| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line. The data still must not
contain nul characters.
|
|
|
|
|
|
projects.
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
nonexistent file.
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
|
|
Mike Garrison.
Also update to the latest version of all of the Kerberos Autoconf probes.
|
|
the NOTGS flag) and examining principals to kasetkey. This
functionality isn't used by wallet (and probably won't be) but is
convenient for other users of kasetkey such as kadmin-remctl.
|
|
keytab object.
|
|
|
|
names of Wallet::Object::* and all ACL verifier implementations must
have class names of Wallet::ACL::*.
|
|
implementation.
|
|
implementations in the database.
|
|
|
|
empty string is valid object content.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
|
|
|
|
environment variable WALLET_CONFIG and loads configuration from the
file specified there instead of /etc/wallet/wallet.conf if it is set.
|
|
|
|
|
|
|
|
|
|
empty string as a principal argument. Be careful not to provide a
principal argument if no principal was set. This workaround can be
removed once we depend on a later version of Net::Remctl.
|
|
srvtab key before merging the keytab into an existing file.
Otherwise, if the new keys had a lower kvno than the old keys
(possible after deleting and recreating the object), the wrong key
would be extracted for the srvtab.
|
|
default ACLs to avoid creating and stranding an ACL when the naming
policy check fails.
|
|
correct script name.
|
|
order to satisfy the picky option parser.
|
|
|
|
|
|
database and list all objects and ACLs in the database.
|
|
credentials for the given user and use those for authentication rather
than using an existing ticket cache.
|
|
|
|
exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
Also add documentation for keytab merging.
|
|
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
Also fix get handling in the client for all types other than keytabs.
This isn't visible yet since the server doesn't yet support other types
of objects.
|
|
function in the wallet server configuration file.
|
|
write the keytab to standard output rather than dying with a cryptic
error.
|
|
type from krb5.conf as well as from compile-time defaults and
command-line options.
|
|
libraries as necessary rather than hard-coding libraries. Building
on systems without strong shared library dependencies and building
against static libraries should now work.
Building kasetkey (for AFS kaserver synchronization) is now optional
and not enabled by default. Pass --with-afs to enable it. This
allows wallet to be easily built in an environment without AFS.
|
|
|
|
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
|
|
to the empty string clears the attribute values.
|
|
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
|
|
now that we're reading the class from the database.
|
|
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
|
|
|
|
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
|
|
over the life of the process if we see another ACL line from the same
scheme, rather than only reusing ACL verifiers within a single ACL.
|
|
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
|
|
have an instance of "root" and strips that instance before checking
NetDB roles.
|
|
|
|
|
