| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I7eefcb5eab2e35e8d45baa6e868f1f00867c6b62
Reviewed-on: https://gerrit.stanford.edu/1372
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
It's nice to have spaces and other special characters in comments,
so allow any character rather than applying the normal argument
filtering.
Change-Id: Iec8584f1f6893906db7245fbe571d62ebc60f72a
Reviewed-on: https://gerrit.stanford.edu/989
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
aspell doesn't like some of the words used in the Expat license.
Change-Id: Ia31b41c54dcec3b50dbfb2ae7318574997c5d8ca
Reviewed-on: https://gerrit.stanford.edu/972
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
For scripts, do this by moving the copyright and license statement
from the top of the script into the POD documentation.
Also try to uniformly put the SEE ALSO section last.
Change-Id: Id31a5c0d5e6f6831a689deec41a13d35bb40465a
Reviewed-on: https://gerrit.stanford.edu/850
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
wallet-admin is solely a thin wrapper around Wallet::Admin, but it
gained specific code for initialize and update, which caused the
server/admin test to fail.
Move the update code to set a default version into into Wallet::Admin
instead. The initialize code appears to be unnecessary; it was
setting a default for a parameter that was already handled by
Wallet::Config.
Change-Id: I1a7e5dbbfd005e4f60e89e50a91019295e44df99
Reviewed-on: https://gerrit.stanford.edu/729
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.
Change-Id: Ie5083432d09a0d9fe364a61c31378b77aa7b3cb7
Reviewed-on: https://gerrit.stanford.edu/598
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
|
|
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
Hook the new upgrade method of Wallet::Schema into Wallet::Admin
and the wallet-admin wrapper script.
|
|
|
|
|
|
|
|
Add a help command to wallet-report, which returns a summary of all
available commands.
|
|
Add the krb5-regex ACL type and corresponding Wallet::ACL::Krb5::Regex
module. This ACL is identical to krb5 except that it takes a regular
expression matching principals instead of a string that must match
exactly.
|
|
Add an acls duplicate report to wallet-report and Wallet::Report,
returning sets of ACLs that have exactly the same entries.
|
|
Add a objects unused report to wallet-report and Wallet::Report,
returning all objects that have never been downloaded (in other words,
have never been the target of a get command).
|
|
|
|
Parallel to objects name, add an acls name audit that returns all ACLs
that do not follow the site naming standard.
|
|
Add the acls unused report to wallet-report and Wallet::Report,
returning all ACLs not referenced by any database objects.
|
|
|
|
The front-end still had the commands and documentation that had been
moved to wallet-report. Pull them out of wallet-admin to avoid being
confusing.
|
|
|
|
Add an audit command to wallet-report and one audit: objects name,
which returns all objects that do not pass the local naming policy.
The corresponding Wallet::Report method is audit().
Wallet::Config::verify_name may now be called with an undefined third
argument (normally the user attempting to create an object). This
calling convention is used when auditing, and the local policy
function should select the correct policy to apply for useful audit
results.
|
|
|
|
|
|
Update the wallet client, wallet-backend, and Wallet::Object::File
documentation for the support for storing data containing nul
characters using the new stdin support in remctld. Add this to NEWS.
|
|
If there is no third argument to store, read it from standard input
instead. This is the preferred way of running wallet-backend, using
stdin=last support from remctl 2.14 and later. Receiving the third
argument as a regular argument continues to be supported for backward
compatibility.
|
|
Move all reporting from Wallet::Admin to Wallet::Report and simplify
the method names since they're now part of a dedicated reporting
class. Similarly, create a new wallet-report script to wrap
Wallet::Report, moving all reporting commands to it from wallet-admin,
and simplify the commands since they're for a dedicated reporting
script.
Remove the contrib script wallet-report to wallet-summary so that it
doesn't conflict with the new reporting backend script.
|
|
Add a POD spelling test to the non-Perl-module part of the code and
move the documentation tests into a separate directory. Merge the
POD syntax tests between client and server into one test.
Reformat all of the POD documentation to use 74 columns. Fix a few
revealed spelling errors or weird wordings.
|
|
The code to support the attribute is still present in case we add a
system with which to synchronize later on.
|
|
Heimdal requires the full name and doesn't support the short name that
MIT has as an alias. Change the documentation to use the long name
uniformly.
|
|
Combine a long series of eval blocks into a single block and a single
error check. Remove trailing whitespace, and in some cases remove
trailing () on method calls where the parens aren't useful.
|
|
Added documentation for the new object and acl list searches to
perl/Wallet/Admin.pm and server/wallet-admin. Also fixed a POD error
in perl/Wallet/Kadmin.pm's docs.
|
|
wallet-admin's list command now has additional searches added for objects
and acls that match certain specifiers. For objects these include
searching for objects owned by a specific ACL, objects owned by no one,
objects of a specific type, objects with a specific flag, and objects for
which a specific ACL has any privileges at all. For acls, this includes
the ability to search for any ACL with an entry with given type and
identifier.
|
|
Add a new report owners command to wallet-admin and corresponding
report_owners() method to Wallet::Admin, which returns all ACL lines
on owner ACLs for matching objects.
|
|
|
|
|
|
the data passed to store.
|
|
parse it as an argument to wallet-backend.
|
|
implementations in the database.
|
|
|
