| Age | Commit message (Collapse) | Author |
|---|
|
If we don't run the code to delete the wallet database very late,
destruction of the SQLite objects may recreate the database file.
Move the unlink to an END block to avoid this problem.
Change-Id: Ib5ec2cbd08ba24c99f3dfa1daa01488931c5958f
Reviewed-on: https://gerrit.stanford.edu/1525
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
For some reason, two keytabs are comparing inequal even after
masking the timestamp but both keytabs work for authentication.
Stop doing a data comparison and instead attempt authentications
with both keytabs as a more reliable test.
Change-Id: I4bd0712d492b78f09e95ffbed3461d97613d9d0a
Reviewed-on: https://gerrit.stanford.edu/1520
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix recognition of the syntax error from Heimdal's klist -ke, which
doesn't exit with status 1. Assume that if we didn't see any known
enctypes, we're dealing with Heimdal. Remove the code to populate the
enctype table, since we do that in Wallet::Admin now. Show the error
if adding an enctype fails.
Change-Id: I40da967ef6868e5cd51a1238e1c6324386468134
Reviewed-on: https://gerrit.stanford.edu/1069
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ic0f33bf01936a093a645bedd5adfa771fd4e3574
Reviewed-on: https://gerrit.stanford.edu/983
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
In moving from DBI to DBIx::Class, we at first left the various
variables the same. This goes through to update them for the proper
names.
* Wallet::Admin::schema was created to return the schema object (and
similarly for Wallet::Server and Wallet::Report).
* Wallet::Admin::dbh was modified to return the actual DBI handle again
(and similarly for Wallet::Server and Wallet::Report).
* Various places that used $admin->{dbh} were moved to $admin->{schema}.
* Various places using $dbh for the schema object were changed to
$schema.
Change-Id: I00914866e9a8250855a7828474aa9ce0f37b914f
Reviewed-on: https://gerrit.stanford.edu/733
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
perl/Wallet/Object/Keytab.pm was using the wrong value for the database
handle in some places (trying to load as a subroutine rather than part
of the object). Also, the keytab.t tests were attempting to run against
the DBIx::Class object rather than a direct dbh handle that they
expected.
Change-Id: Ifbb8b110d559f3ba867fc5b0dc3933fd2d4fd484
Reviewed-on: https://gerrit.stanford.edu/731
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
The check for the enctypes of created keytabs tries klist for MIT
first and then Heimdal ktutil. The klist options are invalid for
Heimdal. Suppress the resulting complaining to standard error.
|
|
Coding style update. Don't prefix the file short description with the
file name; it's not needed.
|
|
|
|
Change the API for keytab_rekey to match keytab, returning the keytab
as data instead of writing it to a file. This simplifies the wallet
object implementation and moves the logic for reading the temporary
file into Wallet::Kadmin and its child classes. (Eventually, there may
be a kadmin backend that doesn't require using a temporary file.)
Setting KEYTAB_TMP is now required to instantiate either the ::MIT or
::Heimdal Wallet::Kadmin classes.
|
|
Heimdal supports retrieving a keytab containing the existing keys over
the kadmin protocol. Move the support for using remctl to retrieve an
existing keytab into Wallet::Kadmin::MIT and provide two separate
methods in the Wallet::Kadmin interface: one which rekeys and one which
doesn't. Implement the non-rekeying interface for Heimdal. Expand the
test suite for the unchanging keytabs to include tests for the Heimdal
method.
|
|
Now that we support multiple versions of Kerberos, use generic names
for the functions in the Wallet::Kadmin interface rather than the
commands from the MIT kadmin interface.
|
|
|
|
Remove kaserver synchronization support. It is no longer tested, and
retaining the code was increasing the complexity of wallet, and some
specific requirements (such as different realm names between kaserver
and Kerberos v5 and the kvno handling) were Stanford-specific. Rather
than using this support, AFS sites running kaserver will probably find
deploying Heimdal with its internal kaserver compatibility is probably
an easier transition approach.
|
|
Map the AES enctype to the full enctype name, which will work for both
MIT and Heimdal. Fix the test count. Really test rollback from invalid
enctypes (what we did before made no sense). Skip tests that will just
fail if the enctype stuff is not working, since otherwise it confuses
matters.
|
|
We may have a different userspace than the Kerberos type, so always
try klist -ke first and then fall back on ktutil if it fails.
