| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Ensure we don't have integer overflow when allocating the array
of struct iovec for store commands.
Change-Id: I0777ca8ef050b9773dba0c03b5e8533d3b2d5486
Reviewed-on: https://gerrit.stanford.edu/1560
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Change-Id: I5f863239ce4ebba66b35ff09454f2897367bd359
Reviewed-on: https://gerrit.stanford.edu/1369
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6c055a010c52b5c666db203a8c990c531cd1dfe4
Reviewed-on: https://gerrit.stanford.edu/851
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
For scripts, do this by moving the copyright and license statement
from the top of the script into the POD documentation.
Also try to uniformly put the SEE ALSO section last.
Change-Id: Id31a5c0d5e6f6831a689deec41a13d35bb40465a
Reviewed-on: https://gerrit.stanford.edu/850
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6a84920b0c0dc1849af8a34ecf8f3fb70b45e17c
Reviewed-on: https://gerrit.stanford.edu/843
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
When linking the temporary keytab to its final file name, wallet wasn't
checking for errors. Caught by the new gcc warnings.
Change-Id: Ia75b231754bafc800e9e521345b85da256c95ed1
Reviewed-on: https://gerrit.stanford.edu/840
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
|
|
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
|
|
Rekey the keytab in the same principal order as what's stored in the
keytab rather than reversing it, since that makes it easier to test.
Suppress the error message about no data from the server if the server
sent an error. Fix some coding style and spelling errors.
|
|
In wallet-rekey, if the keytab we're supposed to rekey has no rekeyable
principals, die rather than sysdie since there's no errno error to
report.
|
|
If we get a failure to rekey a principal before we've succeeded with
any principal, abort rather than continuing.
|
|
The loop handling finding principals to rekey was not correctly
coping with principals from foreign realms.
|
|
|
|
Build a separate wallet-rekey client that rekeys every keytab given
on the command-line. Fix some coding style issues and add internal
prototypes. Build the shared source for both clients into an
uninstalled library to save compilation time.
|
|
Cleaned up several bugs preventing the rekey command from working (bad
calls to variables, matching on version of principal name already stripped
of realm), and removed debugging code.
|
|
First, testing version of wallet rekey code, committed in order to get
feedback from Russ. This code will eventually take an existing keytab
file, and for every principal belonging to our default realm in it, get
new versions of that keytab and merge them into the file. This allows
for quietly rekeying principals automatically.
|
|
|
|
|
|
|
|
We got lucky since client/internal.h includes this anyway, but include
the portability layer properly.
|
|
|
|
|
|
Now that the wallet client uses struct iovec, it needs to include the
relevant header file. Import the portability layer for possible future
Windows support.
|
|
Update the wallet client, wallet-backend, and Wallet::Object::File
documentation for the support for storing data containing nul
characters using the new stdin support in remctld. Add this to NEWS.
|
|
Refactor the wallet client code to use remctl_commandv and send stores
with data containing nul.
|
|
The wallet client documentation said that you always needed an existing
ticket. Mention that -u will work as well.
|
|
Add a POD spelling test to the non-Perl-module part of the code and
move the documentation tests into a separate directory. Merge the
POD syntax tests between client and server into one test.
Reformat all of the POD documentation to use 74 columns. Fix a few
revealed spelling errors or weird wordings.
|
|
Use the Kerberos portability layer from rra-c-util 3.0 and avoid
Kerberos API calls deprecated on Heimdal. Break util/util.h into
separate header files and update all source files accordingly.
The test suite is not yet updated. That will come in subsequent
commits.
|
|
The wallet client now uses a temporary disk ticket cache when
obtaining tickets with the -u option rather than an in-memory cache,
allowing for a libremctl built against a different Kerberos
implementation than the wallet client. This primarily helps with
testing.
|
|
Heimdal requires the full name and doesn't support the short name that
MIT has as an alias. Change the documentation to use the long name
uniformly.
|
|
The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S. Instead, it just extracts the DES key
from the keytab and writes it to a srvtab. It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab. This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
|
|
Just get the client code to compile with Heimdal. This will need more
work later to use my regular Kerberos portability layer.
|
|
|
|
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line. The data still must not
contain nul characters.
|
|
projects.
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
nonexistent file.
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
|
|
library and start the transition of coding style.
|
|
empty string is valid object content.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
|
|
|
|
states whether a given object exists and the second attempts to create
the object using the default owner rules. Remove default owner
handling from the create interface, which is now for administrators
only. Remove server-side auto-creation of objects on get or store and
instead have the client check for object existence and call autocreate
if necessary. This removes confusion between default ACLs and
administrative object creation for users who are also on the ADMIN
ACL.
|
|
default ACLs. Remove autocreation support from create, which now
requires that one be on the ADMIN ACL, and from get and store. The
wallet client will soon know how to do the right thing.
|
|
already exists.
|
