| Age | Commit message (Collapse) | Author |
|---|
|
If the WebAuth module is too old, don't just fail the tests. Skip
them instead. This will let the Debian package build in unstable.
Change-Id: I84c97f23ff7fbf89f2fd797898ebb4ab5e58eee6
Reviewed-on: https://gerrit.stanford.edu/987
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In Wallet::Admin, add the wa-keyring object handler to the list
of initializations when creating a new database.
Change-Id: I804b47ae712ce3d96c57699fb2ba05c45f687881
Reviewed-on: https://gerrit.stanford.edu/986
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a mention to NEWS and to the REQUIREMENTS section of README.
Change-Id: I560f737e9cb899046f7fe3c8d2c8c648d31041e7
Reviewed-on: https://gerrit.stanford.edu/985
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I17a6661d8088de66dbdab04c0a3dc6e10a7913ca
Reviewed-on: https://gerrit.stanford.edu/984
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ic0f33bf01936a093a645bedd5adfa771fd4e3574
Reviewed-on: https://gerrit.stanford.edu/983
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ia131200709531645b47d3bbab065d688e94f211f
Reviewed-on: https://gerrit.stanford.edu/982
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Used by the new POD tests (and eventually by other things).
Change-Id: I9704bc287f8d61fb87af99d53d836900f589c557
Reviewed-on: https://gerrit.stanford.edu/981
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Also fix some of the Makefile.am formatting of escaped multi-line
commands.
Change-Id: I024b5a8836cb8c8e3c4154e87c83be8d05a0e5f0
Reviewed-on: https://gerrit.stanford.edu/980
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I316a35a9ca7c1305650f7bd4d90b31caf9e054f9
Reviewed-on: https://gerrit.stanford.edu/979
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Iaaacf0df45f9ac5f2158d7c9bb695a856bcffd81
Reviewed-on: https://gerrit.stanford.edu/978
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Remove tests/data/README (now moved to tests/config) and perl/t/schema.t
(rolled into admin.t). Add tests/config/README.
Change-Id: I632c5c97064299ac5a63c53b78c5abbd1dd364d6
Reviewed-on: https://gerrit.stanford.edu/977
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Idf9876ef781340ec45e113fd555a0f2c5f05a3a9
Reviewed-on: https://gerrit.stanford.edu/976
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ie8ee7f8b2f430ca9b5f38d2e060659f48dacc35f
Reviewed-on: https://gerrit.stanford.edu/975
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Now that we're using DBIx::Class, we need several new modules. Take
a first cut at documenting them in README.
Change-Id: I98e796091258633daaad4049d14bf3c5ea1e55fa
Reviewed-on: https://gerrit.stanford.edu/974
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
aspell doesn't like some of the words used in the Expat license.
Change-Id: Ia31b41c54dcec3b50dbfb2ae7318574997c5d8ca
Reviewed-on: https://gerrit.stanford.edu/972
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I8310a94d25c403298520795f2a2087dd1f00f183
Reviewed-on: https://gerrit.stanford.edu/857
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
This confuses build-license and makes it think this is a separate
copyright holder.
Change-Id: I91f4e9e6f6eed478918cd84f4158544b0c050c30
Reviewed-on: https://gerrit.stanford.edu/856
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I8933551ed4518264b258580edeb12048d0e2969e
Reviewed-on: https://gerrit.stanford.edu/855
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I58f7c06233823068f7ff65058219e27c0b733967
Reviewed-on: https://gerrit.stanford.edu/854
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Use a proper list for the options, use italics for the argument
to an option, specify that argument in the SYNOPSIS, and use bold
for the name of the program.
Change-Id: I225aea061efd13851b62046ff6dcbda0cb9478ec
Reviewed-on: https://gerrit.stanford.edu/853
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Iee8d55f6c86563fad71d770398e3221f7efb4b2e
Reviewed-on: https://gerrit.stanford.edu/852
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6c055a010c52b5c666db203a8c990c531cd1dfe4
Reviewed-on: https://gerrit.stanford.edu/851
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
For scripts, do this by moving the copyright and license statement
from the top of the script into the POD documentation.
Also try to uniformly put the SEE ALSO section last.
