krb5-wallet.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2016-01-16	Pass object type and name to external ACL verifiers	Russ Allbery
	This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything.
2015-12-14	Better error reporting on verifier failure during add	Russ Allbery
	When adding a new ACL, if creation of the verifier failed, we reported a pretty minimal error message claiming that the identifier was the problem. It can't possibly be the problem when the constructor fails. Report the actual failure more directly.
2015-11-18	ACL.pm: Destroying a nested ACL will now fail	Jon Robertson
	When destroying an ACL nested in other ACLs, we now fail with an explanation rather than going through to remove all the places it's nested. That's more in line with how we handle trying to destroy ACLs that own things. Change-Id: I8bc0530e37c54369ec52d9b369f8fabe98def77a
2015-06-08	Added nested acl verifier	Jon Robertson
	This verifier will allow embedding one ACL in another for more flexible ACL handling. As part of thise we've also added the ability for each verifier to do a syntax check to see if a given name is valid for that verifier. For the moment this returns true for everything but Nested. Nested will check to make sure the given name is an existing group. Change-Id: Iacdf146d46ed882d57b7534058d34db6e6ec1de4
2015-06-08	ACL.pm: Error messages use name rather than ID	Jon Robertson
	All error messages should now use the ACL name rather than the ADL id, for readability. Change-Id: I2d1cfe806b459ef083293df4fa0b83cb4cef673b
2015-06-08	ACL.pm: Fixed capitalization of ACL in pod	Jon Robertson
	Change-Id: I9e4632f3ff81f916f9157ef8128b20915ecded08
2015-06-08	Added acl replace command to wallet backend	Jon Robertson
	New command for replacing the ownership of anything owned by a specific ACL with another ACL. This differs from acl rename in that it's to be used when the destination ACL already exists and potentially already owns some objects. Change-Id: I765bebf499fe0f861abc2ffe1873990590beed36
2014-07-15	Use DateTime objects uniformly, improve expires parsing	Russ Allbery
	Always use DateTime objects for every date field in the database, and translate them into the local time zone for display when pulling them out of the database. This should provide better portability to different database backends. Change the parsing of expires arguments to use Date::Parse, thus supporting a much broader variety of possible date and time formats and allowing easy conversion to a DateTime object. Document the new dependency. Change-Id: I2ee8eaa6aa6ae9925ac419e49234ec9880d4fe95 Reviewed-on: https://gerrit.stanford.edu/1555 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
2014-07-15	Record ACL names in the ACL history	Russ Allbery
	Change-Id: I0d7a088bb34dda2fc554b9f104c2a33e5faf879e Reviewed-on: https://gerrit.stanford.edu/1554 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
2014-07-15	Record the ACL name in the acl_history table	Russ Allbery
	Store the current name of the ACL with each history row, and index the name. This will eventually allow retrieval of history by name for ACLs that have been deleted, although the rest of the code is not yet in place. The initial creation and membership of the ADMIN ACL during database initialization or reinitialization is no longer recorded in the acl_history table, since otherwise it produces errors due to the missing ah_name field when building the database with schema 0.07. There should be some better solution to this, but this will be okay for the time being. Change-Id: I015a00c972e0c2730c3d449952fcfe9b79c6e54f Reviewed-on: https://gerrit.stanford.edu/1553 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
2014-07-15	Use DateTime objects in the database layer, not strings	Russ Allbery
	Pass in DateTime objects for the date fields in the database instead of formatted time strings. This provides better compatibility with different database engines. Document in README the need to install the DateTime::Format::* module corresponding to the DBD::* module used for the server database. Change-Id: Id25796da718d734ac96ca27ccea9045b0c80c03f Reviewed-on: https://gerrit.stanford.edu/1551 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
2014-07-11	Test for Perl strict and minimum version	Russ Allbery
	Fix strictness issues across the whole code base, and ensure that all Perl scripts enable warnings. (Hopefully enabling warnings won't cause problems for the server.) Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c Reviewed-on: https://gerrit.stanford.edu/1532 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
2014-07-11	Switch to Module::Build for the Perl module	Russ Allbery
	The wallet server now requires Perl 5.8 or later (instead of 5.006 in previous versions) and is now built with Module::Build instead of ExtUtils::MakeMaker. This should be transparent to anyone not working with the source code, since Perl 5.8 was released in 2002, but Module::Build is now required to build the wallet server. It is included in some versions of Perl, or can be installed separately from CPAN, distribution packages, or other sources. Also reorganize the test suite to use subdirectories. Change-Id: Id06120ba2bad1ebbfee3d8a48ca2f25869463165 Reviewed-on: https://gerrit.stanford.edu/1530 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>