From 66dd4a9093be4562d2c7a7a7d253d2afb034aef8 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 16 Jul 2014 15:51:13 -0700 Subject: Include the Duo type in the name of Duo integrations Eventually, there will be multiple object types for different Duo integrations, and they will need to have unique names. Add the Duo type in parentheses after the name to help ensure this. Change-Id: I679130f9136077fc6bf5d8c6c9ad98ec83b400d0 Reviewed-on: https://gerrit.stanford.edu/1573 Reviewed-by: Russ Allbery Tested-by: Russ Allbery --- perl/lib/Wallet/Object/Duo.pm | 2 +- perl/t/object/duo.t | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'perl') diff --git a/perl/lib/Wallet/Object/Duo.pm b/perl/lib/Wallet/Object/Duo.pm index e3fe2da..fcf3819 100644 --- a/perl/lib/Wallet/Object/Duo.pm +++ b/perl/lib/Wallet/Object/Duo.pm @@ -105,7 +105,7 @@ sub create { # Create the object in Duo. require Net::Duo::Admin::Integration; my %data = ( - name => $name, + name => "$name ($Wallet::Config::DUO_TYPE)", notes => 'Managed by wallet', type => $Wallet::Config::DUO_TYPE, ); diff --git a/perl/t/object/duo.t b/perl/t/object/duo.t index 4229afe..f73fe7e 100755 --- a/perl/t/object/duo.t +++ b/perl/t/object/duo.t @@ -70,7 +70,7 @@ $Wallet::Config::DUO_KEY_FILE = 't/data/duo/keys.json'; # Test creating an integration. note ('Test creating an integration'); my $expected = { - name => 'test', + name => 'test (unix)', notes => 'Managed by wallet', type => 'unix', }; -- cgit v1.2.3 From 8d66c66be27f795df314a69aeb49c75d075c8016 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 16 Jul 2014 15:52:51 -0700 Subject: Parse the Duo key_file in relaxed JSON mode When reading the Duo object configuration to retrieve the Duo admin server, parse the JSON in relaxed mode to match the behavior of Net::Duo itself. Otherwise, we get hung up on trailing commas that Net::Duo doesn't care about. Change-Id: I0a7347b22e379fe5dfe5fdabaec3e23420cf9a63 Reviewed-on: https://gerrit.stanford.edu/1574 Reviewed-by: Russ Allbery Tested-by: Russ Allbery --- perl/lib/Wallet/Object/Duo.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'perl') diff --git a/perl/lib/Wallet/Object/Duo.pm b/perl/lib/Wallet/Object/Duo.pm index fcf3819..6edc4fa 100644 --- a/perl/lib/Wallet/Object/Duo.pm +++ b/perl/lib/Wallet/Object/Duo.pm @@ -190,7 +190,7 @@ sub get { # We also need the admin server name, which we can get from the Duo object # configuration with a bit of JSON decoding. - my $json = JSON->new->utf8 (1); + my $json = JSON->new->utf8 (1)->relaxed (1); my $config = $json->decode (scalar slurp $Wallet::Config::DUO_KEY_FILE); # Construct the returned file. -- cgit v1.2.3 From 3e913fa65e9e5c1d687372b89b5467edb3e77973 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 16 Jul 2014 16:20:10 -0700 Subject: Go back to recording the ADMIN ACL in history This turned out to not be necessary for testing since I was already using sqlite3 to load an unversioned schema. Remove the offending line and restore the old code with some cleanup. Change-Id: I282b6f3b4754e4899222be6366b77a47f0cb7189 Reviewed-on: https://gerrit.stanford.edu/1575 Reviewed-by: Russ Allbery Tested-by: Russ Allbery --- NEWS | 5 ----- perl/lib/Wallet/Admin.pm | 18 ++++-------------- perl/t/general/admin.t | 1 - perl/t/general/server.t | 18 ++++++++++++++---- 4 files changed, 18 insertions(+), 24 deletions(-) (limited to 'perl') diff --git a/NEWS b/NEWS index 5764ffc..039494e 100644 --- a/NEWS +++ b/NEWS @@ -67,11 +67,6 @@ wallet 1.1 (2014-07-16) are