Big O Object Specs

Under construction
2/03/00 Created by SY
4/21/00 Reviewed by Rob
12/19/00 Last modified

General Requirements
Input Requirements
- Field Types
- Table of Fields and Field Types
Output Requirements
Object Particulars
Different pages/actions
Miscellaneous

General Requirements

The Big O pages are the main user interface. They cover most of NetDB's functionality- adding, modifying, deleting all the Big O objects (domain, group, user, admin team, network, node). They do not include the Little O pages. Little O pages allow access to management functions that are not included in the current NetDB2 telnet interface. Little O's include objects like make, model, dhcp options, etc.

Input Requirements

This section describes the different types of field types. All input fields should escape html characters properly. Also, double quotes are not allowed in text input data except for DHCP options

Field Types- Summary

DNS Name field- must obey DNS naming rules

Non-DNS name, no spaces

Non-DNS names, spaces allowed

String- any characters allowed

People input fields

Select box- allow multiple selections

Dropdown box- single choice from short list

Field Types- elaborated

DNS Name field
Just a recap of all the types of DNS names in NetDB:
```
Name		Node Type	# allowed		Comment
Host		All		1 unless Adv		A record
Alias		All 		many			CNAME record
MX		All		many			MX record
Interface	Adv		1			A record
IP Address	Adv		1			A record
IPC Addr	IPC		1			A record
Dyn Addr	Network		1			A record	
```
DNS names must obey the following rules:
- Only include letters, digits or hyphens
- Case insensitive
- Must be unique (name.domain.type)
- Cannot begin or end with hyphen
- Must contain one letter
- Max 64 characters for name
- Max 255 char for fully qualified name
- Cannot be on reserved name list
Reserved names
- must be unique among DNS names and reserved names
- must follow DNS naming rules
- Case insensitive
Non-DNS name, no spaces
- No spaces allowed
- Any printable character except "<" and ">" (to avoid html problems)
Non-DNS names, spaces allowed
- Spaces are allowed within name
- Leading and trailing spaces trimmed
- Any printable character except "<" and ">" (to avoid html problems) and double quotes (except in DHCP options). Doublequotes are not allowed because they are used as separators in full search.
String field
People Input Fields (User name, Node administrator, Node user, Admin Team members
- Enter as any valid directory search string
- Multiple names can be entered, separated by carriage return
- If a name matches one name, it will be listed with a checked checkbox.
- If a name matches multiple names, they will be listed with unchecked checkboxes.
- Wildcard * supported
Select Boxes
Used when multiple selections are allowed
Dropdown box
Used when short list and only single selection allowed
Date Fields
Allowable date formats are:
- m/d/yyyy, m/dd/yyyy, mm/d/yyyy, mm/dd/yyyy
- m/d/yy, m/dd/yy, mm/d/yy, mm/dd/yy
- m-d-yyyy, m-dd-yyyy, mm-d-yyyy, mm-dd-yyyy
- m-d-yy, m-dd-yy, mm-d-yy, mm-dd-yy
Integers
Must not be negative number. Zero is ok
Radio Buttons
Checkboxes
IP Address Field
- IP Address Space Input Format
  - w.x.y.z/n - existing address space with prefix
    e.g. 171.64.20.0/24
  - w.x.y/n - existing address space without trailing zeroes
    e.g. 171.64.20/24
  - w.x.y.z - existing address space without prefix
    e.g. 171.64.20.0
- IP Address Input Format
  - Must be in form x.y.y.y where x and y are numbers from 0-255.

Table of Objects, Fields and Field Types

Output Requirements

People Display Format
- For Created By/ Modified By, "Preferred Name (dirID)"
- For node user, node admin, node members, NetDB users: "Name (dirID)"

Object Particulars

This section covers oddities for each object type.

Object Names

Object names must be unique within that object.

