summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-01-17Update Perl version declaration and warnings for server scriptsRuss Allbery
Add use 5.008 and use warnings uniformly to all of the server backend scripts.
2016-01-17Adjust perl/module-version-t to run from testsRuss Allbery
When run under runtests, it runs with a parent directory of tests, and therefore needs to look for NEWS in ../NEWS. Allow for both paths.
2016-01-17Standardize Perl module versionsRuss Allbery
The versions of all of the wallet Perl modules now match the overall package version except for Wallet::Schema, which is used to version the database schema. Import the test from rra-c-util 5.10 and exclude Wallet::Schema from the tests. Go through all Perl modules and standardize the syntax for setting the version and indicating the required version of Perl. Fix a few other syntax issues while I'm in there.
2016-01-16Fix spelling errors and add stopwordsRuss Allbery
2016-01-16Add documentation of the Active Directory supportRuss Allbery
Also remove some configuration checks that aren't required, and unify handling of some configuration options.
2016-01-16Pass object type and name to external ACL verifiersRuss Allbery
This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything.
2016-01-16Merge pull request #72 from whm/ad-keytabsRuss Allbery
Ad keytabs
2016-01-05Merge branch 'master' into ad-keytabsBill MacAllister
Conflicts: NEWS
2016-01-03Clean up test-files directory after object/password testRuss Allbery
2016-01-03Use _exit when failing to fork external commandsRuss Allbery
Failed kadmin commands were deleting the wallet database in the test suite due to an END block in the test programs. Use _exit to avoid this.
2016-01-03Fix t/object/keytab.t MIT enctype recognitionRuss Allbery
New versions of MIT now use the actual enctype in klist -ke output. Also add 128-bit AES. Also add some additional debugging that was useful when chasing another problem.
2016-01-03Add libjson-perl to Travis CI buildRuss Allbery
2016-01-03Remove old Travis debugging, use apt-get -yRuss Allbery
Change-Id: Ibdd2494106324f8e1077daa084a2468c0a5fe4ea
2016-01-03Document the Duo integration requires JSON and Perl6::SlurpRuss Allbery
Change-Id: I6249d2ea983959bc6c5ec03c2035a271228d4721
2016-01-03Fix Wallet::Object::Duo to pass strict.t test w/o Net::DuoRuss Allbery
Ubuntu precise and trusty don't have Net::Duo packages. Delay loading to the constructor so that the modules will still pass strictness tests. This also fixes Travis-CI testing. Change-Id: I23f1fe6dbdddaac2040f459410a74be4a13b6755
2016-01-03Add stopword for Wallet::ACL::External documentationRuss Allbery
Change-Id: I3a8b13a8b255522cff92910f8d99ec94dc020e6f
2016-01-03Do the Travis-CI build in trusty for WebAuth supportRuss Allbery
Change-Id: I2bcee71d36782c08f858e78712e9d92605a69ba3
2016-01-03Add Wallet::ACL::External ACL typeRuss Allbery
A new ACL type, external (Wallet::ACL::External), is now supported. This ACL runs an external command to check if access is allowed, and passes the principal and the ACL identifier to that command. To enable this ACL type for an existing wallet database, use wallet-admin to register the new verifier. Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602
2016-01-03Add libperl6-slurp-perl to the Travis CI buildRuss Allbery
Change-Id: I7a69a5bc425e16fbcf0a294d5e3aaf941bb2a453
2016-01-03Fix Travis-CI debugging (hopefully)Russ Allbery
Change-Id: I589c964895351c40e4b608925b055f97e6463d9a
2016-01-03Debug Travis-CI failure, install Net::RemctlRuss Allbery
Change-Id: I3b97807548638865987861979e73ae341e06f681
2016-01-03Allow contrib/wallet-contacts to work on Perl 5.008Russ Allbery
I'll probably bump this later, but for now that's the minimum supported Perl version for wallet. Change-Id: I97e36f850dcb3dcd3a78daf34d8a35bf597bdb43
2016-01-03Add stopwords for some additional spelling issuesRuss Allbery
Change-Id: If63ea5829252fda13b68d031fb9f48c93b71697a
2016-01-03No libnet-duo-perl in the version Travis-CI usesRuss Allbery
Change-Id: I7e49c687e892e012051056bc9324d7a8a5b36d07
2016-01-03Enable Travis-CI integration testingRuss Allbery
Change-Id: I0248c2bd36c063526c64e22c4d30f39464f69028
2016-01-03Document requirements for the password objectRuss Allbery
Change-Id: Ibff0602d5ff8bf4c625f3970130cce4c8c02720e
2016-01-03Flesh out NEWS and update TODO for merged changesRuss Allbery
Change-Id: I714a6298c36e6fd7eca6ee3acb01637a96773647
2016-01-03Remove Stanford-internal JIRA identifiers from TODORuss Allbery
Change-Id: I97f466b2221b71ffcc60dd4f1b48e5986496ff46
2016-01-03Add POD documentation of schemes and types reportsRuss Allbery
Change-Id: I9f8f986952510f6b2d326ccaab4bb7006a033b9d
2016-01-03Add POD documentation for objects host reportRuss Allbery
Change-Id: I710de6a1df01ecd9aebd202288a9efb434c09054
2016-01-03Document the acls nested report in the man pageRuss Allbery
Change-Id: Ib077a196ee5389d7ec6d90fcf411cae0a81e071d
2016-01-03Document the new ACL schemes in docs/design-aclRuss Allbery
Change-Id: Idd2e1038fc02dd51aab9a9ffdd5b3400db2b106f
2015-12-29Add in missing use statement for Sys::SyslogBill MacAllister
2015-12-29Add error check for partially created AD keytabsBill MacAllister
The msktutil script does not always signal error conditions. This change implements a check that examines the output from msktutil and reports and error when the keytab creation fails to create the keytab but does create a computer entry in the directory. If an error is detected the directory entry is deleted leaving the directory in a clean state. Also, support has been added for output of debugging information to syslog using the AD_DEBUG configuration variable. Finally perltidy suggested changes were made to AD.pm.
