| Age | Commit message (Collapse) | Author |
|---|
|
Add use 5.008 and use warnings uniformly to all of the server backend
scripts.
|
|
update will work generally like get, but only for objects that have a
concept of updating content automatically, like keytabs and passwords.
For these, the content will be updated before sending to the client.
In a later release get for keytabs will be modified to never update the
kvno before sending to the user, and so the unchanging flag will be
phased out in lieu of explicitly using the method that does what you
want.
Change-Id: I96a84416c5e50278eb29fe07052dde6e063bc071
|
|
New command for replacing the ownership of anything owned by a specific
ACL with another ACL. This differs from acl rename in that it's to be
used when the destination ACL already exists and potentially already
owns some objects.
Change-Id: I765bebf499fe0f861abc2ffe1873990590beed36
|
|
File objects now support a rename command, which will rename the object
and move the file to the right spot in the file store under its new
name.
Change-Id: I10ea2b8012586d69f0894905cfba54a738f3e418
|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
It's nice to have spaces and other special characters in comments,
so allow any character rather than applying the normal argument
filtering.
Change-Id: Iec8584f1f6893906db7245fbe571d62ebc60f72a
Reviewed-on: https://gerrit.stanford.edu/989
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
For scripts, do this by moving the copyright and license statement
from the top of the script into the POD documentation.
Also try to uniformly put the SEE ALSO section last.
Change-Id: Id31a5c0d5e6f6831a689deec41a13d35bb40465a
Reviewed-on: https://gerrit.stanford.edu/850
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
Add the krb5-regex ACL type and corresponding Wallet::ACL::Krb5::Regex
module. This ACL is identical to krb5 except that it takes a regular
expression matching principals instead of a string that must match
exactly.
|
|
Update the wallet client, wallet-backend, and Wallet::Object::File
documentation for the support for storing data containing nul
characters using the new stdin support in remctld. Add this to NEWS.
|
|
If there is no third argument to store, read it from standard input
instead. This is the preferred way of running wallet-backend, using
stdin=last support from remctl 2.14 and later. Receiving the third
argument as a regular argument continues to be supported for backward
compatibility.
|
|
Add a POD spelling test to the non-Perl-module part of the code and
move the documentation tests into a separate directory. Merge the
POD syntax tests between client and server into one test.
Reformat all of the POD documentation to use 74 columns. Fix a few
revealed spelling errors or weird wordings.
|
|
The code to support the attribute is still present in case we add a
system with which to synchronize later on.
|
|
Heimdal requires the full name and doesn't support the short name that
MIT has as an alias. Change the documentation to use the long name
uniformly.
|
|
|
|
|
|
the data passed to store.
|
|
parse it as an argument to wallet-backend.
|
|
|
|
|
|
default ACLs. Remove autocreation support from create, which now
requires that one be on the ADMIN ACL, and from get and store. The
wallet client will soon know how to do the right thing.
|
|
already exists.
|
|
|
|
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
|
|
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
|
|
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
|
|
|
|
documentation and test it. Update NEWS and TODO for the completion of
the history code.
|
|
documentation. Fix a variety of other problems with the documentation of
the ACLs used and add mentions of getattr and setattr to a few places
where they were missing.
|
|
of the enctypes attribute when the unchanging flag is set.
|
|
that the enctype must be in the database in the keytab object API
documentation.
The README and NEWS files are now done.
|
|
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
additional work and cleanup, particularly support for the sync attribute.
|
|
document them in the user documentation.
|
|
Document locked flag issues when implementing a new object type.
|
|
|
|
Wallet::Server method.
|
|
Wallet::Config, which was no longer used now that the database opening
code is in Wallet::Server. Fix the exception in argument checking for
store.
|
|
|
|
use a better convention for command arguments and to include quite a few
more details.
|
|
|
|
getacl returns, and handle undef returns from owner, expires, and getacl
that aren't errors.
|
|
since DBI doesn't require it.
|
|
bother working hard to disconnect the database on exit, since the DESTROY
DBI method will do the right thing.
|
|
|
