From 43d3a892cb5aa69234a2591bf584036970a7243e Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 23 Jan 2016 15:24:19 -0800 Subject: Update Perl module versions for 1.4 --- perl/lib/Wallet/Config.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'perl/lib/Wallet/Config.pm') diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index b8771c3..6515756 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -13,7 +13,7 @@ use 5.008; use strict; use warnings; -our $VERSION = '1.03'; +our $VERSION = '1.04'; # Path to the config file to load. our $PATH = $ENV{WALLET_CONFIG} || '/etc/wallet/wallet.conf'; -- cgit v1.2.3 From 2b05e1d33eff84aec21202d09821a54c95446a24 Mon Sep 17 00:00:00 2001 From: Bill MacAllister Date: Sun, 3 Apr 2016 18:40:00 +0000 Subject: Add ad-keytab, update Wallet::Config * This ad-keytab is useful in the initial setup of AD as a keytab store for wallet. * Change configuration variables to correctly reflect that some values are relative distinguished names. * Add a configuration variable for the base distinguished name for ActiveDirectory. --- contrib/ad-keytab | 610 +++++++++++++++++++++++++++++++++++++++++++ perl/lib/Wallet/Config.pm | 78 ++++-- perl/lib/Wallet/Kadmin/AD.pm | 51 ++-- 3 files changed, 691 insertions(+), 48 deletions(-) create mode 100755 contrib/ad-keytab (limited to 'perl/lib/Wallet/Config.pm') diff --git a/contrib/ad-keytab b/contrib/ad-keytab new file mode 100755 index 0000000..2af9f85 --- /dev/null +++ b/contrib/ad-keytab @@ -0,0 +1,610 @@ +#!/usr/bin/perl -w +# +# Create, update, delete, and display keytabs stored in Active Directory. +# +# Written by Bill MacAllister +# Copyright 2016 Dropbox, Inc. +# +# See LICENSE for licensing terms. + +############################################################################## +# Declarations +############################################################################## + +use Authen::SASL; +use Carp; +use Getopt::Long; +use IPC::Run qw( run timeout ); +use Net::LDAP; +use Pod::Usage; +use strict; + +my $opt_ad_server; +my $opt_base_dn; +my $opt_computer_rdn; +my $opt_config; +my $opt_debug; +my $opt_dump; +my $opt_help; +my $opt_manual; +my $opt_realm; +my $opt_user_rdn; + +# Configuration variables +our $AD_DEBUG; +our $AD_SERVER; +our $AD_COMPUTER_RDN; +our $AD_USER_RDN; +our $KEYTAB_REALM; +our $AD_BASE_DN; + +############################################################################## +# Subroutines +############################################################################## + +# Write messages to standard output and check the return status +sub msg { + my @msgs = @_; + for my $m (@msgs) { + print STDOUT $m . "\n" or croak("Problem printing to STDOUT"); + } + return; +} + +# Write debugging messages +sub dbg { + my ($m) = @_; + msg("DEBUG:$m"); + return; +} + +# Decode Active Directory's userAccountControl attribute +# Flags are powers of two starting at zero. +sub list_userAccountControl { + my ($uac) = @_; + my @flags = ( + 'SCRIPT', + 'ACCOUNTDISABLE', + 'HOMEDIR_REQUIRED', + 'LOCKOUT', + 'PASSWD_NOTREQD', + 'PASSWD_CANT_CHANGE', + 'ENCRYPTED_TEXT_PWD_ALLOWED', + 'TEMP_DUPLICATE_ACCOUNT', + 'NORMAL_ACCOUNT', + 'INTERDOMAIN_TRUST_ACCOUNT', + 'WORKSTATION_TRUST_ACCOUNT', + 'SERVER_TRUST_ACCOUNT', + 'DONT_EXPIRE_PASSWORD', + 'MNS_LOGON_ACCOUNT', + 'SMARTCARD_REQUIRED', + 'TRUSTED_FOR_DELEGATION', + 'NOT_DELEGATED', + 'USE_DES_KEY_ONLY', + 'DONT_REQ_PREAUTH', + 'PASSWORD_EXPIRED', + 'TRUSTED_TO_AUTH_FOR_DELEGATION', + 'PARTIAL_SECRETS_ACCOUNT' + ); + + my $flag_list; + my $comma = ''; + for (my $i=0; $inew(mechanism => 'GSSAPI'); + $ldap = Net::LDAP->new($AD_SERVER, onerror => 'die'); + my $mesg = eval { $ldap->bind(undef, sasl => $sasl) }; + }; + if ($@) { + my $error = $@; + die "ldap bind to AD failed: $error\n"; + } + return $ldap; +} + +# Take a principal and split into parts. The parts are keytab type, +# keytab identifier, the base dn, an LDAP filter, and if the keytab +# type is host the host name. +sub kerberos_attrs { + my ($principal) = @_; + + my %attr = (); + my $dn; + my $host; + my $k_type; + my $k_id; + if ($principal =~ m,^(host|service)/(\S+),xms) { + $attr{type} = $1; + $attr{id} = $2; + if ($attr{type} eq 'host') { + $attr{base} = $AD_COMPUTER_RDN . ',' . $AD_BASE_DN; + $attr{host} = $attr{id}; + $attr{host} =~ s/[.].*//; + $attr{dn} = "cn=$attr{host},$attr{base}"; + $attr{filter} = "(samAccountName=$attr{host}\$)"; + } elsif ($attr{'type'} eq 'service') { + $attr{base} = $AD_USER_RDN . ',' . $AD_BASE_DN; + $attr{dn} = "cn=srv-$attr{id},$attr{base}"; + $attr{filter} = "(servicePrincipalName=$attr{type}/$attr{id})"; + } + } + if ($AD_DEBUG) { + for my $a (sort keys %attr) { + dbg("$a = $attr{$a}"); + } + } + return %attr; +} + +# Perform an LDAP search against AD and return information about +# service and host accounts. +sub ad_show { + my ($principal, $kattr_ref) = @_; + + my $ldap = ldap_connect(); + my %kattr = %{$kattr_ref}; + my $base = $kattr{base}; + my $filter = $kattr{filter}; + my @attrs = (); + if (!$opt_dump) { + @attrs = ( + 'distinguishedName', 'objectclass', + 'dnsHostname', 'msds-KeyVersionNumber', + 'msds-SupportedEncryptionTypes', 'name', + 'servicePrincipalName', 'samAccountName', + 'userAccountControl', 'userPrincipalName', + 'whenChanged', 'whenCreated', + ); + } + + if ($AD_DEBUG) { + dbg("base:$base filter:$filter scope:subtree\n"); + } + + my $result; + eval { + $result = $ldap->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + msg("INFO base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($AD_DEBUG) { + dbg('returned: ' . $result->count); + } + if ($result->count > 0) { + for my $entry ($result->entries) { + for my $attr ( sort $entry->attributes ) { + my $out = ''; + if ($attr =~ /userAccountControl/xmsi) { + my $val = $entry->get_value($attr); + $out = "$attr: $val"; + $out .= ' (' . list_userAccountControl($val) . ')'; + msg($out); + } else { + my $val_ref = $entry->get_value($attr, asref => 1); + my @vals = @{$val_ref}; + for my $val (@vals) { + msg("$attr: $val"); + } + } + } + } + } else { + msg("$kattr{type}/$kattr{id} not found"); + } + msg(' '); + return; +} + +# Check to see if a keytab exists +sub ad_exists { + my ($principal, $kattr_ref) = @_; + + my $ldap = ldap_connect(); + my %kattr = %{$kattr_ref}; + my $base = $kattr{base}; + my $filter = $kattr{filter}; + my @attrs = ('objectClass', 'msds-KeyVersionNumber'); + if ($AD_DEBUG) { + dbg("base:$base filter:$filter scope:subtree\n"); + } + + my $result; + eval { + $result = $ldap->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + msg("INFO base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($AD_DEBUG) { + dbg('returned: ' . $result->count); + } + if ($result->count > 1) { + msg('ERROR: too many AD entries for this keytab'); + for my $entry ($result->entries) { + msg('INFO: dn found ' . $entry->dn . "\n"); + } + die("INFO: use show to examine the problem\n"); + } + if ($result->count) { + for my $entry ($result->entries) { + return $entry->get_value('msds-KeyVersionNumber'); + } + } else { + return 0; + } + return; +} + +# Run a shell command. In this case the command will always be msktutil. +sub run_cmd { + my @cmd = @_; + + if ($AD_DEBUG) { + dbg('running command:' . join(q{ }, @cmd)); + } + + my $in; + my $out; + my $err; + my $err_flag; + eval { + run(\@cmd, \$in, \$out, \$err, timeout(60)); + if ($?) { + my $this_err = $?; + $err_flag = 1; + if ($this_err) { + msg('ERROR:' . $?); + } + if ($err) { + msg('ERROR (err):' . $err); + } + } + }; + if ($@) { + msg('ERROR (status):' . $@); + $err_flag = 1; + } + if ($err_flag) { + msg('ERROR: Problem executing:' . join(q{ }, @cmd)); + die "FATAL: Execution failed\n"; + } + + msg($out); + return; +} + +# Either create or update a keytab for the principal. Return the name +# of the keytab file created. +sub ad_create_update { + my ($principal, $file, $action) = @_; + my @cmd = ('/usr/sbin/msktutil'); + push @cmd, '--' . $action; + push @cmd, '--server', $AD_SERVER; + push @cmd, '--enctypes', '0x4'; + push @cmd, '--enctypes', '0x8'; + push @cmd, '--enctypes', '0x10'; + push @cmd, '--keytab', $file; + if ($KEYTAB_REALM) { + push @cmd, '--realm', $KEYTAB_REALM; + } + if ($principal =~ m,^host/(\S+),xms) { + my $fqdn = $1; + my $host = $fqdn; + $host =~ s/[.].*//xms; + push @cmd, '--base', $AD_COMPUTER_RDN; + push @cmd, '--dont-expire-password'; + push @cmd, '--computer-name', $host; + push @cmd, '--upn', "host/$fqdn"; + push @cmd, '--hostname', $fqdn; + } elsif ($principal =~ m,^service/(\S+),xms) { + my $service_id = $1; + push @cmd, '--base', $AD_USER_RDN; + push @cmd, '--use-service-account'; + push @cmd, '--service', "service/$service_id"; + push @cmd, '--account-name', "srv-${service_id}"; + push @cmd, '--no-pac'; + } + run_cmd(@cmd); + return; +} + +# Delete a principal from Kerberos. For AD this means just delete the +# object using LDAP. +sub ad_delete { + my ($principal, $kattr_ref) = @_; + + my %kattr = %{$kattr_ref}; + if (!ad_exists($principal, $kattr_ref)) { + msg("WARN: the keytab for $principal does not appear to exist."); + msg("INFO: attempting the delete anyway.\n"); + } + + my $ldap = ldap_connect(); + my $msgid = $ldap->delete($kattr{dn}); + if ($msgid->code) { + my $m; + $m .= "ERROR: Problem deleting $kattr{dn}\n"; + $m .= $msgid->error; + die $m; + } + return 1; +} + +############################################################################## +# Main Routine +############################################################################## + +# Get options +GetOptions( + 'ad_server=s' => \$opt_ad_server, + 'base_dn=s' => \$opt_base_dn, + 'computer_rdn=s' => \$opt_computer_rdn, + 'config=s' => \$opt_config, + 'debug' => \$opt_debug, + 'dump' => \$opt_dump, + 'help' => \$opt_help, + 'manual' => \$opt_manual, + 'realm' => \$opt_realm, + 'user_rdn=s' => \$opt_user_rdn +); + +# Help the user +if ($opt_manual) { + pod2usage(-verbose => 2); +} +if ($opt_help || !$ARGV[0]) { + pod2usage(-verbose => 0); +} + +# Make sure that we have kerberos credentials and that KRB5CCNAME +# points to them. +if (!$ENV{'KRB5CCNAME'}) { + msg('ERROR: Kerberos credentials are required ... try kinit'); + pod2usage(-verbose => 0); +} + +# Read the configuration file or croak +my $conf_file; +if ($opt_config) { + if (-e $opt_config) { + $conf_file = $opt_config; + } else { + msg("ERROR: Config file ($opt_config) not found"); + pod2usage(-verbose => 0); + } +} elsif ($ENV{'ADKEYTAB'}) { + $conf_file = $ENV{'ADKEYTAB'}; +} elsif (-e '.ad-keytab.conf') { + $conf_file = '.ad-keytab.conf'; +} else { + $conf_file = '/etc/wallet/wallet.conf'; +} +do $conf_file or die (($@ || $!) . "\n"); + +# Process command line options +if ($opt_ad_server) { + $AD_SERVER = $opt_ad_server; +} +if ($opt_base_dn) { + $AD_BASE_DN = $opt_base_dn; +} +if ($opt_computer_rdn) { + $AD_COMPUTER_RDN = $opt_computer_rdn; +} +if ($opt_user_rdn) { + $AD_USER_RDN = $opt_user_rdn; +} +if ($opt_debug) { + $AD_DEBUG = 1; +} + +# -- Get command line arguments +my $action = shift; +my $id = shift; +my $keytab; +if ($ARGV[0]) { + $keytab = shift; +} else { + $keytab = '/etc/krb5.keytab'; +} + +my %kattr = kerberos_attrs($id); +# Validate that the keytab id makes sense for the keytab type +if ($kattr{type} eq 'service') { + if ($kattr{id} =~ /[.]/xms) { + msg('ERROR: service principal names may not contain periods'); + pod2usage(-verbose => 0); + } + if (length($kattr{id}) > 22) { + msg('ERROR: service principal name too long'); + pod2usage(-verbose => 0); + } +} elsif ($kattr{type} eq 'host') { + if ($kattr{id} !~ /[.]/xms) { + msg('ERROR: FQDN is required'); + pod2usage(-verbose => 0); + } +} else { + msg("ERROR: unknown keytab type $kattr{type}"); + pod2usage(-verbose => 0); +} + +if ($action =~ /^(create|update)/xms) { + ad_create_update($id, $keytab, $1); +} elsif ($action =~ /^del/xms) { + ad_delete($id, \%kattr); +} elsif ($action =~ /^sh/xms) { + ad_show($id, \%kattr); +} else { + msg("ERROR: unknown action $action"); + pod2usage(-verbose => 0); +} + +exit; + +__END__ + +=head1 NAME + +ad-keytab + +=head1 SYNOPSIS + +ad-keytab create|update|delete|show keytab-id [keytab-file] +[--ad_server=hostname] [--computer_rdn=dn] [--user_rdn] [--dump] +[--help] [--manual] [--debug] + +=head1 DESCRIPTION + +This script is a wrapper around msktutil and ldapsearch to simplify +the creation of host and service keytabs. The script is useful for +boot strapping the kerberos credentials required to use Active +Directory as a backend keytab store for wallet. The script shares +the wallet configuration file. + +Generally, two keytabs will need to be created to setup update. One +host keytab for the wallet server host and one service keytab for +wallet to use when connecting to an Active Directory Domain +Controller. + +Note, this script does not update the Wallet database which means +any keytabs created by it will be invisible from wallet. + +=head1 ACTIONS + +=over 4 + +=item create + +Add a keytab to AD and update the keytab file. Fails if the keytab +already exists. + +=item update + +Update an existing keytab in AD and update the keytab file. Fails if +the keytab does not exist. + +=item delete + +Delete a keytab from AD and remove it from the keytab file. + +=item show + +Show AD's view of the account corresponding to the keytab. This action +does not use msktutil and queries AD directly using LDAP. + +=back + +=head1 OPTIONS AND ARGUMENTS + +=over 4 + +=item keytab-id + +This is either host principal name of the form host/ or a +service principal name of the form service/. Service keytab +identifiers cannot be longer than 18 characters because of an +ActiveDirectory restriction. + +=item keytab-filename + +The name of the keytab file. Defaults to /etc/krb5.keytab. + +=item --conf=filename + +The configuration file to read. The script searches for a configuration +file in the following order. + + * The command line switch --conf + * The environment variable ADKEYTAB + * The file .ad-keytab.conf + * The file /etc/ad-keytab.conf + +=item --ad_server=hostname + +The name of the Active Directory host to connect to. It is important +what the script contact only _one_ server due to the fact that +propagation within an Active Directory domain can be quite slow. + +=item --base_dn=ou=org,dc=domain,dc=tld + +The base distinguished name holding both computer and user accounts. + +=item --computer_rdn=dn + +The relative distinguished name to use as the base DN for both the +creation of host keytabs and searches of Active Directory. The +distinguished name formed will be computer_rdn,base_dn. + +=item --user_rdn=dn + +The relative distinguished name to use as the base DN for ldap +searches of Active Directory for service keytabs. The distinguished +name formed will be user_rdn_rdn,base_dn. + +=item --dump + +When displaying keytab attributes show all of the attributes. + +=item --help + +Displays help text. + +=item --manual + +Displays more complete help text. + +=item --debug + +Turns on debugging displays. + +=back + +=head1 SEE ALSO + +Set the documentation for Wallet::Config for configuration information, i.e. +perldoc Wallet::Config. + +=head1 AUTHOR + +Bill MacAllister + +=cut diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 6515756..2222aba 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -415,40 +415,39 @@ our $KEYTAB_TMP; =back -The following parameters are specific to generating keytabs from Active -Directory (KEYTAB_KRBTYPE is set to C). +The following parameters are specific to generating keytabs from +Active Directory (KEYTAB_KRBTYPE is set to C). =over 4 -=item AD_CACHE - -Specifies the ticket cache to use when manipulating Active Directory objects. -The ticket cache must be for a principal able to bind to Active Directory and -run B. +=item AD_BASE_DN -AD_CACHE must be set to use Active Directory support. +The base distinguished name of the ActiveDirectory instance. This is +use when Wallet uses LDAP directly to examine objects in Active +Directory. =cut -our $AD_CACHE; +our $AD_BASE_DN; -=item AD_COMPUTER_DN +=item AD_COMPUTER_RDN -The LDAP base DN for computer objects inside Active Directory. All keytabs of -the form host/ will be mapped to objects with a C of -the portion under this DN. +The LDAP base DN for computer objects inside Active Directory. All +keytabs of the form host/ will be mapped to objects with a +C of the portion under this DN. -AD_COMPUTER_DN must be set if using Active Directory as the keytab backend. +AD_COMPUTER_RDN must be set if using Active Directory as the keytab +backend. =cut -our $AD_COMPUTER_DN; +our $AD_COMPUTER_RDN; =item AD_DEBUG -If set to true, asks for some additional debugging information, such as the -B command, to be logged to syslog. These debugging messages will be -logged to the C facility. +If set to true, asks for some additional debugging information, such +as the B command, to be logged to syslog. These debugging +messages will be logged to the C facility. =cut @@ -464,17 +463,25 @@ default PATH. our $AD_MSKTUTIL = 'msktutil'; -=item AD_USER_DN +=item AD_SERVER + +The hostname of the Active Directory Domain Controller. + +=cut + +our $AD_SERVER; + +=item AD_USER_RDN The LDAP base DN for user objects inside Active Directory. All keytabs of the form service/ will be mapped to objects with a C matching the wallet object name under this DN. -AD_USER_DN must be set if using Active Directory as the keytab backend. +AD_USER_RDN must be set if using Active Directory as the keytab backend. =cut -our $AD_USER_DN; +our $AD_USER_RDN; =back @@ -482,8 +489,9 @@ our $AD_USER_DN; Heimdal provides the choice, over the network protocol, of either downloading the existing keys for a principal or generating new random -keys. MIT Kerberos does not; downloading a keytab over the kadmin -protocol always rekeys the principal. +keys. Neither MIT Kerberos or ActiveDirectory support retrieving an +existing keytab; downloading a keytab over the kadmin protocol or +using msktutil always rekeys the principal. For MIT Kerberos, the keytab object backend therefore optionally supports retrieving existing keys, and hence keytabs, for Kerberos principals by @@ -491,6 +499,11 @@ contacting the KDC via remctl and talking to B. This is enabled by setting the C flag on keytab objects. To configure that support, set the following variables. +For ActiveDirectory Kerberos, the keytab object backend supports +storing the keytabs on the wallet server. This functionality is +enabled by setting the configuration variable AD_KEYTAB_BUCKET. (This +had not been implemented yet.) + This is not required for Heimdal; for Heimdal, setting the C flag is all that's needed. @@ -542,6 +555,25 @@ will be used. our $KEYTAB_REMCTL_PORT; +=item AD_CACHE + +The ticket cache that hold credentials used to access the +ActiveDirectory KDC. This must be created and maintained externally. + +=cut + +our $AD_CACHE; + +=item AD_KEYTAB_BUCKET + +The path to store a copy of keytabs created. This is required for the +support of unchanging keytabs with an ActiveDirectory KDC. (This has +not been implemented yet.) + +=cut + +our $AD_KEYTAB_BUCKET = '/var/lib/wallet/keytabs'; + =back =head1 WEBAUTH KEYRING OBJECT CONFIGURATION diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index ec60af9..1c13ab6 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -1,8 +1,8 @@ # Wallet::Kadmin::AD -- Wallet Kerberos administration API for AD # -# Written by Bill MacAllister +# Written by Bill MacAllister # Copyright 2016 Russ Allbery -# Copyright 2015 Dropbox, Inc. +# Copyright 2015,2016 Dropbox, Inc. # Copyright 2007, 2008, 2009, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # @@ -100,17 +100,19 @@ sub ldap_base_filter { my $fqdn = $1; my $host = $fqdn; $host =~ s/[.].*//xms; - $base = $Wallet::Config::AD_COMPUTER_DN; $filter = "(samAccountName=${host}\$)"; + $base = $Wallet::Config::AD_COMPUTER_RDN . ',' + . $Wallet::Config::AD_BASE_DN; } elsif ($principal =~ m,^service/(\S+),xms) { my $id = $1; - $base = $Wallet::Config::AD_USER_DN; $filter = "(servicePrincipalName=service/${id})"; + $base + = $Wallet::Config::AD_USER_RDN . ',' . $Wallet::Config::AD_BASE_DN; } return ($base, $filter); } -# TODO: Get a keytab from the keytab cache. +# TODO: Get a keytab from the keytab bucket. sub get_ad_keytab { my ($self, $principal) = @_; return; @@ -125,13 +127,16 @@ sub get_ad_keytab { sub msktutil { my ($self, $args_ref) = @_; unless (defined($Wallet::Config::KEYTAB_HOST) + and defined($Wallet::Config::KEYTAB_PRINCIPAL) + and defined($Wallet::Config::KEYTAB_FILE) and defined($Wallet::Config::KEYTAB_REALM)) { die "keytab object implementation not configured\n"; } - unless (defined($Wallet::Config::AD_CACHE) - and defined($Wallet::Config::AD_COMPUTER_DN) - and defined($Wallet::Config::AD_USER_DN)) + unless (-e $Wallet::Config::AD_MSKTUTIL + and defined($Wallet::Config::AD_BASE_DN) + and defined($Wallet::Config::AD_COMPUTER_RDN) + and defined($Wallet::Config::AD_USER_RDN)) { die "Active Directory support not configured\n"; } @@ -192,14 +197,16 @@ sub ad_create_update { my $fqdn = $1; my $host = $fqdn; $host =~ s/[.].*//xms; + push @cmd, '--base', $Wallet::Config::COMPUTER_RDN; push @cmd, '--dont-expire-password'; push @cmd, '--computer-name', $host; - push @cmd, '--upn', "host/$fqdn"; - push @cmd, '--hostname', $fqdn; + push @cmd, '--upn', "host/$fqdn"; + push @cmd, '--hostname', $fqdn; } elsif ($principal =~ m,^service/(\S+),xms) { my $service_id = $1; + push @cmd, '--base', $Wallet::Config::USER_RDN; push @cmd, '--use-service-account'; - push @cmd, '--service', "service/$service_id"; + push @cmd, '--service', "service/$service_id"; push @cmd, '--account-name', "srv-${service_id}"; push @cmd, '--no-pac'; } @@ -365,9 +372,15 @@ sub ad_delete { if ($k_type eq 'host') { my $host = $k_id; $host =~ s/[.].*//; - $dn = "cn=${host}," . $Wallet::Config::AD_COMPUTER_DN; + $dn + = "cn=${host}," + . $Wallet::Config::AD_COMPUTER_RDN . ',' + . $Wallet::Config::AD_BASE_DN; } elsif ($k_type eq 'service') { - $dn = "cn=srv-${k_id}," . $Wallet::Config::AD_USER_DN; + $dn + = "cn=srv-${k_id}," + . $Wallet::Config::AD_USER_RDN . ',' + . $Wallet::Config::AD_BASE_DN; } } @@ -435,18 +448,6 @@ using a local keytab cache. To use this class, several configuration parameters must be set. See L for details. -=head1 FILES - -=over 4 - -=item KEYTAB_TMP/keytab. - -The keytab is created in this file and then read into memory. KEYTAB_TMP -is set in the wallet configuration, and is the process ID of the -current process. The file is unlinked after being read. - -=back - =head1 LIMITATIONS Currently, this implementation calls an external B program rather -- cgit v1.2.3 From 8bfba28196485236125ad363ed3b96c461025d94 Mon Sep 17 00:00:00 2001 From: Bill MacAllister Date: Mon, 2 May 2016 20:44:19 +0000 Subject: Update AD keytab policies * Make sure userPrincipalName is created for all keytabs and use it to search for entries in AD. * Allow the creation of any service principal. This requires making sure that the cn used to create AD entries for service accounts not be any longer than 20 characters. --- contrib/ad-keytab | 282 ++++++++++++++++++++++----------------- perl/lib/Wallet/Config.pm | 27 ++++ perl/lib/Wallet/Kadmin/AD.pm | 304 +++++++++++++++++++++++++------------------ 3 files changed, 371 insertions(+), 242 deletions(-) (limited to 'perl/lib/Wallet/Config.pm') diff --git a/contrib/ad-keytab b/contrib/ad-keytab index 2af9f85..977c07b 100755 --- a/contrib/ad-keytab +++ b/contrib/ad-keytab @@ -27,16 +27,20 @@ my $opt_debug; my $opt_dump; my $opt_help; my $opt_manual; -my $opt_realm; +my $opt_prefix; my $opt_user_rdn; +# LDAP conneciton +my $LDAP; + # Configuration variables +our $AD_BASE_DN; +our $AD_COMPUTER_RDN; our $AD_DEBUG; our $AD_SERVER; -our $AD_COMPUTER_RDN; +our $AD_SERVICE_PREFIX; our $AD_USER_RDN; our $KEYTAB_REALM; -our $AD_BASE_DN; ############################################################################## # Subroutines @@ -100,49 +104,147 @@ sub list_userAccountControl { # GSS-API bind to the active directory server sub ldap_connect { - my $ldap; if ($AD_DEBUG) { dbg('binding to ' . $AD_SERVER); } + + if ($LDAP) { + if ($AD_DEBUG) { + dbg('Already bound to ' . $AD_SERVER); + } + return $LDAP; + } + if (!$AD_SERVER) { croak("Missing ldap host name, specify ad_server=\n"); } eval { my $sasl = Authen::SASL->new(mechanism => 'GSSAPI'); - $ldap = Net::LDAP->new($AD_SERVER, onerror => 'die'); - my $mesg = eval { $ldap->bind(undef, sasl => $sasl) }; + $LDAP = Net::LDAP->new($AD_SERVER, onerror => 'die'); + my $mesg = eval { $LDAP->bind(undef, sasl => $sasl) }; }; if ($@) { my $error = $@; die "ldap bind to AD failed: $error\n"; } - return $ldap; + return $LDAP; +} + +# Take in a base and a filter and return the assoicated DN. +sub get_dn { + my ($base, $filter) = @_; + my $dn; + + if ($AD_DEBUG) { + dbg("base:$base filter:$filter scope:subtree\n"); + } + + ldap_connect(); + my @attrs = ('objectclass'); + my $result; + eval { + $result = $LDAP->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + msg("INFO base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($AD_DEBUG) { + dbg('returned: ' . $result->count); + } + + if ($result->count == 1) { + for my $entry ($result->entries) { + $dn = $entry->dn; + } + } elsif ($result->count > 1) { + msg('ERROR: too many AD entries for this keytab'); + for my $entry ($result->entries) { + msg('INFO: dn found ' . $entry->dn . "\n"); + } + die("INFO: use show to examine the problem\n"); + } + + return $dn; } # Take a principal and split into parts. The parts are keytab type, -# keytab identifier, the base dn, an LDAP filter, and if the keytab -# type is host the host name. +# keytab identifier, the base dn, the cn, and an LDAP filter. sub kerberos_attrs { my ($principal) = @_; - my %attr = (); + my %attr; + $attr{principal} = $principal; + my $dn; my $host; my $k_type; my $k_id; - if ($principal =~ m,^(host|service)/(\S+),xms) { + if ($principal =~ m,^(.*?)/(\S+),xms) { $attr{type} = $1; $attr{id} = $2; + # Create a filter to find the objects we create + if ($attr{id} =~ s/@(.*)//xms) { + $attr{realm} = $1; + $attr{filter} = "(userPrincipalName=${principal})"; + } elsif ($KEYTAB_REALM) { + $attr{realm} = $KEYTAB_REALM; + $attr{filter} + = "(userPrincipalName=${principal}\@${KEYTAB_REALM})"; + } else { + $attr{filter} = "(userPrincipalName=${principal}\@*)"; + } if ($attr{type} eq 'host') { - $attr{base} = $AD_COMPUTER_RDN . ',' . $AD_BASE_DN; - $attr{host} = $attr{id}; - $attr{host} =~ s/[.].*//; - $attr{dn} = "cn=$attr{host},$attr{base}"; - $attr{filter} = "(samAccountName=$attr{host}\$)"; - } elsif ($attr{'type'} eq 'service') { - $attr{base} = $AD_USER_RDN . ',' . $AD_BASE_DN; - $attr{dn} = "cn=srv-$attr{id},$attr{base}"; - $attr{filter} = "(servicePrincipalName=$attr{type}/$attr{id})"; + # Host keytab attributes + $attr{base} = $AD_COMPUTER_RDN . ',' . $AD_BASE_DN; + $attr{cn} = $attr{id}; + $attr{cn} =~ s/[.].*//; + $attr{dn} = "cn=$attr{cn},$attr{base}"; + } else { + # Service keytab attributes + $attr{base} = $AD_USER_RDN . ',' . $AD_BASE_DN; + $attr{cn} = "${AD_SERVICE_PREFIX}$attr{id}"; + $attr{dn} = "cn=$attr{cn},$attr{base}"; + my $real_dn = get_dn($attr{base}, $attr{filter}); + if ($real_dn) { + if (lc($real_dn) ne lc($attr{dn})) { + $attr{dn} = $real_dn; + $attr{cn} = $real_dn; + $attr{cn} =~ s/,.*//xms; + $attr{cn} =~ s/.*?=//xms; + } + } else { + if (length($attr{cn})>20) { + my $cnt = 0; + my $this_dn; + my $this_prefix = substr($attr{cn}, 0, 18); + $attr{dn} = ''; + while ($cnt<100) { + my $this_cn = $this_prefix . sprintf('%02i', $cnt); + $this_dn = get_dn($attr{base}, "cn=$this_cn"); + if (!$this_dn) { + $attr{dn} = $this_cn . ',' . $attr{base}; + $attr{cn} = $attr{dn}; + $attr{cn} =~ s/,.*//xms; + $attr{cn} =~ s/.*?=//xms; + last; + } + $cnt++; + } + if (!$attr{dn}) { + die "ERROR: Cannot file unique dn for keytab\n"; + } + } + } } } if ($AD_DEBUG) { @@ -158,7 +260,7 @@ sub kerberos_attrs { sub ad_show { my ($principal, $kattr_ref) = @_; - my $ldap = ldap_connect(); + ldap_connect(); my %kattr = %{$kattr_ref}; my $base = $kattr{base}; my $filter = $kattr{filter}; @@ -180,7 +282,7 @@ sub ad_show { my $result; eval { - $result = $ldap->search( + $result = $LDAP->search( base => $base, scope => 'subtree', filter => $filter, @@ -223,56 +325,6 @@ sub ad_show { return; } -# Check to see if a keytab exists -sub ad_exists { - my ($principal, $kattr_ref) = @_; - - my $ldap = ldap_connect(); - my %kattr = %{$kattr_ref}; - my $base = $kattr{base}; - my $filter = $kattr{filter}; - my @attrs = ('objectClass', 'msds-KeyVersionNumber'); - if ($AD_DEBUG) { - dbg("base:$base filter:$filter scope:subtree\n"); - } - - my $result; - eval { - $result = $ldap->search( - base => $base, - scope => 'subtree', - filter => $filter, - attrs => \@attrs - ); - }; - if ($@) { - my $error = $@; - die "LDAP search error: $error\n"; - } - if ($result->code) { - msg("INFO base:$base filter:$filter scope:subtree\n"); - die $result->error; - } - if ($AD_DEBUG) { - dbg('returned: ' . $result->count); - } - if ($result->count > 1) { - msg('ERROR: too many AD entries for this keytab'); - for my $entry ($result->entries) { - msg('INFO: dn found ' . $entry->dn . "\n"); - } - die("INFO: use show to examine the problem\n"); - } - if ($result->count) { - for my $entry ($result->entries) { - return $entry->get_value('msds-KeyVersionNumber'); - } - } else { - return 0; - } - return; -} - # Run a shell command. In this case the command will always be msktutil. sub run_cmd { my @cmd = @_; @@ -314,7 +366,9 @@ sub run_cmd { # Either create or update a keytab for the principal. Return the name # of the keytab file created. sub ad_create_update { - my ($principal, $file, $action) = @_; + my ($file, $action, $kattr_ref) = @_; + my %kattr = %{$kattr_ref}; + my @cmd = ('/usr/sbin/msktutil'); push @cmd, '--' . $action; push @cmd, '--server', $AD_SERVER; @@ -322,24 +376,21 @@ sub ad_create_update { push @cmd, '--enctypes', '0x8'; push @cmd, '--enctypes', '0x10'; push @cmd, '--keytab', $file; - if ($KEYTAB_REALM) { - push @cmd, '--realm', $KEYTAB_REALM; + push @cmd, '--upn', $kattr{principal}; + if ($kattr{realm}) { + push @cmd, '--realm', $kattr{realm}; } - if ($principal =~ m,^host/(\S+),xms) { - my $fqdn = $1; - my $host = $fqdn; - $host =~ s/[.].*//xms; + if ($kattr{type} eq 'host') { push @cmd, '--base', $AD_COMPUTER_RDN; push @cmd, '--dont-expire-password'; - push @cmd, '--computer-name', $host; - push @cmd, '--upn', "host/$fqdn"; - push @cmd, '--hostname', $fqdn; - } elsif ($principal =~ m,^service/(\S+),xms) { + push @cmd, '--computer-name', $kattr{cn}; + push @cmd, '--hostname', $kattr{id}; + } else { my $service_id = $1; push @cmd, '--base', $AD_USER_RDN; push @cmd, '--use-service-account'; - push @cmd, '--service', "service/$service_id"; - push @cmd, '--account-name', "srv-${service_id}"; + push @cmd, '--service', $kattr{principal}; + push @cmd, '--account-name', $kattr{cn}; push @cmd, '--no-pac'; } run_cmd(@cmd); @@ -349,23 +400,25 @@ sub ad_create_update { # Delete a principal from Kerberos. For AD this means just delete the # object using LDAP. sub ad_delete { - my ($principal, $kattr_ref) = @_; - + my ($kattr_ref) = @_; my %kattr = %{$kattr_ref}; - if (!ad_exists($principal, $kattr_ref)) { - msg("WARN: the keytab for $principal does not appear to exist."); - msg("INFO: attempting the delete anyway.