| Age | Commit message (Collapse) | Author |
|---|
|
No need to do this any more.
|
|
|
|
|
|
Update to rra-c-util 5.10:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Test infrastructure builds cleanly with Clang warnings.
* Support comments and blank lines in test lists.
|
|
Add use 5.008 and use warnings uniformly to all of the server backend
scripts.
|
|
When run under runtests, it runs with a parent directory of tests,
and therefore needs to look for NEWS in ../NEWS. Allow for both
paths.
|
|
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Import the test from rra-c-util 5.10 and exclude Wallet::Schema from
the tests.
Go through all Perl modules and standardize the syntax for setting the
version and indicating the required version of Perl. Fix a few other
syntax issues while I'm in there.
|
|
|
|
Also remove some configuration checks that aren't required, and
unify handling of some configuration options.
|
|
This requires changing the ACL verifier plumbing to pass object
type and name all the way through when verifying ACLs. Hopefully
I caught everything.
|
|
Ad keytabs
|
|
Conflicts:
NEWS
|
|
|
|
Failed kadmin commands were deleting the wallet database in the
test suite due to an END block in the test programs. Use _exit
to avoid this.
|
|
New versions of MIT now use the actual enctype in klist -ke output.
Also add 128-bit AES.
Also add some additional debugging that was useful when chasing
another problem.
|
|
|
|
Change-Id: Ibdd2494106324f8e1077daa084a2468c0a5fe4ea
|
|
Change-Id: I6249d2ea983959bc6c5ec03c2035a271228d4721
|
|
Ubuntu precise and trusty don't have Net::Duo packages. Delay
loading to the constructor so that the modules will still pass
strictness tests. This also fixes Travis-CI testing.
Change-Id: I23f1fe6dbdddaac2040f459410a74be4a13b6755
|
|
Change-Id: I3a8b13a8b255522cff92910f8d99ec94dc020e6f
|
|
Change-Id: I2bcee71d36782c08f858e78712e9d92605a69ba3
|
|
A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal and the ACL identifier to that command. To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.
Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602
|
|
Change-Id: I7a69a5bc425e16fbcf0a294d5e3aaf941bb2a453
|
|
Change-Id: I589c964895351c40e4b608925b055f97e6463d9a
|
|
Change-Id: I3b97807548638865987861979e73ae341e06f681
|
|
I'll probably bump this later, but for now that's the minimum
supported Perl version for wallet.
Change-Id: I97e36f850dcb3dcd3a78daf34d8a35bf597bdb43
|
|
Change-Id: If63ea5829252fda13b68d031fb9f48c93b71697a
|
|
Change-Id: I7e49c687e892e012051056bc9324d7a8a5b36d07
|
|
Change-Id: I0248c2bd36c063526c64e22c4d30f39464f69028
|
|
Change-Id: Ibff0602d5ff8bf4c625f3970130cce4c8c02720e
|
|
Change-Id: I714a6298c36e6fd7eca6ee3acb01637a96773647
|
|
Change-Id: I97f466b2221b71ffcc60dd4f1b48e5986496ff46
|
|
Change-Id: I9f8f986952510f6b2d326ccaab4bb7006a033b9d
|
|
Change-Id: I710de6a1df01ecd9aebd202288a9efb434c09054
|
|
Change-Id: Ib077a196ee5389d7ec6d90fcf411cae0a81e071d
|
|
Change-Id: Idd2e1038fc02dd51aab9a9ffdd5b3400db2b106f
|
|
|
|
The msktutil script does not always signal error conditions. This
change implements a check that examines the output from msktutil
and reports and error when the keytab creation fails to create
the keytab but does create a computer entry in the directory. If
an error is detected the directory entry is deleted leaving the
directory in a clean state.
Also, support has been added for output of debugging information
to syslog using the AD_DEBUG configuration variable.
Finally perltidy suggested changes were made to AD.pm.
|
|
Conflicts:
NEWS
|
|
|
|
When adding a new ACL, if creation of the verifier failed, we
reported a pretty minimal error message claiming that the
identifier was the problem. It can't possibly be the problem
when the constructor fails. Report the actual failure more
directly.
|
|
We need a fake NetDB server to test this stuff properly, but until
then, just avoid running the tests.
|
|
|
|
Changes so far for 1.3
|
|
This version implements Active Directory as the store for keytabs.
The interface to Active Directory uses a combination of direct LDAP
queries and the msktutil utility. This version does not support the
wallet unchanging flag. Unchanging requires that a keytab be
retrieved without changing the password/kvno which is not supported by
msktutil.
|
|
Added a version of the LDAP attribute ACL. Like the root version for
NetDB, this requires that the principal end in /root, and then strips
off /root before doing matching against the given LDAP attribute.
Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6
|
|
Change-Id: I842a7335a4b50c9c20b921ae2efc63aab571635e
|
|
Since we now check to see if something is a valid netdb node entry for
the ACL verifiers, we need to have a valid netdb setup to run.
Change-Id: Ic2651f8b8b306dfa1f426d91f329b5100a9a1d64
|
|
We needed a way to report on where all a specific ACL might be nested,
since we can't destroy an ACL until it's no longer being nested. For
the immediate this is part of wallet-report.
Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
|
|
When destroying an ACL nested in other ACLs, we now fail with an
explanation rather than going through to remove all the places it's
nested. That's more in line with how we handle trying to destroy ACLs
that own things.
Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a
|