Also display the error message in a few more places if things fail,
discovered as useful when debugging other problems.
|
|
Now that we have Wallet::Kadmin, use it, rather than running the kadmin
client program. We may not have the same kadmin client program as the
server that we're testing against.
|
|
Don't use kadmin to check for principal existence. We want to verify
that we can get tickets, not just look at kadmin. Use whatever is found
on the user's PATH, not something based on the Kerberos type, since our
userspace may not match the server implementation.
|
|
Combine a long series of eval blocks into a single block and a single
error check. Remove trailing whitespace, and in some cases remove
trailing () on method calls where the parens aren't useful.
|
|
Added a fix to the Pod tests to change the order of the arguments in a
skip statement to the correct order. Also added tests for the
KEYTAB_KRBTYPE value in the keytab tests, and changed the Wallet::Kadmin
module to standardize the errors returned with no keytab set and add new
error for keytab set but not a valid value.
|
|
valid_principal has been removed from Wallet::Kadmin and
Wallet::Kadmin::Heimdal. An accessor for it in Wallet::Object::Keytab
has also been removed, as have the tests in perl/t/keytab.t for the
function. It still remains within Wallet::Kadmin::MIT and is used there,
but only as a private method for flagging what the kadmin command-line
interface cannot handle.
|
|
Strip trailing whitespace, convert tabs to spaces, add newlines to
exceptions, and remove a few stray blank lines and a few other minor
coding style oddities. Make the SQL style consistent.
|
|
Added cases to handle the Wallet::Object::Keytab module using a Heimdal
KDC as well as an MIT KDC. In most cases this is transparent, but some
tests are skipped for Heimdal, and the commands run to test that the
created principals and keytabs are correct are different for Heimdal.
The code now branches based on the value of
$Wallet::Config::KEYTAB_KRBTYPE.
|
|
Added cases to handle the Wallet::Object::Keytab module using a Heimdal
KDC as well as an MIT KDC. In most cases this is transparent, but some
tests are skipped for Heimdal, and the commands run to test that the
created principals and keytabs are correct are different for Heimdal.
The code now branches based on the value of
$Wallet::Config::KEYTAB_KRBTYPE.
|
|
|
|
|
|
|
|
of Wallet::Schema::drop in the test suite.
|
|
|
|
libraries as necessary rather than hard-coding libraries. Building
on systems without strong shared library dependencies and building
against static libraries should now work.
Building kasetkey (for AFS kaserver synchronization) is now optional
and not enabled by default. Pass --with-afs to enable it. This
allows wallet to be easily built in an environment without AFS.
|
|
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
|
|
|
|
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
|
|
|
|
SQLite for testing.
Also start a new Util.pm module for the test suite and move the contents
sub into that module. More to follow.
|
|
Add a drop() method to Wallet::Schema to destroy the wallet database. Add
a test suite for it. Add a reinitialize() method to Wallet;:Server that
drops the database before creating it.
Modify the wallet object test cases to call reinitialize() to create the
initial database and drop() to clean up the database after the test is
complete.
Fix a bug preventing Wallet::Schema from being initialized multiple times.
We now stash the schema in a class static variable and reuse it for
subsequent initializations, since re-reading DATA doesn't work.
|
|
|
|
attributes.
|
|
|
|
|
|
on show rather than zeroing it.
|
|
|
|
Still needs a more comprehensive test suite.
Remove all attributes for a keytab object when it is destroyed so that
when the object is recreated, it doesn't inherit attributes from its
previous self. Add a test case for that for the sync attribute.
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
new object method that subclasses can override to add attribute
information to show() and remove the documentation about overriding
show().
|
|
tests of the machinery around kaserver synchronization even if we don't
have a full configuration.
|