2015-12-18Merge branch 'master' into ad-keytabsBill MacAllister
Conflicts: NEWS
2015-12-14Add documentation for Wallet::ACL::NestedRuss Allbery
2015-12-14Better error reporting on verifier failure during addRuss Allbery
When adding a new ACL, if creation of the verifier failed, we reported a pretty minimal error message claiming that the identifier was the problem. It can't possibly be the problem when the constructor fails. Report the actual failure more directly.
2015-12-14Skip Stanford naming policy tests that require NetDBRuss Allbery
We need a fake NetDB server to test this stuff properly, but until then, just avoid running the tests.
2015-12-14Update some style issues in NEWSRuss Allbery
2015-12-14Merge pull request #2 from jonrober/masterRuss Allbery
Changes so far for 1.3
2015-12-03Implement support for managed Active Directory keytabsBill MacAllister
This version implements Active Directory as the store for keytabs. The interface to Active Directory uses a combination of direct LDAP queries and the msktutil utility. This version does not support the wallet unchanging flag. Unchanging requires that a keytab be retrieved without changing the password/kvno which is not supported by msktutil.
2015-11-18Added Wallet::ACL::LDAP::Attribute::RootJon Robertson
Added a version of the LDAP attribute ACL. Like the root version for NetDB, this requires that the principal end in /root, and then strips off /root before doing matching against the given LDAP attribute. Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6
2015-11-18ldap-attr.t: Updated tests to use jonrober rather than rraJon Robertson
Change-Id: I842a7335a4b50c9c20b921ae2efc63aab571635e
2015-11-18stanford.t: Added netdb configuration to policy testsJon Robertson
Since we now check to see if something is a valid netdb node entry for the ACL verifiers, we need to have a valid netdb setup to run. Change-Id: Ic2651f8b8b306dfa1f426d91f329b5100a9a1d64
2015-11-18Added wallet report for nested ACLJon Robertson
We needed a way to report on where all a specific ACL might be nested, since we can't destroy an ACL until it's no longer being nested. For the immediate this is part of wallet-report. Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
2015-11-18ACL.pm: Destroying a nested ACL will now failJon Robertson
When destroying an ACL nested in other ACLs, we now fail with an explanation rather than going through to remove all the places it's nested. That's more in line with how we handle trying to destroy ACLs that own things. Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a
2015-11-18Nested.pm: Updated comments around constructorJon Robertson
Removed some default text and explained why we grab the database handle for future use. Change-Id: I50b3ae06c1761453de3140d501830c245d550c04
2015-06-08Wallet/Server.pm: Fix sorting of ACLs and entriesJon Robertson
There was an older mistake in sorting ACLs and entries, using && instead of || when sorting. Problem and fix pointed out to Chris Law. Change-Id: Iab46b4bcbd842978f88a7d9f63958ebea4806413
2015-06-08Added nested acl verifierJon Robertson
This verifier will allow embedding one ACL in another for more flexible ACL handling. As part of thise we've also added the ability for each verifier to do a syntax check to see if a given name is valid for that verifier. For the moment this returns true for everything but Nested. Nested will check to make sure the given name is an existing group. Change-Id: Iacdf146d46ed882d57b7534058d34db6e6ec1de4
2015-06-08ACL.pm: Error messages use name rather than IDJon Robertson
All error messages should now use the ACL name rather than the ADL id, for readability. Change-Id: I2d1cfe806b459ef083293df4fa0b83cb4cef673b
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 05:54:48 +0000