| < remctld Manual Page | Russ Allbery > Software > remctl | remctl Change Summary > |
Protocol:
Add support for running commands as filters, passing standard input asynchronously from the client. This requires significant re-engineering of the client loop and should wait for better configuration since we don't want to do this with every command. It also introduces out-of-order responses and possible deadlocks to the protocol, which is disturbing.
Server:
Allow a more expressive configuration syntax that can set more options per command. Among the things we want to configure (besides the logmask configuration we already have) are changing users before running the command, specifying an argument to pass on standard input (see below), or supporting things like LDAP ACLs.
Support arguments that are too long for the command line or that contain nul characters. The best approach is probably to support passing one of the arguments to the executed command on standard input. This may depend on the new configuration syntax.
Maximum argument count and maximum data size in MESSAGE_COMMAND should be configurable parameters of the server rather than hard-coded values. This may need to wait for better configuration parsing.
Support LDAP-based ACLs in addition to file system ACLs.
Add support for external ACL checking programs. This can be added to the existing ACL file syntax without too much trouble, perhaps with a program keyword that works similarly to the include keyword. If the program exits with a zero status, access is granted. If it exits 1, access is not granted but checking continues. If it exits with any other exit status, access is not granted and checking aborts.
Ideally, for writing generic ACL checking programs, the program should get the type and service of the remctl command as well as any arguments. However, I also want to support passing other arguments into the program as specified in the ACL file.
Possibly support binding to both the new and the old port in the standalone server for backward compatibility (only if requested by another flag).
Client:
Implement file upload in the remctl client.
Add readline support to the remctl client for multiple commands to the same server in the same authenticated session.
Add Python bindings for the libremctl client library.
Add PHP bindings for the libremctl client library.
Support setting a timeout and failing the remctl call if the server takes too long to connect or send back data.
Build system:
Add logic to detect Solaris vs. GNU ld on Solaris and pass the appropriate option to use the symbol versioning map file on Solaris as well.
Incorporate a program that can generate a Kerberos ticket cache from a keytab and use that for running the Kerberos tests instead of requiring the user to generate a keytab.
Add pkgconfig support for libremctl.
Windows port:
With more modifications, it should be possible to build remctl against SSPI, the GSS-API-like interface built into Windows, and remove the dependency on MIT Kerberos for Windows. However, limitations surrounding realm trusts in the Kerberos implementation in versions of Windows prior to Vista would make this a less general solution.
Support the remctl server.
| < remctld Manual Page | Russ Allbery > Software > remctl | remctl Change Summary > |