\n"); - } - my $ldap = ldap_connect(); - my $msgid = $ldap->delete($kattr{dn}); - if ($msgid->code) { - my $m; - $m .= "ERROR: Problem deleting $kattr{dn}\n"; - $m .= $msgid->error; - die $m; + my $del_dn = get_dn($kattr{base}, $kattr{filter}); + + if (!$del_dn) { + msg("WARN: the keytab for $kattr{principal} does not exist."); + return 1; + } else { + ldap_connect(); + my $msgid = $LDAP->delete($del_dn); + if ($msgid->code) { + my $m; + $m .= "ERROR: Problem deleting $kattr{dn}\n"; + $m .= $msgid->error; + die $m; + } } - return 1; + return; } ############################################################################## @@ -381,8 +434,8 @@ GetOptions( 'debug' => \$opt_debug, 'dump' => \$opt_dump, 'help' => \$opt_help, + 'prefix' => \$opt_prefix, 'manual' => \$opt_manual, - 'realm' => \$opt_realm, 'user_rdn=s' => \$opt_user_rdn ); @@ -397,7 +450,8 @@ if ($opt_help || !$ARGV[0]) { # Make sure that we have kerberos credentials and that KRB5CCNAME # points to them. if (!$ENV{'KRB5CCNAME'}) { - msg('ERROR: Kerberos credentials are required ... try kinit'); + msg('INFO: environment variable KRB5CCNAME not found.'); + msg('ERROR: Kerberos credentials are required.'); pod2usage(-verbose => 0); } @@ -426,6 +480,9 @@ if ($opt_ad_server) { if ($opt_base_dn) { $AD_BASE_DN = $opt_base_dn; } +if ($opt_prefix) { + $AD_SERVICE_PREFIX = $opt_prefix; +} if ($opt_computer_rdn) { $AD_COMPUTER_RDN = $opt_computer_rdn; } @@ -448,29 +505,22 @@ if ($ARGV[0]) { my %kattr = kerberos_attrs($id); # Validate that the keytab id makes sense for the keytab type -if ($kattr{type} eq 'service') { - if ($kattr{id} =~ /[.]/xms) { - msg('ERROR: service principal names may not contain periods'); - pod2usage(-verbose => 0); - } - if (length($kattr{id}) > 22) { - msg('ERROR: service principal name too long'); - pod2usage(-verbose => 0); - } -} elsif ($kattr{type} eq 'host') { +if ($kattr{type} eq 'host') { if ($kattr{id} !~ /[.]/xms) { msg('ERROR: FQDN is required'); pod2usage(-verbose => 0); } } else { - msg("ERROR: unknown keytab type $kattr{type}"); - pod2usage(-verbose => 0); + if ($kattr{id} =~ /[.]/xms) { + msg('ERROR: service principal names may not contain periods'); + pod2usage(-verbose => 0); + } } if ($action =~ /^(create|update)/xms) { - ad_create_update($id, $keytab, $1); + ad_create_update($keytab, $action, \%kattr); } elsif ($action =~ /^del/xms) { - ad_delete($id, \%kattr); + ad_delete(\%kattr); } elsif ($action =~ /^sh/xms) { ad_show($id, \%kattr); } else { @@ -500,7 +550,7 @@ boot strapping the kerberos credentials required to use Active Directory as a backend keytab store for wallet. The script shares the wallet configuration file. -Generally, two keytabs will need to be created to setup update. One +Generally, two keytabs will need to be created to setup wallet. One host keytab for the wallet server host and one service keytab for wallet to use when connecting to an Active Directory Domain Controller. diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 2222aba..5d40978 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -463,6 +463,33 @@ default PATH. our $AD_MSKTUTIL = 'msktutil'; +=item AD_SERVICE_LIMIT + +Used to limit the number of iterations used in attempting to find a +unique account name for service principals. Defaults to 999. + +=cut + +our $AD_SERVICE_LIMIT = '999'; + +=item AD_SERVICE_PREFIX + +For service principals the AD_SERVICE_PREFIX will be combined with the +principal identifier to form the account name, i.e. the CN, used to +store the keytab entry in the Active Directory. Active Directory +limits these CN's to a maximum of 20 characters. If the resulting CN +is greater than 20 characters the CN will be truncated and an integer +will be appended to it. The integer will be incremented until a +unique CN is found. + +The AD_SERVICE_PREFIX is generally useful only prevent name collisions +when the service keytabs are store in branch of the DIT that also +contains other similar objects. + +=cut + +our $AD_SERVICE_PREFIX; + =item AD_SERVER The hostname of the Active Directory Domain Controller. diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 0ffd7d9..83912dd 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -28,6 +28,8 @@ use Wallet::Kadmin; our @ISA = qw(Wallet::Kadmin); our $VERSION = '1.04'; +my $LDAP; + ############################################################################## # kadmin Interaction ############################################################################## @@ -71,17 +73,7 @@ sub ad_cmd_string { # Note that we do not permit realm information here. sub valid_principal { my ($self, $principal) = @_; - my $valid = 0; - if ($principal =~ m,^(host|service)(/[\w_.-]+)?\z,) { - my $k_type = $1; - my $k_id = $2; - if ($k_type eq 'host') { - $valid = 1 if $k_id =~ m/[.]/xms; - } elsif ($k_type eq 'service') { - $valid = 1 if length($k_id) < 19; - } - } - return $valid; + return scalar ($principal =~ m,^[\w-]+(/[\w_.-]+)?\z,); } # Connect to the Active Directory server using LDAP. The connection is @@ -90,49 +82,110 @@ sub valid_principal { sub ldap_connect { my ($self) = @_; - if (!-e $Wallet::Config::AD_CACHE) { - die 'Missing kerberos ticket cache ' . $Wallet::Config::AD_CACHE; - } - - my $ldap; - eval { - local $ENV{KRB5CCNAME} = $Wallet::Config::AD_CACHE; - my $sasl = Authen::SASL->new(mechanism => 'GSSAPI'); - $ldap = Net::LDAP->new($Wallet::Config::KEYTAB_HOST, onerror => 'die'); - my $mesg = eval { $ldap->bind(undef, sasl => $sasl) }; - }; - if ($@) { - my $error = $@; - chomp $error; - 1 while ($error =~ s/ at \S+ line \d+\.?\z//); - die "LDAP bind to AD failed: $error\n"; + if (!$LDAP) { + eval { + local $ENV{KRB5CCNAME} = $Wallet::Config::AD_CACHE; + my $sasl = Authen::SASL->new(mechanism => 'GSSAPI'); + $LDAP = Net::LDAP->new($Wallet::Config::KEYTAB_HOST, + onerror => 'die'); + my $mesg = eval { $LDAP->bind(undef, sasl => $sasl) }; + }; + if ($@) { + my $error = $@; + chomp $error; + 1 while ($error =~ s/ at \S+ line \d+\.?\z//); + die "LDAP bind to AD failed: $error\n"; + } } - - return $ldap; + return $LDAP; } # Construct a base filter for searching Active Directory. sub ldap_base_filter { my ($self, $principal) = @_; + my $base; my $filter; - if ($principal =~ m,^host/(\S+),xms) { - my $fqdn = $1; - my $host = $fqdn; - $host =~ s/[.].*//xms; - $filter = "(samAccountName=${host}\$)"; - $base = $Wallet::Config::AD_COMPUTER_RDN . ',' - . $Wallet::Config::AD_BASE_DN; - } elsif ($principal =~ m,^service/(\S+),xms) { - my $id = $1; - $filter = "(servicePrincipalName=service/${id})"; - $base - = $Wallet::Config::AD_USER_RDN . ',' . $Wallet::Config::AD_BASE_DN; + my $this_type; + my $this_id; + + if ($principal =~ m,^(.*?)/(\S+),xms) { + $this_type = $1; + $this_id = $2; + } else { + $this_id = $principal; + } + + # Create a filter to find the objects we create + if ($this_id =~ s/@(.*)//xms) { + $filter = "(userPrincipalName=${principal})"; + } elsif ($Wallet::Config::KEYTAB_REALM) { + $filter = '(userPrincipalName=' . $principal + . '@' . $Wallet::Config::KEYTAB_REALM . ')'; + } else { + $filter = "(userPrincipalName=${principal}\@*)"; } + + # Set the base distinguished name + if ($this_type && $this_type eq 'host') { + $base = $Wallet::Config::AD_COMPUTER_RDN; + } else { + $base = $Wallet::Config::AD_USER_RDN; + } + $base .= ',' . $Wallet::Config::AD_BASE_DN; + return ($base, $filter); } +# Take in a base and a filter and return the assoicated DN or return +# null if there is no matching entry. +sub ldap_get_dn { + my ($self, $base, $filter) = @_; + my $dn; + + if ($Wallet::Config::AD_DEBUG) { + $self->ad_debug('debug', "base:$base filter:$filter scope:subtree\n"); + } + + $self->ldap_connect(); + my @attrs = ('objectclass'); + my $result; + eval { + $result = $LDAP->search( + base => $base, + scope => 'subtree', + filter => $filter, + attrs => \@attrs + ); + }; + if ($@) { + my $error = $@; + die "LDAP search error: $error\n"; + } + if ($result->code) { + msg("INFO base:$base filter:$filter scope:subtree\n"); + die $result->error; + } + if ($Wallet::Config::AD_DEBUG) { + $self->ad_debug('debug', 'returned: ' . $result->count); + } + + if ($result->count == 1) { + for my $entry ($result->entries) { + $dn = $entry->dn; + } + } elsif ($result->count > 1) { + msg('ERROR: too many AD entries for this keytab'); + for my $entry ($result->entries) { + msg('INFO: dn found ' . $entry->dn . "\n"); + } + die("INFO: use show to examine the problem\n"); + } + + return $dn; +} + # TODO: Get a keytab from the keytab bucket. sub get_ad_keytab { my ($self, $principal) = @_; @@ -200,10 +253,53 @@ sub msktutil { return $out; } +# The unique identifier that Active Directory used to store keytabs +# has a maximum length of 20 characters. This routine takes a +# principal name an generates a unique ID based on the principal name. +sub get_service_id { + my ($self, $this_princ) = @_; + + my $this_id; + my ($this_base, $this_filter) = $self->ldap_base_filter($this_princ); + my $real_dn = $self->ldap_get_dn($this_base, $this_filter); + if ($real_dn) { + $this_id = $real_dn; + $this_id =~ s/,.*//xms; + $this_id =~ s/.*?=//xms; + } else { + my $this_cn = $this_princ; + $this_cn =~ s{.*?/}{}xms; + if ($Wallet::Config::AD_SERVICE_PREFIX) { + $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; + } + my $loop_limit = $Wallet::Config::AD_SERVICE_LIMIT; + if (length($this_cn)>20) { + my $cnt = 0; + my $this_dn; + my $suffix_size = length("$loop_limit"); + my $this_prefix = substr($this_cn, 0, 20-$suffix_size); + my $this_format = "%0${suffix_size}i"; + while ($cnt<$loop_limit) { + my $this_cn = $this_prefix . sprintf($this_format, $cnt); + $this_dn = ldap_get_dn($this_base, "cn=$this_cn"); + if (!$this_dn) { + $this_id = $this_cn; + last; + } + $cnt++; + } + } else { + $this_id = $this_cn; + } + } + return $this_id; +} + # Either create or update a keytab for the principal. Return the # name of the keytab file created. sub ad_create_update { my ($self, $principal, $action) = @_; + return unless $self->valid_principal($principal); my $keytab = $Wallet::Config::KEYTAB_TMP . "/keytab.$$"; if (-e $keytab) { unlink $keytab or die "Problem deleting $keytab\n"; @@ -213,31 +309,41 @@ sub ad_create_update { push @cmd, '--enctypes', '0x1C'; push @cmd, '--keytab', $keytab; push @cmd, '--realm', $Wallet::Config::KEYTAB_REALM; - - if ($principal =~ m,^host/(\S+),xms) { - my $fqdn = $1; - my $host = $fqdn; - $host =~ s/[.].*//xms; - push @cmd, '--base', $Wallet::Config::AD_COMPUTER_RDN; - push @cmd, '--dont-expire-password'; - push @cmd, '--computer-name', $host; - push @cmd, '--upn', "host/$fqdn"; - push @cmd, '--hostname', $fqdn; - } elsif ($principal =~ m,^service/(\S+),xms) { - my $service_id = $1; - push @cmd, '--base', $Wallet::Config::AD_USER_RDN; - push @cmd, '--use-service-account'; - push @cmd, '--service', "service/$service_id"; - push @cmd, '--account-name', "srv-${service_id}"; - push @cmd, '--no-pac'; - } - my $out = $self->msktutil(\@cmd); - if ($out =~ /Error:\s+\S+\s+failed/xms) { - $self->ad_delete($principal); - my $m = "ERROR: problem creating keytab:\n" . $out; - $m .= 'INFO: the keytab used to by wallet probably has' - . " insufficient access to AD\n"; - die $m; + push @cmd, '--upn', $principal; + + my $this_type; + my $this_id; + if ($principal =~ m,^(.*?)/(\S+),xms) { + $this_type = $1; + $this_id = $2; + if ($this_type eq 'host') { + my $host = $this_id; + $host =~ s/[.].*//xms; + push @cmd, '--base', $Wallet::Config::AD_COMPUTER_RDN; + push @cmd, '--dont-expire-password'; + push @cmd, '--computer-name', $host; + push @cmd, '--hostname', $this_id; + } else { + my $service_id = $self->get_service_id($this_id); + push @cmd, '--base', $Wallet::Config::AD_USER_RDN; + push @cmd, '--use-service-account'; + push @cmd, '--service', $principal; + push @cmd, '--account-name', $service_id; + push @cmd, '--no-pac'; + } + my $out = $self->msktutil(\@cmd); + if ($out =~ /Error:\s+\S+\s+failed/xms + || !$self->exists($principal)) + { + $self->ad_delete($principal); + my $m = "ERROR: problem creating keytab for $principal"; + $self->ad_debug('error', $m); + $self->ad_debug('error', + 'Problem command:' . ad_cmd_string(\@cmd)); + die "$m\n"; + } + } else { + die "ERROR: Invalid principal format ($principal)\n"; } return $keytab; @@ -260,45 +366,9 @@ sub exists { my ($self, $principal) = @_; return unless $self->valid_principal($principal); - my $ldap = $self->ldap_connect(); my ($base, $filter) = $self->ldap_base_filter($principal); - my @attrs = ('objectClass', 'msds-KeyVersionNumber'); - - my $result; - eval { - $result = $ldap->search( - base => $base, - scope => 'subtree', - filter => $filter, - attrs => \@attrs - ); - }; - if ($@) { - my $error = $@; - die "LDAP search error: $error\n"; - } - if ($result->code) { - my $m; - $m .= "INFO base:$base filter:$filter scope:subtree\n"; - $m .= 'ERROR:' . $result->error . "\n"; - die $m; - } - if ($result->count > 1) { - my $m = "ERROR: too many AD entries for this keytab\n"; - for my $entry ($result->entries) { - $m .= 'INFO: dn found ' . $entry->dn . "\n"; - } - die $m; - } - if ($result->count) { - for my $entry ($result->entries) { - return $entry->get_value('msds-KeyVersionNumber'); - } - } else { - return 0; - } - return; + return $self->ldap_get_dn($base, $filter); } # Call msktutil to Create a principal in Kerberos. Sets the error and @@ -371,7 +441,7 @@ sub destroy { } my $exists = $self->exists($principal); if (!defined $exists) { - return; + return 1; } elsif (not $exists) { return 1; } @@ -384,29 +454,11 @@ sub destroy { sub ad_delete { my ($self, $principal) = @_; - my $k_type; - my $k_id; - my $dn; - if ($principal =~ m,^(host|service)/(\S+),xms) { - $k_type = $1; - $k_id = $2; - if ($k_type eq 'host') { - my $host = $k_id; - $host =~ s/[.].*//; - $dn - = "cn=${host}," - . $Wallet::Config::AD_COMPUTER_RDN . ',' - . $Wallet::Config::AD_BASE_DN; - } elsif ($k_type eq 'service') { - $dn - = "cn=srv-${k_id}," - . $Wallet::Config::AD_USER_RDN . ',' - . $Wallet::Config::AD_BASE_DN; - } - } + my ($base, $filter) = $self->ldap_base_filter($principal); + my $dn = $self->ldap_get_dn($base, $filter); - my $ldap = $self->ldap_connect(); - my $msgid = $ldap->delete($dn); + $self->ldap_connect(); + my $msgid = $LDAP->delete($dn); if ($msgid->code) { my $m; $m .