User-Visible wallet Changes wallet 0.6 (2008-01-28) SECURITY: If -f is used and the output file name with ".new" appended already exists, unlink it first and then create it safely rather than truncating it. This is much safer when creating files in a world-writable directory. The wallet client can now get the server, port, principal, and remctl type from krb5.conf as well as from compile-time defaults and command-line options. When getting a keytab with the client with no -f option, correctly write the keytab to standard output rather than dying with a cryptic error. When downloading a keytab to a file that already exists, merge the new keytab keys into that file rather than moving aside the old keytab and creating a new keytab with only the new keys. The wallet client now supports a -u option, saying to obtain Kerberos credentials for the given user and use those for authentication rather than using an existing ticket cache. Add a wallet-admin program which can initialize and destroy the database and list all objects and ACLs in the database. Support enforcing a naming policy for wallet objects via a Perl function in the wallet server configuration file. The build system now probes for GSS-API, Kerberos v5 and v4, and AFS libraries as necessary rather than hard-coding libraries. Building on systems without strong shared library dependencies and building against static libraries should now work. Building kasetkey (for AFS kaserver synchronization) is now optional and not enabled by default. Pass --with-afs to configure to enable it. This allows wallet to be easily built in an environment without AFS. Add a sample script (contrib/wallet-report) showing one way of reporting on the contents of the wallet database. This will eventually become more general. wallet 0.5 (2007-12-06) Allow the empty string in wallet-backend arguments. Allow @ in wallet-backend arguments so that principal names can be passed in. Load the Perl modules for ACL verifiers and object types dynamically now that we're reading the class from the database. Correctly implement the documented intention that setting an attribute to the empty string clears the attribute values. Fix the keytab principal validation regex to allow instances containing periods. Otherwise, it's hard to manage host keytabs. Add a missing test suite for that method. When writing to a file in the wallet client program, remove an old backup file before creating a new backup and don't fail if the backup already exists. Check a default creation ACL first before the ADMIN ACL when deciding whether we can auto-create a non-existent ACL, since creating one with the ADMIN ACL doesn't create a useful object. wallet 0.4 (2007-12-05) Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL. Add a subclass of the NetDB ACL verifier that requires the principal have an instance of "root" and strips that instance before checking NetDB roles. Determine the class for object and ACL schema implementations from the database rather than a hard-coded list and provide Wallet::Schema methods for adding new class mappings. Add a missing class mapping for the netdb ACL schema verifier. Various coding style fixes and cleanup based on a much-appreciated code audit by Simon Cozens. I didn't take all of his advise, and he shouldn't be blamed for any remaining issues. wallet 0.3 (2007-12-03) MySQL is now a supported database backend and the full test suite passes with MySQL. Add support for running a user-defined function whenever an object is created by a non-ADMIN user and using the default owner ACL returned by that function provided that the calling user is authorized by that ACL. This permits dynamic creation of new objects based on a default owner ACL programmatically determined from the name of the object. Attempt to create the object with a default owner on get and store when the object doesn't exist. Add support for displaying the history of objects and ACLs. Add an ACL verifier that checks access against NetDB roles using the NetDB remctl interface. The wallet backend script now logs all commands and errors to syslog. The keytab backend now supports limiting generated keytabs to particular enctypes by setting an attribute on the object. Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of seconds since epoch and returned the same way. Timestamps are now stored in the database as correct date and time types rather than seconds since epoch to work properly with MySQL. The wallet backend test suite now supports using a database other than SQLite for testing. wallet 0.2 (2007-10-08) First public alpha release. Only tested with SQLite 3, no history support, no object list support, and only keytab object and krb5 ACL support. wallet 0.1 (2007-03-08) Internal release containing only kasetkey, a stub client, and design documentation.