Object Type Name Field Type

Group Non-DNS name, spaces

Domain DNS

User People name- valid kerb principal

Admin Team Non-DNS name, spaces

Network DNS Name

Node DNS Name

Group Object
Used for security. Associated with all objects and address spaces.
Domain Object
- Domain names, once created, cannot be modified except for the case.
- Limited- means only names in a limited table can be assigned in the domain ( like "www")
- Allow names- means that the name of a domain (like win.stanford.edu) can also be assigned as a node name.
User Object
- Email & Phone are taken from registry and are not subject to regular privacy permissions
Admin Team Object
New object which can be used in place of SUNet ID as a node administrator. In the node administrator field, admin teams are indicated by a semicolon after the name. Members do not have to be netdb users but must be in registry. Unidentified node administrators will be migrate as Admin Teams.
Network Object
- Low Reserve- input field for integers
  - Default value TBD
  - # of addresses reserved at the bottom of the address range. Includes network address.
  - regular users cannot assign addresses in this range
  - obeyed when assigning Dynamic DHCP addresses, even if god
- High Reserve- input field for integers
  - Default value to be determined
  - # of addresses reserved at the top of the address range. Includes broadcast addr.
  - regular users cannot assign addresses in this range
  - obeyed when assigning Dynamic DHCP addresses, even if god
- Groups- select box
  - Network Groups- users in these groups with network object rights can modify the network
  - Address Space Groups- Users in these groups with node object rights can assign an address in this AS
- DHCP Options- input field
  see DHCP Options list
- Comment Field
  Must escape special html characters. Char limit?
- Dynamic DHCP Address- can only be assigned once AS created
  - IP Address IP address must be in this address space
  - Dynamic DHCP Address Name- input field
    This name must obey internet naming standards. Currently automatically generated in the following format: "DN < hex of Ip address >"
  - Active- checkbox
  - Count box- input field for integers On network modify page to automatically assign multiple addresses. Gives error if too many addresses assigned
- Split/join/expand/shrink networks
  1. Maximum difference between old and new network prefixes is 6 when expanding, splitting, joining or shrinking networks
  2. Cannot be split if network and broadcast addresses are taken
  3. The Address Space must be saved before you can split/join it.
Node Object
- PTR Preferences on Advanced Node will not be implemented this round. Default order of name returned on a reverse lookup:
  1. IP Address Name
  2. Interface Name
  3. Node Name
- Each node can have 2 custom label/value pairs. The labels within a given node must be different.
- DHCP Options- see list
- Interface
  - Hardware addresses are required for DHCP/Roaming flags to be set
  - "DHCP" enables Bootp or dhcp
  - "Roaming" allows user to move to other nets and get a dynamic dhcp address. If Roaming is checked, DHCP will also be checked.
- There are 5 different node types:
  - Default- nothing special
  - Advanced- allows the following:
    1. Multiple DNS names (A names for node)
    2. Interface DNS names
    3. Multiple interfaces
    4. IP address names
  - Router- used for object access
  - IPC- IP Connectivity provider
    1. Includes fastpaths and terminal servers
    2. Passes out multiple IP addresses
    3. IPC addresses are dynamically named
  - Template Node
    1. Has Address Space instead of IP address
    2. Should not be used in combination with Advanced or IPC node types

Different pages

Create Page
Modify Page

Template Page

This table lists what fields are inherited when an object is used as a template:

OBJECT INHERITED FIELDS

Domain Limited, Allow Names, Groups

Group

User Dept, Groups, def Group, def Addr Space, def Domain, Obj Access, All Objects, Groups, All Groups, Templates (not implemented), Active

Admin Team Groups, Dept, Members

Network Group, Dhcp Service, Dhcp Options

Node Node Types, Dept, Group, Location, Room, Expiration Date, Make/Model, OS, Administrator, User, Ptr Prefs, Address Space (see IP Address Assignment)

Delete Page

Even if user has rights to an object and the object is not locked, object cannot be deleted under certain circumstances.

OBJECT CAN'T DELETE IF...

Domain Names still exist in domain

Group Objects are still associated with that group

User

Admin Team still listed as node admin

Network IP addresses being used in that network

Node

Address space IP addresses being used in that address space

Note that address space is not really an object.

Miscellaneous

Verify
- Used with IP addresses, DNS names and people names
- Verified addresses and names will be listed below field
- For IP addresses and DNS names
  - If name or address taken, get back message saying unavailable
  - If not taken, name and address are reserved and get message saying name and address are verified.
- For people names, checks registry to see if person exists
  - If no matches, get back message saying no such person
  - If single match, user is listed with checked checkbox
  - If multiple matches, users are listed with unchecked checbox

Registry and People
Because of privacy issues with the directory, only the following information will be displayed about people. People names will link to stanfordwho. NetDB users (includes all LNAs) must allow their work phone and email to be accessed. Users with special security issues will be hardcoded in. In the below table is listed the different types of persons in netDB3, and who can see what. On entry of a person name, more information to help determine the correct person in multiple matches. That information is hidden when looking at an info page.

