| Age | Commit message (Collapse) | Author | 
|---|
|  | Eventually, there will be multiple object types for different Duo
integrations, and they will need to have unique names.  Add the
Duo type in parentheses after the name to help ensure this.
Change-Id: I679130f9136077fc6bf5d8c6c9ad98ec83b400d0
Reviewed-on: https://gerrit.stanford.edu/1573
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I5143d487d6b3623bc2be1724ed766b8709feb506
Reviewed-on: https://gerrit.stanford.edu/1565
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | The owner and getacl commands now return the current name of the ACL
instead of its numeric ID, matching the documentation of owner.
Change-Id: Ic47aad48bd1454ed4bffff7030b0492d74eee4fa
Reviewed-on: https://gerrit.stanford.edu/1559
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I0d7a088bb34dda2fc554b9f104c2a33e5faf879e
Reviewed-on: https://gerrit.stanford.edu/1554
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Store the current name of the ACL with each history row, and index
the name.  This will eventually allow retrieval of history by name
for ACLs that have been deleted, although the rest of the code is
not yet in place.
The initial creation and membership of the ADMIN ACL during database
initialization or reinitialization is no longer recorded in the
acl_history table, since otherwise it produces errors due to the
missing ah_name field when building the database with schema 0.07.
There should be some better solution to this, but this will be okay
for the time being.
Change-Id: I015a00c972e0c2730c3d449952fcfe9b79c6e54f
Reviewed-on: https://gerrit.stanford.edu/1553
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I61379e8963569d26c9b9c31d1727f3cca4567f8e
Reviewed-on: https://gerrit.stanford.edu/1550
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings.  (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Now that the Perl directory has been reorganized, it's easier to
synchronize with the standard rra-c-util tests.
Change-Id: I97a03d06ff964edcc85ab8788af281b7bc321235
Reviewed-on: https://gerrit.stanford.edu/1531
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker.  This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server.  It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Also reorganize the test suite to use subdirectories.
Change-Id: Id06120ba2bad1ebbfee3d8a48ca2f25869463165
Reviewed-on: https://gerrit.stanford.edu/1530
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I1acd7894316fc96943b9eda5e3a9abb9d229646c
Reviewed-on: https://gerrit.stanford.edu/1528
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | If we don't run the code to delete the wallet database very late,
destruction of the SQLite objects may recreate the database file.
Move the unlink to an END block to avoid this problem.
Change-Id: Ib5ec2cbd08ba24c99f3dfa1daa01488931c5958f
Reviewed-on: https://gerrit.stanford.edu/1525
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | The global replacement of my email address broke this test as
well since I was using my address as part of the test.  Revert
to the previous email address, since it's just example data.
Change-Id: Iaebcf4b4556308d5a69fbe2c8b59b05304dfbf66
Reviewed-on: https://gerrit.stanford.edu/1523
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Undo the email address renaming for verifier-netdb as well, since
this has to use rra@stanford.edu for right now.  Adjust so that the
test is not skipped with Heimdal Kerberos user space.
Change-Id: I0a0e16e1044fe6057a310cc419477a34052ffcda
Reviewed-on: https://gerrit.stanford.edu/1522
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | This has to use rra@stanford.edu to work at all (and badly needs
some sort of mock LDAP environment rather than what it's doing now).
Change-Id: I0961c7f97633eb7e29e391804a6803195564d74b
Reviewed-on: https://gerrit.stanford.edu/1521
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | For some reason, two keytabs are comparing inequal even after
masking the timestamp but both keytabs work for authentication.
Stop doing a data comparison and instead attempt authentications
with both keytabs as a more reliable test.
Change-Id: I4bd0712d492b78f09e95ffbed3461d97613d9d0a
Reviewed-on: https://gerrit.stanford.edu/1520
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | We now have a 0.09 schema, so test upgrading from 0.07 to 0.09
in two steps.
Change-Id: I0e7af4371ba78aa69a9b7be59239f10c86e1fade
Reviewed-on: https://gerrit.stanford.edu/1519
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Similar to server, the ID of the last ACL created may vary
depending on whether SQLite reuses the last autoincrement key
when the highest-numbered record is deleted.  Accept either
possibility.
Change-Id: I2dd3b3cbbdf32931820ff799ca06f751c37a4cbd
Reviewed-on: https://gerrit.stanford.edu/1518
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | SQLite now, when the highest-numbered record with an autoincrement
key is deleted, will reuse that number instead of incrementing
further.  Adjust the test suite so that this ambiguity is never
encountered, since it's not part of what we're testing.
Change-Id: I08c0c1c3fae82556d0f016b95db2992bdded1775
Reviewed-on: https://gerrit.stanford.edu/1517
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | A new object type, duo (Wallet::Object::Duo), is now supported.  This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname.  Currently, only UNIX integration
types are supported.  The Net::Duo Perl module is required to use this
object type.  New configuration settings are required as well; see
Wallet::Config for more information.  To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
Change-Id: I2c0dac75e81f526b34d6b509c4bdaecb43dd4a9d
Reviewed-on: https://gerrit.stanford.edu/1516
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | When the correct Kerberos tickets aren't available, this test
skipped the wrong number of tests.
Change-Id: Icf27178fe88027f38764285bb671560e051f9105
Reviewed-on: https://gerrit.stanford.edu/1373
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Fix recognition of the syntax error from Heimdal's klist -ke, which
doesn't exit with status 1.  Assume that if we didn't see any known
enctypes, we're dealing with Heimdal.  Remove the code to populate the
enctype table, since we do that in Wallet::Admin now.  Show the error
if adding an enctype fails.
