| Age | Commit message (Collapse) | Author |
|---|
|
Update to rra-c-util 8.2:
* Implement explicit_bzero with memset if it is not available.
* Reformat all C source using clang-format 10.
* Work around Test::Strict not skipping .git directories.
* Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
* Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
Update to C TAP Harness 4.7:
* Fix warnings with GCC 10.
* Reformat all C source using clang-format 10.
* Fixed malloc error checking in bstrndup.
|
|
|
|
Update EXTRA_DIST for the new release.
|
|
Add SPDX-License-Identifier headers to all substantial source files.
Collapse copyright years. Add some Emacs configuration for files
where the copyright notice is at the end. Add a test that every
file has SPDX-License-Identifier.
|
|
When getting configuration values from krb5.conf, pass the default
local realm into the Kerberos appdefault functions. This will produce
more correct results with krb5.conf files that specify wallet
configuration for multiple realms.
|
|
Rename the script to bootstrap from a Git checkout to bootstrap,
matching the emerging consensus in the Autoconf world.
|
|
Update to rra-c-util 7.2:
* Improve configure output for krb5-config testing.
* Define UINT32_MAX for systems that don't have it.
* Add SPDX-License-Identifier headers to all substantial source files.
* Fix new warnings from GCC 7 and Clang warnings.
* Require Test::Strict 0.25 or later to run those tests.
* Fix off-by-one error in return-value checks for snprintf.
* Use Autoconf to probe for supported warning flags.
* Fix running module-version-t -u with current versions of Perl.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Update to C TAP Harness 4.3:
* Add support for valgrind and libtool in test lists.
* Report test failures as left and right, not wanted and expected.
* Fix string comparisons with NULL pointers and the string "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
* Avoid zero-length realloc allocations in breallocarray.
* Fix new warnings from GCC 7 and Clang warnings.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
|
|
|
|
|
|
Remove stray references to strlcpy and strlcat that broke builds on
platforms where those functions are part of libc. Thanks to Karl
Kornel for the report.
|
|
|
|
Update to rra-c-util 5.10:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Test infrastructure builds cleanly with Clang warnings.
* Support comments and blank lines in test lists.
|
|
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Import the test from rra-c-util 5.10 and exclude Wallet::Schema from
the tests.
Go through all Perl modules and standardize the syntax for setting the
version and indicating the required version of Perl. Fix a few other
syntax issues while I'm in there.
|
|
Also remove some configuration checks that aren't required, and
unify handling of some configuration options.
|
|
This requires changing the ACL verifier plumbing to pass object
type and name all the way through when verifying ACLs. Hopefully
I caught everything.
|
|
Conflicts:
NEWS
|
|
A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal and the ACL identifier to that command. To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.
Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602
|
|
Change-Id: I714a6298c36e6fd7eca6ee3acb01637a96773647
|
|
Conflicts:
NEWS
|
|
|
|
This version implements Active Directory as the store for keytabs.
The interface to Active Directory uses a combination of direct LDAP
queries and the msktutil utility. This version does not support the
wallet unchanging flag. Unchanging requires that a keytab be
retrieved without changing the password/kvno which is not supported by
msktutil.
|
|
All error messages should now use the ACL name rather than the ADL id,
for readability.
Change-Id: I2d1cfe806b459ef083293df4fa0b83cb4cef673b
|
|
update will work generally like get, but only for objects that have a
concept of updating content automatically, like keytabs and passwords.
For these, the content will be updated before sending to the client.
In a later release get for keytabs will be modified to never update the
kvno before sending to the user, and so the unchanging flag will be
phased out in lieu of explicitly using the method that does what you
want.
Change-Id: I96a84416c5e50278eb29fe07052dde6e063bc071
|
|
Change-Id: Icb894b4b52e6b5c07a7c12251b1f4c79025c7bc6
|
|
Change-Id: I4157db0f690542db0eb1bfbcb7e15bfee890cd65
|
|
Change-Id: I7730b4779180d7ad85dd4d1b6e71d8576a27a662
|
|
Change-Id: I91b8b5fd4043effe8b23a62624c47519976ace64
|
|
This turned out to not be necessary for testing since I was already
using sqlite3 to load an unversioned schema. Remove the offending
line and restore the old code with some cleanup.
Change-Id: I282b6f3b4754e4899222be6366b77a47f0cb7189
Reviewed-on: https://gerrit.stanford.edu/1575
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I823bb20d129e4c1efdb607821adc3b134c2f6276
Reviewed-on: https://gerrit.stanford.edu/1563
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The owner and getacl commands now return the current name of the ACL
instead of its numeric ID, matching the documentation of owner.
Change-Id: Ic47aad48bd1454ed4bffff7030b0492d74eee4fa
Reviewed-on: https://gerrit.stanford.edu/1559
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix the ordering of table drops during a wallet-admin destroy action
to remove tables with foreign key references before the tables they
are referencing. Should fix destroy in MySQL and other database
engines that enforce referential integrity.
Change-Id: I9b37c516f67acdf1d9e25222f067df6749e8c769
Reviewed-on: https://gerrit.stanford.edu/1558
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Always use DateTime objects for every date field in the database,
and translate them into the local time zone for display when
pulling them out of the database. This should provide better
portability to different database backends.
