| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2007-12-06 | Be a bit more careful and conservative when stripping realms off. | Russ Allbery | |
| 2007-12-06 | Fix the keytab principal validation regex to allow instances | Russ Allbery | |
| containing periods. Otherwise, it's hard to manage host keytabs. Add a missing test suite for that method. | |||
| 2007-12-05 | Various coding style fixes and cleanup based on a much-appreciated | Russ Allbery | |
| code audit by Simon Cozens. I didn't take all of his advise, and he shouldn't be blamed for any remaining issues. | |||
| 2007-12-05 | Coding style improvements. | Russ Allbery | |
| 2007-12-05 | Bump version number for previous changes. | Russ Allbery | |
| 2007-12-05 | Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them | Russ Allbery | |
| over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL. | |||
| 2007-12-05 | Determine the class for object and ACL schema implementations from the | Russ Allbery | |
| database rather than a hard-coded list and provide Wallet::Schema methods for adding new class mappings. Add a missing class mapping for the netdb ACL schema verifier. | |||
| 2007-12-04 | Add a subclass of the NetDB ACL verifier that requires the principal | Russ Allbery | |
| have an instance of "root" and strips that instance before checking NetDB roles. | |||
| 2007-12-01 | Following the DBI documentation, turn on AutoCommit after RaiseError so | Russ Allbery | |
| that we have some hope of getting error messages if it fails. | |||
| 2007-12-01 | If we're using MySQL, force all the tables to InnoDB so that we get | Russ Allbery | |
| transactions. | |||
| 2007-12-01 | Don't disconnect on destruction of the server object if the handle is | Russ Allbery | |
| marked with InactiveDestroy. | |||
| 2007-12-01 | Set InactiveDestroy to the right thing. Doh. | Russ Allbery | |
| 2007-12-01 | Make sure we always have a valid object and access to our database | Russ Allbery | |
| handle when calling kadmin so that we can do our database handle mangling. | |||
| 2007-12-01 | Don't use die when forking kasetkey fails and similarly don't close the | Russ Allbery | |
| database connection on a failed fork. | |||
| 2007-12-01 | Don't close our open database handles after a failed fork. | Russ Allbery | |
| 2007-12-01 | Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of | Russ Allbery | |
| seconds since epoch and returned the same way. Timestamps are now stored in the database as correct date and time types rather than seconds since epoch to work properly with MySQL. | |||
| 2007-12-01 | Don't do an in-place edit of the SQL inside the object, since we then | Russ Allbery | |
| can't reuse the object with another database handle. | |||
| 2007-12-01 | Move wallet.conf to /etc/wallet since we're going to want to put other | Russ Allbery | |
| things in that directory as well. | |||
| 2007-11-30 | Initial work on supporting testing with MySQL. | Russ Allbery | |
| Add a drop() method to Wallet::Schema to destroy the wallet database. Add a test suite for it. Add a reinitialize() method to Wallet;:Server that drops the database before creating it. Modify the wallet object test cases to call reinitialize() to create the initial database and drop() to clean up the database after the test is complete. Fix a bug preventing Wallet::Schema from being initialized multiple times. We now stash the schema in a class static variable and reuse it for subsequent initializations, since re-reading DATA doesn't work. | |||
| 2007-11-20 | Attempt to create the object with a default owner on get and store | Russ Allbery | |
| when the object doesn't exist. | |||
| 2007-11-20 | Add support for running a user-defined function whenever an object is | Russ Allbery | |
| created by a non-ADMIN user and using the default owner ACL returned by that function provided that the calling user is authorized by that ACL. This permits dynamic creation of new objects based on a default owner ACL programmatically determined from the name of the object. | |||
| 2007-11-15 | Use the right remctld configuration for the ACL verifier. Don't produce | Russ Allbery | |
| Perl warnings if the NetDB roles are empty. | |||
| 2007-11-15 | Add an ACL verifier that checks access against NetDB roles using the | Russ Allbery | |
| NetDB remctl interface. | |||
| 2007-10-11 | Add an acl_history method to the server layer and test it. | Russ Allbery | |
| 2007-10-10 | Add a history method to the Wallet::ACL API. | Russ Allbery | |
| 2007-10-10 | Add the history method (for objects). | Russ Allbery | |
| 2007-10-10 | Make enctype changes in sorted order so that the history trace is reliable | Russ Allbery | |
| and can be tested. | |||
| 2007-10-10 | Redo history tracking for attributes. Currently, all of our attributes | Russ Allbery | |
