summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-02-18Refactor Wallet::Kadmin keytab_rekey to return keytabRuss Allbery
Change the API for keytab_rekey to match keytab, returning the keytab as data instead of writing it to a file. This simplifies the wallet object implementation and moves the logic for reading the temporary file into Wallet::Kadmin and its child classes. (Eventually, there may be a kadmin backend that doesn't require using a temporary file.) Setting KEYTAB_TMP is now required to instantiate either the ::MIT or ::Heimdal Wallet::Kadmin classes.
2010-02-18Support unchanging keytabs with Heimdal without remctlRuss Allbery
Heimdal supports retrieving a keytab containing the existing keys over the kadmin protocol. Move the support for using remctl to retrieve an existing keytab into Wallet::Kadmin::MIT and provide two separate methods in the Wallet::Kadmin interface: one which rekeys and one which doesn't. Implement the non-rekeying interface for Heimdal. Expand the test suite for the unchanging keytabs to include tests for the Heimdal method.
2010-02-18Refactor sync handling in Wallet::Object::KeytabRuss Allbery
Pull the sync code out into separate methods to avoid a really long and awkward attr method. Document the limited object support for the sync attribute.
2010-02-18KRBTYPE is already case-insensitive; remove from TODORuss Allbery
2010-02-18Tiny coding style fix in Wallet::KadminRuss Allbery
2010-02-18Rename functions in Wallet::Kadmin APIRuss Allbery
Now that we support multiple versions of Kerberos, use generic names for the functions in the Wallet::Kadmin interface rather than the commands from the MIT kadmin interface.
2010-02-18Move Wallet::Kadmin documentation into the parent classRuss Allbery
Rather than duplicating the API documentation in both ::Heimdal and ::MIT, move it into Wallet::Kadmin and just reference that from the subclasses. Add documentation for exists(), since that's part of the public API. Move a few methods around and fix a few other minor documentation differences.
2010-02-18Refactor Wallet::Kadmin::Heimdal constructorRuss Allbery
Remove the separate kadmin_client method by combining it with the constructor, since that was the only place it was called.
2010-02-18Lift the error method into Wallet::KadminRuss Allbery
Take advantage of inheritance by providing the error method in Wallet::Kadmin rather than separately in both the subclasses.
2010-02-18Add a more complete test suite for Wallet::KadminRuss Allbery
2010-02-18Call fork_callback conditionallyRuss Allbery
Only call fork_callback in Wallet::Kadmin::MIT if it's set, allowing the module to work without setting it.
2010-02-18Move stub fork_callback() into parent classRuss Allbery
Move the stub fork_callback method into Wallet::Kadmin and make both Wallet::Kadmin::Heimdal and Wallet::Kadmin::MIT inherit from Wallet::Kadmin. Add POD documentation for fork_callback.
2010-02-09Document that -u works if you don't have a ticketRuss Allbery
The wallet client documentation said that you always needed an existing ticket. Mention that -u will work as well.
2010-02-09Reorganize main POD tests and add a spelling checkRuss Allbery
Add a POD spelling test to the non-Perl-module part of the code and move the documentation tests into a separate directory. Merge the POD syntax tests between client and server into one test. Reformat all of the POD documentation to use 74 columns. Fix a few revealed spelling errors or weird wordings.
2010-02-09Fix up the distclean and maintainerclean rulesRuss Allbery
Add .placeholder to the file list, fix the location of the Automake support files that are now in build-aux, and remove an old reference to TEST_FILES.
2010-02-09Add tests/data/.placeholder to .gitignoreRuss Allbery
2010-02-09Check spelling of server API POD and tweak server docsRuss Allbery
Also update the POD syntax check to the current version of that check I use elsewhere. Since I'm touching all the POD anyway, also rewrap all of the POD to 74 columns. Fix some references to MIT in the Wallet::Kadmin::Heimdal module documentation.
2010-02-09Fix multiple builddir != srcdir issues with test suiteRuss Allbery
Simplify the build rules for the test suite to take advantage of the improved runtests support for builddir != srcdir. Stop doing Autoconf substitution on full.conf now that we have that support.
2010-02-09Stop doing Autoconf substitution on some test suite codeRuss Allbery
Anything that only was using substitution for the paths to the build tree now uses $SOURCE and $BUILD instead. Stop doing substitution. Also fix tests/data/cmd-wrapper to use the environment variables.
2010-02-09Use the $SOURCE and $BUILD test suite variablesRuss Allbery
Now that runtests has been updated to a version that sets $SOURCE and $BUILD, use that in the test cases rather than Autoconf substitutions.
2010-02-09Add additional Kerberos portability needed for the test suiteRuss Allbery
2010-02-09Enable silent rule support and use it for make warningsRuss Allbery
2010-02-09Update keytab test for new KRBTYPE error messageRuss Allbery
2010-02-09Update to C TAP Harness 1.1 and rra-c-util 3.0 testsRuss Allbery
* Update portable and util tests for C TAP Harness 1.1. * Remove the need for Autoconf substitution in test programs. * Support running a single test program with runtests -o. * Properly handle test cases that are skipped in their entirety. * Much improved C TAP library more closely matching Test::More. Rewrite client/basic-t to use the new test library functions and my current test case coding style.
2010-02-09Update util code and import Kerberos portability glueRuss Allbery
Use the Kerberos portability layer from rra-c-util 3.0 and avoid Kerberos API calls deprecated on Heimdal. Break util/util.h into separate header files and update all source files accordingly. The test suite is not yet updated. That will come in subsequent commits.
