Google Summer of Code 2021 Ideas
This page lists the project ideas for Google Summer of Code.
Table of Contents:
Ideas
1. PAM Module for Automatic Network Configuration
802.1x protocol is widely used in corporate networks in order to implement Layer 2 Network Access Control. In very simple terms, this protocol requires the user to authenticate using their password before obtaining an IP address. It is desirable that this process happens automatically under the hoods once the user logs on to his computer. Currently, there are no tools available in Linux Distributions to enable this configuration seamlessly. We are aware of previous efforts to implement a PAM module for this purpose. One such work can be seen at https://github.com/ehbello/pam-8021x/blob/master/src/pam_8021x.c. This inspiring but stale code does not compile against the latest version of Network Manager Library.
Hence we have started our own effort to implement a working PAM module. We have an initial implementation at https://github.com/emelsimsek/PAM_DynamicNetworkConfig/tree/pam_basic.
Your task will be to add network manager library calls within the PAM module that creates the desired network configuration. We will guide you providing sample network manager codes and compiling directives. Therefore no prior network programming knowledge is required.
Required skills / knowledge
C, C++, Linux
Difficulty
Medium
Potential mentors
Emel ŞİMŞEK, mail: emel.simsek@tubitak.gov.tr
2. Make Aptly Sign AppStream Metadata Files
We maintain our own Debian repository since we build a Debian-based Linux Distribution called Pardus. Debian started to support AppStream Metadata file generation and repository integration. These metada files are used by “Application Markets” such as gnome-software
. We use aptly as the repo maintenance tool. Aptly cannot properly sign the AppStream metadata files. As a result, our repository cannot be used by various application stores. This issue impacts all the Debian application providers who maintain their own repository using aptly rather than submitting their application to Debian. Maintaining a Debian repository using aptly for your own applications is a very common case. Many applications such as Skype, Virtualbox are published via their own repository. So this fix will benefit the Linux Community at large.
Aptly codes are hosted at https://github.com/aptly-dev/aptly. This problem is tracked by https://github.com/aptly-dev/aptly/issues/384.
Your task will be to fix this issue. First you will be asked to create a reproduction environment and play with it to comprehend Debian repository structure and Aptly. Then you will need to inspect the Aptly codes, written in Go Language, to narrow down the relevant parts and implement the fix. We will guide you through the use of git, reproduction steps and code inspection.
Required skills / knowledge
Go, Linux
Difficulty
Medium
Potential mentors
Fatih ALTUN, mail: fatih.altun@pardus.org.tr, Emel ŞİMŞEK, mail: emel.simsek@tubitak.gov.tr
3. Add Kerberos Authentication Support to Lider/Ahenk XMPP Client
Lider/Ahenk is our product which helps system administrators to centrally manage Pardus computers and user accounts. It is open source and maintained at: https://github.com/Pardus-LiderAhenk. We use XMPP messaging protocol underneath for the communicaiton between client computer agent (Ahenk) and management server (Lider). Lider runs Ejabberd as the XMPP server. At the client side, Ahenk written in Python uses SleekXMPP library to communicate with Ejabberd. Currently Ahenk uses plaintext authentication when connecting to server. When we run in an environment with Kerberos such as, Samba4, we want to be able to use Kerberos authentication mechanism instead of plain authentication in order to enjoy Single Sign On (SSO).
For Kerberos support, we need to implement Kerberos authentication code within Ahenk using Python. Ahenk code is at https://github.com/Pardus-LiderAhenk/ahenk/blob/d7c59b10e6d71c85ead1db4045f5a7a25c228471/src/base/messaging/messenger.py Here, connect_to_server
function should be changed to support Kerberos as well. SleekXMPP library seems to have support for Kerberos authentication. See GSSAPI class in https://git.rwth-aachen.de/yushin.washio/SleekXMPP/blob/2cc75d4bbd43a21d9e14942b05f663f7e080d789/sleekxmpp/util/sasl/mechanisms.py.
One problem here is that SleekXMPP library only has support for requesting XMPP service tickets. It is assumed that a TGT already exists. However, in our case there might not be a TGT either. Therefore, we need to be able to get a TGT before connecting to server. This may be done within Ahenk code using other Kerberos libraries such as python-krb5.
Your main task will be to implement code in Ahenk such that it uses SleekXMPP GSSAPI authentication mechanism. Afterwards, you optionally may implement Kerberos kinit
functionality for getting the TGT in Ahenk.
We will provide you with a development environment which has Kerberos installed. Therefore, you will need to only focus on Python code development.
Required skills / knowledge
Python , Linux
Difficulty
Medium
Potential mentors
Muhammed Edip YILDIZ, mail: muhammededip.yildiz@tubitak.gov.tr
4. Security Patch Management Feature in Pardus Central Management System Lider/Ahenk
Organizations using Pardus desktops almost always choose to centrally manage the client machines using Lider/Ahenk. Our central management system Lider/Ahenk is open source and maintained at: https://github.com/Pardus-LiderAhenk. At enterprise
environments, it is desirable that all the configuration and applications in the desktops are under the system administrator’s control. This responsibility entails the regular application of security patches to the desktops by the administrator. Per our guidelines, the organizations set up their local repositories which includes the separate security repository. Those repositories are synchronized regularly. Hence the security repository is kept synchronized with Debian security repository. However, it is not easy to spot what has been fixed and the severity of the security issues addressed.
With this feature we aim to make it easier for the system administrator to discover, review and apply security patches. Although some tools are available in other distributions such as yum-plugin-security to obtain metadata for security updates, no such tool seems to be available for Debian.
This task will require examining the changelogs of the Debian packages and other metadata available within the security repository and extracting the CVE numbers and patch descriptions. You can see how an end user can do this using command line at https://askubuntu.com/questions/563408/how-can-i-tell-if-a-cve-has-been-fixed-in-ubuntus-repositories.
As part of this work, you will be asked to automate this process using scripting languages.
Required skills / knowledge
JavaScript, Python, Linux
Difficulty
Easy
Potential mentors
Muhammed Edip YILDIZ, mail: muhammededip.yildiz@tubitak.gov.tr
5. User Authentication Module and Hybrid Authentication Proxy
Organizations use hybrid operating system infrastructures. Managing user authentication is a growing problem. It is easy to authenticate Linux users against LDAP and windows users against Active Directory but lots of configuration and third party applications should be installed on operation systems to authenticate Linux users against AD or Windows users against LDAP.
With hybrid authentication proxy, it would not matter if backend authentication server is LDAP or AD. With a Linux PAM module for hybrid authentication proxy, end point only interacts with authentication proxy. Any configuration changes with backend (switching to AD or LDAP) would not matter. Also instant changes with infrastructures will not effect end point and there would not be any need of configuration update.
This task will require knowledge of writing PAM modules, network communication and how proxy servers work.
Main problem is, building a new standart for user authentication. Some ideas are at https://github.com/ciari/hybrid-auth
Required skills / knowledge
C, Linux, MS Windows Active Directory, LDAP, Python, Reading other’s code, some idea about authentication mechanisms
Difficulty
Hard
Potential mentors
İbrahim ARI, mail: ibrahim.ari@pardus.org.tr