| Age | Commit message (Collapse) | Author |
|---|
|
Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.
Change-Id: Ie5083432d09a0d9fe364a61c31378b77aa7b3cb7
Reviewed-on: https://gerrit.stanford.edu/598
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Remove the group for host-based file object names. Move the group
to the second component for non-host-based names so that the first
component is always the object type. Add some additional object
types and clarify wording based on feedback from Adam.
Change-Id: I5db7b23d2b004c69afb869df5624d455b751c0d5
Reviewed-on: https://gerrit.stanford.edu/724
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Recommend slash-separated names by default. Remove some obsolete
bits and update a lot of the recommendations and wording.
Change-Id: I44cbf8116e7529b00a61261248ff9daecacdb910
Reviewed-on: https://gerrit.stanford.edu/723
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Id360aebe8f0a3911a7d628feafef9b3110801124
Reviewed-on: https://gerrit.stanford.edu/715
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Be sure that we don't purge keys if that would leave us with fewer
than three keys. Fix a few other error reporting issues and one
syntax error in a WebAuth call.
Change-Id: I9bb75de56da3542f8c26ca8eab0814afea06c16a
Reviewed-on: https://gerrit.stanford.edu/714
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
We need at least version 3.06 to have the encode and decode
WebAuth::Keyring functions.
Change-Id: Ia4e3ed74cc038c06e3ba6ab13b37ea3cdb06c032
Reviewed-on: https://gerrit.stanford.edu/713
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
A copy/paste error from the file object configuration.
Change-Id: Ie3ee48ed7adcf3fa50a510f085e664c5b0c91300
Reviewed-on: https://gerrit.stanford.edu/712
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I12e430acd089de5ac50f62ebbdeb869be31eeeec
Reviewed-on: https://gerrit.stanford.edu/711
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
|
|
|
|
|
|
|
|
|
|
|
|
Fix a formatting error in Wallet::ACL::LDAP::Attribute and add new
stopwords required by the latest aspell.
|
|
|
|
Some database drivers, such as current SQLite, will return undef
for a data column that is set to NULL instead of the empty string.
Skip past those data columns without attempting to examine the
length of the resulting data.
|
|
|
|
Avoid tromping on the user's AFS credentials if using Heimdal
user space.
|
|
|
|
This is very preliminary. There is no test suite yet, no
documentation, and the test suite currently doesn't pass for other
reasons.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported. This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type. New configuration settings are
required as well; see Wallet::Config for more information. To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier.
|
|
|
|
|
|
|
|
Add a missing TODO item for purging host-related objects that was
filed in JIRA.
|
|
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
|
|
|
|
Hook the new upgrade method of Wallet::Schema into Wallet::Admin
and the wallet-admin wrapper script.
|
|
Version 0 is the version without the metadata table. Add a new
upgrade method to Wallet::Schema and support upgrading the database
to version 1. (Version 1 is not yet finalized.)
|
|
Add a metadata table whose only column, currently, is a version number.
We will store the version of the schema in this table and use that to
know what to do during upgrades.
|
|
|
|
|
|
|
|
Change how autogen generates man pages to use a loop, which will make
it easier to add more documentation in the future.
|
|
|
|
|
|
Also create the Wallet/ACL/Krb5 directory when copying the Perl
files for srcdir != builddir builds.
|
|
|
|
Add -Wformat=2 -Winit-self -Wswitch-enum -Wdeclaration-after-statement
-Wshadow to the set of gcc warnings. Stop passing -DDEBUG=1 since I no
longer use that define anywhere. Change -W to -Wextra since I'm
requiring a fairly new GCC anyway.
|
|
Update to C TAP Harness 1.5:
* Better reporting of fatal errors in the test suite.
* Summarize results at the end of test execution.
* Add tests/HOWTO from docs/writing-tests in C TAP Harness.
Update to rra-c-util 2.6:
* Fix portability to bundled Heimdal on OpenBSD.
* Improve checking for krb5_kt_free_entry with older MIT Kerberos.
* Fix portability for missing krb5_get_init_creds_opt_free.
* Fix header guard for util/xwrite.h.
* Restore default compiler configuration after GSS-API library probe.
|
