| Age | Commit message (Collapse) | Author | 
|---|
|  | Change-Id: Ic0f33bf01936a093a645bedd5adfa771fd4e3574
Reviewed-on: https://gerrit.stanford.edu/983
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Owners of wallet objects are now allowed to destroy them.  In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: Ibad85d6d7c653b557e9ec297a4268068261271fa
Reviewed-on: https://gerrit.stanford.edu/847
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | This currently requires global read access to the Stanford LDAP
directory, so even other people at Stanford can't run it.  Will
revisit when we have a chance to write mock LDAP classes.
Change-Id: I0e944b8019744b14a62e60d5dcc662b417108722
Reviewed-on: https://gerrit.stanford.edu/844
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | In the upgrade() wrapper in Wallet::Admin, set the DDL directory
in the schema before attempting an upgrade.
Change-Id: I691184fc4cf416e68f300bc78f7caffc41bf94b8
Reviewed-on: https://gerrit.stanford.edu/793
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Used currently by MDM to store both the certificate and the key in
the same file for convenience.
Change-Id: I38901ac93fe3022c2e00f735a0f995500841d709
Reviewed-on: https://gerrit.stanford.edu/784
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | In Wallet::Policy::Stanford, add support for setting a default owner
of file objects whose names are based on a group that has an ACL
mapping.
Change-Id: I4f63815621d81e26ba4779d10f249cb31eef2b5e
Reviewed-on: https://gerrit.stanford.edu/759
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Add all the new group names for the Stanford naming policy and
associate them with default ACLs (not yet used).  Distinguish
them from the legacy group names, and use the appropriate ones
for naming policy enforcement.
Change-Id: I4b87ff48d34d82195245798f41afefff26efa95d
Reviewed-on: https://gerrit.stanford.edu/758
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Add support for a default owner for host-based file objects to
Wallet::Policy::Stanford.
Change-Id: I1a9bf07def1356788fbd0acf9910a2e86c9e8f08
Reviewed-on: https://gerrit.stanford.edu/757
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Refactor the Wallet::Policy::Stanford module to pull some of the
constants out, and then add data and support in the naming policy
for the new file object naming scheme.
Change-Id: Iba0c24c119ce529a1d3fd8cd3332335c4433df09
Reviewed-on: https://gerrit.stanford.edu/756
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | To make it easier to revise and test revisions to the Stanford
wallet naming policy, convert the code to a module and include it
in the distribution.  Add a test suite for the current policy.
Change-Id: I73b888fa8d18401a239144c2e9f810ad4692c44b
Reviewed-on: https://gerrit.stanford.edu/755
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | In moving from DBI to DBIx::Class, we at first left the various
variables the same.  This goes through to update them for the proper
names.
* Wallet::Admin::schema was created to return the schema object (and
similarly for Wallet::Server and Wallet::Report).
* Wallet::Admin::dbh was modified to return the actual DBI handle again
(and similarly for Wallet::Server and Wallet::Report).
* Various places that used $admin->{dbh} were moved to $admin->{schema}.
* Various places using $dbh for the schema object were changed to
$schema.
Change-Id: I00914866e9a8250855a7828474aa9ce0f37b914f
Reviewed-on: https://gerrit.stanford.edu/733
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | perl/Wallet/Object/Keytab.pm was using the wrong value for the database
handle in some places (trying to load as a subroutine rather than part
of the object).  Also, the keytab.t tests were attempting to run against
the DBIx::Class object rather than a direct dbh handle that they
expected.
Change-Id: Ifbb8b110d559f3ba867fc5b0dc3933fd2d4fd484
Reviewed-on: https://gerrit.stanford.edu/731
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.
Change-Id: Ie5083432d09a0d9fe364a61c31378b77aa7b3cb7
Reviewed-on: https://gerrit.stanford.edu/598
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Change-Id: Id360aebe8f0a3911a7d628feafef9b3110801124
Reviewed-on: https://gerrit.stanford.edu/715
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu> | 
|  | Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise.  This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store". | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Avoid tromping on the user's AFS credentials if using Heimdal
user space. | 
|  | A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported.  This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL.  The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type.  New configuration settings are
required as well; see Wallet::Config for more information.  To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier. | 
|  | Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it.  The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL. | 
|  | Hook the new upgrade method of Wallet::Schema into Wallet::Admin
and the wallet-admin wrapper script. | 
|  | Version 0 is the version without the metadata table.  Add a new
upgrade method to Wallet::Schema and support upgrading the database
to version 1.  (Version 1 is not yet finalized.) | 
|  | Add a metadata table whose only column, currently, is a version number.
