| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Add SPDX-License-Identifier headers to all substantial source files.
Collapse copyright years. Add some Emacs configuration for files
where the copyright notice is at the end. Add a test that every
file has SPDX-License-Identifier.
|
|
Mostly changing http eyrie.org URLs to https, but also remove my
old email address in one place and switch some tests away from my
old RRA_MAINTAINER_TESTS environment variable to use the Lancaster
Consensus variables properly. This uncovered a bug in skipping one
test unless Stanford Kerberos credentials existed.
|
|
Use @PERL@ as the substitution variable instead of WALLET_PERL_PATH
to match normal Automake conventions. Write the scripts into the
build path, not the source path, to work properly with out-of-tree
builds. Clean up the distribution rules. Use separate Makefile rules
for each script so that make has proper dependencies.
Also fix the Perl paths in (some of) the test scripts, although there
are others for which this still isn't going to work.
|
|
The server scripts now have a unique string where the Perl path should
be, and the Makefile uses sed to insert the correct path at build time
(using the path determined by configure).
The server scripts now have .in extensions, and setting the executable
flag is handled by the Makefile.
We also have to change autogen, because it looks for the scripts in
the server directory when it generates the man pages.
|
|
|
|
Add use 5.008 and use warnings uniformly to all of the server backend
scripts.
|
|
Change-Id: If63ea5829252fda13b68d031fb9f48c93b71697a
|
|
Change-Id: I9f8f986952510f6b2d326ccaab4bb7006a033b9d
|
|
Change-Id: I710de6a1df01ecd9aebd202288a9efb434c09054
|
|
Change-Id: Ib077a196ee5389d7ec6d90fcf411cae0a81e071d
|
|
We needed a way to report on where all a specific ACL might be nested,
since we can't destroy an ACL until it's no longer being nested. For
the immediate this is part of wallet-report.
Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
|
|
"wallet-report objects host <hostname>" reports on all objects that
belong to the given host. This can be used to query things for retiring
systems.
Change-Id: Ib1c8e5978fed141d54ecc8504b56b43c037f9b17
|
|
update will work generally like get, but only for objects that have a
concept of updating content automatically, like keytabs and passwords.
For these, the content will be updated before sending to the client.
In a later release get for keytabs will be modified to never update the
kvno before sending to the user, and so the unchanging flag will be
phased out in lieu of explicitly using the method that does what you
want.
Change-Id: I96a84416c5e50278eb29fe07052dde6e063bc071
|
|
Two new reports, 'types' and 'schemes'. These will print out all
configured types and acl schemes.
Change-Id: Ib06d37755fe80c168a6f723c9a1e683fdf5dfcde
|
|
Took code from Commerzbank AG and refactored to add to wallet-report.
This does a complete dump of all object history for searching on.
Change-Id: Id22c51d2938ad90e0c6a19aaa016501a1ba333b3
|
|
New command for replacing the ownership of anything owned by a specific
ACL with another ACL. This differs from acl rename in that it's to be
used when the destination ACL already exists and potentially already
owns some objects.
Change-Id: I765bebf499fe0f861abc2ffe1873990590beed36
|
|
Report on all file objects that have never had data stored in them.
Also clean up the text around the 'objects unused' report which said
that it did this plus things that were never gotten, but in reality only
reported on the objects that were never gotten.
Change-Id: I30c9585ac6f3744fbea2f94b3d6874a64c0109ad
|
|
|
|
File objects now support a rename command, which will rename the object
and move the file to the right spot in the file store under its new
name.
Change-Id: I10ea2b8012586d69f0894905cfba54a738f3e418
|
|
|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I7eefcb5eab2e35e8d45baa6e868f1f00867c6b62
Reviewed-on: https://gerrit.stanford.edu/1372
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
It's nice to have spaces and other special characters in comments,
so allow any character rather than applying the normal argument
filtering.
Change-Id: Iec8584f1f6893906db7245fbe571d62ebc60f72a
Reviewed-on: https://gerrit.stanford.edu/989
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
aspell doesn't like some of the words used in the Expat license.
Change-Id: Ia31b41c54dcec3b50dbfb2ae7318574997c5d8ca
Reviewed-on: https://gerrit.stanford.edu/972
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
For scripts, do this by moving the copyright and license statement
from the top of the script into the POD documentation.
Also try to uniformly put the SEE ALSO section last.
Change-Id: Id31a5c0d5e6f6831a689deec41a13d35bb40465a
Reviewed-on: https://gerrit.stanford.edu/850
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
wallet-admin is solely a thin wrapper around Wallet::Admin, but it
gained specific code for initialize and update, which caused the
server/admin test to fail.
Move the update code to set a default version into into Wallet::Admin
instead. The initialize code appears to be unnecessary; it was
setting a default for a parameter that was already handled by
Wallet::Config.
Change-Id: I1a7e5dbbfd005e4f60e89e50a91019295e44df99
Reviewed-on: https://gerrit.stanford.edu/729
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.
Change-Id: Ie5083432d09a0d9fe364a61c31378b77aa7b3cb7
Reviewed-on: https://gerrit.stanford.edu/598
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
|
|
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
Hook the new upgrade method of Wallet::Schema into Wallet::Admin
and the wallet-admin wrapper script.
|
|
|
|
|
|
|
|
Add a help command to wallet-report, which returns a summary of all
available commands.
|
|
Add the krb5-regex ACL type and corresponding Wallet::ACL::Krb5::Regex
module. This ACL is identical to krb5 except that it takes a regular
expression matching principals instead of a string that must match
exactly.
|
|
Add an acls duplicate report to wallet-report and Wallet::Report,
returning sets of ACLs that have exactly the same entries.
|
|
Add a objects unused report to wallet-report and Wallet::Report,
returning all objects that have never been downloaded (in other words,
have never been the target of a get command).
|
|
|
|
Parallel to objects name, add an acls name audit that returns all ACLs
that do not follow the site naming standard.
|
|
Add the acls unused report to wallet-report and Wallet::Report,
returning all ACLs not referenced by any database objects.
|
|
|
