| Age | Commit message (Collapse) | Author |
|---|
|
|
|
new object method that subclasses can override to add attribute
information to show() and remove the documentation about overriding
show().
|
|
tests of the machinery around kaserver synchronization even if we don't
have a full configuration.
|
|
if synchronization is not set.
|
|
keytab object is destroyed.
|
|
object implementation, extracting the DES key with Authen::Krb5 (since
ktutil doesn't work).
Rename the KEYTAB_CACHE variable to KEYTAB_REMCTL_CACHE to match the
rest of the keytab retrieval configuration and reorganize the
Wallet::Config documentation to group related configuration options for
the keytab backend.
Fix a column name in the keytab_enctypes table to be more consistent
with the rest of the schema.
|
|
to an array internally so that the callers don't have to be aware of the
internal API.
|
|
empty list on errors and clear error() so that it can be used to
distinguish between an error and an empty ACL.
|
|
Change the documentation to tell the caller to call error() after an
empty return to see if an error occurred.
|
|
attr and instead tell the caller to call error() on an empty return
to see if there was a problem.
|
|
interface with appropriate ACL support. Retrieving is controlled by
the show ACL and setting is controlled by the store ACL, both falling
back to owner.
|
|
documentation to talk about overriding it. Update some other bits of
the API documentation to include more hints about how to handle
overridden methods.
|
|
keytabs via remctl from the KDC.
|
|
Catch more errors when checking the existence of a principal. Add a
test for creating a principal for which we don't have permissions.
|
|
that convention elsewhere.
|
|
|
|
|
|
|
|
attribute setting in objects inside eval to catch SQL errors and set the
object error accordingly rather than throwing an exception.
|
|
flag changes.
|
|
show() method.
|
|
and append that information to the object description.
|
|
|
|
|
|
rename, or remove the last entry from the ADMIN ACL. Add full
documentation for Wallet::Server.
|
|
|
|
adjusts for trailing newlines and exception detritus, saving duplicate
code. Standardize the documentation of the error() method and document
using this in child classes of the generic ACL and Object classes.
Disable printing of errors during connect in Wallet::Server since we're
going to throw our own exception.
|
|
|
|
our configuration and die if it isn't correct. Catch all the exceptions
thrown by the _kadmin method and do something with them. Print a warning
and then rethrow the exception in the parent when running a non-existent
kadmin binary rather than throwing an exception in the child, which
doesn't close things down cleanly. Be robust against an undefined
KEYTAB_FLAGS setting. Ensure KEYTAB_TMP is set. Also some minor doc
improvements.
|
|
|
|
|
|
ALSO references.
|
|
|
|
|
|
principals in all the kadmin functions. Pass the realm to the kadmin
command. Parse ktadd errors properly. Call _kadmin_ktadd with the
correct arguments.
|
|
error before accessor functions that can return undef not because of an
error but just because the column is null so that the caller can tell
the difference.
|
|
layering violation. Fix permission denied error messages for store.
Don't give administrators global access to get and store, since it would
encourage bad ACL practices. When checking ACLs, instantiate the ACL
object correctly. Support clearing attributes and propagate object
errors into the server error correctly. Reject stores of undefined
data (the empty string is okay).
|
|
attributes rather than the new value; returning the new value is kind
of pointless and makes it harder to test. Add support for clearing
attributes by passing in the empty string as the new value.
|
|
|
|
creating ACL objects in Wallet::Server. Don't return the ACL object from
the acl_create method of Wallet::Server -- it's a layering violation.
|
|
get the uniqueness constraint.
|
|
Reject check with an empty principal.
|
|
name on rename.
|
|
remove the " at line" stuff added by Perl and the newlines so that the
errors stored in objects are consistent.
Fix various bugs in the base object, including a few more type vs. name
inversions and use of object instead of name. Allow owners to be
specified as ACL names instead of IDs, and change the ID to a name in
show.
Add a new test suite for the base object implementation.
|
|
name, type, and fix the schema for the places where I'd renamed name to
object for no good reason. I don't know what I was thinking originally.
|
|
shares database open code with the new method. Add an accessor function
to get at the database handle, which is useful for testing. Add a
DESTROY method to shut the database connection down cleanly.
|
|
and SQLite.
|
|
|
|
|
|
|