We will store the version of the schema in this table and use that to
know what to do during upgrades. | 
|  |  | 
|  |  | 
|  | The check for the enctypes of created keytabs tries klist for MIT
first and then Heimdal ktutil.  The klist options are invalid for
Heimdal.  Suppress the resulting complaining to standard error. | 
|  | Add an acls duplicate report to wallet-report and Wallet::Report,
returning sets of ACLs that have exactly the same entries. | 
|  | Add a objects unused report to wallet-report and Wallet::Report,
returning all objects that have never been downloaded (in other words,
have never been the target of a get command). | 
|  | Parallel to objects name, add an acls name audit that returns all ACLs
that do not follow the site naming standard. | 
|  | Wallet::Config now supports an additional local function,
verify_acl_name, which can be used to enforce ACL naming policies.  If
set, it is called for any ACL creation or rename and can reject the
new ACL name. | 
|  | Add the acls unused report to wallet-report and Wallet::Report,
returning all ACLs not referenced by any database objects. | 
|  |  | 
|  | Add an audit command to wallet-report and one audit: objects name,
which returns all objects that do not pass the local naming policy.
The corresponding Wallet::Report method is audit().
Wallet::Config::verify_name may now be called with an undefined third
argument (normally the user attempting to create an object).  This
calling convention is used when auditing, and the local policy
function should select the correct policy to apply for useful audit
results. | 
|  | When deleting an ACL on the server, verify that the ACL is not
referenced by any object first.  Database referential integrity should
also catch this, but not all database backends may enforce referential
integrity.  This also allows us to return a better error message
naming an object that's still using that ACL. | 
|  | Coding style update.  Don't prefix the file short description with the
file name; it's not needed. | 
|  |  | 
|  |  | 
|  | Move all reporting from Wallet::Admin to Wallet::Report and simplify
the method names since they're now part of a dedicated reporting
class.  Similarly, create a new wallet-report script to wrap
Wallet::Report, moving all reporting commands to it from wallet-admin,
and simplify the commands since they're for a dedicated reporting
script.
Remove the contrib script wallet-report to wallet-summary so that it
doesn't conflict with the new reporting backend script. | 
|  | Change the API for keytab_rekey to match keytab, returning the keytab
as data instead of writing it to a file.  This simplifies the wallet
object implementation and moves the logic for reading the temporary
file into Wallet::Kadmin and its child classes.  (Eventually, there may
be a kadmin backend that doesn't require using a temporary file.)
Setting KEYTAB_TMP is now required to instantiate either the ::MIT or
::Heimdal Wallet::Kadmin classes. | 
|  | Heimdal supports retrieving a keytab containing the existing keys over
the kadmin protocol.  Move the support for using remctl to retrieve an
existing keytab into Wallet::Kadmin::MIT and provide two separate
methods in the Wallet::Kadmin interface: one which rekeys and one which
doesn't.  Implement the non-rekeying interface for Heimdal.  Expand the
test suite for the unchanging keytabs to include tests for the Heimdal
method. | 
|  | Now that we support multiple versions of Kerberos, use generic names
for the functions in the Wallet::Kadmin interface rather than the
commands from the MIT kadmin interface. | 
|  |  | 
|  | Also update the POD syntax check to the current version of that check
I use elsewhere.  Since I'm touching all the POD anyway, also rewrap
all of the POD to 74 columns.  Fix some references to MIT in the
Wallet::Kadmin::Heimdal module documentation. | 
|  |  | 
|  | Remove kaserver synchronization support.  It is no longer tested, and
retaining the code was increasing the complexity of wallet, and some
specific requirements (such as different realm names between kaserver
and Kerberos v5 and the kvno handling) were Stanford-specific.  Rather
than using this support, AFS sites running kaserver will probably find
deploying Heimdal with its internal kaserver compatibility is probably
an easier transition approach. | 
|  | Map the AES enctype to the full enctype name, which will work for both
MIT and Heimdal.  Fix the test count.  Really test rollback from invalid
enctypes (what we did before made no sense).  Skip tests that will just
fail if the enctype stuff is not working, since otherwise it confuses
matters. |