1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
User-Visible wallet Changes
wallet 0.9 (unreleased)
Add support for enabling and disabling principals (clearing or setting
the NOTGS flag) and examining principals to kasetkey. This
functionality isn't used by wallet (and probably won't be) but is
convenient for other users of kasetkey such as kadmin-remctl.
Report the correct error message when addprinc fails while creating a
keytab object.
Fix Autoconf syntax error when probing for libkrb5support. Thanks,
Mike Garrison.
wallet 0.8 (2008-02-13)
Fix the wallet client to use check instead of exists.
Add file object support to the wallet server.
Correctly handle get of an empty object in the wallet client. The
empty string is valid object content.
Wallet::Config and hence the wallet server now checks for the
environment variable WALLET_CONFIG and loads configuration from the
file specified there instead of /etc/wallet/wallet.conf if it is set.
wallet-backend now supports a -q flag, which disables syslog logging.
wallet-admin now supports registering new object or ACL verifier
implementations in the database.
Remove the restriction that all object implementations must have class
names of Wallet::Object::* and all ACL verifier implementations must
have class names of Wallet::ACL::*.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
Update the design documentation to reflect the current protocol and
implementation.
wallet 0.7 (2008-02-08)
Add new exists and autocreate wallet server interfaces. The first
states whether a given object exists and the second attempts to create
the object using the default owner rules. Remove default owner
handling from the create interface, which is now for administrators
only. Remove server-side auto-creation of objects on get or store and
instead have the client check for object existence and call autocreate
if necessary. This removes confusion between default ACLs and
administrative object creation for users who are also on the ADMIN
ACL.
When creating a srvtab based on a just-downloaded keytab, extract the
srvtab key before merging the keytab into an existing file.
Otherwise, if the new keys had a lower kvno than the old keys
(possible after deleting and recreating the object), the wrong key
would be extracted for the srvtab.
keytab-backend now passes kadmin.local ktadd its options in a specific
order to satisfy the picky option parser.
Check naming policy on wallet object creation before checking the
default ACLs to avoid creating and stranding an ACL when the naming
policy check fails.
The current version of Net::Remctl can't handle explicit undef or the
empty string as a principal argument. Be careful not to provide a
principal argument if no principal was set. This workaround can be
removed once we depend on a later version of Net::Remctl.
Correctly enable syslog logging in wallet-backend.
Fix the example remctl configuration for keytab-backend to use the
correct script name.
wallet 0.6 (2008-01-28)
SECURITY: If -f is used and the output file name with ".new" appended
already exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
The wallet client can now get the server, port, principal, and remctl
type from krb5.conf as well as from compile-time defaults and
command-line options.
When getting a keytab with the client with no -f option, correctly
write the keytab to standard output rather than dying with a cryptic
error.
When downloading a keytab to a file that already exists, merge the new
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
The wallet client now supports a -u option, saying to obtain Kerberos
credentials for the given user and use those for authentication rather
than using an existing ticket cache.
Add a wallet-admin program which can initialize and destroy the
database and list all objects and ACLs in the database.
Support enforcing a naming policy for wallet objects via a Perl
function in the wallet server configuration file.
The build system now probes for GSS-API, Kerberos v5 and v4, and AFS
libraries as necessary rather than hard-coding libraries. Building
on systems without strong shared library dependencies and building
against static libraries should now work.
Building kasetkey (for AFS kaserver synchronization) is now optional
and not enabled by default. Pass --with-afs to configure to enable
it. This allows wallet to be easily built in an environment without
AFS.
Add a sample script (contrib/wallet-report) showing one way of
reporting on the contents of the wallet database. This will
eventually become more general.
wallet 0.5 (2007-12-06)
Allow the empty string in wallet-backend arguments.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
Load the Perl modules for ACL verifiers and object types dynamically
now that we're reading the class from the database.
Correctly implement the documented intention that setting an attribute
to the empty string clears the attribute values.
Fix the keytab principal validation regex to allow instances
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
Check a default creation ACL first before the ADMIN ACL when deciding
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
wallet 0.4 (2007-12-05)
Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them
over the life of the process if we see another ACL line from the same
scheme, rather than only reusing ACL verifiers within a single ACL.
Add a subclass of the NetDB ACL verifier that requires the principal
have an instance of "root" and strips that instance before checking
NetDB roles.
Determine the class for object and ACL schema implementations from the
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
Various coding style fixes and cleanup based on a much-appreciated
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
wallet 0.3 (2007-12-03)
MySQL is now a supported database backend and the full test suite
passes with MySQL.
Add support for running a user-defined function whenever an object is
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
Attempt to create the object with a default owner on get and store
when the object doesn't exist.
Add support for displaying the history of objects and ACLs.
Add an ACL verifier that checks access against NetDB roles using the
NetDB remctl interface.
The wallet backend script now logs all commands and errors to syslog.
The keytab backend now supports limiting generated keytabs to
particular enctypes by setting an attribute on the object.
Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
The wallet backend test suite now supports using a database other than
SQLite for testing.
wallet 0.2 (2007-10-08)
First public alpha release. Only tested with SQLite 3, no history
support, no object list support, and only keytab object and krb5 ACL
support.
wallet 0.1 (2007-03-08)
Internal release containing only kasetkey, a stub client, and design
documentation.
|
