| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
database and list all objects and ACLs in the database.
|
|
credentials for the given user and use those for authentication rather
than using an existing ticket cache.
|
|
|
|
exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
Also add documentation for keytab merging.
|
|
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
Also fix get handling in the client for all types other than keytabs.
This isn't visible yet since the server doesn't yet support other types
of objects.
|
|
function in the wallet server configuration file.
|
|
write the keytab to standard output rather than dying with a cryptic
error.
|
|
type from krb5.conf as well as from compile-time defaults and
command-line options.
|
|
libraries as necessary rather than hard-coding libraries. Building
on systems without strong shared library dependencies and building
against static libraries should now work.
Building kasetkey (for AFS kaserver synchronization) is now optional
and not enabled by default. Pass --with-afs to enable it. This
allows wallet to be easily built in an environment without AFS.
|
|
|
|
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
|
|
to the empty string clears the attribute values.
|
|
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
|
|
now that we're reading the class from the database.
|
|
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
|
|
|
|
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
|
|
over the life of the process if we see another ACL line from the same
scheme, rather than only reusing ACL verifiers within a single ACL.
|
|
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
|
|
have an instance of "root" and strips that instance before checking
NetDB roles.
|
|
|
|
|
|
|
|
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
|
|
SQLite for testing.
Also start a new Util.pm module for the test suite and move the contents
sub into that module. More to follow.
|
|
when the object doesn't exist.
|
|
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
|
|
NetDB remctl interface.
|
|
|
|
documentation and test it. Update NEWS and TODO for the completion of
the history code.
|
|
of the enctypes attribute when the unchanging flag is set.
|
|
|
|
release targets.
|
