, add a configuration option of
17   summary=<arg> to the config syntax for commands that will display a
18   summary of their supported subcommands if given <arg>.  Then, for any
19   "<command> ANY" lines the user is authorized to run, run the binary
20   with "<arg>" as the arguments, and for any "<command> <subcommand>"
21   lines, run the binary with "<arg> <subcommand>" as the arguments,
22   returning the output.
23
24 * Add support for in-depth help for a particular command.  A command of
25   "help <command>" would provide help for that command if the user was
26   authorized to run that command with its help subcommand, and a command
27   of "help <command> <subcommand>" would provide help for that command
28   and subcommand if the user is authorized to run both the help
29   subcommand and the specified one.  To implement, add a configuration
30   option of help=<arg> to the config syntax for commands that support
31   help, and then run the command with "<arg>" as the arguments for the
32   first case and "<arg> subcommand" as the arguments for the second
33   case.
34
35 * Allow a more expressive configuration syntax that can set more options
36   per command.  Among the things we want to configure (besides the
37   logmask configuration we already have) are changing users before
38   running the command, specifying an argument to pass on standard input
39   (see below), or supporting things like LDAP ACLs.
40
41 * Maximum argument count and maximum data size in MESSAGE_COMMAND should
42   be configurable parameters of the server rather than hard-coded
43   values.  This may need to wait for better configuration parsing.
44
45 * Support LDAP-based ACLs in addition to file system ACLs.
46
47 * Add support for external ACL checking programs.  If the program exits
48   with a zero status, access is granted.  If it exits 1, access is not
49   granted but checking continues.  If it exits with any other exit
50   status, access is not granted and checking aborts.
51
52   Ideally, for writing generic ACL checking programs, the program should
53   get the type and service of the remctl command as well as any
54   arguments.  However, it would also be good to support passing other
55   arguments into the program as specified in the ACL file.
56
57 * Possibly support binding to both the new and the old port in the
58   standalone server for backward compatibility (only if requested by
59   another flag).
60
61 * Sort the files in a directory before processing them so that the order
62   is deterministic.  Affects both configuration (earlier entries
63   override later ones) and ACL rules in the presence of deny ACLs.
64
65 * Provide a way to specify handling of the empty command and then permit
66   it rather than returning a syntax error.
67
68 * Add a timeout for commands after which the server kills the command.
69
70 * Support binding to an IPv6 address.  Currently, the server only
71   supports IPv4.
72
73 * The server should call gss_inquire_context to retrieve the mechanism
74   OID and then pass that in to calls to gssapi_error_string rather than
75   hard-coding the Kerberos v5 OID.
76
77Client:
78
79 * Allow sending commands with no subcommands in the command-line client.
80
81 * Implement file upload in the remctl client.
82
83 * Add readline support to the remctl client for multiple commands to the
84   same server in the same authenticated session.
85
86 * Support setting a timeout and failing the remctl call if the server
87   takes too long to connect or send back data.
88
89 * Add an option that prompts the user, with echo disabled, for a piece of
90   secure data, prompting twice to ensure both times match, and then sends
91   that as the last argument to the command.  This would be useful for
92   remctl interfaces to change passwords.
93
94 * Allow sending the empty command in the command-line client once the
95   server supports it.
96
97Client library:
98
99 * Add a varient of open that takes a timeout.
100
101 * The client should ideally not specify an OID for the authentication
102   mechanism and instead permit GSS-API to negotiate an appropriate
103   mechanism.  It should then call gss_inquire_context to retrieve the
104   mechanism OID and then pass that in to calls to gssapi_error_string
105   rather than hard-coding the Kerberos v5 OID.
106
107Build system:
108
109 * Add logic to detect Solaris vs. GNU ld on Solaris and pass the
110   appropriate option to use the symbol versioning map file on Solaris as
111   well.
112
113 * Incorporate a program that can generate a Kerberos ticket cache from
114   a keytab and use that for running the Kerberos tests instead of
115   requiring the user to generate a keytab.
116
117 * Add pkgconfig support for libremctl.
118
119Portability layer:
120
121 * Refactor getopt to be easier to understand and less deeply nested.
122
123Windows port:
124
125 * With more modifications, it should be possible to build remctl against
126   SSPI, the GSS-API-like interface built into Windows, and remove the
127   dependency on MIT Kerberos for Windows.  However, limitations
128   surrounding realm trusts in the Kerberos implementation in versions of
129   Windows prior to Vista would make this a less general solution.
130
131 * Support the remctl server.
132
133Java implementation:
134
135 * Fix the coding style of the Java implementation to match the coding
136   style of the rest of remctl.
137
138 * Consider reorganizing the java directory so that it already matches the
139   layout of an Apache Jakarta project rather than having ant tar shuffle
140   everything around.
141
142 * Add a JUnit test suite for the Java implementation.
143
144 * Integrate the Java build into the rest of the build system so that it
145   is enabled using an --enable-java flag similar to the bindings, finds
146   ant and a JAVA_HOME in configure, and does the JAR build in the main
147   Makefile using ant.
148
149 * Consider eliminating the simple Makefile in the java directory and
150   requiring ant.
151
152 * Java cannot obtain tickets from a ticket cache created using the
153   k5.conf file included in the java directory using the current MIT
154   Kerberos on Debian.  It has to prompt for a password and get tickets
155   itself.  Figure out why and fix it.
Note: See TracBrowser for help on using the repository browser.