Change-Id: Id31a5c0d5e6f6831a689deec41a13d35bb40465a
Reviewed-on: https://gerrit.stanford.edu/850
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Id5af9714e3d4f516cf7391c869eff89521e145c5
Reviewed-on: https://gerrit.stanford.edu/849
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Remove the old tests/data/README documentation and move the note
about krb5.conf into tests/config/README. (This should change later
to use tests/config for that file.) Add a license statement to that
file. Create an empty tests/config directory in the build tree if
the build directory is not the source directory.
Change-Id: Idf466e32cd114841c45f58dba47b11282467ec8f
Reviewed-on: https://gerrit.stanford.edu/848
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ibad85d6d7c653b557e9ec297a4268068261271fa
Reviewed-on: https://gerrit.stanford.edu/847
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Icd7381f4fbe3699dbd6e5459ddb59548f60e56a4
Reviewed-on: https://gerrit.stanford.edu/846
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add new SUPPORT and SOURCE REPOSITORY sections, reformat the copyright
and license information a bit, and add a new LICENSE section with the
general package license.
Change-Id: I7201519f18626c26686e7c81b51124c4d5581814
Reviewed-on: https://gerrit.stanford.edu/845
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
This currently requires global read access to the Stanford LDAP
directory, so even other people at Stanford can't run it. Will
revisit when we have a chance to write mock LDAP classes.
Change-Id: I0e944b8019744b14a62e60d5dcc662b417108722
Reviewed-on: https://gerrit.stanford.edu/844
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6a84920b0c0dc1849af8a34ecf8f3fb70b45e17c
Reviewed-on: https://gerrit.stanford.edu/843
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Update to rra-c-util 4.8:
* Look for krb5-config in /usr/kerberos/bin after the user's PATH.
* Kerberos library probing fixes without transitive shared libraries.
* Fix Autoconf warnings when probing for AIX's bundled Kerberos.
* Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given.
* Correctly remove -I/usr/include from Kerberos and GSS-API flags.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Pass --deps to krb5-config unless --enable-reduced-depends was used.
* Do not use krb5-config results unless gssapi is supported.
* Fix probing for Heimdal's libroken to work with older versions.
* Update warning flags for GCC 4.6.1.
* Update utility library and test suite for newer GCC warnings.
* Fix broken GCC attribute markers causing compilation problems.
* Suppress warnings on compilers that support gcc's __attribute__.
* Add notices to all files copied over from rra-c-util.
* Fix warnings when reporting memory allocation failure in messages.c.
* Fix message utility library compiler warnings on 64-bit systems.
* Include strings.h for additional POSIX functions where found.
* Use an atexit handler to clean up after Kerberos tests.
* Kerberos test configuration now goes in tests/config.
* The principal of the test keytab is determined automatically.
* Simplify the test suite calls for Kerberos and remctl tests.
* Check for a missing ssize_t.
* Improve the xstrndup utility function.
* Checked asprintf variants are now void functions and cannot fail.
* Fix use of long long in portable/mkstemp.c.
* Fix test suite portability to Solaris.
* Substantial improvements to the POD syntax and spelling checks.
Update to C TAP Harness 1.12:
* Fix compliation of runtests with more aggressive warnings.
* Add a more complete usage message and a -h command-line flag.
* Flush stderr before printing output from tests.
* Better handle running shell tests without BUILD and SOURCE set.
* Fix runtests to honor -s even if BUILD and -b aren't given.
* runtests now frees all allocated resources on exit.
* Only use feature-test macros when requested or built with gcc -ansi.
* Drop is_double from the C TAP library to avoid requiring -lm.
* Avoid using local in the shell libtap.sh library.
* Suppress warnings on compilers that support gcc's __attribute__.
Change-Id: I394294d5486ac1ce265c7713bec71a148aaaf1ce
Reviewed-on: https://gerrit.stanford.edu/841
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
When linking the temporary keytab to its final file name, wallet wasn't
checking for errors. Caught by the new gcc warnings.
