| Age | Commit message (Collapse) | Author |
|---|
|
Add SPDX-License-Identifier headers to all substantial source files.
Collapse copyright years. Add some Emacs configuration for files
where the copyright notice is at the end. Add a test that every
file has SPDX-License-Identifier.
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6a84920b0c0dc1849af8a34ecf8f3fb70b45e17c
Reviewed-on: https://gerrit.stanford.edu/843
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Build a separate wallet-rekey client that rekeys every keytab given
on the command-line. Fix some coding style issues and add internal
prototypes. Build the shared source for both clients into an
uninstalled library to save compilation time.
|
|
Cleaned up several bugs preventing the rekey command from working (bad
calls to variables, matching on version of principal name already stripped
of realm), and removed debugging code.
|
|
First, testing version of wallet rekey code, committed in order to get
feedback from Russ. This code will eventually take an existing keytab
file, and for every principal belonging to our default realm in it, get
new versions of that keytab and merge them into the file. This allows
for quietly rekeying principals automatically.
|
|
Refactor the wallet client code to use remctl_commandv and send stores
with data containing nul.
|
|
Use the Kerberos portability layer from rra-c-util 3.0 and avoid
Kerberos API calls deprecated on Heimdal. Break util/util.h into
separate header files and update all source files accordingly.
The test suite is not yet updated. That will come in subsequent
commits.
|
|
|
|
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line. The data still must not
contain nul characters.
|
|
projects.
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
nonexistent file.
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
|
|
empty string is valid object content.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
|
|
exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
Also add documentation for keytab merging.
|
|
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
Also fix get handling in the client for all types other than keytabs.
This isn't visible yet since the server doesn't yet support other types
of objects.
|
|
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
so that the srvtab and keytab management can share it. Write atomically
to a new file and then link and rename to do an atomic update. Leave a
backup copy of any file that's replaced.
|