| take multiple values, so log them like flags. Hopefully this will continue to work; if not, we'll have to revisit it later. Improve logging for unsetting of attributes. | |||
| 2007-10-10 | Add an object history method and tests for it. | Russ Allbery | |
| 2007-10-09 | Fix foreign key reference in the history table for the object name. | Russ Allbery | |
| 2007-10-09 | Bump version number for the keytab changes. | Russ Allbery | |
| 2007-10-09 | Add NEWS entry for enctypes. Clarify in the documentation the behavior | Russ Allbery | |
| of the enctypes attribute when the unchanging flag is set. | |||
| 2007-10-09 | Add user documentation for the enctypes attribute on keytabs. Mention | Russ Allbery | |
| that the enctype must be in the database in the keytab object API documentation. The README and NEWS files are now done. | |||
| 2007-10-09 | We have to check the validity of enctypes ourselves since SQLite doesn't | Russ Allbery | |
| enforce referential integrity. | |||
| 2007-10-09 | Initial implementation of enctype restriction with a basic test suite. | Russ Allbery | |
| Still needs a more comprehensive test suite. Remove all attributes for a keytab object when it is destroyed so that when the object is recreated, it doesn't inherit attributes from its previous self. Add a test case for that for the sync attribute. | |||
| 2007-10-05 | Add comprehensive license information in LICENSE and update the copyright | Russ Allbery | |
| and license statements in all files. Make sure that some files that were missing copyright information now have them. Reference LICENSE rather than README in all notices. | |||
| 2007-10-04 | Fix error handling if we cannot dup stdout. | Russ Allbery | |
| 2007-09-26 | Include the synchronization configuration in show() output. Provide a | Russ Allbery | |
| new object method that subclasses can override to add attribute information to show() and remove the documentation about overriding show(). | |||
| 2007-09-26 | Add tests for the Kerberos v5 to Kerberos v4 name mapping and do more | Russ Allbery | |
| tests of the machinery around kaserver synchronization even if we don't have a full configuration. | |||
| 2007-09-26 | Add support for deleting principals out of the AFS kaserver (optionally) | Russ Allbery | |
| if synchronization is not set. | |||
| 2007-09-25 | If synchronization is enabled, destroy the principal out of K4 when the | Russ Allbery | |
| keytab object is destroyed. | |||
| 2007-09-25 | Add support for synchronizing a key with an AFS kaserver in the keytab | Russ Allbery | |
| object implementation, extracting the DES key with Authen::Krb5 (since ktutil doesn't work). Rename the KEYTAB_CACHE variable to KEYTAB_REMCTL_CACHE to match the rest of the keytab retrieval configuration and reorganize the Wallet::Config documentation to group related configuration options for the keytab backend. Fix a column name in the keytab_enctypes table to be more consistent with the rest of the schema. | |||
| 2007-09-20 | Take multiple values in the attr() method and convert it to a reference | Russ Allbery | |
| to an array internally so that the callers don't have to be aware of the internal API. | |||
| 2007-09-20 | Change the error handling of the Wallet::ACL list() method to return the | Russ Allbery | |
| empty list on errors and clear error() so that it can be used to distinguish between an error and an empty ACL. | |||
| 2007-09-20 | Change flag_list to return the empty list on error and clear error. | Russ Allbery | |
| Change the documentation to tell the caller to call error() after an empty return to see if an error occurred. | |||
| 2007-09-20 | Update the documentation to get rid of the stupid error return from | Russ Allbery | |
| attr and instead tell the caller to call error() on an empty return to see if there was a problem. | |||
| 2007-09-20 | Add support for attribute setting and retrieving to the high-level | Russ Allbery | |
| interface with appropriate ACL support. Retrieving is controlled by the show ACL and setting is controlled by the store ACL, both falling back to owner. | |||
| 2007-09-19 | Add generic attribute support to the object layer and update the API | Russ Allbery | |
| documentation to talk about overriding it. Update some other bits of the API documentation to include more hints about how to handle overridden methods. | |||
| 2007-09-19 | Implement unchanging support in the keytab object backend, which retrieves | Russ Allbery | |
| keytabs via remctl from the KDC. | |||
| 2007-09-19 | Allow creation of a keytab object for a principal that already exists. | Russ Allbery | |
| Catch more errors when checking the existence of a principal. Add a test for creating a principal for which we don't have permissions. | |||
 |
index : krb5-wallet.git | |
| Unnamed repository; edit this file 'description' to name the repository. | www-data |
| aboutsummaryrefslogtreecommitdiff |