= "ERROR: Problem deleting $dn\n"; -- cgit v1.2.3 From 48a2962830eccfd28bc5d7f0541bf28e0a3ff7b1 Mon Sep 17 00:00:00 2001 From: Bill MacAllister Date: Wed, 1 Jun 2016 18:48:31 +0000 Subject: Update handling of long host names --- perl/lib/Wallet/Config.pm | 14 +++++++++++++- perl/lib/Wallet/Kadmin/AD.pm | 14 ++++++++++---- 2 files changed, 23 insertions(+), 5 deletions(-) (limited to 'perl/lib/Wallet/Config.pm') diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 5d40978..09db609 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -463,10 +463,22 @@ default PATH. our $AD_MSKTUTIL = 'msktutil'; +=item AD_SERVICE_LENGTH + +The maximum length of a unique identifier, samAccountName, for Active +Directory keytab objects. If the indentifier exceeds this length then +it will be trunciated and an integer will be appended to the end of +the identifier. This parameter is here in hopes that at some point +in the future Microsoft will remove the limitation. + +=cut + +our $AD_SERVICE_LENGTH = '20'; + =item AD_SERVICE_LIMIT Used to limit the number of iterations used in attempting to find a -unique account name for service principals. Defaults to 999. +unique account name for principals. Defaults to 999. =cut diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 9749a2a..a599142 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -272,15 +272,21 @@ sub get_account_id { $this_id =~ s/.*?=//xms; } else { my ($this_type, $this_cn) = split '/', $this_princ, 2; - if ($Wallet::Config::AD_SERVICE_PREFIX && $this_type = 'service') { - $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; + my $max_len; + if ($this_type eq 'host') { + $max_len = $Wallet::Config::AD_SERVICE_LENGTH - 1; + } else { + $max_len = $Wallet::Config::AD_SERVICE_LENGTH; + if ($Wallet::Config::AD_SERVICE_PREFIX) { + $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; + } } my $loop_limit = $Wallet::Config::AD_SERVICE_LIMIT; - if (length($this_cn)>20) { + if (length($this_cn)>$max_len) { my $cnt = 0; my $this_dn; my $suffix_size = length("$loop_limit"); - my $this_prefix = substr($this_cn, 0, 20-$suffix_size); + my $this_prefix = substr($this_cn, 0, $max_len - $suffix_size); my $this_format = "%0${suffix_size}i"; while ($cnt<$loop_limit) { $this_cn = $this_prefix . sprintf($this_format, $cnt); -- cgit v1.2.3 From b126269d161880e6ed77764c3fac33337ad6937a Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 27 May 2018 17:13:07 -0700 Subject: Reorganize AD configuration options Move options up with other keytab backend options except for the bucket for keytabs, which does belong in the section on retrieving existing keytabs. --- perl/lib/Wallet/Config.pm | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'perl/lib/Wallet/Config.pm') diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 09db609..99aa21a 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -1,7 +1,7 @@ # Wallet::Config -- Configuration handling for the wallet server # # Written by Russ Allbery -# Copyright 2016 Russ Allbery +# Copyright 2016, 2018 Russ Allbery # Copyright 2007, 2008, 2010, 2013, 2014, 2015 # The Board of Trustees of the Leland Stanford Junior University # @@ -422,14 +422,23 @@ Active Directory (KEYTAB_KRBTYPE is set to C). =item AD_BASE_DN -The base distinguished name of the ActiveDirectory instance. This is -use when Wallet uses LDAP directly to examine objects in Active -Directory. +The base distinguished name of the ActiveDirectory instance. This is use +when Wallet uses LDAP directly to examine objects in Active Directory. =cut our $AD_BASE_DN; +=item AD_CACHE + +Specifies the ticket cache to use when manipulating Active Directory objects. +The ticket cache must be for a principal able to bind to Active Directory and +run B. + +=cut + +our $AD_CACHE; + =item AD_COMPUTER_RDN The LDAP base DN for computer objects inside Active Directory. All @@ -594,15 +603,6 @@ will be used. our $KEYTAB_REMCTL_PORT; -=item AD_CACHE - -The ticket cache that hold credentials used to access the -ActiveDirectory KDC. This must be created and maintained externally. - -=cut - -our $AD_CACHE; - =item AD_KEYTAB_BUCKET The path to store a copy of keytabs created. This is required for the -- cgit v1.2.3 From 7b63561ce7317c99af082c79257cf01d3b717959 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 27 May 2018 17:24:42 -0700 Subject: Fix spelling errors in Wallet::Kadmin::AD --- perl/lib/Wallet/Config.pm | 4 ++-- perl/lib/Wallet/Kadmin/AD.pm | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'perl/lib/Wallet/Config.pm') diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 99aa21a..e4d0a14 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -537,7 +537,7 @@ our $AD_USER_RDN; Heimdal provides the choice, over the network protocol, of either downloading the existing keys for a principal or generating new random -keys. Neither MIT Kerberos or ActiveDirectory support retrieving an +keys. Neither MIT Kerberos or Active Directory support retrieving an existing keytab; downloading a keytab over the kadmin protocol or using msktutil always rekeys the principal. @@ -547,7 +547,7 @@ contacting the KDC via remctl and talking to B. This is enabled by setting the C flag on keytab objects. To configure that support, set the following variables. -For ActiveDirectory Kerberos, the keytab object backend supports +For Active Directory Kerberos, the keytab object backend supports storing the keytabs on the wallet server. This functionality is enabled by setting the configuration variable AD_KEYTAB_BUCKET. (This had not been implemented yet.) diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index b56174c..61597cf 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -1,8 +1,8 @@ # Wallet::Kadmin::AD -- Wallet Kerberos administration API for AD # # Written by Bill MacAllister -# Copyright 2016 Russ Allbery -# Copyright 2015,2016 Dropbox, Inc. +# Copyright 2016, 2018 Russ Allbery +# Copyright 2015, 2016 Dropbox, Inc. # Copyright 2007, 2008, 2009, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -- cgit v1.2.3 From 6fb25e3c38ebb352c9eb0901e41f334e92176f07 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 27 May 2018 17:49:03 -0700 Subject: Fix spelling errors in Wallet::Config --- perl/lib/Wallet/Config.pm | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'perl/lib/Wallet/Config.pm') diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index e4d0a14..ec50f4b 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -26,7 +26,7 @@ Wallet::Config - Configuration handling for the wallet server DBI DSN SQLite subdirectories KEYTAB keytab kadmind KDC add-ons kadmin DNS SRV kadmin keytabs remctl backend lowercased NETDB ACL NetDB unscoped usernames rekey hostnames Allbery wallet-backend keytab-backend Heimdal -rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API integrations msktutil +rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API integrations msktutil CN DIT =head1 SYNOPSIS @@ -422,7 +422,7 @@ Active Directory (KEYTAB_KRBTYPE is set to C). =item AD_BASE_DN -The base distinguished name of the ActiveDirectory instance. This is use +The base distinguished name of the Active Directory instance. This is used when Wallet uses LDAP directly to examine objects in Active Directory. =cut @@ -474,11 +474,11 @@ our $AD_MSKTUTIL = 'msktutil'; =item AD_SERVICE_LENGTH -The maximum length of a unique identifier, samAccountName, for Active -Directory keytab objects. If the indentifier exceeds this length then -it will be trunciated and an integer will be appended to the end of -the identifier. This parameter is here in hopes that at some point -in the future Microsoft will remove the limitation. +The maximum length of a unique identifier, C, for Active +Directory keytab objects. If the identifier exceeds this length then it will +be truncated and an integer will be appended to the end of the identifier. +This parameter is here in hopes that at some point in the future Microsoft +will remove the limitation. =cut @@ -606,7 +606,7 @@ our $KEYTAB_REMCTL_PORT; =item AD_KEYTAB_BUCKET The path to store a copy of keytabs created. This is required for the -support of unchanging keytabs with an ActiveDirectory KDC. (This has +support of unchanging keytabs with an Active Directory KDC. (This has not been implemented yet.) =cut -- cgit v1.2.3 From 769217510b97e23101a01d228e2b8510fd43a725 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 27 May 2018 22:05:31 -0700 Subject: Add obsolete-strings test and fix problems it finds Mostly changing http eyrie.org URLs to https, but also remove my old email address in one place and switch some tests away from my old RRA_MAINTAINER_TESTS environment variable to use the Lancaster Consensus variables properly. This uncovered a bug in skipping one test unless Stanford Kerberos credentials existed. --- README | 6 +- client/wallet-rekey.pod | 4 +- client/wallet.pod | 4 +- docs/design | 2 +- perl/lib/Wallet/ACL.pm | 2 +- perl/lib/Wallet/ACL/Base.pm | 2 +- perl/lib/Wallet/ACL/External.pm | 2 +- perl/lib/Wallet/ACL/Krb5.pm | 2 +- perl/lib/Wallet/ACL/Krb5/Regex.pm | 2 +- perl/lib/Wallet/ACL/LDAP/Attribute.pm | 2 +- perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm | 2 +- perl/lib/Wallet/ACL/Nested.pm | 2 +- perl/lib/Wallet/ACL/NetDB.pm | 4 +- perl/lib/Wallet/ACL/NetDB/Root.pm | 4 +- perl/lib/Wallet/Admin.pm | 2 +- perl/lib/Wallet/Config.pm | 2 +- perl/lib/Wallet/Database.pm | 2 +- perl/lib/Wallet/Kadmin.pm | 2 +- perl/lib/Wallet/Kadmin/AD.pm | 2 +- perl/lib/Wallet/Kadmin/Heimdal.pm | 2 +- perl/lib/Wallet/Kadmin/MIT.pm | 2 +- perl/lib/Wallet/Object/Base.pm | 2 +- perl/lib/Wallet/Object/Duo.pm | 2 +- perl/lib/Wallet/Object/File.pm | 2 +- perl/lib/Wallet/Object/Keytab.pm | 2 +- perl/lib/Wallet/Object/Password.pm | 2 +- perl/lib/Wallet/Object/WAKeyring.pm | 2 +- perl/lib/Wallet/Policy/Stanford.pm | 4 +- perl/lib/Wallet/Report.pm | 2 +- perl/lib/Wallet/Schema.pm | 2 +- perl/lib/Wallet/Server.pm | 2 +- perl/t/verifier/basic.t | 4 +- perl/t/verifier/ldap-attr.t | 12 ++-- perl/t/verifier/netdb.t | 8 ++- server/keytab-backend.in | 2 +- server/wallet-admin.in | 2 +- server/wallet-backend.in | 2 +- server/wallet-report.in | 2 +- tests/TESTS | 1 + tests/style/obsolete-strings-t | 102 +++++++++++++++++++++++++++++ tests/tap/perl/Test/RRA/Automake.pm | 2 +- 41 files changed, 162 insertions(+), 51 deletions(-) create mode 100755 tests/style/obsolete-strings-t (limited to 'perl/lib/Wallet/Config.pm') diff --git a/README b/README index 74c5150..a575c4b 100644 --- a/README +++ b/README @@ -61,7 +61,7 @@ REQUIREMENTS libraries. You will have to install the remctl client libraries in order to build it. remctl can be obtained from: - http://www.eyrie.org/~eagle/software/remctl/ + https://www.eyrie.org/~eagle/software/remctl/ The wallet client will build with either MIT Kerberos or Heimdal. @@ -304,7 +304,7 @@ SUPPORT The wallet web page at: - http://www.eyrie.org/~eagle/software/wallet/ + https://www.eyrie.org/~eagle/software/wallet/ will always have the current version of this package, the current documentation, and pointers to any additional resources. @@ -327,7 +327,7 @@ SOURCE REPOSITORY or view the repository on the web at: - http://git.eyrie.org/?p=kerberos/wallet.git + https://git.eyrie.org/?p=kerberos/wallet.git When contributing modifications, patches (possibly generated by git-format-patch) are preferred to Git pull requests. diff --git a/client/wallet-rekey.pod b/client/wallet-rekey.pod index a36a734..e4c01b3 100644 --- a/client/wallet-rekey.pod +++ b/client/wallet-rekey.pod @@ -166,9 +166,9 @@ warranty. kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8), wallet(1) This program is part of the wallet system. The current version is available -from L. +from L. B uses the remctl protocol. For more information about -remctl, see L. +remctl, see L. =cut diff --git a/client/wallet.pod b/client/wallet.pod index 672f0e4..2033fec 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -500,9 +500,9 @@ warranty. kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8) This program is part of the wallet system. The current version is available -from L. +from L. B uses the remctl protocol. For more information about remctl, -see L. +see L. =cut diff --git a/docs/design b/docs/design index 8f4b20d..0d71931 100644 --- a/docs/design +++ b/docs/design @@ -43,7 +43,7 @@ Assumptions the client, and that data passed between the server and the client is encrypted. For more information about the remctl protocol, see: - + remctl requires Kerberos v5 authentication, and therefore all clients using the wallet to retrieve data will use Kerberos v5 authentication. diff --git a/perl/lib/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm index fa414a6..312ce88 100644 --- a/perl/lib/Wallet/ACL.pm +++ b/perl/lib/Wallet/ACL.pm @@ -732,7 +732,7 @@ caller should call error() to get the error message. Wallet::ACL::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm index 368f3aa..e5e304d 100644 --- a/perl/lib/Wallet/ACL/Base.pm +++ b/perl/lib/Wallet/ACL/Base.pm @@ -127,7 +127,7 @@ error string. Wallet::ACL(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/External.pm b/perl/lib/Wallet/ACL/External.pm index dfa924d..fb4b61b 100644 --- a/perl/lib/Wallet/ACL/External.pm +++ b/perl/lib/Wallet/ACL/External.pm @@ -183,7 +183,7 @@ remctld(8), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/Krb5.pm b/perl/lib/Wallet/ACL/Krb5.pm index a2b78e6..9764391 100644 --- a/perl/lib/Wallet/ACL/Krb5.pm +++ b/perl/lib/Wallet/ACL/Krb5.pm @@ -113,7 +113,7 @@ The PRINCIPAL parameter to check() was undefined or the empty string. Wallet::ACL(3), Wallet::ACL::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/Krb5/Regex.pm b/perl/lib/Wallet/ACL/Krb5/Regex.pm index f91d377..39a71d3 100644 --- a/perl/lib/Wallet/ACL/Krb5/Regex.pm +++ b/perl/lib/Wallet/ACL/Krb5/Regex.pm @@ -121,7 +121,7 @@ The ACL parameter to check() was undefined or the empty string. Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::Krb5(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute.pm b/perl/lib/Wallet/ACL/LDAP/Attribute.pm index 618d56b..7bb1c68 100644 --- a/perl/lib/Wallet/ACL/LDAP/Attribute.pm +++ b/perl/lib/Wallet/ACL/LDAP/Attribute.pm @@ -251,7 +251,7 @@ The PRINCIPAL parameter to check() was undefined or the empty string. Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm index 920ad7b..079dadb 100644 --- a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm +++ b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm @@ -113,7 +113,7 @@ Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::LDAP::Attribute(3), Wallet::Config(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHORS diff --git a/perl/lib/Wallet/ACL/Nested.pm b/perl/lib/Wallet/ACL/Nested.pm index 860b8e6..efaf5a9 100644 --- a/perl/lib/Wallet/ACL/Nested.pm +++ b/perl/lib/Wallet/ACL/Nested.pm @@ -177,7 +177,7 @@ will generally come from the nested child ACL. Wallet::ACL(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/NetDB.pm b/perl/lib/Wallet/ACL/NetDB.pm index 5ded572..8a170ba 100644 --- a/perl/lib/Wallet/ACL/NetDB.pm +++ b/perl/lib/Wallet/ACL/NetDB.pm @@ -252,10 +252,10 @@ wallet-backend(8) NetDB is a free software system for managing DNS, DHCP, and related machine information for large organizations. For more information on -NetDB, see L. +NetDB, see L. This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/ACL/NetDB/Root.pm b/perl/lib/Wallet/ACL/NetDB/Root.pm index 7ab9e1b..8ae510d 100644 --- a/perl/lib/Wallet/ACL/NetDB/Root.pm +++ b/perl/lib/Wallet/ACL/NetDB/Root.pm @@ -112,10 +112,10 @@ Wallet::ACL::NetDB(3), Wallet::Config(3), wallet-backend(8) NetDB is a free software system for managing DNS, DHCP, and related machine information for large organizations. For more information on -NetDB, see L. +NetDB, see L. This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm index 77f8247..ccd0932 100644 --- a/perl/lib/Wallet/Admin.pm +++ b/perl/lib/Wallet/Admin.pm @@ -375,7 +375,7 @@ much as possible. Returns true on success and false on failure. wallet-admin(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index ec50f4b..14731d3 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -1055,7 +1055,7 @@ __END__ DBI(3), Wallet::Object::Keytab(3), Wallet::Server(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Database.pm b/perl/lib/Wallet/Database.pm index 9c0129b..2549d06 100644 --- a/perl/lib/Wallet/Database.pm +++ b/perl/lib/Wallet/Database.pm @@ -111,7 +111,7 @@ configuration. DBI(3), Wallet::Config(3) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Kadmin.pm b/perl/lib/Wallet/Kadmin.pm index 7239f4b..f46bd14 100644 --- a/perl/lib/Wallet/Kadmin.pm +++ b/perl/lib/Wallet/Kadmin.pm @@ -232,7 +232,7 @@ as binary data. On failure, returns undef and sets the object error. kadmin(8), Wallet::Config(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHORS diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 9dfca79..5bb662d 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -543,7 +543,7 @@ msktutil, Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHORS diff --git a/perl/lib/Wallet/Kadmin/Heimdal.pm b/perl/lib/Wallet/Kadmin/Heimdal.pm index eb1b9a6..a8bc4dd 100644 --- a/perl/lib/Wallet/Kadmin/Heimdal.pm +++ b/perl/lib/Wallet/Kadmin/Heimdal.pm @@ -302,7 +302,7 @@ kadmin(8), Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHORS diff --git a/perl/lib/Wallet/Kadmin/MIT.pm b/perl/lib/Wallet/Kadmin/MIT.pm index c4ba3eb..b4143af 100644 --- a/perl/lib/Wallet/Kadmin/MIT.pm +++ b/perl/lib/Wallet/Kadmin/MIT.pm @@ -312,7 +312,7 @@ kadmin(8), Wallet::Config(3), Wallet::Kadmin(3), Wallet::Object::Keytab(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHORS diff --git a/perl/lib/Wallet/Object/Base.pm b/perl/lib/Wallet/Object/Base.pm index bee6e94..0c88e8a 100644 --- a/perl/lib/Wallet/Object/Base.pm +++ b/perl/lib/Wallet/Object/Base.pm @@ -1048,7 +1048,7 @@ the change in the setting. wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/Duo.pm b/perl/lib/Wallet/Object/Duo.pm index 9870339..87212ba 100644 --- a/perl/lib/Wallet/Object/Duo.pm +++ b/perl/lib/Wallet/Object/Duo.pm @@ -449,7 +449,7 @@ Only one Duo account is supported for a given wallet implementation. Net::Duo(3), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/File.pm b/perl/lib/Wallet/Object/File.pm index da80f5e..8811fd3 100644 --- a/perl/lib/Wallet/Object/File.pm +++ b/perl/lib/Wallet/Object/File.pm @@ -284,7 +284,7 @@ impose a length limitation on the file object name. remctld(8), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/Keytab.pm b/perl/lib/Wallet/Object/Keytab.pm index 87d88cc..21cea91 100644 --- a/perl/lib/Wallet/Object/Keytab.pm +++ b/perl/lib/Wallet/Object/Keytab.pm @@ -522,7 +522,7 @@ wallet database do not have realm information. kadmin(8), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/Password.pm b/perl/lib/Wallet/Object/Password.pm index 0c5165a..8218371 100644 --- a/perl/lib/Wallet/Object/Password.pm +++ b/perl/lib/Wallet/Object/Password.pm @@ -215,7 +215,7 @@ remctld(8), Wallet::Config(3), Wallet::Object::File(3), wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Object/WAKeyring.pm b/perl/lib/Wallet/Object/WAKeyring.pm index 89a78a4..d763cc5 100644 --- a/perl/lib/Wallet/Object/WAKeyring.pm +++ b/perl/lib/Wallet/Object/WAKeyring.pm @@ -358,7 +358,7 @@ underscores, and dashes replaced by "%" and the hex code of the character. Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8), WebAuth(3) This module is part of the wallet system. The current version is available -from . +from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Policy/Stanford.pm b/perl/lib/Wallet/Policy/Stanford.pm index 55ed7aa..6b1b007 100644 --- a/perl/lib/Wallet/Policy/Stanford.pm +++ b/perl/lib/Wallet/Policy/Stanford.pm @@ -538,11 +538,11 @@ configuration file from this module or wrapped to apply additional rules. Wallet::Config(3) -The L +The L implemented by this module. This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Report.pm b/perl/lib/Wallet/Report.pm index 4b1ee17..5c154a1 100644 --- a/perl/lib/Wallet/Report.pm +++ b/perl/lib/Wallet/Report.pm @@ -869,7 +869,7 @@ the error message if there was an error and undef if there was no error. Wallet::Config(3), Wallet::Server(3) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Schema.pm b/perl/lib/Wallet/Schema.pm index 6b3de39..d535b5c 100644 --- a/perl/lib/Wallet/Schema.pm +++ b/perl/lib/Wallet/Schema.pm @@ -351,7 +351,7 @@ configuration. wallet-backend(8), Wallet::Config(3) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/lib/Wallet/Server.pm b/perl/lib/Wallet/Server.pm index b2718f5..ae65932 100644 --- a/perl/lib/Wallet/Server.pm +++ b/perl/lib/Wallet/Server.pm @@ -1183,7 +1183,7 @@ failure. wallet-backend(8) This module is part of the wallet system. The current version is -available from L. +available from L. =head1 AUTHOR diff --git a/perl/t/verifier/basic.t b/perl/t/verifier/basic.t index ce44d44..be3c427 100755 --- a/perl/t/verifier/basic.t +++ b/perl/t/verifier/basic.t @@ -46,9 +46,9 @@ is ($verifier->error, 'malformed krb5 ACL', ' and right error'); $verifier = Wallet::ACL::Krb5::Regex->new; isa_ok ($verifier, 'Wallet::ACL::Krb5::Regex', 'krb5-regex verifier'); -is ($verifier->check ('rra@stanford.edu', '.*@stanford\.edu\z'), 1, +is ($verifier->check ('thoron@stanford.edu', '.*@stanford\.edu\z'), 1, 'Simple check'); -is ($verifier->check ('rra@stanford.edu', '^a.*@stanford\.edu'), 0, +is ($verifier->check ('thoron@stanford.edu', '^a.*@stanford\.edu'), 0, 'Simple failure'); is ($verifier->error, undef, 'No error set'); is ($verifier->check (undef, '^rra@stanford\.edu\z'), undef, diff --git a/perl/t/verifier/ldap-attr.t b/perl/t/verifier/ldap-attr.t index cff3b63..3665edb 100755 --- a/perl/t/verifier/ldap-attr.t +++ b/perl/t/verifier/ldap-attr.t @@ -6,7 +6,8 @@ # access to the LDAP server and will be skipped in all other environments. # # Written by Russ Allbery -# Copyright 2012, 2013, 2014 +# Copyright 2018 Russ Allbery +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # # See LICENSE for licensing terms. @@ -17,11 +18,12 @@ use warnings; use Test::More; use lib 't/lib'; +use Test::RRA qw(skip_unless_author); use Util; -# Skip all spelling tests unless the maintainer environment variable is set. -plan skip_all => 'LDAP verifier tests only run for maintainer' - unless $ENV{RRA_MAINTAINER_TESTS}; +# This test requires a specific environment setup, so only run it for package +# maintainers. +skip_unless_author('LDAP verifier tests'); # Declare a plan. plan tests => 22; @@ -49,7 +51,7 @@ package main; # Determine the local principal. my $klist = `klist 2>&1` || ''; SKIP: { - skip "tests useful only with Stanford Kerberos tickets", 9 + skip "tests useful only with Stanford Kerberos tickets", 20 unless ($klist =~ /[Pp]rincipal: \S+\@stanford\.edu$/m); # Set up our configuration. diff --git a/perl/t/verifier/netdb.t b/perl/t/verifier/netdb.t index 7048ef9..200fc9e 100755 --- a/perl/t/verifier/netdb.t +++ b/perl/t/verifier/netdb.t @@ -7,6 +7,7 @@ # environments. # # Written by Russ Allbery +# Copyright 2018 Russ Allbery # Copyright 2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # @@ -20,11 +21,16 @@ use Test::More tests => 5; use Wallet::ACL::NetDB; use lib 't/lib'; +use Test::RRA qw(skip_unless_author); use Util; +# This test requires a specific environment setup, so only run it for package +# maintainers. +skip_unless_author('LDAP verifier tests'); + my $netdb = 'netdb-node-roles-rc.stanford.edu'; my $host = 'windlord.stanford.edu'; -my $user = 'rra@stanford.edu'; +my $user = 'jonrober@stanford.edu'; # Determine the local principal. my $klist = `klist 2>&1` || ''; diff --git a/server/keytab-backend.in b/server/keytab-backend.in index 56c375b..a029e6c 100644 --- a/server/keytab-backend.in +++ b/server/keytab-backend.in @@ -241,6 +241,6 @@ DEALINGS IN THE SOFTWARE. kadmin.local(8), remctld(8) This program is part of the wallet system. The current version is -available from L. +available from L. =cut diff --git a/server/wallet-admin.in b/server/wallet-admin.in index 6c18b82..c2d5bf8 100644 --- a/server/wallet-admin.in +++ b/server/wallet-admin.in @@ -171,6 +171,6 @@ DEALINGS IN THE SOFTWARE. Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) This program is part of the wallet system. The current version is -available from L. +available from L. =cut diff --git a/server/wallet-backend.in b/server/wallet-backend.in index 4803f96..4937b66 100644 --- a/server/wallet-backend.in +++ b/server/wallet-backend.in @@ -691,6 +691,6 @@ DEALINGS IN THE SOFTWARE. Wallet::Server(3), remctld(8) This program is part of the wallet system. The current version is -available from L. +available from L. =cut diff --git a/server/wallet-report.in b/server/wallet-report.in index 10a3b00..4c96e7e 100644 --- a/server/wallet-report.in +++ b/server/wallet-report.in @@ -356,6 +356,6 @@ DEALINGS IN THE SOFTWARE. Wallet::Config(3), Wallet::Report(3), wallet-backend(8) This program is part of the wallet system. The current version is -available from L. +available from L. =cut diff --git a/tests/TESTS b/tests/TESTS index 76bd4ae..a2c672e 100644 --- a/tests/TESTS +++ b/tests/TESTS @@ -14,6 +14,7 @@ portable/snprintf server/admin server/backend server/keytab +style/obsolete-strings util/messages util/messages-krb5 util/xmalloc diff --git a/tests/style/obsolete-strings-t b/tests/style/obsolete-strings-t new file mode 100755 index 0000000..b3d8fd4 --- /dev/null +++ b/tests/style/obsolete-strings-t @@ -0,0 +1,102 @@ +#!/usr/bin/perl +# +# Check for obsolete strings in source files. +# +# Examine all source files in a distribution for obsolete strings and report +# on files that fail this check. This catches various transitions I want to +# do globally in all my packages, like changing my personal URLs to https. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at . +# +# Copyright 2016, 2018 Russ Allbery +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT + +use 5.006; +use strict; +use warnings; + +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; + +use File::Basename qw(basename); +use Test::More; +use Test::RRA qw(skip_unless_author); +use Test::RRA::Automake qw(all_files automake_setup); + +# Bad patterns to search for. +my @BAD_REGEXES = (qr{ http:// \S+ [.]eyrie[.]org }xms); +my @BAD_STRINGS = qw(rra@stanford.edu RRA_MAINTAINER_TESTS); + +# File names to exclude from this check. +my %EXCLUDE = map { $_ => 1 } qw(NEWS obsolete-strings.t obsolete-strings-t); + +# Only run this test for the package author, since it doesn't indicate any +# user-noticable flaw in the package itself. +skip_unless_author('Obsolete strings tests'); + +# Set up Automake testing. +automake_setup(); + +# Check a single file for one of the bad patterns. +# +# $path - Path to the file +# +# Returns: undef +sub check_file { + my ($path) = @_; + my $filename = basename($path); + + # Ignore excluded and binary files. + return if $EXCLUDE{$filename}; + return if !-T $path; + + # Scan the file. + open(my $fh, '<', $path) or BAIL_OUT("Cannot open $path"); + while (defined(my $line = <$fh>)) { + for my $regex (@BAD_REGEXES) { + if ($line =~ $regex) { + ok(0, "$path contains $regex"); + close($fh) or BAIL_OUT("Cannot close $path"); + return; + } + } + for my $string (@BAD_STRINGS) { + if (index($line, $string) != -1) { + ok(0, "$path contains $string"); + close($fh) or BAIL_OUT("Cannot close $path"); + return; + } + } + } + close($fh) or BAIL_OUT("Cannot close $path"); + ok(1, $path); + return; +} + +# Scan every file for any of the bad patterns or strings. We don't declare a +# plan since we skip a lot of files and don't want to precalculate the file +# list. +my @paths = all_files(); +for my $path (@paths) { + check_file($path); +} +done_testing(); diff --git a/tests/tap/perl/Test/RRA/Automake.pm b/tests/tap/perl/Test/RRA/Automake.pm index 804c193..3ba5bcb 100644 --- a/tests/tap/perl/Test/RRA/Automake.pm +++ b/tests/tap/perl/Test/RRA/Automake.pm @@ -73,7 +73,7 @@ BEGIN { # Directories to skip globally when looking for all files, or for directories # that could contain Perl files. -my @GLOBAL_SKIP = qw(.git _build autom4te.cache build-aux); +my @GLOBAL_SKIP = qw(.git autom4te.cache build-aux perl/_build perl/blib); # Additional paths to skip when building a list of all files in the # distribution. This primarily skips build artifacts that aren't interesting -- cgit v1.2.3 From 4a0b9e747c8abfca24f30b7ce1e9a725ce11474a Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 3 Jun 2018 15:36:21 -0700 Subject: Add SPDX-License-Identifier headers Add SPDX-License-Identifier headers to all substantial source files. Collapse copyright years. Add some Emacs configuration for files where the copyright notice is at the end. Add a test that every file has SPDX-License-Identifier. --- Makefile.am | 2 +- NEWS | 2 + client/file.c | 4 +- client/internal.h | 2 +- client/keytab.c | 4 +- client/krb5.c | 4 +- client/options.c | 2 +- client/remctl.c | 2 +- client/srvtab.c | 2 +- client/wallet-rekey.c | 2 +- client/wallet-rekey.pod | 4 +- client/wallet.c | 2 +- client/wallet.pod | 7 +- contrib/ad-keytab | 29 +++++- contrib/commerzbank/wallet-history | 3 + contrib/convert-srvtab-db | 2 +- contrib/used-principals | 2 +- contrib/wallet-contacts | 2 +- contrib/wallet-rekey-periodic | 10 +- contrib/wallet-summary | 3 + contrib/wallet-unknown-hosts | 8 +- docs/design | 4 +- docs/design-acl | 4 +- docs/design-api | 4 +- docs/netdb-role-api | 4 +- docs/notes | 4 +- docs/objects-and-schemes | 4 +- docs/setup | 4 +- docs/stanford-naming | 4 +- examples/stanford.conf | 4 +- perl/Build.PL | 2 +- perl/create-ddl | 2 +- perl/lib/Wallet/ACL.pm | 4 +- perl/lib/Wallet/ACL/Base.pm | 2 +- perl/lib/Wallet/ACL/External.pm | 2 +- perl/lib/Wallet/ACL/Krb5.pm | 2 +- perl/lib/Wallet/ACL/Krb5/Regex.pm | 2 +- perl/lib/Wallet/ACL/LDAP/Attribute.pm | 4 +- perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm | 3 +- perl/lib/Wallet/ACL/Nested.pm | 2 +- perl/lib/Wallet/ACL/NetDB.pm | 2 +- perl/lib/Wallet/ACL/NetDB/Root.pm | 2 +- perl/lib/Wallet/Admin.pm | 4 +- perl/lib/Wallet/Config.pm | 4 +- perl/lib/Wallet/Database.pm | 4 +- perl/lib/Wallet/Kadmin.pm | 4 +- perl/lib/Wallet/Kadmin/AD.pm | 6 +- perl/lib/Wallet/Kadmin/Heimdal.pm | 4 +- perl/lib/Wallet/Kadmin/MIT.pm | 4 +- perl/lib/Wallet/Object/Base.pm | 4 +- perl/lib/Wallet/Object/Duo.pm | 4 +- perl/lib/Wallet/Object/File.pm | 2 +- perl/lib/Wallet/Object/Keytab.pm | 4 +- perl/lib/Wallet/Object/Password.pm | 2 +- perl/lib/Wallet/Object/WAKeyring.pm | 4 +- perl/lib/Wallet/Policy/Stanford.pm | 4 +- perl/lib/Wallet/Report.pm | 4 +- perl/lib/Wallet/Schema.pm | 4 +- perl/lib/Wallet/Schema/Result/Acl.pm | 4 +- perl/lib/Wallet/Schema/Result/AclEntry.pm | 4 +- perl/lib/Wallet/Schema/Result/AclHistory.pm | 4 +- perl/lib/Wallet/Schema/Result/AclScheme.pm | 4 +- perl/lib/Wallet/Schema/Result/Duo.pm | 2 +- perl/lib/Wallet/Schema/Result/Flag.pm | 4 +- perl/lib/Wallet/Schema/Result/Object.pm | 4 +- perl/lib/Wallet/Schema/Result/ObjectHistory.pm | 4 +- perl/lib/Wallet/Schema/Result/SyncTarget.pm | 4 +- perl/lib/Wallet/Schema/Result/Type.pm | 4 +- perl/lib/Wallet/Server.pm | 4 +- perl/sql/Wallet-Schema-0.07-MySQL.sql | 21 +--- perl/sql/Wallet-Schema-0.07-SQLite.sql | 21 +--- perl/sql/Wallet-Schema-0.08-MySQL.sql | 21 +--- perl/sql/Wallet-Schema-0.08-PostgreSQL.sql | 21 +--- perl/sql/Wallet-Schema-0.08-SQLite.sql | 21 +--- perl/sql/Wallet-Schema-0.09-MySQL.sql | 21 +--- perl/sql/Wallet-Schema-0.09-PostgreSQL.sql | 21 +--- perl/sql/Wallet-Schema-0.09-SQLite.sql | 21 +--- perl/sql/Wallet-Schema-0.10-MySQL.sql | 19 +--- perl/sql/Wallet-Schema-0.10-PostgreSQL.sql | 19 +--- perl/sql/Wallet-Schema-0.10-SQLite.sql | 19 +--- perl/t/data/acl-command | 3 +- perl/t/general/acl.t | 4 +- perl/t/general/admin.t | 4 +- perl/t/general/config.t | 2 +- perl/t/general/init.t | 4 +- perl/t/general/report.t | 4 +- perl/t/general/server.t | 4 +- perl/t/lib/Util.pm | 4 +- perl/t/object/base.t | 4 +- perl/t/object/duo-ldap.t | 2 +- perl/t/object/duo-pam.t | 2 +- perl/t/object/duo-radius.t | 2 +- perl/t/object/duo-rdp.t | 2 +- perl/t/object/duo.t | 2 +- perl/t/object/file.t | 2 +- perl/t/object/keytab.t | 4 +- perl/t/object/password.t | 2 +- perl/t/object/wa-keyring.t | 4 +- perl/t/policy/stanford.t | 4 +- perl/t/util/kadmin.t | 4 +- perl/t/verifier/basic.t | 4 +- perl/t/verifier/external.t | 3 +- perl/t/verifier/ldap-attr.t | 2 +- perl/t/verifier/nested.t | 2 +- perl/t/verifier/netdb.t | 2 +- server/keytab-backend.in | 12 ++- server/wallet-admin.in | 12 ++- server/wallet-backend.in | 14 ++- server/wallet-report.in | 13 ++- tests/TESTS | 1 + tests/client/basic-t.in | 2 +- tests/client/full-t.in | 2 +- tests/client/prompt-t.in | 2 +- tests/client/rekey-t.in | 2 +- tests/data/cmd-fake | 4 +- tests/docs/spdx-license-t | 133 +++++++++++++++++++++++++ tests/server/admin-t | 2 +- tests/server/backend-t | 2 +- tests/server/keytab-t | 2 +- tests/server/report-t | 2 +- tests/tap/perl/Test/RRA/Automake.pm | 2 +- 121 files changed, 405 insertions(+), 370 deletions(-) create mode 100755 tests/docs/spdx-license-t (limited to 'perl/lib/Wallet/Config.pm') diff --git a/Makefile.am b/Makefile.am index ffd3560..98e52fe 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ # Copyright 2006-2008, 2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # These variables exist only for the use of the Debian packaging and similar # situations and aren't normally set. We want to honor them if they're set diff --git a/NEWS b/NEWS index 1af55fc..74e2884 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,8 @@ wallet 1.4 (unreleased) Rename the script to bootstrap from a Git checkout to bootstrap, matching the emerging consensus in the Autoconf world. + Add SPDX-License-Identifier headers to all substantial source files. + Update to rra-c-util 7.2: * Improve configure output for krb5-config testing. diff --git a/client/file.c b/client/file.c index 468eb30..809e78b 100644 --- a/client/file.c +++ b/client/file.c @@ -2,10 +2,10 @@ * File handling for the wallet client. * * Written by Russ Allbery - * Copyright 2007, 2008, 2010 + * Copyright 2007-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/internal.h b/client/internal.h index 7f58e33..1aed874 100644 --- a/client/internal.h +++ b/client/internal.h @@ -6,7 +6,7 @@ * Copyright 2007-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #ifndef CLIENT_INTERNAL_H diff --git a/client/keytab.c b/client/keytab.c index 7bec459..ed1bdb9 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -2,10 +2,10 @@ * Implementation of keytab handling for the wallet client. * * Written by Russ Allbery - * Copyright 2007, 2008, 2010, 2013, 2014 + * Copyright 2007-2008, 2010, 2013-2014 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/krb5.c b/client/krb5.c index 345df64..f0c0ff1 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -6,10 +6,10 @@ * client. * * Written by Russ Allbery - * Copyright 2007, 2008, 2010 + * Copyright 2007-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/options.c b/client/options.c index f011b79..7b1f04e 100644 --- a/client/options.c +++ b/client/options.c @@ -9,7 +9,7 @@ * Copyright 2006-2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/remctl.c b/client/remctl.c index d4cd09e..26d7e8f 100644 --- a/client/remctl.c +++ b/client/remctl.c @@ -5,7 +5,7 @@ * Copyright 2007, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/srvtab.c b/client/srvtab.c index 045f56d..2b600c2 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -5,7 +5,7 @@ * Copyright 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/wallet-rekey.c b/client/wallet-rekey.c index caab130..2aedf57 100644 --- a/client/wallet-rekey.c +++ b/client/wallet-rekey.c @@ -7,7 +7,7 @@ * Copyright 2010 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/wallet-rekey.pod b/client/wallet-rekey.pod index e4c01b3..d76420f 100644 --- a/client/wallet-rekey.pod +++ b/client/wallet-rekey.pod @@ -1,6 +1,6 @@ =for stopwords wallet-rekey rekey rekeying keytab -hv Heimdal remctl remctld PKINIT kinit -appdefaults Allbery kadmin +appdefaults Allbery kadmin SPDX-License-Identifier FSFAP =head1 NAME @@ -161,6 +161,8 @@ permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. +SPDX-License-Identifier: FSFAP + =head1 SEE ALSO kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8), wallet(1) diff --git a/client/wallet.c b/client/wallet.c index 5a80876..194f1f5 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -6,7 +6,7 @@ * Copyright 2006-2008, 2010, 2014 * The Board of Trustees of the Leland Stanford Junior University * - * See LICENSE for licensing terms. + * SPDX-License-Identifier: MIT */ #include diff --git a/client/wallet.pod b/client/wallet.pod index 2033fec..63336db 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -2,6 +2,7 @@ -hv srvtab arg keytabs metadata keytab ACL PTS kinit klist remctl PKINIT acl timestamp autocreate backend-specific setacl enctypes enctype ktadd KDC appdefaults remctld Allbery uuencode getacl backend ACL's DES +SPDX-License-Identifier FSFAP =head1 NAME @@ -487,14 +488,16 @@ Russ Allbery =head1 COPYRIGHT AND LICENSE -Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the -Leland Stanford Junior University +Copyright 2007-2008, 2010-2013 The Board of Trustees of the Leland +Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. +SPDX-License-Identifier: FSFAP + =head1 SEE ALSO kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8) diff --git a/contrib/ad-keytab b/contrib/ad-keytab index 836cda5..badcb8d 100755 --- a/contrib/ad-keytab +++ b/contrib/ad-keytab @@ -5,7 +5,7 @@ # Written by Bill MacAllister # Copyright 2016 Dropbox, Inc. # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Declarations @@ -537,7 +537,8 @@ exit; __END__ =for stopwords -KDC LDAP MacAllister keytab keytabs msktutil ldapsearch +KDC LDAP MacAllister keytab keytabs msktutil ldapsearch MERCHANTABILITY +NONINFRINGEMENT sublicense SPDX-License-Identifier MIT =head1 NAME @@ -664,4 +665,28 @@ perldoc Wallet::Config. Bill MacAllister +=head1 COPYRIGHT AND LICENSE + +Copyright 2016 Dropbox, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +SPDX-License-Identifier: MIT + =cut diff --git a/contrib/commerzbank/wallet-history b/contrib/commerzbank/wallet-history index 9826057..0adc766 100755 --- a/contrib/commerzbank/wallet-history +++ b/contrib/commerzbank/wallet-history @@ -31,6 +31,9 @@ # perl wallet-history.pl ... (t.b.d.)... # #-------------------------------------------------------------------------------------------------------------- +# +# SPDX-License-Identifier: MIT + # Version. my $VERSION = "0.5"; diff --git a/contrib/convert-srvtab-db b/contrib/convert-srvtab-db index e05b394..2801767 100755 --- a/contrib/convert-srvtab-db +++ b/contrib/convert-srvtab-db @@ -6,7 +6,7 @@ # Copyright 2008 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and site configuration diff --git a/contrib/used-principals b/contrib/used-principals index 7169f0b..c6cac9b 100755 --- a/contrib/used-principals +++ b/contrib/used-principals @@ -6,7 +6,7 @@ # Copyright 2008 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT require 5.006; use strict; diff --git a/contrib/wallet-contacts b/contrib/wallet-contacts index 0c72c9c..6ad2292 100755 --- a/contrib/wallet-contacts +++ b/contrib/wallet-contacts @@ -6,7 +6,7 @@ # Copyright 2009, 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/contrib/wallet-rekey-periodic b/contrib/wallet-rekey-periodic index c15d83f..1e22e1e 100755 --- a/contrib/wallet-rekey-periodic +++ b/contrib/wallet-rekey-periodic @@ -170,7 +170,7 @@ DOCS=<<__END_OF_DOCS__ =for stopwords Allbery DES Heimdal hostname keytab keytabs ktutil rekey rekeyable -rekeying wallet-rekey wallet-rekey-periodic +rekeying wallet-rekey wallet-rekey-periodic SPDX-License-Identifier MIT =head1 NAME @@ -232,7 +232,7 @@ Russ Allbery =head1 COPYRIGHT AND LICENSE -Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior +Copyright 2013-2014 The Board of Trustees of the Leland Stanford Junior University Permission is hereby granted, free of charge, to any person obtaining a @@ -253,6 +253,8 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO ktutil(8), wallet(1), wallet-rekey(1) @@ -260,3 +262,7 @@ ktutil(8), wallet(1), wallet-rekey(1) =cut __END_OF_DOCS__ + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/contrib/wallet-summary b/contrib/wallet-summary index ba224d0..8a12294 100755 --- a/contrib/wallet-summary +++ b/contrib/wallet-summary @@ -173,6 +173,7 @@ close REPORT; =for stopwords -hm keytab keytabs MERCHANTABILITY NONINFRINGEMENT sublicense Allbery +SPDX-License-Identifier MIT =head1 NAME @@ -260,4 +261,6 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =cut diff --git a/contrib/wallet-unknown-hosts b/contrib/wallet-unknown-hosts index 50b5a04..adf7b27 100755 --- a/contrib/wallet-unknown-hosts +++ b/contrib/wallet-unknown-hosts @@ -190,7 +190,7 @@ if ($command eq 'check') { =for stopwords ACL API CNAME DNS IP env keytab keytabs timestamp MERCHANTABILITY -NONINFRINGEMENT sublicense Allbery +NONINFRINGEMENT sublicense Allbery SPDX-License-Identifier MIT =head1 NAME @@ -282,4 +282,10 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/docs/design b/docs/design index 0d71931..55707b2 100644 --- a/docs/design +++ b/docs/design @@ -372,10 +372,12 @@ Security Considerations License - Copyright 2007, 2008, 2013 + Copyright 2007-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/design-acl b/docs/design-acl index 836c411..e0c8317 100644 --- a/docs/design-acl +++ b/docs/design-acl @@ -101,10 +101,12 @@ ACL Schemes License Copyright 2016 Russ Allbery - Copyright 2006, 2007, 2008, 2013 + Copyright 2006-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/design-api b/docs/design-api index 9a36e61..c4d3742 100644 --- a/docs/design-api +++ b/docs/design-api @@ -170,10 +170,12 @@ Registering New Implementations License - Copyright 2006, 2007, 2008, 2013 + Copyright 2006-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/netdb-role-api b/docs/netdb-role-api index c90182a..35c7bc6 100644 --- a/docs/netdb-role-api +++ b/docs/netdb-role-api @@ -33,10 +33,12 @@ Wallet Issues License - Copyright 2006, 2007, 2013 + Copyright 2006-2007, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/notes b/docs/notes index 5a7d3bc..c3e529a 100644 --- a/docs/notes +++ b/docs/notes @@ -229,10 +229,12 @@ Client Issues License - Copyright 2006, 2007, 2008, 2013 + Copyright 2006-2008, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/objects-and-schemes b/docs/objects-and-schemes index 763a24b..cb42bd8 100644 --- a/docs/objects-and-schemes +++ b/docs/objects-and-schemes @@ -117,10 +117,12 @@ ACL Schemes License - Copyright 2012, 2013, 2014 + Copyright 2012-2014 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/setup b/docs/setup index 670cf57..bd0c5d2 100644 --- a/docs/setup +++ b/docs/setup @@ -88,10 +88,12 @@ Wallet Configuration License - Copyright 2007, 2008, 2010, 2012, 2013 + Copyright 2007-2008, 2010, 2012-2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/docs/stanford-naming b/docs/stanford-naming index cb05a23..b195686 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -351,10 +351,12 @@ ACL Naming License - Copyright 2008, 2009, 2010, 2011, 2013 + Copyright 2008-2011, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. + + SPDX-License-Identifier: FSFAP diff --git a/examples/stanford.conf b/examples/stanford.conf index b4cd65a..697342b 100644 --- a/examples/stanford.conf +++ b/examples/stanford.conf @@ -6,10 +6,10 @@ # of a naming policy check and default ACL rules. # # Written by Russ Allbery -# Copyright 2007, 2008, 2009, 2010, 2012, 2013 +# Copyright 2007-2010, 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # default_owner and verify_name come from our policy module. use Wallet::Policy::Stanford qw(default_owner verify_name); diff --git a/perl/Build.PL b/perl/Build.PL index 70c3972..79adf58 100644 --- a/perl/Build.PL +++ b/perl/Build.PL @@ -7,7 +7,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use 5.006; use strict; diff --git a/perl/create-ddl b/perl/create-ddl index 51fa8ff..d31fdf4 100755 --- a/perl/create-ddl +++ b/perl/create-ddl @@ -6,7 +6,7 @@ # Copyright 2012, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################# # Modules and declarations diff --git a/perl/lib/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm index 312ce88..948b71c 100644 --- a/perl/lib/Wallet/ACL.pm +++ b/perl/lib/Wallet/ACL.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2007, 2008, 2010, 2013, 2014, 2015 +# Copyright 2007-2008, 2010, 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm index e5e304d..320a731 100644 --- a/perl/lib/Wallet/ACL/Base.pm +++ b/perl/lib/Wallet/ACL/Base.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/External.pm b/perl/lib/Wallet/ACL/External.pm index fb4b61b..2285469 100644 --- a/perl/lib/Wallet/ACL/External.pm +++ b/perl/lib/Wallet/ACL/External.pm @@ -2,7 +2,7 @@ # # Copyright 2016 Russ Allbery # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/Krb5.pm b/perl/lib/Wallet/ACL/Krb5.pm index 9764391..3309274 100644 --- a/perl/lib/Wallet/ACL/Krb5.pm +++ b/perl/lib/Wallet/ACL/Krb5.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/Krb5/Regex.pm b/perl/lib/Wallet/ACL/Krb5/Regex.pm index 39a71d3..be6c5e1 100644 --- a/perl/lib/Wallet/ACL/Krb5/Regex.pm +++ b/perl/lib/Wallet/ACL/Krb5/Regex.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute.pm b/perl/lib/Wallet/ACL/LDAP/Attribute.pm index 7bb1c68..65e0208 100644 --- a/perl/lib/Wallet/ACL/LDAP/Attribute.pm +++ b/perl/lib/Wallet/ACL/LDAP/Attribute.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm index 079dadb..5ebece6 100644 --- a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm +++ b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm @@ -1,12 +1,11 @@ # Wallet::ACL::LDAP::Attribute::Root -- Wallet root instance LDAP ACL verifier # # Written by Jon Robertson -# Based on Wallet::ACL::NetDB::Root by Russ Allbery # Copyright 2016 Russ Allbery # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/Nested.pm b/perl/lib/Wallet/ACL/Nested.pm index efaf5a9..a6b6655 100644 --- a/perl/lib/Wallet/ACL/Nested.pm +++ b/perl/lib/Wallet/ACL/Nested.pm @@ -5,7 +5,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/NetDB.pm b/perl/lib/Wallet/ACL/NetDB.pm index 8a170ba..c5fdc39 100644 --- a/perl/lib/Wallet/ACL/NetDB.pm +++ b/perl/lib/Wallet/ACL/NetDB.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/ACL/NetDB/Root.pm b/perl/lib/Wallet/ACL/NetDB/Root.pm index 8ae510d..2dd1562 100644 --- a/perl/lib/Wallet/ACL/NetDB/Root.pm +++ b/perl/lib/Wallet/ACL/NetDB/Root.pm @@ -5,7 +5,7 @@ # Copyright 2007, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm index ccd0932..707f410 100644 --- a/perl/lib/Wallet/Admin.pm +++ b/perl/lib/Wallet/Admin.