krb5-wallet.git/perl/t, branch upstream/1.3

krb5-wallet.git/perl/t, branch upstream/1.3 Unnamed repository; edit this file 'description' to name the repository. https://git.gnuabordo.com.br/krb5-wallet.git/atom?h=upstream%2F1.3 2016-01-16T23:35:49+00:00 Pass object type and name to external ACL verifiers 2016-01-16T23:35:49+00:00 Russ Allbery eagle@eyrie.org 2016-01-16T23:34:22+00:00 urn:sha1:d2fde5b8330cab6bd6210ef99a628b1897676897 This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything. Clean up test-files directory after object/password test 2016-01-04T05:32:55+00:00 Russ Allbery eagle@eyrie.org 2016-01-04T05:32:55+00:00 urn:sha1:802e47e8d84530d191817b2d86978a0b09803186 Fix t/object/keytab.t MIT enctype recognition 2016-01-04T05:25:40+00:00 Russ Allbery eagle@eyrie.org 2016-01-04T05:25:40+00:00 urn:sha1:423792510f017d36580eb6d96342f6d09433a078 New versions of MIT now use the actual enctype in klist -ke output. Also add 128-bit AES. Also add some additional debugging that was useful when chasing another problem. Add Wallet::ACL::External ACL type 2016-01-04T03:29:20+00:00 Russ Allbery eagle@eyrie.org 2016-01-04T03:29:20+00:00 urn:sha1:23a6b180f975c24c8ee4190467c74b78fde0d084 A new ACL type, external (Wallet::ACL::External), is now supported. This ACL runs an external command to check if access is allowed, and passes the principal and the ACL identifier to that command. To enable this ACL type for an existing wallet database, use wallet-admin to register the new verifier. Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602 Skip Stanford naming policy tests that require NetDB 2015-12-15T06:19:11+00:00 Russ Allbery eagle@eyrie.org 2015-12-15T06:19:11+00:00 urn:sha1:bd0f18af97c495aa78059317830ff7e6a6fd949d We need a fake NetDB server to test this stuff properly, but until then, just avoid running the tests. Added Wallet::ACL::LDAP::Attribute::Root 2015-11-19T07:48:07+00:00 Jon Robertson jonrober@stanford.edu 2015-08-27T17:34:22+00:00 urn:sha1:6b0cad572edef05d119abc8fc843c8c5d33665b8 Added a version of the LDAP attribute ACL. Like the root version for NetDB, this requires that the principal end in /root, and then strips off /root before doing matching against the given LDAP attribute. Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6 ldap-attr.t: Updated tests to use jonrober rather than rra 2015-11-19T07:47:57+00:00 Jon Robertson jonrober@stanford.edu 2015-08-25T21:29:16+00:00 urn:sha1:e353e236cf6828647820b2d83529cc4a4f08cef2 Change-Id: I842a7335a4b50c9c20b921ae2efc63aab571635e stanford.t: Added netdb configuration to policy tests 2015-11-19T07:47:50+00:00 Jon Robertson jonrober@stanford.edu 2015-08-25T21:13:09+00:00 urn:sha1:2e00a586996cf4e53bd9d03afca7d46471549171 Since we now check to see if something is a valid netdb node entry for the ACL verifiers, we need to have a valid netdb setup to run. Change-Id: Ic2651f8b8b306dfa1f426d91f329b5100a9a1d64 Added wallet report for nested ACL 2015-11-19T07:47:40+00:00 Jon Robertson jonrober@stanford.edu 2015-06-09T22:04:14+00:00 urn:sha1:5d668b86ced32e84fd0f49046326a0a5e20dc8eb We needed a way to report on where all a specific ACL might be nested, since we can't destroy an ACL until it's no longer being nested. For the immediate this is part of wallet-report. Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1 ACL.pm: Destroying a nested ACL will now fail 2015-11-19T07:47:26+00:00 Jon Robertson jonrober@stanford.edu 2015-06-09T20:06:56+00:00 urn:sha1:43f386a6e3d0c141cd732b5ef5c2be8349f51f03 When destroying an ACL nested in other ACLs, we now fail with an explanation rather than going through to remove all the places it's nested. That's more in line with how we handle trying to destroy ACLs that own things. Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a