path: root/NEWS

                       User-Visible wallet Changes

wallet 0.12 (unreleased)

    Add a objects unused report to wallet-report and Wallet::Report,
    returning all objects that have never been downloaded (in other words,
    have never been the target of a get command).

    Add an acls duplicate report to wallet-report and Wallet::Report,
    returning sets of ACLs that have exactly the same entries.

    Add a help command to wallet-report, which returns a summary of all
    available commands.

wallet 0.11 (2010-03-08)

    When deleting an ACL on the server, verify that the ACL is not
    referenced by any object first.  Database referential integrity should
    also catch this, but not all database backends may enforce referential
    integrity.  This also allows us to return a better error message
    naming an object that's still using that ACL.

    Wallet::Config now supports an additional local function,
    verify_acl_name, which can be used to enforce ACL naming policies.  If
    set, it is called for any ACL creation or rename and can reject the
    new ACL name.

    Add an audit command to wallet-report and two audits: acls name, which
    returns all ACLs that do not pass the local naming policy, and objects
    name, which does the same for objects.  The corresponding
    Wallet::Report method is audit().

    Add the acls unused report to wallet-report and Wallet::Report,
    returning all ACLs not referenced by any database objects.

    Wallet::Config::verify_name may now be called with an undefined third
    argument (normally the user attempting to create an object).  This
    calling convention is used when auditing, and the local policy
    function should select the correct policy to apply for useful audit
    results.

    Fix portability to older Kerberos libraries without
    krb5_free_error_message.

wallet 0.10 (2010-02-21)

    Add support for Heimdal KDCs as well as MIT Kerberos KDCs.  There is
    now a mandatory new setting in Wallet::Config: $KEYTAB_KRBTYPE.  It
    should be set to either "MIT" or "Heimdal" depending on the Kerberos
    KDC implementation used.  The Heimdal support requires the
    Heimdal::Kadm5 Perl module.

    Remove kaserver synchronization support.  It is no longer tested, and
    retaining the code was increasing the complexity of wallet, and some
    specific requirements (such as different realm names between kaserver
    and Kerberos v5 and the kvno handling) were Stanford-specific.  Rather
    than using this support, AFS sites running kaserver will probably find
    deploying Heimdal with its internal kaserver compatibility is probably
    an easier transition approach.

    Remove the kasetkey client for setting keys in an AFS kaserver.

    The wallet client no longer enables kaserver synchronization when a
    srvtab is requested with -S.  Instead, it just extracts the DES key
    from the keytab and writes it to a srvtab.  It no longer forces the
    kvno of the srvtab to 0 (a Stanford-specific action) and instead
    preserves the kvno from the key in the keytab.  This should now do the
    right thing for sites that use a KDC that serves both Kerberos v4 and
    Kerberos v5 from the same database.

    The wallet client can now store data containing nul characters and
    wallet-backend will accept it if passed on standard input instead of
    as a command-line argument.  See config/wallet for the new required
    remctld configuration.  Storing data containing nul characters
    requires remctl 2.14 or later.

    Correctly handle storing of data that begins with a dash and don't
    parse it as an argument to wallet-backend.

    Fix logging in wallet-backend and the remctl configuration to not log
    the data passed to store.

    Move all reporting from Wallet::Admin to Wallet::Report and simplify
    the method names since they're now part of a dedicated reporting
    class.  Similarly, create a new wallet-report script to wrap
    Wallet::Report, moving all reporting commands to it from wallet-admin,
    and simplify the commands since they're for a dedicated reporting
    script.

    Add additional reports for wallet-report: objects owned by a specific
    ACL, objects owned by no one, objects of a specific type, objects with
    a specific flag, objects for which a specific ACL has privileges, ACLs
    with an entry with a given type and identifier, and ACLs with no
    members.

    Add a new owners command to wallet-report and corresponding owners()
    method to Wallet::Report, which returns all ACL lines on owner ACLs
    for matching objects.

    Report ACL names as well as numbers in object history.

    The wallet client now uses a temporary disk ticket cache when
    obtaining tickets with the -u option rather than an in-memory cache,
    allowing for a libremctl built against a different Kerberos
    implementation than the wallet client.  This primarily helps with
    testing.

