1 | remctl To-Do List |
---|
2 | |
---|
3 | Protocol: |
---|
4 | |
---|
5 | * Add support for running commands as filters, passing standard input |
---|
6 | asynchronously from the client. This requires significant |
---|
7 | re-engineering of the client loop and should wait for better |
---|
8 | configuration since we don't want to do this with every command. It |
---|
9 | also introduces out-of-order responses and possible deadlocks to the |
---|
10 | protocol. docs/protocol-v3 has an initial draft. |
---|
11 | |
---|
12 | Server: |
---|
13 | |
---|
14 | * Add support for built-in command summaries. A command of help with no |
---|
15 | subcommand would provide a list of all commands that the authenticated |
---|
16 | user is permitted to run. To do this, add a configuration option of |
---|
17 | summary=<arg> to the config syntax for commands that will display a |
---|
18 | summary of their supported subcommands if given <arg>. Then, for any |
---|
19 | "<command> ANY" lines the user is authorized to run, run the binary |
---|
20 | with "<arg>" as the arguments, and for any "<command> <subcommand>" |
---|
21 | lines, run the binary with "<arg> <subcommand>" as the arguments, |
---|
22 | returning the output. |
---|
23 | |
---|
24 | * Add support for in-depth help for a particular command. A command of |
---|
25 | "help <command>" would provide help for that command if the user was |
---|
26 | authorized to run that command with its help subcommand, and a command |
---|
27 | of "help <command> <subcommand>" would provide help for that command |
---|
28 | and subcommand if the user is authorized to run both the help |
---|
29 | subcommand and the specified one. To implement, add a configuration |
---|
30 | option of help=<arg> to the config syntax for commands that support |
---|
31 | help, and then run the command with "<arg>" as the arguments for the |
---|
32 | first case and "<arg> subcommand" as the arguments for the second |
---|
33 | case. |
---|
34 | |
---|
35 | * Allow a more expressive configuration syntax that can set more options |
---|
36 | per command. Among the things we want to configure (besides the |
---|
37 | logmask configuration we already have) are changing users before |
---|
38 | running the command, specifying an argument to pass on standard input |
---|
39 | (see below), or supporting things like LDAP ACLs. |
---|
40 | |
---|
41 | * Maximum argument count and maximum data size in MESSAGE_COMMAND should |
---|
42 | be configurable parameters of the server rather than hard-coded |
---|
43 | values. This may need to wait for better configuration parsing. |
---|
44 | |
---|
45 | * Support LDAP-based ACLs in addition to file system ACLs. |
---|
46 | |
---|
47 | * Add support for external ACL checking programs. If the program exits |
---|
48 | with a zero status, access is granted. If it exits 1, access is not |
---|
49 | granted but checking continues. If it exits with any other exit |
---|
50 | status, access is not granted and checking aborts. |
---|
51 | |
---|
52 | Ideally, for writing generic ACL checking programs, the program should |
---|
53 | get the type and service of the remctl command as well as any |
---|
54 | arguments. However, it would also be good to support passing other |
---|
55 | arguments into the program as specified in the ACL file. |
---|
56 | |
---|
57 | * Possibly support binding to both the new and the old port in the |
---|
58 | standalone server for backward compatibility (only if requested by |
---|
59 | another flag). |
---|
60 | |
---|
61 | * Sort the files in a directory before processing them so that the order |
---|
62 | is deterministic. Affects both configuration (earlier entries |
---|
63 | override later ones) and ACL rules in the presence of deny ACLs. |
---|
64 | |
---|
65 | * Provide a way to specify handling of the empty command and then permit |
---|
66 | it rather than returning a syntax error. |
---|
67 | |
---|
68 | * Add a timeout for commands after which the server kills the command. |
---|
69 | |
---|
70 | * Support binding to an IPv6 address. Currently, the server only |
