| Age | Commit message (Collapse) | Author |
|---|
|
A new object type, duo (Wallet::Object::Duo), is now supported. This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname. Currently, only UNIX integration
types are supported. The Net::Duo Perl module is required to use this
object type. New configuration settings are required as well; see
Wallet::Config for more information. To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
Change-Id: I2c0dac75e81f526b34d6b509c4bdaecb43dd4a9d
Reviewed-on: https://gerrit.stanford.edu/1516
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The module wasn't always returning a true value when loaded.
Change-Id: I998ab25509cb9079034cae6aca467024ec6b4949
Reviewed-on: https://gerrit.stanford.edu/990
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Iee8d55f6c86563fad71d770398e3221f7efb4b2e
Reviewed-on: https://gerrit.stanford.edu/852
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Id8810ff6deb991b70c2fd4587019aa245d247419
Reviewed-on: https://gerrit.stanford.edu/785
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In moving from DBI to DBIx::Class, we at first left the various
variables the same. This goes through to update them for the proper
names.
* Wallet::Admin::schema was created to return the schema object (and
similarly for Wallet::Server and Wallet::Report).
* Wallet::Admin::dbh was modified to return the actual DBI handle again
(and similarly for Wallet::Server and Wallet::Report).
* Various places that used $admin->{dbh} were moved to $admin->{schema}.
* Various places using $dbh for the schema object were changed to
$schema.
Change-Id: I00914866e9a8250855a7828474aa9ce0f37b914f
Reviewed-on: https://gerrit.stanford.edu/733
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.
Change-Id: Ie5083432d09a0d9fe364a61c31378b77aa7b3cb7
Reviewed-on: https://gerrit.stanford.edu/598
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix a formatting error in Wallet::ACL::LDAP::Attribute and add new
stopwords required by the latest aspell.
|
|
A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported. This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type. New configuration settings are
required as well; see Wallet::Config for more information. To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier.
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
Hook the new upgrade method of Wallet::Schema into Wallet::Admin
and the wallet-admin wrapper script.
|
|
Version 0 is the version without the metadata table. Add a new
upgrade method to Wallet::Schema and support upgrading the database
to version 1. (Version 1 is not yet finalized.)
|
|
Add a metadata table whose only column, currently, is a version number.
We will store the version of the schema in this table and use that to
know what to do during upgrades.
|
|
Add the krb5-regex ACL type and corresponding Wallet::ACL::Krb5::Regex
module. This ACL is identical to krb5 except that it takes a regular
expression matching principals instead of a string that must match
exactly.
|
|
Also update the POD syntax check to the current version of that check
I use elsewhere. Since I'm touching all the POD anyway, also rewrap
all of the POD to 74 columns. Fix some references to MIT in the
Wallet::Kadmin::Heimdal module documentation.
|
|
Remove kaserver synchronization support. It is no longer tested, and
retaining the code was increasing the complexity of wallet, and some
specific requirements (such as different realm names between kaserver
and Kerberos v5 and the kvno handling) were Stanford-specific. Rather
than using this support, AFS sites running kaserver will probably find
deploying Heimdal with its internal kaserver compatibility is probably
an easier transition approach.
|
|
|
|
|
|
|
|
|
|
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
|
|
have an instance of "root" and strips that instance before checking
NetDB roles.
|
|
transactions.
|
|
can't reuse the object with another database handle.
|
|
Add a drop() method to Wallet::Schema to destroy the wallet database. Add
a test suite for it. Add a reinitialize() method to Wallet;:Server that
drops the database before creating it.
Modify the wallet object test cases to call reinitialize() to create the
initial database and drop() to clean up the database after the test is
complete.
Fix a bug preventing Wallet::Schema from being initialized multiple times.
We now stash the schema in a class static variable and reuse it for
subsequent initializations, since re-reading DATA doesn't work.
|
|
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
object implementation, extracting the DES key with Authen::Krb5 (since
ktutil doesn't work).
Rename the KEYTAB_CACHE variable to KEYTAB_REMCTL_CACHE to match the
rest of the keytab retrieval configuration and reorganize the
Wallet::Config documentation to group related configuration options for
the keytab backend.
Fix a column name in the keytab_enctypes table to be more consistent
with the rest of the schema.
|
|
flag changes.
|
|
get the uniqueness constraint.
|
|
name, type, and fix the schema for the places where I'd renamed name to
object for no good reason. I don't know what I was thinking originally.
|
|
and SQLite.
|
|
compatible with SQLite. Mostly this involves creating indexes
separately rather than part of the create table statement.
|
|
information but can also return the SQL commands or apply them to a
database.
|