    Update to rra-c-util 2.3:

    * Use Kerberos portability layer to support Heimdal.
    * Avoid Kerberos API calls deprecated on Heimdal.
    * Sanity-check the results of krb5-config before proceeding.
    * Fall back on manual probing if krb5-config results don't work.
    * Add --with-krb5-include and --with-krb5-lib configure options.
    * Add --with-remctl-include and --with-remctl-lib configure options.
    * Add --with-gssapi-include and --with-gssapi-lib configure options.
    * Don't break if the user clobbers CPPFLAGS at build time.
    * Suppress error output from krb5-config probes.
    * Prefer KRB5_CONFIG over a path constructed from --with-*.
    * Update GSS-API probes for Solaris 10's native implementation.
    * Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf.
    * Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]).
    * Provide a proper bool type with Sun Studio 12 on Solaris 10.
    * Break util/util.h into separate header files per module.
    * Update portable and util tests for C TAP Harness 1.1.

    Update to C TAP Harness 1.1:

    * Remove the need for Autoconf substitution in test programs.
    * Support running a single test program with runtests -o.
    * Properly handle test cases that are skipped in their entirety.
    * Much improved C TAP library more closely matching Test::More.

wallet 0.9 (2008-04-24)

    The wallet command-line client now reads the data for store from a
    file (using -f) or from standard input (if -f wasn't given) when the
    data isn't specified on the command line.  The data still must not
    contain nul characters.

    Add support for enabling and disabling principals (clearing or setting
    the NOTGS flag) and examining principals to kasetkey.  This
    functionality isn't used by wallet (and probably won't be) but is
    convenient for other users of kasetkey such as kadmin-remctl.

    Report the correct error message when addprinc fails while creating a
    keytab object.

    The configure option requesting AFS kaserver support (and thus
    building kasetkey) is now --with-kaserver instead of --with-afs.

    If KRB5_CONFIG was explicitly set in the environment, don't use a
    different krb5-config based on --with-krb4 or --with-krb5.  If
    krb5-config isn't executable, don't use it.  This allows one to
    force library probing by setting KRB5_CONFIG to point to a
    nonexistent file.

    Sanity-check the results of krb5-config before proceeding and error
    out in configure if they don't work.

    Fix Autoconf syntax error when probing for libkrb5support.  Thanks,
    Mike Garrison.

    wallet can now be built in a different directory than the source
    directory.

    Stop setting Stanford-specific compile-time defaults for the wallet
    server and port.

    Perl 5.8 is required to run the test suite, but IO::String is not.

    Include Stanford's wallet.conf as an example (examples/stanford.conf).

wallet 0.8 (2008-02-13)

    Fix the wallet client to use check instead of exists.

    Add file object support to the wallet server.

    Correctly handle get of an empty object in the wallet client.  The
    empty string is valid object content.

    Wallet::Config and hence the wallet server now checks for the
    environment variable WALLET_CONFIG and loads configuration from the
    file specified there instead of /etc/wallet/wallet.conf if it is set.

    wallet-backend now supports a -q flag, which disables syslog logging.

    wallet-admin now supports registering new object or ACL verifier
    implementations in the database.

    Remove the restriction that all object implementations must have class
    names of Wallet::Object::* and all ACL verifier implementations must
    have class names of Wallet::ACL::*.

    Add a full end-to-end test suite to catch protocol mismatches between
    the client and server, such as the one fixed in this release.

    Update the design documentation to reflect the current protocol and
    implementation.

wallet 0.7 (2008-02-08)

    Add new exists and autocreate wallet server interfaces.  The first
    states whether a given object exists and the second attempts to create
    the object using the default owner rules.  Remove default owner
    handling from the create interface, which is now for administrators
    only.  Remove server-side auto-creation of objects on get or store and
    instead have the client check for object existence and call autocreate
    if necessary.  This removes confusion between default ACLs and
    administrative object creation for users who are also on the ADMIN
    ACL.