---|
71 | supports IPv4. |
---|
72 | |
---|
73 | * The server should call gss_inquire_context to retrieve the mechanism |
---|
74 | OID and then pass that in to calls to gssapi_error_string rather than |
---|
75 | hard-coding the Kerberos v5 OID. |
---|
76 | |
---|
77 | Client: |
---|
78 | |
---|
79 | * Allow sending commands with no subcommands in the command-line client. |
---|
80 | |
---|
81 | * Implement file upload in the remctl client. |
---|
82 | |
---|
83 | * Add readline support to the remctl client for multiple commands to the |
---|
84 | same server in the same authenticated session. |
---|
85 | |
---|
86 | * Support setting a timeout and failing the remctl call if the server |
---|
87 | takes too long to connect or send back data. |
---|
88 | |
---|
89 | * Add an option that prompts the user, with echo disabled, for a piece of |
---|
90 | secure data, prompting twice to ensure both times match, and then sends |
---|
91 | that as the last argument to the command. This would be useful for |
---|
92 | remctl interfaces to change passwords. |
---|
93 | |
---|
94 | * Allow sending the empty command in the command-line client once the |
---|
95 | server supports it. |
---|
96 | |
---|
97 | Client library: |
---|
98 | |
---|
99 | * Add a varient of open that takes a timeout. |
---|
100 | |
---|
101 | * The client should ideally not specify an OID for the authentication |
---|
102 | mechanism and instead permit GSS-API to negotiate an appropriate |
---|
103 | mechanism. It should then call gss_inquire_context to retrieve the |
---|
104 | mechanism OID and then pass that in to calls to gssapi_error_string |
---|
105 | rather than hard-coding the Kerberos v5 OID. |
---|
106 | |
---|
107 | Build system: |
---|
108 | |
---|
109 | * Add logic to detect Solaris vs. GNU ld on Solaris and pass the |
---|
110 | appropriate option to use the symbol versioning map file on Solaris as |
---|
111 | well. |
---|
112 | |
---|
113 | * Incorporate a program that can generate a Kerberos ticket cache from |
---|
114 | a keytab and use that for running the Kerberos tests instead of |
---|
115 | requiring the user to generate a keytab. |
---|
116 | |
---|
117 | * Add pkgconfig support for libremctl. |
---|
118 | |
---|
119 | Portability layer: |
---|
120 | |
---|
121 | * Refactor getopt to be easier to understand and less deeply nested. |
---|
122 | |
---|
123 | Windows port: |
---|
124 | |
---|
125 | * With more modifications, it should be possible to build remctl against |
---|
126 | SSPI, the GSS-API-like interface built into Windows, and remove the |
---|
127 | dependency on MIT Kerberos for Windows. However, limitations |
---|
128 | surrounding realm trusts in the Kerberos implementation in versions of |
---|
129 | Windows prior to Vista would make this a less general solution. |
---|
130 | |
---|
131 | * Support the remctl server. |
---|
132 | |
---|
133 | Java implementation: |
---|
134 | |
---|
135 | * Fix the coding style of the Java implementation to match the coding |
---|
136 | style of the rest of remctl. |
---|
137 | |
---|
138 | * Consider reorganizing the java directory so that it already matches the |
---|
139 | layout of an Apache Jakarta project rather than having ant tar shuffle |
---|
140 | everything around. |
---|
141 | |
---|
142 | * Add a JUnit test suite for the Java implementation. |
---|
143 | |
---|
144 | * Integrate the Java build into the rest of the build system so that it |
---|
145 | is enabled using an --enable-java flag similar to the bindings, finds |
---|
146 | ant and a JAVA_HOME in configure, and does the JAR build in the main |
---|
147 | Makefile using ant. |
---|
148 | |
---|
149 | * Consider eliminating the simple Makefile in the java directory and |
---|
150 | requiring ant. |
---|
151 | |
---|
152 | * Java cannot obtain tickets from a ticket cache created using the |
---|
153 | k5.conf file included in the java directory using the current MIT |
---|
154 | Kerberos on Debian. It has to prompt for a password and get tickets |
---|
155 | itself. Figure out why and fix it. |
---|