blob: b1a4a48a30c496c94f9cfa793c00f1c507d8ee22 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
User-Visible wallet Changes
wallet 0.5 (unreleased)
Allow the empty string in wallet-backend arguments.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
Load the Perl modules for ACL verifiers and object types dynamically
now that we're reading the class from the database.
Correctly implement the documented intention that setting an attribute
to the empty string clears the attribute values.
Fix the keytab principal validation regex to allow instances
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
Check a default creation ACL first before the ADMIN ACL when deciding
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
wallet 0.4 (2007-12-05)
Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them
over the life of the process if we see another ACL line from the same
scheme, rather than only reusing ACL verifiers within a single ACL.
Add a subclass of the NetDB ACL verifier that requires the principal
have an instance of "root" and strips that instance before checking
NetDB roles.
Determine the class for object and ACL schema implementations from the
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
Various coding style fixes and cleanup based on a much-appreciated
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
wallet 0.3 (2007-12-03)
MySQL is now a supported database backend and the full test suite
passes with MySQL.
Add support for running a user-defined function whenever an object is
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
Attempt to create the object with a default owner on get and store
when the object doesn't exist.
Add support for displaying the history of objects and ACLs.
Add an ACL verifier that checks access against NetDB roles using the
NetDB remctl interface.
The wallet backend script now logs all commands and errors to syslog.
The keytab backend now supports limiting generated keytabs to
particular enctypes by setting an attribute on the object.
Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
The wallet backend test suite now supports using a database other than
SQLite for testing.
wallet 0.2 (2007-10-08)
First public alpha release. Only tested with SQLite 3, no history
support, no object list support, and only keytab object and krb5 ACL
support.
wallet 0.1 (2007-03-08)
Internal release containing only kasetkey, a stub client, and design
documentation.
|
