| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I701dc2151a41087dd0457a1f756884a78013f622
|
|
Upstream version 1.1
|
|
|
|
Change-Id: I1c53e0503b29d7add289d26e67b11f9789ba8ad8
Reviewed-on: https://gerrit.stanford.edu/1576
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Upstream version 1.1
|
|
|
|
This turned out to not be necessary for testing since I was already
using sqlite3 to load an unversioned schema. Remove the offending
line and restore the old code with some cleanup.
Change-Id: I282b6f3b4754e4899222be6366b77a47f0cb7189
Reviewed-on: https://gerrit.stanford.edu/1575
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
When reading the Duo object configuration to retrieve the Duo
admin server, parse the JSON in relaxed mode to match the behavior
of Net::Duo itself. Otherwise, we get hung up on trailing commas
that Net::Duo doesn't care about.
Change-Id: I0a7347b22e379fe5dfe5fdabaec3e23420cf9a63
Reviewed-on: https://gerrit.stanford.edu/1574
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Eventually, there will be multiple object types for different Duo
integrations, and they will need to have unique names. Add the
Duo type in parentheses after the name to help ensure this.
Change-Id: I679130f9136077fc6bf5d8c6c9ad98ec83b400d0
Reviewed-on: https://gerrit.stanford.edu/1573
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
* Enable uscan verification of the GnuPG signatures on upstream
releases in debian/watch.
Change-Id: Ic8555655c8b7cd3fd1a1d8fa55c381673ee8e2bf
|
|
Change-Id: Ida824647e538c06595818ec39d408b12b9c6f488
|
|
Change-Id: I2cf44dabde6c2ad4952c0c64dba88805120fd9a8
|
|
Change-Id: Iac7c9bffb20e86b2b7dc5aa2b1acdfae928265cf
|
|
Change-Id: I6cc0df81ab9507a6aceba772766c0a0588b2d750
|
|
Change-Id: I37e92900dc13cdc6a538a7bf71f2d8b8d221006f
|
|
Change-Id: If4c22583a8031e5197a6d6999ca1e270c6dda0c8
|
|
Change-Id: I8c95315cfc35c3f13086e1bcbb46d5a4e5bb5590
|
|
Change-Id: I9eb620f2a56c56b6614d845f0edb04269707cb89
|
|
Change-Id: I295e5290ad89bdd1dec52882e7855966e16a9813
|
|
Also, Document in the wallet-server package description that a DBD::*
module and corresponding DateTime::Format::* module are required.
(There isn't a way to fully represent the required dependency.)
Change-Id: I7c888319bfd85e7e65a55272cad3bc5444ac30e2
|
|
Change-Id: I7fd0f5c9ec0dd940ab5675e3a7ab5e3ad3f3048e
|
|
Upstream version 1.1
Conflicts:
NEWS
README
client/keytab.c
perl/lib/Wallet/ACL.pm
perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
perl/t/general/admin.t
perl/t/verifier/ldap-attr.t
Change-Id: I1a1dc09b97c9258e61f1c8877d0837193c8ae2c6
|
|
|
|
Otherwise, there are warnings from Build.PL due to the file missing
from the manifest.
Change-Id: I32db0199bfda25ab8235ab965bfbbca8bee180b8
Reviewed-on: https://gerrit.stanford.edu/1572
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Also set module_name (uselessly) to avoid warnings from
Module::Build.
Change-Id: I53426a096f4133f27aa3315b4be24385a3476793
Reviewed-on: https://gerrit.stanford.edu/1571
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I984f48d667acab4cfcb7e0c115773e34e6335d65
Reviewed-on: https://gerrit.stanford.edu/1570
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I3dd9ae38d638cddf2307f5e07cb4a2e01422e172
Reviewed-on: https://gerrit.stanford.edu/1569
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Automake insists on not using DESTDIR for distcheck and instead
relying on prefix, but we don't want Perl module installation to
follow prefix since that may result in a module install directory that
isn't in Perl's search path. So, if and only if we're running under
distcheck, we pass the prefix in as --install_base.
When copying the Test::RRA Perl modules into the perl/t/lib tree,
use separate mkdir and $(INSTALL_DATA) instead of cp -R. The latter
copies the read-only permissions, and then distclean cannot remove
the files.