2010-02-09Update portability code to rra-c-util 3.0Russ Allbery
Add replacements for mkstemp and setenv, since we now use them when obtaining credentials in the client. Fix the bool type with Sun Studio 12 on Solaris 10.
2010-02-09Add Wallet::Kadmin files to PERL_FILES in Makefile.amRuss Allbery
2010-02-09Move man page generation to autogenRuss Allbery
Also use set -e in autogen and add --force to autoreconf.
2010-02-09Add thanks to Jon Robertson to READMERuss Allbery
2010-02-09Update the Autoconf code to rra-c-util 3.0Russ Allbery
* Sanity-check the results of krb5-config before proceeding. * Fall back on manual probing if krb5-config results don't work. * Add --with-krb5-include and --with-krb5-lib configure options. * Add --with-remctl-include and --with-remctl-lib configure options. * Add --with-gssapi-include and --with-gssapi-lib configure options. * Don't break if the user clobbers CPPFLAGS at build time. * Suppress error output from krb5-config probes. * Prefer KRB5_CONFIG over a path constructed from --with-*. * Update GSS-API probes for Solaris 10's native implementation. * Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf. Also strip out more outdated AFS kaserver instructions from README.
2010-02-09Use a temporary disk cache in the wallet client instead of memoryRuss Allbery
The wallet client now uses a temporary disk ticket cache when obtaining tickets with the -u option rather than an in-memory cache, allowing for a libremctl built against a different Kerberos implementation than the wallet client. This primarily helps with testing.
2010-02-09Update test count for tests/client/basicRuss Allbery
2010-02-09Remove the test suite for kasetkeyRuss Allbery
2010-02-09Remove the sync documentation from wallet-backendRuss Allbery
The code to support the attribute is still present in case we add a system with which to synchronize later on.
2010-02-09Use the long enctype name for aes256-cts-hmac-sha1-96Russ Allbery
Heimdal requires the full name and doesn't support the short name that MIT has as an alias. Change the documentation to use the long name uniformly.
2010-02-09Remove kaserver synchronization support from the wallet clientRuss Allbery
The wallet client no longer enables kaserver synchronization when a srvtab is requested with -S. Instead, it just extracts the DES key from the keytab and writes it to a srvtab. It no longer forces the kvno of the srvtab to 0 (a Stanford-specific action) and instead preserves the kvno from the key in the keytab. This should now do the right thing for sites that use a KDC that serves both Kerberos v4 and Kerberos v5 from the same database.
2010-02-09Remove all the configure code for AFS kaserver supportRuss Allbery
2010-02-09Remove the kasetkey client for setting keys in an AFS kaserverRuss Allbery
2010-02-09Document and make case-insensitive KEYTAB_KRBTYPERuss Allbery
KEYTAB_KRBTYPE wasn't documented in Wallet::Config. Add it and the variable declaration. Also document the new mandatory setting in NEWS and add the Heimdal::Kadm5 requirement to README. Remove some of the language in README that implies that only MIT Kerberos is supported. Make the setting case-insensitive and improve the error message from Wallet::Kadmin if it isn't set.
2010-02-09Remove kaserver synchronization support from the wallet backendRuss Allbery
Remove kaserver synchronization support. It is no longer tested, and retaining the code was increasing the complexity of wallet, and some specific requirements (such as different realm names between kaserver and Kerberos v5 and the kvno handling) were Stanford-specific. Rather than using this support, AFS sites running kaserver will probably find deploying Heimdal with its internal kaserver compatibility is probably an easier transition approach.
2010-02-09Add more to-do items for the next releaseRuss Allbery
2010-02-08More to-do items for the 0.10 releaseRuss Allbery
2010-02-08Additional cleanup of the keytab test suiteRuss Allbery
Map the AES enctype to the full enctype name, which will work for both MIT and Heimdal. Fix the test count. Really test rollback from invalid enctypes (what we did before made no sense). Skip tests that will just fail if the enctype stuff is not working, since otherwise it confuses matters.
2010-02-08Redo how we find enctypes in the keytab test suiteRuss Allbery
We may have a different userspace than the Kerberos type, so always try klist -ke first and then fall back on ktutil if it fails. Also display the error message in a few more places if things fail, discovered as useful when debugging other problems.
2010-02-08Fix canonicalization of principals for HeimdalRuss Allbery
All the Wallet::Kadmin::Heimdal functions were canonicalizing principals using duplicate code, and that code assumed that all principal names would be unqualified. Centralize that code in one helper routine and support already-qualified principals so that we can use these functions easily from the test suite.
2010-02-08Use Wallet::Kadmin to do kadmin operations in the keytab testRuss Allbery
Now that we have Wallet::Kadmin, use it, rather than running the kadmin client program. We may not have the same kadmin client program as the server that we're testing against.
2010-02-08Initial port to HeimdalRuss Allbery
Just get the client code to compile with Heimdal. This will need more work later to use my regular Kerberos portability layer.
2010-02-08Add to-do items for the next releaseRuss Allbery
2010-02-08Use kvno or kgetcred to check principal existanceRuss Allbery
Don't use kadmin to check for principal existence. We want to verify that we can get tickets, not just look at kadmin. Use whatever is found on the user's PATH, not something based on the Kerberos type, since our userspace may not match the server implementation.
2010-02-08Don't default the Heimdal kadmin server to localhostRuss Allbery
If there is no kadmin host set in the configuration, it's supposed to fall back on the krb5.conf setting, not hard-code localhost.