| Age | Commit message (Collapse) | Author |
|---|
|
New versions of MIT now use the actual enctype in klist -ke output.
Also add 128-bit AES.
Also add some additional debugging that was useful when chasing
another problem.
|
|
|
|
Change-Id: Ibdd2494106324f8e1077daa084a2468c0a5fe4ea
|
|
Change-Id: I6249d2ea983959bc6c5ec03c2035a271228d4721
|
|
Ubuntu precise and trusty don't have Net::Duo packages. Delay
loading to the constructor so that the modules will still pass
strictness tests. This also fixes Travis-CI testing.
Change-Id: I23f1fe6dbdddaac2040f459410a74be4a13b6755
|
|
Change-Id: I3a8b13a8b255522cff92910f8d99ec94dc020e6f
|
|
Change-Id: I2bcee71d36782c08f858e78712e9d92605a69ba3
|
|
A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal and the ACL identifier to that command. To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.
Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602
|
|
Change-Id: I7a69a5bc425e16fbcf0a294d5e3aaf941bb2a453
|
|
Change-Id: I589c964895351c40e4b608925b055f97e6463d9a
|
|
Change-Id: I3b97807548638865987861979e73ae341e06f681
|
|
I'll probably bump this later, but for now that's the minimum
supported Perl version for wallet.
Change-Id: I97e36f850dcb3dcd3a78daf34d8a35bf597bdb43
|
|
Change-Id: If63ea5829252fda13b68d031fb9f48c93b71697a
|
|
Change-Id: I7e49c687e892e012051056bc9324d7a8a5b36d07
|
|
Change-Id: I0248c2bd36c063526c64e22c4d30f39464f69028
|
|
Change-Id: Ibff0602d5ff8bf4c625f3970130cce4c8c02720e
|
|
Change-Id: I714a6298c36e6fd7eca6ee3acb01637a96773647
|
|
Change-Id: I97f466b2221b71ffcc60dd4f1b48e5986496ff46
|
|
Change-Id: I9f8f986952510f6b2d326ccaab4bb7006a033b9d
|
|
Change-Id: I710de6a1df01ecd9aebd202288a9efb434c09054
|
|
Change-Id: Ib077a196ee5389d7ec6d90fcf411cae0a81e071d
|
|
Change-Id: Idd2e1038fc02dd51aab9a9ffdd5b3400db2b106f
|
|
|
|
When adding a new ACL, if creation of the verifier failed, we
reported a pretty minimal error message claiming that the
identifier was the problem. It can't possibly be the problem
when the constructor fails. Report the actual failure more
directly.
|
|
We need a fake NetDB server to test this stuff properly, but until
then, just avoid running the tests.
|
|
|
|
Changes so far for 1.3
|
|
Added a version of the LDAP attribute ACL. Like the root version for
NetDB, this requires that the principal end in /root, and then strips
off /root before doing matching against the given LDAP attribute.
Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6
|
|
Change-Id: I842a7335a4b50c9c20b921ae2efc63aab571635e
|
|
Since we now check to see if something is a valid netdb node entry for
the ACL verifiers, we need to have a valid netdb setup to run.
Change-Id: Ic2651f8b8b306dfa1f426d91f329b5100a9a1d64
|
|
We needed a way to report on where all a specific ACL might be nested,
since we can't destroy an ACL until it's no longer being nested. For
the immediate this is part of wallet-report.
Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
|
|
When destroying an ACL nested in other ACLs, we now fail with an
explanation rather than going through to remove all the places it's
nested. That's more in line with how we handle trying to destroy ACLs
that own things.
Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a
|
|
Removed some default text and explained why we grab the database handle
for future use.
Change-Id: I50b3ae06c1761453de3140d501830c245d550c04
|
|
There was an older mistake in sorting ACLs and entries, using && instead
of || when sorting.
Problem and fix pointed out to Chris Law.
Change-Id: Iab46b4bcbd842978f88a7d9f63958ebea4806413
|
|
This verifier will allow embedding one ACL in another for more flexible
ACL handling. As part of thise we've also added the ability for each
verifier to do a syntax check to see if a given name is valid for that
verifier. For the moment this returns true for everything but Nested.
Nested will check to make sure the given name is an existing group.
Change-Id: Iacdf146d46ed882d57b7534058d34db6e6ec1de4
|
|
All error messages should now use the ACL name rather than the ADL id,
for readability.
Change-Id: I2d1cfe806b459ef083293df4fa0b83cb4cef673b
|
|
The email sending will only replace the To: field with the contacts and
do no other template parsing, so it is currently limited.
Change-Id: I4c653cf7bfe3ed2d9ca16299a4f937e015966554
|
|
To handle local proliferation of Duo integration type requests, all Duo
types have been merged into one module that will pick up and decide
integration specifics off of the object type.
If you are using the Duo types locally already, you'll want to load
perl/sql/wallet-1.3-update-duo.sql to your database to update the old
object types to all use the Duo module.
All existing Duo integrations have been added to the module for
handling, but nothing new has been added to the wallet object types.
Since there are a lot of Duo integrations, sites should only manually
add the ones they're interested in to the wallet types table.
Change-Id: If9c9a0a3e77923354f31d8f9c98a519c93df200b
|
|
Change-Id: I9e4632f3ff81f916f9157ef8128b20915ecded08
|
|
"wallet-report objects host <hostname>" reports on all objects that
belong to the given host. This can be used to query things for retiring
systems.
Change-Id: Ib1c8e5978fed141d54ecc8504b56b43c037f9b17
|
|
Change-Id: I4bcc9c318ab3ec09add026e14204d929125302b7
|
|
update will work generally like get, but only for objects that have a
concept of updating content automatically, like keytabs and passwords.
For these, the content will be updated before sending to the client.
In a later release get for keytabs will be modified to never update the
kvno before sending to the user, and so the unchanging flag will be
phased out in lieu of explicitly using the method that does what you
want.
Change-Id: I96a84416c5e50278eb29fe07052dde6e063bc071
|
|
Two new reports, 'types' and 'schemes'. These will print out all
configured types and acl schemes.
Change-Id: Ib06d37755fe80c168a6f723c9a1e683fdf5dfcde
|
|
Added for SSL files including the root cert as well, used in splunk.
Change-Id: I1faaa840d309ae4370ae26da5b51c0cee84d7558
|
|
Change-Id: Icb894b4b52e6b5c07a7c12251b1f4c79025c7bc6
|
|
Commerzbank offered a script for searching and editing the wallet
history. The coding style is very different from our own, so I'm
including this as a contrib script for now.
Change-Id: I20516d63ad6f633ad0efc3977d990fa1e7a5ebd9
|
|
Added to the password object type a new naming set for service/*,
specifically for things that belong to a non-host-specific service.
Change-Id: I1481d48319a5833f00eae940a6d2ca912874bb01
|
|
The documentation now includes information about the Duo file types, and
the new password types. This is both the general information, and the
Stanford-specific naming docs.
Change-Id: Iae256224a063ce42f22cd933ef7bb3ab402e0e2d
|
|
Took code from Commerzbank AG and refactored to add to wallet-report.
This does a complete dump of all object history for searching on.
Change-Id: Id22c51d2938ad90e0c6a19aaa016501a1ba333b3
|
|
Change-Id: I6198f4247f589e94beced128504dd086194b1983
|
