| Age | Commit message (Collapse) | Author |
|---|
|
When creating new principals in a Heimdal KDC, generate a long, random
password as the temporary password of the disabled principal before
randomizing keys. This is necessary if password quality is being
enforced on create calls. Since the principal is always inactive
until the keys have been randomized, the password should not need to
be secure (and indeed is not cryptographically random).
Change-Id: If519a82475bb0d387a19d16ef1e024b0da64779a
Reviewed-on: https://gerrit.stanford.edu/1374
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Conflicts:
NEWS
|
|
|
|
When the correct Kerberos tickets aren't available, this test
skipped the wrong number of tests.
Change-Id: Icf27178fe88027f38764285bb671560e051f9105
Reviewed-on: https://gerrit.stanford.edu/1373
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
* Add libauthen-sasl-perl and libnet-ldap-perl to Build-Depends for the
test suite.
|
|
|
|
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Change-Id: I5f863239ce4ebba66b35ff09454f2897367bd359
Reviewed-on: https://gerrit.stanford.edu/1369
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I5b10208b0b164e39242cf20ed4bd57398a3b9898
|
|
* Move the DateTime::Format::* Perl modules for various databases to
Depends from Recommends and add the Pg and MySQL versions as
alternatives.
Change-Id: I39ea83bb2dc2d2042ba539895738e0fd9b362254
|
|
Change-Id: I8f4b7b7798ee34271c5bfc1b46733a3649064192
|
|
There was a missing resultset() call in one place and the wrong
resultset used in a different place, causing the enctype management
code to not work.
Change-Id: I796169c5968ec164f90f3cd75541dd346dd50fdf
Reviewed-on: https://gerrit.stanford.edu/1070
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The acl_history table needed to get the DateTime object rather than the
raw epoch timestamp in one place. This was causing errors adding new
lines to the history.
Change-Id: I9c971819484cd0b26cb2561549246c284afc55a1
Reviewed-on: https://gerrit.stanford.edu/1325
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The reference from object_history to the objects table needed to be
removed. We still want the relationship in the DBIx::Class files, but
we don't want the relationship enforced as we want to keep history
entries for deleted objects.
Change-Id: Id927404b996fe171a8f5fc0747ccb0abddcbe1f2
Reviewed-on: https://gerrit.stanford.edu/1324
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ic1a9420955614c67cfc4e5e01e0b7f0458569a81
|
|
If we can't find the sqlite3 binary, just skip the upgrade test.
Reviewed-on: https://gerrit.stanford.edu/994
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
(cherry picked from commit 15fea5552df18667b39fce620488ed6c48bd7329)
Change-Id: I26cd8148d58368767f39d135afe4c721652b0740
|
|
Since we were reinstalling a fresh database via the same DBIx::Class
functions, the database we installed to upgrade from a non-versioned
setup was still getting a version table. Switched to delete the
database and reload it fresh from the sqlite3 command itself.
Reviewed-on: https://gerrit.stanford.edu/993
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
(cherry picked from commit 2a8fb416b5eb2db697e03ddce930c21656ccbc88)
Change-Id: If097c6edff916746e332e04c8d479a858a5773c4
|
|
Change-Id: I8a40fcaaa2a5effdea495ecc2f6a03a63543e0b9
|
|
Upstream version 1.0
|
|
|
|
The module wasn't always returning a true value when loaded.
Change-Id: I998ab25509cb9079034cae6aca467024ec6b4949
Reviewed-on: https://gerrit.stanford.edu/990
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I2e52bb9184bc5939421a93d7a2ef9a9f4716711c
|
|
Upstream version 1.0
|
|
|
|
It's nice to have spaces and other special characters in comments,
so allow any character rather than applying the normal argument
filtering.
Change-Id: Iec8584f1f6893906db7245fbe571d62ebc60f72a
Reviewed-on: https://gerrit.stanford.edu/989
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
* Check for any files left uninstalled by dh_install.
Also install all the SQL files used for database upgrades into the
wallet-server package properly.
Change-Id: I18711d26b88cf4bcbae036f20c11f911deb02e4f
|
|
Change-Id: I43cf7f76af475d0588df09feb982bc6bbe65061c
|
|
Only WebAuth 4.4.0 and later has the APIs that we need.
Change-Id: Icf72987f1c79baf607a0bb4aca69d0730423a10a
|
|
Upstream version 1.0
|
|
|
|
Change-Id: If833e4a6434362e04e738274a6f7fb276a9efe51
Reviewed-on: https://gerrit.stanford.edu/988
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
If the WebAuth module is too old, don't just fail the tests. Skip
them instead. This will let the Debian package build in unstable.
Change-Id: I84c97f23ff7fbf89f2fd797898ebb4ab5e58eee6
Reviewed-on: https://gerrit.stanford.edu/987
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I9923e3ec986dc7e17e0d251044dbf4d5acf936c2
|
|
Upstream version 1.0
|
|
|
|
In Wallet::Admin, add the wa-keyring object handler to the list
of initializations when creating a new database.
Change-Id: I804b47ae712ce3d96c57699fb2ba05c45f687881
Reviewed-on: https://gerrit.stanford.edu/986
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a mention to NEWS and to the REQUIREMENTS section of README.
Change-Id: I560f737e9cb899046f7fe3c8d2c8c648d31041e7
Reviewed-on: https://gerrit.stanford.edu/985
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: If1a37b9db9c0696824375415aa835fcfb5d63f2e
|
|
Change-Id: I8eba193b08417931ff4127b46db5857fe622edce
|
|
Change-Id: I51e95968f7249ad99f6d9d58e9a8dc90808be348
|
|
Change-Id: Ib9d7558bea7425b9c9bdcf0b41133332c39c8b4c
|
|
* Update debhelper compatibility level to V9.
- Enable all hardening build flags.
- Enable parallel builds.
Change-Id: I816acdcf5a204fddc909f78e3db39493e7c2321e
|
|
* Update standards version to 3.9.4.
- Indicate the Debian packaging branch in the Vcs-Git header.
Change-Id: I6deab025fba1ddee262e93f6bf053e833a955f48
|
|
Change-Id: I40985143bac4f0d27a1648e0f8559c62347c8067
|
|
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches.
Change-Id: I8c0fe6bd544fafca774feebde7664b8cf975cfeb
|
|
Change-Id: I7839114ff0977add6f30642295265b8cd5a48631
|
|
Change-Id: If1e8679a3c808121bbe33f71cea58675e5aadfe4
|
|
Upstream version 1.0
|
|
|
|
Change-Id: I17a6661d8088de66dbdab04c0a3dc6e10a7913ca
Reviewed-on: https://gerrit.stanford.edu/984
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ic0f33bf01936a093a645bedd5adfa771fd4e3574
Reviewed-on: https://gerrit.stanford.edu/983
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ia131200709531645b47d3bbab065d688e94f211f
Reviewed-on: https://gerrit.stanford.edu/982
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
