summaryrefslogtreecommitdiffstats
path: root/src/TODO
blob: 1f94a1fb26449af33b78ce7c0d5ba1f0f1bfaae4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
Major projects:

1.  Run a V5 KDC on the master KDC.
	* audit code in v4 kadmind server
DONE	* convert syslog -> log (to real file)
DONE	* save versus deletion of rcache file (HIGH PRIORITY)
DONE	* Use dbm as the default database. (HIGH PRIORITY)
DONE	* KDC does not notice new databases after new db loads (HIGH PRIORITY)
	* KDC returns wrong starttime if queried too quickly with a TGS req.
		after a TGT request.
	* v4kadmind: convert syslog -> log (to real file)
DONE	* v4kadmind: should store (kvno++ % 256) in database, or there should
		be a mechanism in ktutil to query the server for the kvno
		because V4 and V5 kvno's have different limits/wraps.
		(currently, it is set to store kvno++ % 256)

2.  API changes
DONE	* context changes (mostly done)
DONE	* narrow types (done)
DONE	* get_in_tkt for salt support, multi encryption
DONE	* keytab lookup (for multi-encryption)
DONE	* oracle forwarding support
DONE	* Remove krb5_enctype argument from string_to_key().  (HIGH)
	* Functionalize krb5.h (HIGH)

3.  Multi-encryption support
DONE	* kdb5_edit support (show princal, set attributes)
DONE	* test DES-MD5
DONE	* make DES-MD5 default, fall back to DES-CRC
DONE	* DES_CBC_* are not being properly treated.
		Requesting one type does not always return a key of the
		same type (even if there is another DES key in the db).

4.  Better Kerberos Database
DONE	* Design encoders/decoders
DONE	* Added keytab routines to access to database.
	* A krb5_db_context is necessary for all the db access routines.
		Eg put_principal(), get_principal(), etc... 
		The API on these routines needs to be modified and the 
		current db_context needs to be removed from the krb5_context
		to better support multiple databases/realms. (POST 1.0)

5.  Configuration file
DONE	* write configuration file library

6.  Misc Cleanup
	* check file vs stdio ccache code; replace file code with stdio
	* rewrite rcache code
DONE	* fold in krb4 library
DONE	* kdc support automatic fallback (done)
	* DES glue code rewrite
DONE	* don't need NEED_SYS_FCNTL.H; just always include <fnctl.h>
	* utmp configure cleanup
	* telnet portability
DONE	* CONFIG_RULES should include more standard rules (WITH_KRB4, etc.)
		stuff that's in every single configure.in file.
	* klist and kdestroy drags in the entire libcrypto library
		unnecessarily; this is because init_ctx references
		krb5_csarray (via valid_etype) and
		krb5_max_crypto_system, which drags in cryptoconf.c
DONE	* Make kinit not delete the credcache before tickets are
		successfully obtained.
	* Telnet/rlogin bug --- must do
		gethostbyname()/gethostbyaddr() to get a real DNS name
		so that we don't get bitten by athena.dialup.mit.edu
		and resolvers which shuffle DNS records.  (HIGH)
	* GSSAPI V2 calls: gss_export_name(), gss_canonicalize_name(),
			gss_inquire_mech_for_names()
	* GSSAPI mechglue: gss_inquire_cred() not quite right for
		default credential.  Fix for Mech-Spec names.
	* GSSAPI mechglue: gss_acquire_cred is really kinda broken...
		Fix for mech-spec names.  
	* krb5 bugs

7.  Future development
	* support for realm name changes (POST 1.0)
	* telnet rsh support (POST 1.0)
	* Make routines for updating the master key in a database.
		Thinking about this I think its easier to have the
		routines update the master key and then update every
		principal in the database.  Doing this will also allow
		us to remove the mkvno field saving 2 bytes per entry.
DONE	* Fix preauthentication code
DONE	* Save the time offset between the kerberos server and the
		current host in the credential cache. (Just need to
		actually get and save the time.)
	* Make a keysalt to salt function that takes keysalt info and
		principal and returns a salt.
		Routines: krb5_keysalt_to_salt(krb5_context,
		krb5_keysalt, krb5_principal)
	* Implement krb5_cc_remove_cred()  (LOW)
	* Implement tl_data for server keys supported by the server
		for client-server communications.  (LOW)
	* Add profile entries for (HIGH)
		default enctype (and salttype?) list for kinit and AS requests.
		default enctype list for TGS requests in krb library
		default enctype/salttype list for change password requests.
		default enctype for change random key requests.

8.  New applications
	* POP (POST 1.0)
	* discuss (POST 1.0)
DONE	* FTP (POST 1.0?)
	* Zephyr (POST 1.0)
	* Proper encrypted telnet (POST 1.0)

9.  Kadmin
DONE	* Password changing protocol.
	* kadmin --- Have ank, ark, cpw, crk use new protocol.  (HIGH)
	* kadmind  (HIGH)
		Finish work on modify entry command.
		Make sure that db opens log before becoming a daemon.