Change-Id: I40da967ef6868e5cd51a1238e1c6324386468134
Reviewed-on: https://gerrit.stanford.edu/1069
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I59db1e8638a602d9c118ac01da17280c9ed7d005
Reviewed-on: https://gerrit.stanford.edu/1067
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | If we can't find the sqlite3 binary, just skip the upgrade test.
Change-Id: I20e9ad1978a189cf059756e15794ea4d954f3867
Reviewed-on: https://gerrit.stanford.edu/994
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Since we were reinstalling a fresh database via the same DBIx::Class
functions, the database we installed to upgrade from a non-versioned
setup was still getting a version table.  Switched to delete the
database and reload it fresh from the sqlite3 command itself.
Change-Id: Ia09bbc279ab834b5d17453b4282e18dd3a36f857
Reviewed-on: https://gerrit.stanford.edu/993
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | If the WebAuth module is too old, don't just fail the tests.  Skip
them instead.  This will let the Debian package build in unstable.
Change-Id: I84c97f23ff7fbf89f2fd797898ebb4ab5e58eee6
Reviewed-on: https://gerrit.stanford.edu/987
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: Ic0f33bf01936a093a645bedd5adfa771fd4e3574
Reviewed-on: https://gerrit.stanford.edu/983
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Owners of wallet objects are now allowed to destroy them.  In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: Ibad85d6d7c653b557e9ec297a4268068261271fa
Reviewed-on: https://gerrit.stanford.edu/847
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | This currently requires global read access to the Stanford LDAP
directory, so even other people at Stanford can't run it.  Will
revisit when we have a chance to write mock LDAP classes.
Change-Id: I0e944b8019744b14a62e60d5dcc662b417108722
Reviewed-on: https://gerrit.stanford.edu/844
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | In the upgrade() wrapper in Wallet::Admin, set the DDL directory
in the schema before attempting an upgrade.
Change-Id: I691184fc4cf416e68f300bc78f7caffc41bf94b8
Reviewed-on: https://gerrit.stanford.edu/793
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Used currently by MDM to store both the certificate and the key in
the same file for convenience.
Change-Id: I38901ac93fe3022c2e00f735a0f995500841d709
Reviewed-on: https://gerrit.stanford.edu/784
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | In Wallet::Policy::Stanford, add support for setting a default owner
of file objects whose names are based on a group that has an ACL
mapping.
Change-Id: I4f63815621d81e26ba4779d10f249cb31eef2b5e
Reviewed-on: https://gerrit.stanford.edu/759
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Add all the new group names for the Stanford naming policy and
associate them with default ACLs (not yet used).  Distinguish
them from the legacy group names, and use the appropriate ones
for naming policy enforcement.
Change-Id: I4b87ff48d34d82195245798f41afefff26efa95d
Reviewed-on: https://gerrit.stanford.edu/758
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Add support for a default owner for host-based file objects to
Wallet::Policy::Stanford.
Change-Id: I1a9bf07def1356788fbd0acf9910a2e86c9e8f08
Reviewed-on: https://gerrit.stanford.edu/757
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Refactor the Wallet::Policy::Stanford module to pull some of the
constants out, and then add data and support in the naming policy
for the new file object naming scheme.
Change-Id: Iba0c24c119ce529a1d3fd8cd3332335c4433df09
Reviewed-on: https://gerrit.stanford.edu/756
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | To make it easier to revise and test revisions to the Stanford
wallet naming policy, convert the code to a module and include it
in the distribution.  Add a test suite for the current policy.
Change-Id: I73b888fa8d18401a239144c2e9f810ad4692c44b
Reviewed-on: https://gerrit.stanford.edu/755
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | In moving from DBI to DBIx::Class, we at first left the various
variables the same.  This goes through to update them for the proper
names.
* Wallet::Admin::schema was created to return the schema object (and
similarly for Wallet::Server and Wallet::Report).
* Wallet::Admin::dbh was modified to return the actual DBI handle again
(and similarly for Wallet::Server and Wallet::Report).
* Various places that used $admin->{dbh} were moved to $admin->{schema}.
* Various places using $dbh for the schema object were changed to
$schema.
Change-Id: I00914866e9a8250855a7828474aa9ce0f37b914f
Reviewed-on: https://gerrit.stanford.edu/733
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | perl/Wallet/Object/Keytab.pm was using the wrong value for the database
handle in some places (trying to load as a subroutine rather than part
of the object).  Also, the keytab.t tests were attempting to run against
the DBIx::Class object rather than a direct dbh handle that they
expected.
Change-Id: Ifbb8b110d559f3ba867fc5b0dc3933fd2d4fd484
Reviewed-on: https://gerrit.stanford.edu/731
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.
Change-Id: Ie5083432d09a0d9fe364a61c31378b77aa7b3cb7
Reviewed-on: https://gerrit.stanford.edu/598
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: Id360aebe8f0a3911a7d628feafef9b3110801124
Reviewed-on: https://gerrit.stanford.edu/715
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise.  This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store". | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Avoid tromping on the user's AFS credentials if using Heimdal
user space. | 
|  | A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported.  This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL.  The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type.  New configuration settings are
required as well; see Wallet::Config for more information.  To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier. | 
|  | Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it.  The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL. |