1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
User-Visible wallet Changes
wallet 0.10 (unreleased)
Add support for Heimdal KDCs as well as MIT Kerberos KDCs. There is
now a mandatory new setting in Wallet::Config: $KEYTAB_KRBTYPE. It
should be set to either "MIT" or "Heimdal" depending on the Kerberos
KDC implementation used. The Heimdal support requires the
Heimdal::Kadm5 Perl module.
Remove kaserver synchronization support. It is no longer tested, and
retaining the code was increasing the complexity of wallet, and some
specific requirements (such as different realm names between kaserver
and Kerberos v5 and the kvno handling) were Stanford-specific. Rather
than using this support, AFS sites running kaserver will probably find
deploying Heimdal with its internal kaserver compatibility is probably
an easier transition approach.
Remove the kasetkey client for setting keys in an AFS kaserver.
The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S. Instead, it just extracts the DES key
from the keytab and writes it to a srvtab. It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab. This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
Correctly handle storing of data that begins with a dash and don't
parse it as an argument to wallet-backend.
Fix logging in wallet-backend and the remctl configuration to not log
the data passed to store.
Add additional reports for wallet-admin list: objects owned by a
specific ACL, objects owned by no one, objects of a specific type,
objects with a specific flag, objects for which a specific ACL has
privileges, ACLs with an entry with a given type and identifier, and
ACLs with no members.
Add a new report owners command to wallet-admin and corresponding
report_owners() method to Wallet::Admin, which returns all ACL lines
on owner ACLs for matching objects.
Report ACL names as well as numbers in object history.
wallet 0.9 (2008-04-24)
The wallet command-line client now reads the data for store from a
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line. The data still must not
contain nul characters.
Add support for enabling and disabling principals (clearing or setting
the NOTGS flag) and examining principals to kasetkey. This
functionality isn't used by wallet (and probably won't be) but is
convenient for other users of kasetkey such as kadmin-remctl.
Report the correct error message when addprinc fails while creating a
keytab object.
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
nonexistent file.
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Fix Autoconf syntax error when probing for libkrb5support. Thanks,
Mike Garrison.
wallet can now be built in a different directory than the source
directory.
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
Perl 5.8 is required to run the test suite, but IO::String is not.
Include Stanford's wallet.conf as an example (examples/stanford.conf).
wallet 0.8 (2008-02-13)
Fix the wallet client to use check instead of exists.
Add file object support to the wallet server.
Correctly handle get of an empty object in the wallet client. The
empty string is valid object content.
Wallet::Config and hence the wallet server now checks for the
environment variable WALLET_CONFIG and loads configuration from the
file specified there instead of /etc/wallet/wallet.conf if it is set.
wallet-backend now supports a -q flag, which disables syslog logging.
wallet-admin now supports registering new object or ACL verifier
implementations in the database.
Remove the restriction that all object implementations must have class
names of Wallet::Object::* and all ACL verifier implementations must
have class names of Wallet::ACL::*.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
Update the design documentation to reflect the current protocol and
implementation.
wallet 0.7 (2008-02-08)
Add new exists and autocreate wallet server interfaces. The first
states whether a given object exists and the second attempts to create
the object using the default owner rules. Remove default owner
handling from the create interface, which is now for administrators
only. Remove server-side auto-creation of objects on get or store and
instead have the client check for object existence and call autocreate
if necessary. This removes confusion between default ACLs and
administrative object creation for users who are also on the ADMIN
ACL.
When creating a srvtab based on a just-downloaded keytab, extract the
srvtab key before merging the keytab into an existing file.
Otherwise, if the new keys had a lower kvno than the old keys
(possible after deleting and recreating the object), the wrong key
would be extracted for the srvtab.
keytab-backend now passes kadmin.local ktadd its options in a specific
order to satisfy the picky option parser.
Check naming policy on wallet object creation before checking the
default ACLs to avoid creating and stranding an ACL when the naming
policy check fails.
The current version of Net::Remctl can't handle explicit undef or the
empty string as a principal argument. Be careful not to provide a
principal argument if no principal was set. This workaround can be
removed once we depend on a later version of Net::Remctl.
Correctly enable syslog logging in wallet-backend.
Fix the example remctl configuration for keytab-backend to use the
correct script name.
wallet 0.6 (2008-01-28)
SECURITY: If -f is used and the output file name with ".new" appended
already exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
The wallet client can now get the server, port, principal, and remctl
type from krb5.conf as well as from compile-time defaults and
command-line options.
When getting a keytab with the client with no -f option, correctly
write the keytab to standard output rather than dying with a cryptic
error.
When downloading a keytab to a file that already exists, merge the new
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
The wallet client now supports a -u option, saying to obtain Kerberos
credentials for the given user and use those for authentication rather
than using an existing ticket cache.
Add a wallet-admin program which can initialize and destroy the
database and list all objects and ACLs in the database.
Support enforcing a naming policy for wallet objects via a Perl
function in the wallet server configuration file.
The build system now probes for GSS-API, Kerberos v5 and v4, and AFS
libraries as necessary rather than hard-coding libraries. Building
on systems without strong shared library dependencies and building
against static libraries should now work.
Building kasetkey (for AFS kaserver synchronization) is now optional
and not enabled by default. Pass --with-afs to configure to enable
it. This allows wallet to be easily built in an environment without
AFS.
Add a sample script (contrib/wallet-report) showing one way of
reporting on the contents of the wallet database. This will
eventually become more general.
wallet 0.5 (2007-12-06)
Allow the empty string in wallet-backend arguments.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
Load the Perl modules for ACL verifiers and object types dynamically
now that we're reading the class from the database.
Correctly implement the documented intention that setting an attribute
to the empty string clears the attribute values.
Fix the keytab principal validation regex to allow instances
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
Check a default creation ACL first before the ADMIN ACL when deciding
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
wallet 0.4 (2007-12-05)
Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them
over the life of the process if we see another ACL line from the same
scheme, rather than only reusing ACL verifiers within a single ACL.
Add a subclass of the NetDB ACL verifier that requires the principal
have an instance of "root" and strips that instance before checking
NetDB roles.
Determine the class for object and ACL schema implementations from the
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
Various coding style fixes and cleanup based on a much-appreciated
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
wallet 0.3 (2007-12-03)
MySQL is now a supported database backend and the full test suite
passes with MySQL.
Add support for running a user-defined function whenever an object is
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
Attempt to create the object with a default owner on get and store
when the object doesn't exist.
Add support for displaying the history of objects and ACLs.
Add an ACL verifier that checks access against NetDB roles using the
NetDB remctl interface.
The wallet backend script now logs all commands and errors to syslog.
The keytab backend now supports limiting generated keytabs to
particular enctypes by setting an attribute on the object.
Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
The wallet backend test suite now supports using a database other than
SQLite for testing.
wallet 0.2 (2007-10-08)
First public alpha release. Only tested with SQLite 3, no history
support, no object list support, and only keytab object and krb5 ACL
support.
wallet 0.1 (2007-03-08)
Internal release containing only kasetkey, a stub client, and design
documentation.
|
