| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Normally this will already be loaded, but since we use it directly,
make sure it is loaded.
Change-Id: Ibc4ca874b659f316268957cbf77ead9d49bc3ca0
Reviewed-on: https://gerrit.stanford.edu/1205
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix a formatting error in Wallet::ACL::LDAP::Attribute and add new
stopwords required by the latest aspell.
|
|
A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported. This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type. New configuration settings are
required as well; see Wallet::Config for more information. To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier.
|
|
|
|
|
|
Add the krb5-regex ACL type and corresponding Wallet::ACL::Krb5::Regex
module. This ACL is identical to krb5 except that it takes a regular
expression matching principals instead of a string that must match
exactly.
|
|
Do this only in the main text, not in the SEE ALSO section, since the
latter is more for conventional man pages. This will produce better
results for some POD to HTML converters (although not mine, yet).
|
|
Also update the POD syntax check to the current version of that check
I use elsewhere. Since I'm touching all the POD anyway, also rewrap
all of the POD to 74 columns. Fix some references to MIT in the
Wallet::Kadmin::Heimdal module documentation.
|
|
|
|
empty string as a principal argument. Be careful not to provide a
principal argument if no principal was set. This workaround can be
removed once we depend on a later version of Net::Remctl.
|
|
|
|
|
|
|
|
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
|
|
have an instance of "root" and strips that instance before checking
NetDB roles.
|
|
Perl warnings if the NetDB roles are empty.
|
|
NetDB remctl interface.
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
adjusts for trailing newlines and exception detritus, saving duplicate
code. Standardize the documentation of the error() method and document
using this in child classes of the generic ACL and Object classes.
Disable printing of errors during connect in Wallet::Server since we're
going to throw our own exception.
|
|
|
|
|
|
|
|
I was only going to use that for the krb5-group ACL, which I won't be
implementing.
|
|
package name for higher-level ACL handling.
|
|
they'll load properly.
|
|
the superclass for Wallet::ACL. Add the Wallet::ACL::Krb5 ACL
verifier.
|