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014 +# Copyright 2008-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 14731d3..60f0e10 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016, 2018 Russ Allbery -# Copyright 2007, 2008, 2010, 2013, 2014, 2015 +# Copyright 2007-2008, 2010, 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Config; diff --git a/perl/lib/Wallet/Database.pm b/perl/lib/Wallet/Database.pm index 2549d06..83b8dfc 100644 --- a/perl/lib/Wallet/Database.pm +++ b/perl/lib/Wallet/Database.pm @@ -7,10 +7,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2008, 2009, 2010, 2012, 2013, 2014 +# Copyright 2008-2010, 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Kadmin.pm b/perl/lib/Wallet/Kadmin.pm index f46bd14..150c188 100644 --- a/perl/lib/Wallet/Kadmin.pm +++ b/perl/lib/Wallet/Kadmin.pm @@ -2,10 +2,10 @@ # # Written by Jon Robertson # Copyright 2016 Russ Allbery -# Copyright 2009, 2010, 2014 +# Copyright 2009-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 5bb662d..f2f86b9 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -2,11 +2,11 @@ # # Written by Bill MacAllister # Copyright 2016, 2018 Russ Allbery -# Copyright 2015, 2016 Dropbox, Inc. -# Copyright 2007, 2008, 2009, 2010, 2014 +# Copyright 2015-2016 Dropbox, Inc. +# Copyright 2007-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Kadmin/Heimdal.pm b/perl/lib/Wallet/Kadmin/Heimdal.pm index a8bc4dd..57013de 100644 --- a/perl/lib/Wallet/Kadmin/Heimdal.pm +++ b/perl/lib/Wallet/Kadmin/Heimdal.pm @@ -2,10 +2,10 @@ # # Written by Jon Robertson # Copyright 2016 Russ Allbery -# Copyright 2009, 2010, 2014 +# Copyright 2009-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Kadmin/MIT.pm b/perl/lib/Wallet/Kadmin/MIT.pm index b4143af..373d4cf 100644 --- a/perl/lib/Wallet/Kadmin/MIT.pm +++ b/perl/lib/Wallet/Kadmin/MIT.pm @@ -3,10 +3,10 @@ # Written by Russ Allbery # Pulled into a module by Jon Robertson # Copyright 2016 Russ Allbery -# Copyright 2007, 2008, 2009, 2010, 2014 +# Copyright 2007-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Object/Base.pm b/perl/lib/Wallet/Object/Base.pm index 0c88e8a..bf535e9 100644 --- a/perl/lib/Wallet/Object/Base.pm +++ b/perl/lib/Wallet/Object/Base.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2007, 2008, 2010, 2011, 2014 +# Copyright 2007-2008, 2010-2011, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Object/Duo.pm b/perl/lib/Wallet/Object/Duo.pm index 87212ba..1ec527e 100644 --- a/perl/lib/Wallet/Object/Duo.pm +++ b/perl/lib/Wallet/Object/Duo.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2014, 2015 +# Copyright 2014-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Object/File.pm b/perl/lib/Wallet/Object/File.pm index 8811fd3..bef8981 100644 --- a/perl/lib/Wallet/Object/File.pm +++ b/perl/lib/Wallet/Object/File.pm @@ -5,7 +5,7 @@ # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Object/Keytab.pm b/perl/lib/Wallet/Object/Keytab.pm index 21cea91..498e657 100644 --- a/perl/lib/Wallet/Object/Keytab.pm +++ b/perl/lib/Wallet/Object/Keytab.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2007, 2008, 2009, 2010, 2013, 2014 +# Copyright 2007-2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Object/Password.pm b/perl/lib/Wallet/Object/Password.pm index 8218371..336aa9d 100644 --- a/perl/lib/Wallet/Object/Password.pm +++ b/perl/lib/Wallet/Object/Password.pm @@ -5,7 +5,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Object/WAKeyring.pm b/perl/lib/Wallet/Object/WAKeyring.pm index d763cc5..a64b376 100644 --- a/perl/lib/Wallet/Object/WAKeyring.pm +++ b/perl/lib/Wallet/Object/WAKeyring.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Policy/Stanford.pm b/perl/lib/Wallet/Policy/Stanford.pm index 6b1b007..2c761bb 100644 --- a/perl/lib/Wallet/Policy/Stanford.pm +++ b/perl/lib/Wallet/Policy/Stanford.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2013, 2014, 2015 +# Copyright 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Report.pm b/perl/lib/Wallet/Report.pm index 5c154a1..151a285 100644 --- a/perl/lib/Wallet/Report.pm +++ b/perl/lib/Wallet/Report.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2008, 2009, 2010, 2013, 2014 +# Copyright 2008-2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/lib/Wallet/Schema.pm b/perl/lib/Wallet/Schema.pm index d535b5c..f75fda8 100644 --- a/perl/lib/Wallet/Schema.pm +++ b/perl/lib/Wallet/Schema.pm @@ -2,10 +2,10 @@ # # Written by Jon Robertson # Copyright 2016 Russ Allbery -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema; diff --git a/perl/lib/Wallet/Schema/Result/Acl.pm b/perl/lib/Wallet/Schema/Result/Acl.pm index ed206dc..9a73b18 100644 --- a/perl/lib/Wallet/Schema/Result/Acl.pm +++ b/perl/lib/Wallet/Schema/Result/Acl.pm @@ -1,10 +1,10 @@ # Wallet schema for an ACL. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Acl; diff --git a/perl/lib/Wallet/Schema/Result/AclEntry.pm b/perl/lib/Wallet/Schema/Result/AclEntry.pm index c696ba2..1737084 100644 --- a/perl/lib/Wallet/Schema/Result/AclEntry.pm +++ b/perl/lib/Wallet/Schema/Result/AclEntry.pm @@ -1,10 +1,10 @@ # Wallet schema for an entry in an ACL. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::AclEntry; diff --git a/perl/lib/Wallet/Schema/Result/AclHistory.pm b/perl/lib/Wallet/Schema/Result/AclHistory.pm index b519fd5..48aed49 100644 --- a/perl/lib/Wallet/Schema/Result/AclHistory.pm +++ b/perl/lib/Wallet/Schema/Result/AclHistory.pm @@ -1,10 +1,10 @@ # Wallet schema for ACL history. # # Written by Jon Robertson -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::AclHistory; diff --git a/perl/lib/Wallet/Schema/Result/AclScheme.pm b/perl/lib/Wallet/Schema/Result/AclScheme.pm index 982390c..abdd541 100644 --- a/perl/lib/Wallet/Schema/Result/AclScheme.pm +++ b/perl/lib/Wallet/Schema/Result/AclScheme.pm @@ -1,10 +1,10 @@ # Wallet schema for ACL scheme. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::AclScheme; diff --git a/perl/lib/Wallet/Schema/Result/Duo.pm b/perl/lib/Wallet/Schema/Result/Duo.pm index d392e29..def9dce 100644 --- a/perl/lib/Wallet/Schema/Result/Duo.pm +++ b/perl/lib/Wallet/Schema/Result/Duo.pm @@ -4,7 +4,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Duo; diff --git a/perl/lib/Wallet/Schema/Result/Flag.pm b/perl/lib/Wallet/Schema/Result/Flag.pm index 0d5fb1c..4ed8dcb 100644 --- a/perl/lib/Wallet/Schema/Result/Flag.pm +++ b/perl/lib/Wallet/Schema/Result/Flag.pm @@ -1,10 +1,10 @@ # Wallet schema for object flags. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Flag; diff --git a/perl/lib/Wallet/Schema/Result/Object.pm b/perl/lib/Wallet/Schema/Result/Object.pm index 8933070..b4bc46f 100644 --- a/perl/lib/Wallet/Schema/Result/Object.pm +++ b/perl/lib/Wallet/Schema/Result/Object.pm @@ -1,10 +1,10 @@ # Wallet schema for an object. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Object; diff --git a/perl/lib/Wallet/Schema/Result/ObjectHistory.pm b/perl/lib/Wallet/Schema/Result/ObjectHistory.pm index eae2f89..c6c6225 100644 --- a/perl/lib/Wallet/Schema/Result/ObjectHistory.pm +++ b/perl/lib/Wallet/Schema/Result/ObjectHistory.pm @@ -1,10 +1,10 @@ # Wallet schema for object history. # # Written by Jon Robertson -# Copyright 2012, 2013, 2014 +# Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::ObjectHistory; diff --git a/perl/lib/Wallet/Schema/Result/SyncTarget.pm b/perl/lib/Wallet/Schema/Result/SyncTarget.pm index 388446c..ff6e3f3 100644 --- a/perl/lib/Wallet/Schema/Result/SyncTarget.pm +++ b/perl/lib/Wallet/Schema/Result/SyncTarget.pm @@ -1,10 +1,10 @@ # Wallet schema for synchronization targets. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::SyncTarget; diff --git a/perl/lib/Wallet/Schema/Result/Type.pm b/perl/lib/Wallet/Schema/Result/Type.pm index f191808..a9238e6 100644 --- a/perl/lib/Wallet/Schema/Result/Type.pm +++ b/perl/lib/Wallet/Schema/Result/Type.pm @@ -1,10 +1,10 @@ # Wallet schema for object types. # # Written by Jon Robertson -# Copyright 2012, 2013 +# Copyright 2012-2013 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Wallet::Schema::Result::Type; diff --git a/perl/lib/Wallet/Server.pm b/perl/lib/Wallet/Server.pm index ae65932..af0d8a8 100644 --- a/perl/lib/Wallet/Server.pm +++ b/perl/lib/Wallet/Server.pm @@ -2,10 +2,10 @@ # # Written by Russ Allbery # Copyright 2016 Russ Allbery -# Copyright 2007, 2008, 2010, 2011, 2013, 2014 +# Copyright 2007-2008, 2010-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT ############################################################################## # Modules and declarations diff --git a/perl/sql/Wallet-Schema-0.07-MySQL.sql b/perl/sql/Wallet-Schema-0.07-MySQL.sql index 71a9bc6..ddb7ca3 100644 --- a/perl/sql/Wallet-Schema-0.07-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.07-MySQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::MySQL -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.07-SQLite.sql b/perl/sql/Wallet-Schema-0.07-SQLite.sql index f14d168..0491ea7 100644 --- a/perl/sql/Wallet-Schema-0.07-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.07-SQLite.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::SQLite -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/sql/Wallet-Schema-0.08-MySQL.sql b/perl/sql/Wallet-Schema-0.08-MySQL.sql index 2deca3c..eb56d0e 100644 --- a/perl/sql/Wallet-Schema-0.08-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.08-MySQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::MySQL -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql index 4347de8..db8ff98 100644 --- a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql +++ b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::PostgreSQL -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- -- -- Table: acl_history diff --git a/perl/sql/Wallet-Schema-0.08-SQLite.sql b/perl/sql/Wallet-Schema-0.08-SQLite.sql index f581a4c..4f7b1b3 100644 --- a/perl/sql/Wallet-Schema-0.08-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.08-SQLite.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::SQLite -- Created on Fri Jan 25 14:12:02 2013 -- --- Copyright 2012, 2013 +-- Copyright 2012-2013 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/sql/Wallet-Schema-0.09-MySQL.sql b/perl/sql/Wallet-Schema-0.09-MySQL.sql index a9aa745..41e098f 100644 --- a/perl/sql/Wallet-Schema-0.09-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.09-MySQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::MySQL -- Created on Tue Jul 15 17:41:01 2014 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql index 67f4a1b..1bec9f7 100644 --- a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql +++ b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::PostgreSQL -- Created on Tue Jul 15 17:41:03 2014 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- -- diff --git a/perl/sql/Wallet-Schema-0.09-SQLite.sql b/perl/sql/Wallet-Schema-0.09-SQLite.sql index 9ce9b08..e9977ef 100644 --- a/perl/sql/Wallet-Schema-0.09-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.09-SQLite.sql @@ -2,27 +2,10 @@ -- Created by SQL::Translator::Producer::SQLite -- Created on Tue Jul 15 17:41:02 2014 -- --- Copyright 2012, 2013, 2014 +-- Copyright 2012-2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/sql/Wallet-Schema-0.10-MySQL.sql b/perl/sql/Wallet-Schema-0.10-MySQL.sql index ba73062..982f127 100644 --- a/perl/sql/Wallet-Schema-0.10-MySQL.sql +++ b/perl/sql/Wallet-Schema-0.10-MySQL.sql @@ -5,24 +5,7 @@ -- Copyright 2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- SET foreign_key_checks=0; diff --git a/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql index d1658dd..8c76272 100644 --- a/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql +++ b/perl/sql/Wallet-Schema-0.10-PostgreSQL.sql @@ -5,24 +5,7 @@ -- Copyright 2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- -- diff --git a/perl/sql/Wallet-Schema-0.10-SQLite.sql b/perl/sql/Wallet-Schema-0.10-SQLite.sql index c13bc29..4f05164 100644 --- a/perl/sql/Wallet-Schema-0.10-SQLite.sql +++ b/perl/sql/Wallet-Schema-0.10-SQLite.sql @@ -5,24 +5,7 @@ -- Copyright 2014 -- The Board of Trustees of the Leland Stanford Junior University -- --- Permission is hereby granted, free of charge, to any person obtaining a --- copy of this software and associated documentation files (the --- "Software"), to deal in the Software without restriction, including --- without limitation the rights to use, copy, modify, merge, publish, --- distribute, sublicense, and/or sell copies of the Software, and to --- permit persons to whom the Software is furnished to do so, subject to --- the following conditions: --- --- The above copyright notice and this permission notice shall be included --- in all copies or substantial portions of the Software. --- --- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS --- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-- SPDX-License-Identifier: MIT -- BEGIN TRANSACTION; diff --git a/perl/t/data/acl-command b/perl/t/data/acl-command index b7c3066..bdf106a 100755 --- a/perl/t/data/acl-command +++ b/perl/t/data/acl-command @@ -5,10 +5,9 @@ # failure, or reports an error based on whether the second argument is # success, failure, or error. # -# Written by Russ Allbery # Copyright 2016 Russ Allbery # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT set -e diff --git a/perl/t/general/acl.t b/perl/t/general/acl.t index 4de7493..c6e33f9 100755 --- a/perl/t/general/acl.t +++ b/perl/t/general/acl.t @@ -3,10 +3,10 @@ # Tests for the wallet ACL API. # # Written by Russ Allbery -# Copyright 2007, 2008, 2014 +# Copyright 2007-2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/admin.t b/perl/t/general/admin.t index 17671b6..a204558 100755 --- a/perl/t/general/admin.t +++ b/perl/t/general/admin.t @@ -3,10 +3,10 @@ # Tests for wallet administrative interface. # # Written by Russ Allbery -# Copyright 2008, 2009, 2010, 2011, 2013, 2014 +# Copyright 2008-2011, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/config.t b/perl/t/general/config.t index bc200de..a0848ba 100755 --- a/perl/t/general/config.t +++ b/perl/t/general/config.t @@ -6,7 +6,7 @@ # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/init.t b/perl/t/general/init.t index 58b9a4c..ddc4aa1 100755 --- a/perl/t/general/init.t +++ b/perl/t/general/init.t @@ -3,10 +3,10 @@ # Tests for database initialization. # # Written by Russ Allbery -# Copyright 2007, 2008, 2014 +# Copyright 2007-2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/report.t b/perl/t/general/report.t index e47cdc6..8b491f5 100755 --- a/perl/t/general/report.t +++ b/perl/t/general/report.t @@ -3,10 +3,10 @@ # Tests for the wallet reporting interface. # # Written by Russ Allbery -# Copyright 2008, 2009, 2010, 2014 +# Copyright 2008-2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/general/server.t b/perl/t/general/server.t index 8f4c16c..0794f15 100755 --- a/perl/t/general/server.t +++ b/perl/t/general/server.t @@ -3,10 +3,10 @@ # Tests for the wallet server API. # # Written by Russ Allbery -# Copyright 2007, 2008, 2010, 2011, 2012, 2013, 2014 +# Copyright 2007-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/lib/Util.pm b/perl/t/lib/Util.pm index 187e483..c583373 100644 --- a/perl/t/lib/Util.pm +++ b/perl/t/lib/Util.pm @@ -1,10 +1,10 @@ # Utility class for wallet tests. # # Written by Russ Allbery -# Copyright 2007, 2008, 2014 +# Copyright 2007-2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT package Util; require 5.006; diff --git a/perl/t/object/base.t b/perl/t/object/base.t index 8fedd64..2126ebf 100755 --- a/perl/t/object/base.t +++ b/perl/t/object/base.t @@ -3,10 +3,10 @@ # Tests for the basic object implementation. # # Written by Russ Allbery -# Copyright 2007, 2008, 2011, 2014 +# Copyright 2007-2008, 2011, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-ldap.t b/perl/t/object/duo-ldap.t index 8a00dbb..e2b5d5d 100644 --- a/perl/t/object/duo-ldap.t +++ b/perl/t/object/duo-ldap.