Change the parsing of expires arguments to use Date::Parse, thus
supporting a much broader variety of possible date and time
formats and allowing easy conversion to a DateTime object.
Document the new dependency.
Change-Id: I2ee8eaa6aa6ae9925ac419e49234ec9880d4fe95
Reviewed-on: https://gerrit.stanford.edu/1555
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I0d7a088bb34dda2fc554b9f104c2a33e5faf879e
Reviewed-on: https://gerrit.stanford.edu/1554
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Store the current name of the ACL with each history row, and index
the name. This will eventually allow retrieval of history by name
for ACLs that have been deleted, although the rest of the code is
not yet in place.
The initial creation and membership of the ADMIN ACL during database
initialization or reinitialization is no longer recorded in the
acl_history table, since otherwise it produces errors due to the
missing ah_name field when building the database with schema 0.07.
There should be some better solution to this, but this will be okay
for the time being.
Change-Id: I015a00c972e0c2730c3d449952fcfe9b79c6e54f
Reviewed-on: https://gerrit.stanford.edu/1553
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Pass in DateTime objects for the date fields in the database instead
of formatted time strings. This provides better compatibility with
different database engines. Document in README the need to install
the DateTime::Format::* module corresponding to the DBD::* module used
for the server database.
Change-Id: Id25796da718d734ac96ca27ccea9045b0c80c03f
Reviewed-on: https://gerrit.stanford.edu/1551
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I3b3a035817e7e8f1c0e9709505490ce0ec299f3d
Reviewed-on: https://gerrit.stanford.edu/1548
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new contrib script, wallet-rekey-periodic, which is used at
Stanford to periodically rekey hosts from cron.
Change-Id: Ic1f515da44e55623f7d6864f9a3cebf24c08e13b
Reviewed-on: https://gerrit.stanford.edu/1547
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker. This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server. It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Also reorganize the test suite to use subdirectories.
Change-Id: Id06120ba2bad1ebbfee3d8a48ca2f25869463165
Reviewed-on: https://gerrit.stanford.edu/1530
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Update to rra-c-util 5.5:
* Use Lancaster Consensus environment variables to control tests.
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
* Assume calloc initializes pointers to NULL.
* Assume free(NULL) is properly ignored.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
Update to C TAP Harness 3.1:
* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.
* Suppress lazy plans and test summaries if the test failed with bail.
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
Change-Id: I05161eb3d3be49a98f7762e876cb114da0c84e9a
Reviewed-on: https://gerrit.stanford.edu/1529
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Previous versions had erroneous foreign key constraints between the
object history table and the objects table. Remove those constraints,
and an incorrect linkage in the schema for the ACL history, and add
indices for the object type, name, and ACL instead.
Change-Id: Ie0ff2448caa82c7a533a1b9ff5c13029bb6ae4ef
Reviewed-on: https://gerrit.stanford.edu/1526
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
A new object type, duo (Wallet::Object::Duo), is now supported. This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname. Currently, only UNIX integration
types are supported. The Net::Duo Perl module is required to use this
object type. New configuration settings are required as well; see
Wallet::Config for more information. To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
Change-Id: I2c0dac75e81f526b34d6b509c4bdaecb43dd4a9d
Reviewed-on: https://gerrit.stanford.edu/1516
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
When creating new principals in a Heimdal KDC, generate a long, random
password as the temporary password of the disabled principal before
randomizing keys. This is necessary if password quality is being
enforced on create calls. Since the principal is always inactive
until the keys have been randomized, the password should not need to
be secure (and indeed is not cryptographically random).
Change-Id: If519a82475bb0d387a19d16ef1e024b0da64779a
Reviewed-on: https://gerrit.stanford.edu/1374
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Change-Id: I5f863239ce4ebba66b35ff09454f2897367bd359
Reviewed-on: https://gerrit.stanford.edu/1369
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix the Wallet::Config documentation for the ldap-attr verifier to
reference an ldap_map_principal hook, not ldap_map_attribute, matching
the implementation.
Change-Id: I258edcf69d4dcb3d2ec8dc66db4b768d91645fc4
Reviewed-on: https://gerrit.stanford.edu/1204
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
There was a missing resultset() call in one place and the wrong
resultset used in a different place, causing the enctype management
code to not work.
Change-Id: I796169c5968ec164f90f3cd75541dd346dd50fdf
Reviewed-on: https://gerrit.stanford.edu/1070
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: If833e4a6434362e04e738274a6f7fb276a9efe51
Reviewed-on: https://gerrit.stanford.edu/988
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a mention to NEWS and to the REQUIREMENTS section of README.
Change-Id: I560f737e9cb899046f7fe3c8d2c8c648d31041e7
Reviewed-on: https://gerrit.stanford.edu/985
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Idf9876ef781340ec45e113fd555a0f2c5f05a3a9
Reviewed-on: https://gerrit.stanford.edu/976
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ie8ee7f8b2f430ca9b5f38d2e060659f48dacc35f
Reviewed-on: https://gerrit.stanford.edu/975
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