Person type Who sees entry Seen on Entry Seen on Info

NetDB User God name, workphone, email, sunetid name, workphone, email, dirID

Node Admin LNA name, dept name, dirID

Node User LNA name, dept name, dirID

Admin Team Member LNA name, dept name, dirID

IP Addresses

Access
A user can perform the following actions if he shares the same group and has the needed object access rights:

OBJECT	ACTION	OBJECT RIGHTS NEEDED
Domain	Add names in domain	Node or Network
Domain	Add, modify, delete	Domain
Group	Add, modify, delete	Group
User	Add, modify, delete	User
Admin Team	Add, modify, delete	Admin Team
Network	Add, modify, delete	Network
Node	Add, modify, delete	Node
Address space	Assign addresses from this space	Node or Network

Note: address space is not a NetDB object
Only users with group object access rights can create groups.

DHCP Options

Below is a list of the allowable DHCP options. DHCP options must be explicitly listed, one per line, as < Label > = < Value >. Values are not checked in any way. The below table shows which options can be used with which objects.

Label Type DataType Serv Net AS NodeGrp Int BootP

filename string n n n y y bf

next-server host y y y y y sa

log-servers option host n y y y y lg

domain-name option string y y y y y dn

domain-name-servers option host y y y y y ds

option-144 option keyword n n n n n T144

allow keyword y y n n n

deny keyword y y n n n

max-lease-time int y y y y y

default-lease-time int y y y y y

get-lease-hostnames flag y n n n n

use-host-decl-names flag y n n n n

Session and Locking

Changing session parameters
- If a setting is user changeable, the setting will immediately take effect
- If a setting is changed by another user, the setting will take effect when the user profile is refreshed
Locking Data
- For IP address reservations, see IP Address Assignment
- Locks follow user. If user has multiple sessions and logs out of one, all locks are released
- If multiple windows accessing one object, the newest window has the lock.
Keeping Data

Because html doesn't keep state, it was common to lose newly entered data if there was an error on the page. Because of time, it was decided to only implement serious data capture on the node and network pages. Below are some know data loss conditions
- User- Selected same dept and other dept. Got error and lost object access selections
- Network- Lose network prefix if error during network split/join

THE END

Object Type	Name Field Type
Group	Non-DNS name, spaces
Domain	DNS
User	People name- valid kerb principal
Admin Team	Non-DNS name, spaces
Network	DNS Name
Node	DNS Name

OBJECT	INHERITED FIELDS
Domain	Limited, Allow Names, Groups
Group
User	Dept, Groups, def Group, def Addr Space, def Domain, Obj Access, All Objects, Groups, All Groups, Templates (not implemented), Active
Admin Team	Groups, Dept, Members
Network	Group, Dhcp Service, Dhcp Options
Node	Node Types, Dept, Group, Location, Room, Expiration Date, Make/Model, OS, Administrator, User, Ptr Prefs, Address Space (see IP Address Assignment)

OBJECT	CAN'T DELETE IF...
Domain	Names still exist in domain
Group	Objects are still associated with that group
User
Admin Team	still listed as node admin
Network	IP addresses being used in that network
Node
Address space	IP addresses being used in that address space

Person type	Who sees entry	Seen on Entry	Seen on Info
NetDB User	God	name, workphone, email, sunetid	name, workphone, email, dirID
Node Admin	LNA	name, dept	name, dirID
Node User	LNA	name, dept	name, dirID
Admin Team Member	LNA	name, dept	name, dirID

Label	Type	DataType	Serv	Net	AS	NodeGrp	Int	BootP
filename		string	n	n	n	y	y	bf
next-server		host	y	y	y	y	y	sa
log-servers	option	host	n	y	y	y	y	lg
domain-name	option	string	y	y	y	y	y	dn
domain-name-servers	option	host	y	y	y	y	y	ds
option-144	option	keyword	n	n	n	n	n	T144
allow		keyword	y	y	n	n	n
deny		keyword	y	y	n	n	n
max-lease-time		int	y	y	y	y	y
default-lease-time		int	y	y	y	y	y
get-lease-hostnames		flag	y	n	n	n	n
use-host-decl-names		flag	y	n	n	n	n