summaryrefslogtreecommitdiff
path: root/perl/Wallet
AgeCommit message (Collapse)Author
2010-01-05Added randKeyPrincipal to the keytab creation processJon Robertson
randKeyPrincipal was added to the keytab file creation process, in order to reset a principal to first have all possible enctypes. There is no way for us to specify that we only want a specific number of fresh enctypes, so we must reset to have all enctypes first, and then pare down from there each time we create the keytab.
2009-12-16Provided path to call valid_principal directlyJon Robertson
valid_principal used to reside in Wallet::Object::Keytab, but was moved to the individual Wallet::Kadmin::* modules. This isn't necessary currently and may not ever be, but it's there just in case we do ever need to differentiate. To simplify testing, a way to still call it directly from Wallet::Object::Keytab has been added.
2009-12-16Improvements for keytab existance checks and keytab creationJon Robertson
* Fixed keytab existence check to avoid failures when called by a principal with permissions only on specific principals. * Better error cases for non-existant keytabs in several places. * Skipped limiting keytabs to certain enctypes when no enctypes are given.
2009-12-10Added support for Heimdal KDCJon Robertson
Added support for Heimdal as an alternative to MIT Kerberos. This involved separating out the kadmin-specific code into its own set of modules, and changing the existing Wallet::Object::Keytab code to branch based on which module is loaded.
2009-12-03Improved wallet-admin list command with searchesJon Robertson
wallet-admin's list command now has additional searches added for objects and acls that match certain specifiers. For objects these include searching for objects owned by a specific ACL, objects owned by no one, objects of a specific type, objects with a specific flag, and objects for which a specific ACL has any privileges at all. For acls, this includes the ability to search for any ACL with an entry with given type and identifier.
2009-06-09Add owners reportRuss Allbery
Add a new report owners command to wallet-admin and corresponding report_owners() method to Wallet::Admin, which returns all ACL lines on owner ACLs for matching objects.
2009-06-09Remove Subversion Id stringsRuss Allbery
2008-02-20Report the correct error message when addprinc fails while creating aRuss Allbery
keytab object.
2008-02-13Remove the restriction that all object implementations must have classRuss Allbery
names of Wallet::Object::* and all ACL verifier implementations must have class names of Wallet::ACL::*.
2008-02-13Fix the signature of register_verifier in the documentation.Russ Allbery
2008-02-13Move register_object and register_verifier into Wallet::Admin.Russ Allbery
2008-02-09Actually implement FILE_MAX_SIZE.Russ Allbery
2008-02-09Add file object support to the wallet server.Russ Allbery
2008-02-09Minor documentation fixes.Russ Allbery
2008-02-08No unnecessary ; after __END__.Russ Allbery
2008-02-08Wallet::Config and hence the wallet server now checks for theRuss Allbery
environment variable WALLET_CONFIG and loads configuration from the file specified there instead of /etc/wallet/wallet.conf if it is set.
2008-02-07The current version of Net::Remctl can't handle explicit undef or theRuss Allbery
empty string as a principal argument. Be careful not to provide a principal argument if no principal was set. This workaround can be removed once we depend on a later version of Net::Remctl.
2008-02-07Add a new autocreate API call that tries to create an object using theRuss Allbery
default ACLs. Remove autocreation support from create, which now requires that one be on the ADMIN ACL, and from get and store. The wallet client will soon know how to do the right thing.
2008-02-07Add a check command to the wallet server to determine whether an objectRuss Allbery
already exists.
2008-02-06Check naming policy on wallet object creation before checking theRuss Allbery
default ACLs to avoid creating and stranding an ACL when the naming policy check fails.
2008-01-23Return IDs and names from list_acls.Russ Allbery
2008-01-23Add Wallet::Admin interfaces to list all objects and all ACLs in theRuss Allbery
database.
2008-01-23Only disconnect the database handle during Wallet::Server objectRuss Allbery
destruction if the database handle hasn't already been destroyed.
2008-01-23Add a destroy() method to the Wallet::Admin object and use that insteadRuss Allbery
of Wallet::Schema::drop in the test suite.
2008-01-23Refactor database initialization into a new Wallet::Admin module.Russ Allbery
2008-01-23Add a pointer to the wallet URL in the documentation.Russ Allbery
2008-01-22Update documentation for the API to Wallet::Object::Base andRuss Allbery
Wallet::ACL to take Wallet::Database objects instead of database handles.
2008-01-22Add a Wallet::Database class that now holds the database connection codeRuss Allbery
previously in Wallet::Server. Remove all the attribute setting on database handles in the other classes since Wallet::Database handles that initialization.
2008-01-17Support enforcing a naming policy for wallet objects via a PerlRuss Allbery
function in the wallet server configuration file.
2007-12-07Fix the module name in the SYNOPSIS example.release/0.5debian/0.5-1Russ Allbery
2007-12-07Check a default creation ACL first before the ADMIN ACL when decidingRuss Allbery
whether we can auto-create a non-existent ACL, since creating one with the ADMIN ACL doesn't create a useful object. Allow @ in wallet-backend arguments so that principal names can be passed in.
2007-12-07Correctly implement the documented intention that setting an attributeRuss Allbery
to the empty string clears the attribute values.
2007-12-07Get rid of more return undefs.Russ Allbery
2007-12-07Get rid of a bunch more return undefs.Russ Allbery
2007-12-07Bump version numbers appropriately.Russ Allbery
2007-12-07Load the Perl modules for ACL verifiers and object types dynamicallyRuss Allbery
now that we're reading the class from the database.
2007-12-06Be a bit more careful and conservative when stripping realms off.Russ Allbery
2007-12-06Fix the keytab principal validation regex to allow instancesRuss Allbery
containing periods. Otherwise, it's hard to manage host keytabs. Add a missing test suite for that method.
2007-12-05Various coding style fixes and cleanup based on a much-appreciatedRuss Allbery
code audit by Simon Cozens. I didn't take all of his advise, and he shouldn't be blamed for any remaining issues.
2007-12-05Coding style improvements.Russ Allbery
2007-12-05Bump version number for previous changes.Russ Allbery
2007-12-05Maintain a global cache of ACL verifiers in Wallet::ACL and reuse themRuss Allbery
over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL.
2007-12-05Determine the class for object and ACL schema implementations from theRuss Allbery
database rather than a hard-coded list and provide Wallet::Schema methods for adding new class mappings. Add a missing class mapping for the netdb ACL schema verifier.
2007-12-04Add a subclass of the NetDB ACL verifier that requires the principalRuss Allbery
have an instance of "root" and strips that instance before checking NetDB roles.
2007-12-01Following the DBI documentation, turn on AutoCommit after RaiseError soRuss Allbery
that we have some hope of getting error messages if it fails.
2007-12-01If we're using MySQL, force all the tables to InnoDB so that we getRuss Allbery
transactions.
2007-12-01Don't disconnect on destruction of the server object if the handle isRuss Allbery
marked with InactiveDestroy.
2007-12-01Set InactiveDestroy to the right thing. Doh.Russ Allbery
2007-12-01Make sure we always have a valid object and access to our databaseRuss Allbery
handle when calling kadmin so that we can do our database handle mangling.
2007-12-01Don't use die when forking kasetkey fails and similarly don't close theRuss Allbery
database connection on a failed fork.
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 23:50:32 +0000