| Age | Commit message (Collapse) | Author |
|---|
|
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Change-Id: I8e51a576ea8781502f4eb983462ceca867b002be
Reviewed-on: https://gerrit.stanford.edu/1556
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker. This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server. It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Also reorganize the test suite to use subdirectories.
Change-Id: Id06120ba2bad1ebbfee3d8a48ca2f25869463165
Reviewed-on: https://gerrit.stanford.edu/1530
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Update to rra-c-util 5.5:
* Use Lancaster Consensus environment variables to control tests.
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
* Assume calloc initializes pointers to NULL.
* Assume free(NULL) is properly ignored.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
Update to C TAP Harness 3.1:
* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.
* Suppress lazy plans and test summaries if the test failed with bail.
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
Change-Id: I05161eb3d3be49a98f7762e876cb114da0c84e9a
Reviewed-on: https://gerrit.stanford.edu/1529
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
If we don't run the code to delete the wallet database very late,
destruction of the SQLite objects may recreate the database file.
Move the unlink to an END block to avoid this problem.
Change-Id: Ib5ec2cbd08ba24c99f3dfa1daa01488931c5958f
Reviewed-on: https://gerrit.stanford.edu/1525
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
A new object type, duo (Wallet::Object::Duo), is now supported. This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname. Currently, only UNIX integration
types are supported. The Net::Duo Perl module is required to use this
object type. New configuration settings are required as well; see
Wallet::Config for more information. To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
Change-Id: I2c0dac75e81f526b34d6b509c4bdaecb43dd4a9d
Reviewed-on: https://gerrit.stanford.edu/1516
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Further documentation of the changes will come later when the rest
of rra-c-util files have been updated and the package makes more
use of these modules, but this fixes a spelling error test failure.
Change-Id: Ia885c4ab103235a1f6a2bf2b86d5a32c93751d89
Reviewed-on: https://gerrit.stanford.edu/1371
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Change-Id: I5f863239ce4ebba66b35ff09454f2897367bd359
Reviewed-on: https://gerrit.stanford.edu/1369
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
It's nice to have spaces and other special characters in comments,
so allow any character rather than applying the normal argument
filtering.
Change-Id: Iec8584f1f6893906db7245fbe571d62ebc60f72a
Reviewed-on: https://gerrit.stanford.edu/989
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
This confuses build-license and makes it think this is a separate
copyright holder.
Change-Id: I91f4e9e6f6eed478918cd84f4158544b0c050c30
Reviewed-on: https://gerrit.stanford.edu/856
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Remove the old tests/data/README documentation and move the note
about krb5.conf into tests/config/README. (This should change later
to use tests/config for that file.) Add a license statement to that
file. Create an empty tests/config directory in the build tree if
the build directory is not the source directory.
Change-Id: Idf466e32cd114841c45f58dba47b11282467ec8f
Reviewed-on: https://gerrit.stanford.edu/848
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Icd7381f4fbe3699dbd6e5459ddb59548f60e56a4
Reviewed-on: https://gerrit.stanford.edu/846
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6a84920b0c0dc1849af8a34ecf8f3fb70b45e17c
Reviewed-on: https://gerrit.stanford.edu/843
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I06dd9ecca19315179bdd34d4b301548fe7604331
Reviewed-on: https://gerrit.stanford.edu/842
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Update to rra-c-util 4.8:
* Look for krb5-config in /usr/kerberos/bin after the user's PATH.
* Kerberos library probing fixes without transitive shared libraries.
* Fix Autoconf warnings when probing for AIX's bundled Kerberos.
* Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given.
* Correctly remove -I/usr/include from Kerberos and GSS-API flags.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Pass --deps to krb5-config unless --enable-reduced-depends was used.
* Do not use krb5-config results unless gssapi is supported.
* Fix probing for Heimdal's libroken to work with older versions.
* Update warning flags for GCC 4.6.1.
* Update utility library and test suite for newer GCC warnings.
* Fix broken GCC attribute markers causing compilation problems.
* Suppress warnings on compilers that support gcc's __attribute__.
* Add notices to all files copied over from rra-c-util.
* Fix warnings when reporting memory allocation failure in messages.c.
* Fix message utility library compiler warnings on 64-bit systems.
* Include strings.h for additional POSIX functions where found.
* Use an atexit handler to clean up after Kerberos tests.
* Kerberos test configuration now goes in tests/config.
* The principal of the test keytab is determined automatically.
* Simplify the test suite calls for Kerberos and remctl tests.
* Check for a missing ssize_t.
* Improve the xstrndup utility function.
* Checked asprintf variants are now void functions and cannot fail.
* Fix use of long long in portable/mkstemp.c.
* Fix test suite portability to Solaris.
* Substantial improvements to the POD syntax and spelling checks.
Update to C TAP Harness 1.12:
* Fix compliation of runtests with more aggressive warnings.
* Add a more complete usage message and a -h command-line flag.
* Flush stderr before printing output from tests.
* Better handle running shell tests without BUILD and SOURCE set.
* Fix runtests to honor -s even if BUILD and -b aren't given.
* runtests now frees all allocated resources on exit.
* Only use feature-test macros when requested or built with gcc -ansi.