10.  Install Cleanup
DONE	* krb5.h still #include's the com_err error include files.  krb5.h
		should be constructed from krb5.hin, and those include
		files should be inlined, so that we only need to
		install the single krb5.h file.
DONE	* We shouldn't be installing into /krb5.  Should use the Gnu
		coding standard prefix and exec_prefic setup, with the
		kerberos database living in /prefix/lib/kdb5.  (People
		can symlink that off to another partition if they feel
		the need.)

11.  Testing
	* Test the new kdb locking code (HIGH)
	* test cross realm authentication (HIGH)
	* Test that db key_data crunching of enctypes actually works.  (HIGH)
		Routines in kdb_cpw.c: add_key_pwd(), add_key_rnd()
		Routines in kdb_xdr.c: krb5_dbe_find_enctype()
	* Test that krb5_dbm_db_put_principal() doesn't save a krb5_db_entry 
		with any keys with kvno = 0.  (HIGH)

12.  Integration
	* Merge in new GSSAPI code from OV.  (HIGH)

13.  Post 1.0 items
	* Incremental kprop
	* Change krb5_enctype and krb5_checksumtype to be unsigned ints.
	* Secure Network Key preauthentication.
	* If configuring with --enable-athena, Athena-environment
		setup for login.

----------------------------------------------------------------------------
I believe these are done but a double check would be nice.
----------------------------------------------------------------------------

Make sure kdb code doesn't save salt type KRB5_KDB_SALTTYPE_NORMAL (0) 
into the db. 
	Routines: krb5_dbekd_decrypt_key_data(), krb5_dbekd_encrypt_key_data()

Check that dump/restore actually works
	Each entry needs to have a version, length, and each integer entry
	needs to be saved with a hexidecimal encoding. The principals should
	use parse/unparse routines. (Paul did the work but nobody has checked it)


-----------------------------------------------------

OLD TODO ITEMS (to be vetted later)


needed before beta4-patch2:

940802		stdargs/varargs breakage of ksu under SunOS

not-quite-critical bug fixes:

940802		double-check telnet problems, e.g. solaris pty grabbing
940802		rethink using compile check for fopen() binary mode

future development:

940808		check file vs stdio ccache code; replace file code with stdio
940808		rewrite rcache code
940808		fold in krb4 library
940808		support for realm name changes
940808		configuration file for krb5 clients to replace compile-time
			constants
 
cleanup for later:

940802		realloc lossage made more reasonable;  requires a compile
		and run type of check, then use REALLOC everywhere, #defined
		to check if argument is NULL first, if realloc(NULL) returns
		NULL.  This is to guard against lossage like SunOS.
940802		yank isode from tree, insert tcl subset
940802		sanity check API doc
940802		deja gnu, testing framework
940808		make depend 
940808		make sure we're using $(MAKE) everywhere

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

OLD TODO LIST.  To be vetted later....



look at sandia changes (contact gmachin@somnet.sandia.gov):

	admin server

	BSD applications

	kdc/v4 changes

specific coding items:
----------------------

new protocol revision

telnet client address checking (hard to get hold of the addr?)

uuserver adds a ticket to the credentials cache each time it runs,
even if the client is using the same ticket.

KDC bulletproofing				(after beta)

KDC statistic gathering				(after beta)

admin server					(after beta)

applications
	nfs
	discuss (?)
	X11

realm "quality" code and/or hooks (tytso)	(after beta?)

alloca/tempalloc				(after beta)

test suites					(after beta)

KDC transited field comma quoting

verify that memcpy/memcmp is in use for principal names
Make sure that all comparisons of principal components (realms, etc.)
use memcmp instead of strcmp --- principal components can have nulls
in them!  (Don't blame me, blame OSI!)
	--> kdc realm transiting

code boiling between scc_ and fcc_		(after beta)

remove 32 bit dependencies (esp. in md4 and md5)	(after beta)

documentation issues:
--------------------

manual pages (programs, library)

Manual pages for appl/bsd need to be fixed!!!!

what we depend on in the system (kprop, kdc: sockets; etc)

build/installation doc:
	document expected "warnings", how to build it, configuration options
	picking up ss, com_err, makedepend, imake separately
	unifdef: ftp.uu.net:/bsd-sources/pgrm/unifdef/


operation doc
	interrealm gotchas

RFC
	DES bit ordering
	ap_rep vs. subsession keys
	assign "no meaning" #s for others?
	byte-wise comparison for principal names
	DER, "Zulu" format timestamps

bug list

testing issues:
--------------

mprof/mnemosyne

error paths

DCE interoperability




----------------------------------------------------------------

library name problems: with shared libraries cryptoconf.o can't be
replaced.  Change docs to require static linking.


----------------------------------------------------------------


Document new functions:

krb5_free_address
krb5_append_addresses
krb5_gc_via_2tgt

--------------------------------------------------------------

Bad comment message in KRB5-aux.h (KRB5-types.c should be KRB5_tables.c)