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-pam.t b/perl/t/object/duo-pam.t index 047343e..f0c9e61 100644 --- a/perl/t/object/duo-pam.t +++ b/perl/t/object/duo-pam.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-radius.t b/perl/t/object/duo-radius.t index 55cbb9d..5532a68 100644 --- a/perl/t/object/duo-radius.t +++ b/perl/t/object/duo-radius.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo-rdp.t b/perl/t/object/duo-rdp.t index 25060ac..52f0613 100644 --- a/perl/t/object/duo-rdp.t +++ b/perl/t/object/duo-rdp.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/duo.t b/perl/t/object/duo.t index a975597..75b5834 100755 --- a/perl/t/object/duo.t +++ b/perl/t/object/duo.t @@ -6,7 +6,7 @@ # Copyright 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/file.t b/perl/t/object/file.t index b7f295a..80173cd 100755 --- a/perl/t/object/file.t +++ b/perl/t/object/file.t @@ -6,7 +6,7 @@ # Copyright 2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/keytab.t b/perl/t/object/keytab.t index 111b7d0..dfb96bd 100755 --- a/perl/t/object/keytab.t +++ b/perl/t/object/keytab.t @@ -3,10 +3,10 @@ # Tests for the keytab object implementation. # # Written by Russ Allbery -# Copyright 2007, 2008, 2009, 2010, 2013, 2014 +# Copyright 2007-2010, 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/password.t b/perl/t/object/password.t index 306d82b..72a818c 100644 --- a/perl/t/object/password.t +++ b/perl/t/object/password.t @@ -7,7 +7,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/object/wa-keyring.t b/perl/t/object/wa-keyring.t index 4a3bd48..aa38e9c 100755 --- a/perl/t/object/wa-keyring.t +++ b/perl/t/object/wa-keyring.t @@ -3,10 +3,10 @@ # Tests for the WebAuth keyring object implementation. # # Written by Russ Allbery -# Copyright 2013, 2014 +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/policy/stanford.t b/perl/t/policy/stanford.t index d2727c8..f7b2f16 100755 --- a/perl/t/policy/stanford.t +++ b/perl/t/policy/stanford.t @@ -7,10 +7,10 @@ # behavior at Stanford. # # Written by Russ Allbery -# Copyright 2013, 2014 +# Copyright 2013-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use 5.008; use strict; diff --git a/perl/t/util/kadmin.t b/perl/t/util/kadmin.t index db94780..60a4933 100755 --- a/perl/t/util/kadmin.t +++ b/perl/t/util/kadmin.t @@ -3,10 +3,10 @@ # Tests for the kadmin object implementation. # # Written by Jon Robertson -# Copyright 2009, 2010, 2012, 2013, 2014 +# Copyright 2009-2010, 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/basic.t b/perl/t/verifier/basic.t index be3c427..3ee71d6 100755 --- a/perl/t/verifier/basic.t +++ b/perl/t/verifier/basic.t @@ -3,10 +3,10 @@ # Tests for the basic wallet ACL verifiers. # # Written by Russ Allbery -# Copyright 2007, 2008, 2010, 2014 +# Copyright 2007-2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/external.t b/perl/t/verifier/external.t index d1438de..2b725bd 100755 --- a/perl/t/verifier/external.t +++ b/perl/t/verifier/external.t @@ -2,10 +2,9 @@ # # Tests for the external wallet ACL verifier. # -# Written by Russ Allbery # Copyright 2016 Russ Allbery # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/ldap-attr.t b/perl/t/verifier/ldap-attr.t index 3665edb..321822d 100755 --- a/perl/t/verifier/ldap-attr.t +++ b/perl/t/verifier/ldap-attr.t @@ -10,7 +10,7 @@ # Copyright 2012-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/nested.t b/perl/t/verifier/nested.t index ec7ce40..a975ea3 100755 --- a/perl/t/verifier/nested.t +++ b/perl/t/verifier/nested.t @@ -6,7 +6,7 @@ # Copyright 2015 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/perl/t/verifier/netdb.t b/perl/t/verifier/netdb.t index 200fc9e..0f3e2d4 100755 --- a/perl/t/verifier/netdb.t +++ b/perl/t/verifier/netdb.t @@ -11,7 +11,7 @@ # Copyright 2008, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/server/keytab-backend.in b/server/keytab-backend.in index a029e6c..6a7870a 100644 --- a/server/keytab-backend.in +++ b/server/keytab-backend.in @@ -152,7 +152,7 @@ __END__ =for stopwords keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense -kadmin.local. +kadmin.local. SPDX-License-Identifier MIT =head1 NAME @@ -215,8 +215,8 @@ Russ Allbery =head1 COPYRIGHT AND LICENSE -Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2006-2008, 2010, 2013 The Board of Trustees of the Leland Stanford +Junior University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -236,6 +236,8 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO kadmin.local(8), remctld(8) @@ -244,3 +246,7 @@ This program is part of the wallet system. The current version is available from L. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/server/wallet-admin.in b/server/wallet-admin.in index c2d5bf8..4940c89 100644 --- a/server/wallet-admin.in +++ b/server/wallet-admin.in @@ -67,7 +67,7 @@ __END__ =for stopwords metadata ACL hostname backend acl acls wildcard SQL Allbery verifier -MERCHANTABILITY NONINFRINGEMENT sublicense +MERCHANTABILITY NONINFRINGEMENT sublicense SPDX-License-Identifier MIT =head1 NAME @@ -145,8 +145,8 @@ Russ Allbery =head1 COPYRIGHT AND LICENSE -Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2008-2011, 2013 The Board of Trustees of the Leland Stanford Junior +University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -166,6 +166,8 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) @@ -174,3 +176,7 @@ This program is part of the wallet system. The current version is available from L. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/server/wallet-backend.in b/server/wallet-backend.in index 4937b66..8e38460 100644 --- a/server/wallet-backend.in +++ b/server/wallet-backend.in @@ -347,8 +347,8 @@ __END__ =for stopwords wallet-backend backend backend-specific remctld ACL acl timestamp getacl -setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery -autocreate MERCHANTABILITY NONINFRINGEMENT sublicense +setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery autocreate +MERCHANTABILITY NONINFRINGEMENT sublicense SPDX-License-Identifier MIT =head1 NAME @@ -665,8 +665,8 @@ Russ Allbery =head1 COPYRIGHT AND LICENSE -Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the -Leland Stanford Junior University +Copyright 2007-2008, 2010-2013 The Board of Trustees of the Leland Stanford +Junior University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -686,6 +686,8 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO Wallet::Server(3), remctld(8) @@ -694,3 +696,7 @@ This program is part of the wallet system. The current version is available from L. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/server/wallet-report.in b/server/wallet-report.in index 4c96e7e..292ba39 100644 --- a/server/wallet-report.in +++ b/server/wallet-report.in @@ -135,7 +135,8 @@ wallet-report - Wallet server reporting interface =for stopwords metadata ACL hostname backend acl acls wildcard SQL Allbery remctl -MERCHANTABILITY NONINFRINGEMENT sublicense unstored +MERCHANTABILITY NONINFRINGEMENT sublicense unstored SPDX-License-Identifier +MIT =head1 SYNOPSIS @@ -330,8 +331,8 @@ Russ Allbery Copyright 2016 Russ Allbery -Copyright 2008, 2009, 2010, 2013, 2015 The Board of Trustees of the Leland -Stanford Junior University +Copyright 2008-2010, 2013, 2015 The Board of Trustees of the Leland Stanford +Junior University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), @@ -351,6 +352,8 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +SPDX-License-Identifier: MIT + =head1 SEE ALSO Wallet::Config(3), Wallet::Report(3), wallet-backend(8) @@ -359,3 +362,7 @@ This program is part of the wallet system. The current version is available from L. =cut + +# Local Variables: +# copyright-at-end-flag: t +# End: diff --git a/tests/TESTS b/tests/TESTS index a2c672e..81fe051 100644 --- a/tests/TESTS +++ b/tests/TESTS @@ -4,6 +4,7 @@ client/prompt client/rekey docs/pod docs/pod-spelling +docs/spdx-license-t perl/minimum-version perl/module-version perl/strict diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index f9dc6dd..7634d73 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -7,7 +7,7 @@ # Copyright 2006-2008, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # Load the test library. . "$C_TAP_SOURCE/tap/libtap.sh" diff --git a/tests/client/full-t.in b/tests/client/full-t.in index 1ad486c..5f7406a 100644 --- a/tests/client/full-t.in +++ b/tests/client/full-t.in @@ -8,7 +8,7 @@ # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/tests/client/prompt-t.in b/tests/client/prompt-t.in index d5e9f17..8c5ff9a 100644 --- a/tests/client/prompt-t.in +++ b/tests/client/prompt-t.in @@ -8,7 +8,7 @@ # Copyright 2008, 2010, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use warnings; diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in index 2e95a4e..c2e507c 100644 --- a/tests/client/rekey-t.in +++ b/tests/client/rekey-t.in @@ -7,7 +7,7 @@ # Copyright 2006-2008, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT # Load the test library. . "$C_TAP_SOURCE/tap/libtap.sh" diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake index f889edd..4d2d8a1 100755 --- a/tests/data/cmd-fake +++ b/tests/data/cmd-fake @@ -4,10 +4,10 @@ # the client test suite. It doesn't test any of the wallet server code. # # Written by Russ Allbery -# Copyright 2007, 2008, 2010 +# Copyright 2007-2008, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT command="$1" shift diff --git a/tests/docs/spdx-license-t b/tests/docs/spdx-license-t new file mode 100755 index 0000000..e05e13f --- /dev/null +++ b/tests/docs/spdx-license-t @@ -0,0 +1,133 @@ +#!/usr/bin/perl +# +# Check source files for SPDX-License-Identifier fields. +# +# Examine all source files in a distribution to check that they contain an +# SPDX-License-Identifier field. This does not check the syntax or whether +# the identifiers are valid. +# +# The canonical version of this file is maintained in the rra-c-util package, +# which can be found at . +# +# Copyright 2018 Russ Allbery +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. +# +# SPDX-License-Identifier: MIT + +use 5.006; +use strict; +use warnings; + +use lib "$ENV{C_TAP_SOURCE}/tap/perl"; + +use File::Basename qw(basename); +use Test::More; +use Test::RRA qw(skip_unless_automated); +use Test::RRA::Automake qw(all_files automake_setup); + +# File name (the file without any directory component) and path patterns to +# skip for this check. +## no critic (RegularExpressions::ProhibitFixedStringMatches) +my @IGNORE = ( + qr{ \A LICENSE \z }xms, # Generated file with no license itself + qr{ \A (NEWS|THANKS|TODO) \z }xms, # Package license should be fine + qr{ \A README ( [.] .* )? \z }xms, # Package license should be fine + qr{ \A (Makefile|libtool) \z }xms, # Generated file + qr{ [.] output \z }xms, # Test data +); +my @IGNORE_PATHS = ( + qr{ \A docs/metadata/ }xms, # Package license should be fine + qr{ \A docs/protocol[.](html|txt) \z }xms, # Generated by xml2rfc + qr{ \A m4/ (libtool|lt.*) [.] m4 \z }xms, # Files from Libtool + qr{ \A perl/Build \z }xms, # Perl build files + qr{ \A perl/MANIFEST \z }xms, # Perl build files + qr{ \A perl/MYMETA [.] }xms, # Perl build files + qr{ \A perl/blib/ }xms, # Perl build files + qr{ \A perl/cover_db/ }xms, # Perl test files + qr{ \A perl/_build }xms, # Perl build files + qr{ \A php/Makefile [.] global \z }xms, # Created by phpize + qr{ \A php/autom4te [.] cache/ }xms, # Created by phpize + qr{ \A php/acinclude [.] m4 \z }xms, # Created by phpize + qr{ \A php/build/ }xms, # Created by phpize + qr{ \A php/config [.] (guess|sub) \z }xms, # Created by phpize + qr{ \A php/configure [.] in \z }xms, # Created by phpize + qr{ \A php/ltmain [.] sh \z }xms, # Created by phpize + qr{ \A php/run-tests [.] php \z }xms, # Created by phpize + qr{ [.] l?a \z }xms, # Created by libtool +); +## use critic + +# Only run this test during automated testing, since failure doesn't indicate +# any user-noticable flaw in the package itself. +skip_unless_automated('SPDX identifier tests'); + +# Set up Automake testing. +automake_setup(); + +# Check a single file for an occurrence of the string. +# +# $path - Path to the file +# +# Returns: undef +sub check_file { + my ($path) = @_; + my $filename = basename($path); + + # Ignore files in the whitelist, binary files, and files under 1KB. The + # latter can be rolled up into the overall project license and the license + # notice may be a substantial portion of the file size. + for my $pattern (@IGNORE) { + return if $filename =~ $pattern; + } + for my $pattern (@IGNORE_PATHS) { + return if $path =~ $pattern; + } + return if !-T $path; + return if -s $path < 1024; + + # Scan the file. + my ($saw_spdx, $skip_spdx); + open(my $file, '<', $path) or BAIL_OUT("Cannot open $path: $!"); + while (defined(my $line = <$file>)) { + if ($line =~ m{ Generated [ ] by [ ] libtool [ ] }xms) { + close($file) or BAIL_OUT("Cannot close $path: $!"); + return; + } + if ($line =~ m{ \b SPDX-License-Identifier: \s+ \S+ }xms) { + $saw_spdx = 1; + last; + } + if ($line =~ m{ no \s SPDX-License-Identifier \s registered }xms) { + $skip_spdx = 1; + last; + } + } + close($file) or BAIL_OUT("Cannot close $path: $!"); + ok($saw_spdx || $skip_spdx, $path); + return; +} + +# Scan every file. We don't declare a plan since we skip a lot of files and +# don't want to precalculate the file list. +my @paths = all_files(); +for my $path (@paths) { + check_file($path); +} +done_testing(); diff --git a/tests/server/admin-t b/tests/server/admin-t index 8fde012..4d6670b 100755 --- a/tests/server/admin-t +++ b/tests/server/admin-t @@ -7,7 +7,7 @@ # Copyright 2008-2011, 2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use Test::More tests => 42; diff --git a/tests/server/backend-t b/tests/server/backend-t index e8ea1ce..de59458 100755 --- a/tests/server/backend-t +++ b/tests/server/backend-t @@ -7,7 +7,7 @@ # Copyright 2006-2014 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use Test::More tests => 1311; diff --git a/tests/server/keytab-t b/tests/server/keytab-t index 00c6e92..5cf6788 100755 --- a/tests/server/keytab-t +++ b/tests/server/keytab-t @@ -7,7 +7,7 @@ # Copyright 2006-2007, 2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use vars qw($CONFIG $KADMIN $SYSLOG $TMP); diff --git a/tests/server/report-t b/tests/server/report-t index 2e0cef7..20382f0 100755 --- a/tests/server/report-t +++ b/tests/server/report-t @@ -7,7 +7,7 @@ # Copyright 2008-2010 # The Board of Trustees of the Leland Stanford Junior University # -# See LICENSE for licensing terms. +# SPDX-License-Identifier: MIT use strict; use Test::More tests => 48; diff --git a/tests/tap/perl/Test/RRA/Automake.pm b/tests/tap/perl/Test/RRA/Automake.pm index 3ba5bcb..6c6e947 100644 --- a/tests/tap/perl/Test/RRA/Automake.pm +++ b/tests/tap/perl/Test/RRA/Automake.pm @@ -104,7 +104,7 @@ sub all_files { my $file = $_; my $path = $File::Find::name; $path =~ s{ \A [.]/ }{}xms; - if ($skip{$path} or $files_skip{$file} or $file =~ m{ [.] lo \z }xms) { + if ($skip{$path} || $files_skip{$file} || $file =~ m{ [.] lo \z }xms) { $File::Find::prune = 1; return; } -- cgit v1.2.3