referencing. Should fix destroy in MySQL and other database engines that enforce referential integrity. - The initial creation and membership of the ADMIN ACL during database - initialization or reinitialization is no longer recorded in the - acl_history table. (This is fallout from making a specific type of - upgrade testable, and may be fixed in the future.) - The wallet server now requires Perl 5.8 or later (instead of 5.006 in previous versions) and is now built with Module::Build instead of ExtUtils::MakeMaker. This should be transparent to anyone not working diff --git a/perl/lib/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm index 8481979..33e2a7d 100644 --- a/perl/lib/Wallet/Admin.pm +++ b/perl/lib/Wallet/Admin.pm @@ -98,20 +98,10 @@ sub initialize { $self->default_data; # Create a default admin ACL. - eval { - my $guard = $self->{schema}->txn_scope_guard; - $self->{schema}->resultset ('Acl')->populate ([ - [ qw/ac_id ac_name/ ], - [ 1, 'ADMIN' ], - ]); - $self->{schema}->resultset ('AclEntry')->populate ([ - [ qw/ae_id ae_scheme ae_identifier/ ], - [ 1, 'krb5', $user ], - ]); - $guard->commit; - }; - if ($@) { - $self->error ("cannot add ADMIN ACL: $@"); + my $schema = $self->{schema}; + my $acl = Wallet::ACL->create ('ADMIN', $schema, $user, 'localhost'); + unless ($acl->add ('krb5', $user, $user, 'localhost')) { + $self->error ($acl->error); return; } return 1; diff --git a/perl/t/general/admin.t b/perl/t/general/admin.t index 7c62932..47396c6 100755 --- a/perl/t/general/admin.t +++ b/perl/t/general/admin.t @@ -61,7 +61,6 @@ is ($server->acl_add ('ADMIN', 'base', 'foo'), 1, ' and adding a base ACL now works'); # Test re-initialization of the database. -$Wallet::Schema::VERSION = '0.07'; is ($admin->reinitialize ('admin@EXAMPLE.COM'), 1, ' and re-initialization succeeds'); diff --git a/perl/t/general/server.t b/perl/t/general/server.t index b270733..0a527a5 100755 --- a/perl/t/general/server.t +++ b/perl/t/general/server.t @@ -54,8 +54,18 @@ is ($server->acl_show ('ADMIN'), is ($server->acl_show (1), "Members of ACL ADMIN (id: 1) are:\n krb5 $admin\n", ' including by number'); -is ($server->acl_history ('ADMIN'), '', ' and initial history is empty'); -is ($server->acl_history (1), '', ' including by number'); +my $history = <<"EOO"; +DATE create + by $admin from $host +DATE add krb5 $admin + by $admin from $host +EOO +my $result = $server->acl_history ('ADMIN'); +$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; +is ($result, $history, ' and displaying history works'); +$result = $server->acl_history (1); +$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; +is ($result, $history, ' including by number'); is ($server->acl_create (3), undef, 'Cannot create ACL with a numeric name'); is ($server->error, 'ACL name may not be all numbers', ' and returns the right error'); @@ -107,7 +117,7 @@ is ($server->acl_add ('both', 'krb5', $user2), 1, is ($server->acl_show ('both'), "Members of ACL both (id: 4) are:\n krb5 $user1\n krb5 $user2\n", ' and show returns the correct result'); -my $history = <<"EOO"; +$history = <<"EOO"; DATE create by $admin from $host DATE add krb5 $user1 @@ -115,7 +125,7 @@ DATE add krb5 $user1 DATE add krb5 $user2 by $admin from $host EOO -my $result = $server->acl_history ('both'); +$result = $server->acl_history ('both'); $result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; is ($result, $history, ' as does history'); is ($server->acl_add ('empty', 'krb5', $user1), 1, ' and another to empty'); -- cgit v1.2.3