Change-Id: Ia75b231754bafc800e9e521345b85da256c95ed1
Reviewed-on: https://gerrit.stanford.edu/840
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I48984226f67ded5539f6bc8c8cd88cfa770be775
Reviewed-on: https://gerrit.stanford.edu/839
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I850cb07c344757362f09a3c2d88adc5b8154d7d7
Reviewed-on: https://gerrit.stanford.edu/838
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I8aa2d9232a3f15d424eafbda69b6e065824e62b8
|
|
The wallet-admin wrapper script will already pass any errors to
die, so don't separately warn.
Change-Id: Id5b27c5f9eaba8cf2d45ef058aaaa93e50f9cab5
Reviewed-on: https://gerrit.stanford.edu/795
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Install the wallet schema files generated by DBIx::Class for the
various supported database engines into /usr/local/share/wallet
(by default, using pkgdatadir) on make install. Set the default
$DB_DDL_DIRECTORY value in Wallet::Config accordingly.
Change-Id: I7ec52b171bc6aca2c3e1040c037e7cf24553231f
Reviewed-on: https://gerrit.stanford.edu/794
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In the upgrade() wrapper in Wallet::Admin, set the DDL directory
in the schema before attempting an upgrade.
Change-Id: I691184fc4cf416e68f300bc78f7caffc41bf94b8
Reviewed-on: https://gerrit.stanford.edu/793
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Id8810ff6deb991b70c2fd4587019aa245d247419
Reviewed-on: https://gerrit.stanford.edu/785
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Used currently by MDM to store both the certificate and the key in
the same file for convenience.
Change-Id: I38901ac93fe3022c2e00f735a0f995500841d709
Reviewed-on: https://gerrit.stanford.edu/784
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In Wallet::Policy::Stanford, add support for setting a default owner
of file objects whose names are based on a group that has an ACL
mapping.
Change-Id: I4f63815621d81e26ba4779d10f249cb31eef2b5e
Reviewed-on: https://gerrit.stanford.edu/759
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add all the new group names for the Stanford naming policy and
associate them with default ACLs (not yet used). Distinguish
them from the legacy group names, and use the appropriate ones
for naming policy enforcement.
Change-Id: I4b87ff48d34d82195245798f41afefff26efa95d
Reviewed-on: https://gerrit.stanford.edu/758
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add support for a default owner for host-based file objects to
Wallet::Policy::Stanford.
Change-Id: I1a9bf07def1356788fbd0acf9910a2e86c9e8f08
Reviewed-on: https://gerrit.stanford.edu/757
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Refactor the Wallet::Policy::Stanford module to pull some of the
constants out, and then add data and support in the naming policy
for the new file object naming scheme.
Change-Id: Iba0c24c119ce529a1d3fd8cd3332335c4433df09
Reviewed-on: https://gerrit.stanford.edu/756
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
To make it easier to revise and test revisions to the Stanford
wallet naming policy, convert the code to a module and include it
in the distribution. Add a test suite for the current policy.
Change-Id: I73b888fa8d18401a239144c2e9f810ad4692c44b
Reviewed-on: https://gerrit.stanford.edu/755
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
If there are multiple SSL private keys for the same host-based CN,
an application name can be added as an additional component of the
name.
Change-Id: I06e25359b291a77a7dbca1a7f3db84afb2b16ddd
Reviewed-on: https://gerrit.stanford.edu/754
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In moving from DBI to DBIx::Class, we at first left the various
variables the same. This goes through to update them for the proper
names.
* Wallet::Admin::schema was created to return the schema object (and
similarly for Wallet::Server and Wallet::Report).
* Wallet::Admin::dbh was modified to return the actual DBI handle again
(and similarly for Wallet::Server and Wallet::Report).
* Various places that used $admin->{dbh} were moved to $admin->{schema}.
* Various places using $dbh for the schema object were changed to
$schema.
Change-Id: I00914866e9a8250855a7828474aa9ce0f37b914f
Reviewed-on: https://gerrit.stanford.edu/733
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
perl/Wallet/Object/Keytab.pm was using the wrong value for the database
handle in some places (trying to load as a subroutine rather than part
of the object). Also, the keytab.t tests were attempting to run against
the DBIx::Class object rather than a direct dbh handle that they
expected.
Change-Id: Ifbb8b110d559f3ba867fc5b0dc3933fd2d4fd484
Reviewed-on: https://gerrit.stanford.edu/731
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