* Drop is_double from the C TAP library to avoid requiring -lm.
* Avoid using local in the shell libtap.sh library.
* Suppress warnings on compilers that support gcc's __attribute__.
Change-Id: I394294d5486ac1ce265c7713bec71a148aaaf1ce
Reviewed-on: https://gerrit.stanford.edu/841
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
We attempt to create a new SQLite database, which requires the schema
directory be configured. Add that directory to the test wallet
configuration.
Change-Id: Id17fd10056760fe8efd5ef89cea134bca17e1abb
Reviewed-on: https://gerrit.stanford.edu/728
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
|
|
|
|
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
|
|
Hook the new upgrade method of Wallet::Schema into Wallet::Admin
and the wallet-admin wrapper script.
|
|
|
|
Update to C TAP Harness 1.5:
* Better reporting of fatal errors in the test suite.
* Summarize results at the end of test execution.
* Add tests/HOWTO from docs/writing-tests in C TAP Harness.
Update to rra-c-util 2.6:
* Fix portability to bundled Heimdal on OpenBSD.
* Improve checking for krb5_kt_free_entry with older MIT Kerberos.
* Fix portability for missing krb5_get_init_creds_opt_free.
* Fix header guard for util/xwrite.h.
* Restore default compiler configuration after GSS-API library probe.
|
|
Test partial rekeying, aboring due to failure to rekey, and skipping
a keytab because all principals were foreign.
|
|
The loop handling finding principals to rekey was not correctly
coping with principals from foreign realms.
|
|
This confirms basic functionality, but doesn't test more interesting
things like rekeying multiple keys in the same keytab or skipping
principals that aren't from the local realm.
|
|
fake-keytab-old had a higher kvno than fake-keytab, which is going to
confuse matters for future tests. Rework them so that kvnos increase.
|
|
The check for whether we got the right keytab data was not being done
on Heimdal since it only knew how to run klist. Add a new ktutil_list
function to kerberos.sh that runs klist or ktutil list as appropriate.
|
|
|
|
|
|
Add an acls duplicate report to wallet-report and Wallet::Report,
returning sets of ACLs that have exactly the same entries.
|
|
Parallel to objects name, add an acls name audit that returns all ACLs
that do not follow the site naming standard.
|
|
Add an audit command to wallet-report and one audit: objects name,
which returns all objects that do not pass the local naming policy.
The corresponding Wallet::Report method is audit().
Wallet::Config::verify_name may now be called with an undefined third
argument (normally the user attempting to create an object). This
calling convention is used when auditing, and the local policy
function should select the correct policy to apply for useful audit
results.
|
|
Coding style update. Don't prefix the file short description with the
file name; it's not needed.
|
|
The test created krb5.conf first thing, but didn't delete it if
skipping all of the tests.
|
|
|
|
If there is no third argument to store, read it from standard input
instead. This is the preferred way of running wallet-backend, using
stdin=last support from remctl 2.14 and later. Receiving the third
argument as a regular argument continues to be supported for backward
compatibility.
|
|
Refactor the wallet client code to use remctl_commandv and send stores
with data containing nul.
|
|
Move all reporting from Wallet::Admin to Wallet::Report and simplify
the method names since they're now part of a dedicated reporting
class. Similarly, create a new wallet-report script to wrap
Wallet::Report, moving all reporting commands to it from wallet-admin,
and simplify the commands since they're for a dedicated reporting
script.
Remove the contrib script wallet-report to wallet-summary so that it
doesn't conflict with the new reporting backend script.
|
|
Add a POD spelling test to the non-Perl-module part of the code and
move the documentation tests into a separate directory. Merge the
POD syntax tests between client and server into one test.
Reformat all of the POD documentation to use 74 columns. Fix a few
revealed spelling errors or weird wordings.
|
|
Simplify the build rules for the test suite to take advantage of the
improved runtests support for builddir != srcdir. Stop doing Autoconf
substitution on full.conf now that we have that support.
|
|
Anything that only was using substitution for the paths to the build
tree now uses $SOURCE and $BUILD instead. Stop doing substitution.
Also fix tests/data/cmd-wrapper to use the environment variables.
|
|
Now that runtests has been updated to a version that sets $SOURCE and
$BUILD, use that in the test cases rather than Autoconf substitutions.
|
|
* Update portable and util tests for C TAP Harness 1.1.
* Remove the need for Autoconf substitution in test programs.
* Support running a single test program with runtests -o.
* Properly handle test cases that are skipped in their entirety.
* Much improved C TAP library more closely matching Test::More.
Rewrite client/basic-t to use the new test library functions and my
current test case coding style.
|
|
|
|
|
|
The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S. Instead, it just extracts the DES key
from the keytab and writes it to a srvtab. It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab. This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
|
|
Added a fix to the Pod tests to change the order of the arguments in a
skip statement to the correct order. Also added tests for the
KEYTAB_KRBTYPE value in the keytab tests, and changed the Wallet::Kadmin
module to standardize the errors returned with no keytab set and add new
error for keytab set but not a valid value.
|
|
|
|
Add a new report owners command to wallet-admin and corresponding
report_owners() method to Wallet::Admin, which returns all ACL lines
on owner ACLs for matching objects.
|