Change-Id: Ic1879defad993c76384f7c207cd04cb67889a7ac
Reviewed-on: https://gerrit.stanford.edu/1568
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I36565462a248cef0ff1560b5a1d89a20353d566f
Reviewed-on: https://gerrit.stanford.edu/1567
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I0d56ea7b64cdcc43bf59f803077d076414b1a1ce
Reviewed-on: https://gerrit.stanford.edu/1566
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I5143d487d6b3623bc2be1724ed766b8709feb506
Reviewed-on: https://gerrit.stanford.edu/1565
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I5390ec1ea8ba90394454a75acb54f1f4a25f9c83
Reviewed-on: https://gerrit.stanford.edu/1564
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I823bb20d129e4c1efdb607821adc3b134c2f6276
Reviewed-on: https://gerrit.stanford.edu/1563
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
To ensure that the generated man page also contains a license, move
the license text down into the POD.
Change-Id: Iaeedfbffccd1510d50bf1f84f396e1b1f8fda8fc
Reviewed-on: https://gerrit.stanford.edu/1562
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I518a175998aa77920b08c43e3a6b890bbab59280
Reviewed-on: https://gerrit.stanford.edu/1561
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Ensure we don't have integer overflow when allocating the array
of struct iovec for store commands.
Change-Id: I0777ca8ef050b9773dba0c03b5e8533d3b2d5486
Reviewed-on: https://gerrit.stanford.edu/1560
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The owner and getacl commands now return the current name of the ACL
instead of its numeric ID, matching the documentation of owner.
Change-Id: Ic47aad48bd1454ed4bffff7030b0492d74eee4fa
Reviewed-on: https://gerrit.stanford.edu/1559
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix the ordering of table drops during a wallet-admin destroy action
to remove tables with foreign key references before the tables they
are referencing. Should fix destroy in MySQL and other database
engines that enforce referential integrity.
Change-Id: I9b37c516f67acdf1d9e25222f067df6749e8c769
Reviewed-on: https://gerrit.stanford.edu/1558
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I478ed7812a4d25641ee85846e4092e17536e5a1d
Reviewed-on: https://gerrit.stanford.edu/1557
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Always use DateTime objects for every date field in the database,
and translate them into the local time zone for display when
pulling them out of the database. This should provide better
portability to different database backends.
Change the parsing of expires arguments to use Date::Parse, thus
supporting a much broader variety of possible date and time
formats and allowing easy conversion to a DateTime object.
Document the new dependency.
Change-Id: I2ee8eaa6aa6ae9925ac419e49234ec9880d4fe95
Reviewed-on: https://gerrit.stanford.edu/1555
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I0d7a088bb34dda2fc554b9f104c2a33e5faf879e
Reviewed-on: https://gerrit.stanford.edu/1554
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Store the current name of the ACL with each history row, and index
the name. This will eventually allow retrieval of history by name
for ACLs that have been deleted, although the rest of the code is
not yet in place.
The initial creation and membership of the ADMIN ACL during database
initialization or reinitialization is no longer recorded in the
acl_history table, since otherwise it produces errors due to the
missing ah_name field when building the database with schema 0.07.
There should be some better solution to this, but this will be okay
for the time being.
Change-Id: I015a00c972e0c2730c3d449952fcfe9b79c6e54f
Reviewed-on: https://gerrit.stanford.edu/1553
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Now needs a use lib 'lib' in order to run out of the source
directory.
Change-Id: Ia8645eae6c6699db919968d42f057b06e42150a2
Reviewed-on: https://gerrit.stanford.edu/1552
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Pass in DateTime objects for the date fields in the database instead
of formatted time strings. This provides better compatibility with
different database engines. Document in README the need to install
the DateTime::Format::* module corresponding to the DBD::* module used
for the server database.
Change-Id: Id25796da718d734ac96ca27ccea9045b0c80c03f
Reviewed-on: https://gerrit.stanford.edu/1551
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I61379e8963569d26c9b9c31d1727f3cca4567f8e
Reviewed-on: https://gerrit.stanford.edu/1550
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In Wallet::Admin, add duo to the list of tables to drop when
either destroying or reinitializing the database.
Change-Id: I78790927f7d53b8d596e6ccb7c2340a341e404ae
Reviewed-on: https://gerrit.stanford.edu/1549
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I3b3a035817e7e8f1c0e9709505490ce0ec299f3d
Reviewed-on: https://gerrit.stanford.edu/1548
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new contrib script, wallet-rekey-periodic, which is used at
Stanford to periodically rekey hosts from cron.
Change-Id: Ic1f515da44e55623f7d6864f9a3cebf24c08e13b
Reviewed-on: https://gerrit.stanford.edu/1547
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
