User-Visible wallet Changes wallet 0.10 (unreleased) Correctly handle storing of data that begins with a dash and don't parse it as an argument to wallet-backend. Fix logging in wallet-backend and the remctl configuration to not log the data passed to store. Add a new report owners command to wallet-admin and corresponding report_owners() method to Wallet::Admin, which returns all ACL lines on owner ACLs for matching objects. wallet 0.9 (2008-04-24) The wallet command-line client now reads the data for store from a file (using -f) or from standard input (if -f wasn't given) when the data isn't specified on the command line. The data still must not contain nul characters. Add support for enabling and disabling principals (clearing or setting the NOTGS flag) and examining principals to kasetkey. This functionality isn't used by wallet (and probably won't be) but is convenient for other users of kasetkey such as kadmin-remctl. Report the correct error message when addprinc fails while creating a keytab object. The configure option requesting AFS kaserver support (and thus building kasetkey) is now --with-kaserver instead of --with-afs. If KRB5_CONFIG was explicitly set in the environment, don't use a different krb5-config based on --with-krb4 or --with-krb5. If krb5-config isn't executable, don't use it. This allows one to force library probing by setting KRB5_CONFIG to point to a nonexistent file. Sanity-check the results of krb5-config before proceeding and error out in configure if they don't work. Fix Autoconf syntax error when probing for libkrb5support. Thanks, Mike Garrison. wallet can now be built in a different directory than the source directory. Stop setting Stanford-specific compile-time defaults for the wallet server and port. Perl 5.8 is required to run the test suite, but IO::String is not. Include Stanford's wallet.conf as an example (examples/stanford.conf). wallet 0.8 (2008-02-13) Fix the wallet client to use check instead of exists. Add file object support to the wallet server. Correctly handle get of an empty object in the wallet client. The empty string is valid object content. Wallet::Config and hence the wallet server now checks for the environment variable WALLET_CONFIG and loads configuration from the file specified there instead of /etc/wallet/wallet.conf if it is set. wallet-backend now supports a -q flag, which disables syslog logging. wallet-admin now supports registering new object or ACL verifier implementations in the database. Remove the restriction that all object implementations must have class names of Wallet::Object::* and all ACL verifier implementations must have class names of Wallet::ACL::*. Add a full end-to-end test suite to catch protocol mismatches between the client and server, such as the one fixed in this release. Update the design documentation to reflect the current protocol and implementation. wallet 0.7 (2008-02-08) Add new exists and autocreate wallet server interfaces. The first states whether a given object exists and the second attempts to create the object using the default owner rules. Remove default owner handling from the create interface, which is now for administrators only. Remove server-side auto-creation of objects on get or store and instead have the client check for object existence and call autocreate if necessary. This removes confusion between default ACLs and administrative object creation for users who are also on the ADMIN ACL. When creating a srvtab based on a just-downloaded keytab, extract the srvtab key before merging the keytab into an existing file. Otherwise, if the new keys had a lower kvno than the old keys (possible after deleting and recreating the object), the wrong key would be extracted for the srvtab. keytab-backend now passes kadmin.local ktadd its options in a specific order to satisfy the picky option parser. Check naming policy on wallet object creation before checking the default ACLs to avoid creating and stranding an ACL when the naming policy check fails. The current version of Net::Remctl can't handle explicit undef or the empty string as a principal argument. Be careful not to provide a principal argument if no principal was set. This workaround can be removed once we depend on a later version of Net::Remctl. Correctly enable syslog logging in wallet-backend. Fix the example remctl configuration for keytab-backend to use the correct script name. wallet 0.6 (2008-01-28) SECURITY: If -f is used and the output file name with ".new" appended already exists, unlink it first and then create it safely rather than truncating it. This is much safer when creating files in a world-writable directory. The wallet client can now get the server, port, principal, and remctl type from krb5.conf as well as from compile-time defaults and command-line options. When getting a keytab with the client with no -f option, correctly write the keytab to standard output rather than dying with a cryptic error. When downloading a keytab to a file that already exists, merge the new keytab keys into that file rather than moving aside the old keytab and creating a new keytab with only the new keys. The wallet client now supports a -u option, saying to obtain Kerberos credentials for the given user and use those for authentication rather than using an existing ticket cache. Add a wallet-admin program which can initialize and destroy the database and list all objects and ACLs in the database. Support enforcing a naming policy for wallet objects via a Perl function in the wallet server configuration file. The build system now probes for GSS-API, Kerberos v5 and v4, and AFS libraries as necessary rather than hard-coding libraries. Building on systems without strong shared library dependencies and building against static libraries should now work. Building kasetkey (for AFS kaserver synchronization) is now optional and not enabled by default. Pass --with-afs to configure to enable it. This allows wallet to be easily built in an environment without AFS. Add a sample script (contrib/wallet-report) showing one way of reporting on the contents of the wallet database. This will eventually become more general. wallet 0.5 (2007-12-06) Allow the empty string in wallet-backend arguments. Allow @ in wallet-backend arguments so that principal names can be passed in. Load the Perl modules for ACL verifiers and object types dynamically now that we're reading the class from the database. Correctly implement the documented intention that setting an attribute to the empty string clears the attribute values. Fix the keytab principal validation regex to allow instances containing periods. Otherwise, it's hard to manage host keytabs. Add a missing test suite for that method. When writing to a file in the wallet client program, remove an old backup file before creating a new backup and don't fail if the backup already exists. Check a default creation ACL first before the ADMIN ACL when deciding whether we can auto-create a non-existent ACL, since creating one with the ADMIN ACL doesn't create a useful object. wallet 0.4 (2007-12-05) Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL. Add a subclass of the NetDB ACL verifier that requires the principal have an instance of "root" and strips that instance before checking NetDB roles. Determine the class for object and ACL schema implementations from the database rather than a hard-coded list and provide Wallet::Schema methods for adding new class mappings. Add a missing class mapping for the netdb ACL schema verifier. Various coding style fixes and cleanup based on a much-appreciated code audit by Simon Cozens. I didn't take all of his advise, and he shouldn't be blamed for any remaining issues. wallet 0.3 (2007-12-03) MySQL is now a supported database backend and the full test suite passes with MySQL. Add support for running a user-defined function whenever an object is created by a non-ADMIN user and using the default owner ACL returned by that function provided that the calling user is authorized by that ACL. This permits dynamic creation of new objects based on a default owner ACL programmatically determined from the name of the object. Attempt to create the object with a default owner on get and store when the object doesn't exist. Add support for displaying the history of objects and ACLs. Add an ACL verifier that checks access against NetDB roles using the NetDB remctl interface. The wallet backend script now logs all commands and errors to syslog. The keytab backend now supports limiting generated keytabs to particular enctypes by setting an attribute on the object. Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of seconds since epoch and returned the same way. Timestamps are now stored in the database as correct date and time types rather than seconds since epoch to work properly with MySQL. The wallet backend test suite now supports using a database other than SQLite for testing. wallet 0.2 (2007-10-08) First public alpha release. Only tested with SQLite 3, no history support, no object list support, and only keytab object and krb5 ACL support. wallet 0.1 (2007-03-08) Internal release containing only kasetkey, a stub client, and design documentation.