    When creating a srvtab based on a just-downloaded keytab, extract the
    srvtab key before merging the keytab into an existing file.
    Otherwise, if the new keys had a lower kvno than the old keys
    (possible after deleting and recreating the object), the wrong key
    would be extracted for the srvtab.

    keytab-backend now passes kadmin.local ktadd its options in a specific
    order to satisfy the picky option parser.

    Check naming policy on wallet object creation before checking the
    default ACLs to avoid creating and stranding an ACL when the naming
    policy check fails.

    The current version of Net::Remctl can't handle explicit undef or the
    empty string as a principal argument.  Be careful not to provide a
    principal argument if no principal was set.  This workaround can be
    removed once we depend on a later version of Net::Remctl.

    Correctly enable syslog logging in wallet-backend.

    Fix the example remctl configuration for keytab-backend to use the
    correct script name.

wallet 0.6 (2008-01-28)

    SECURITY: If -f is used and the output file name with ".new" appended
    already exists, unlink it first and then create it safely rather than
    truncating it.  This is much safer when creating files in a
    world-writable directory.

    The wallet client can now get the server, port, principal, and remctl
    type from krb5.conf as well as from compile-time defaults and
    command-line options.

    When getting a keytab with the client with no -f option, correctly
    write the keytab to standard output rather than dying with a cryptic
    error.

    When downloading a keytab to a file that already exists, merge the new
    keytab keys into that file rather than moving aside the old keytab and
    creating a new keytab with only the new keys.

    The wallet client now supports a -u option, saying to obtain Kerberos
    credentials for the given user and use those for authentication rather
    than using an existing ticket cache.

    Add a wallet-admin program which can initialize and destroy the
    database and list all objects and ACLs in the database.

    Support enforcing a naming policy for wallet objects via a Perl
    function in the wallet server configuration file.

    The build system now probes for GSS-API, Kerberos v5 and v4, and AFS
    libraries as necessary rather than hard-coding libraries.  Building
    on systems without strong shared library dependencies and building
    against static libraries should now work.

    Building kasetkey (for AFS kaserver synchronization) is now optional
    and not enabled by default.  Pass --with-afs to configure to enable
    it.  This allows wallet to be easily built in an environment without
    AFS.

    Add a sample script (contrib/wallet-report) showing one way of
    reporting on the contents of the wallet database.  This will
    eventually become more general.

wallet 0.5 (2007-12-06)

    Allow the empty string in wallet-backend arguments.

    Allow @ in wallet-backend arguments so that principal names can be
    passed in.

    Load the Perl modules for ACL verifiers and object types dynamically
    now that we're reading the class from the database.

    Correctly implement the documented intention that setting an attribute
    to the empty string clears the attribute values.

    Fix the keytab principal validation regex to allow instances
    containing periods.  Otherwise, it's hard to manage host keytabs.  Add
    a missing test suite for that method.

    When writing to a file in the wallet client program, remove an old
    backup file before creating a new backup and don't fail if the backup
    already exists.

    Check a default creation ACL first before the ADMIN ACL when deciding
    whether we can auto-create a non-existent ACL, since creating one with
    the ADMIN ACL doesn't create a useful object.

wallet 0.4 (2007-12-05)

    Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them
    over the life of the process if we see another ACL line from the same
    scheme, rather than only reusing ACL verifiers within a single ACL.

    Add a subclass of the NetDB ACL verifier that requires the principal
    have an instance of "root" and strips that instance before checking
    NetDB roles.

    Determine the class for object and ACL schema implementations from the
    database rather than a hard-coded list and provide Wallet::Schema
    methods for adding new class mappings.

    Add a missing class mapping for the netdb ACL schema verifier.

    Various coding style fixes and cleanup based on a much-appreciated
    code audit by Simon Cozens.  I didn't take all of his advise, and he
    shouldn't be blamed for any remaining issues.

wallet 0.3 (2007-12-03)

    MySQL is now a supported database backend and the full test suite
    passes with MySQL.

    Add support for running a user-defined function whenever an object is
    created by a non-ADMIN user and using the default owner ACL returned
    by that function provided that the calling user is authorized by that
    ACL.  This permits dynamic creation of new objects based on a default
    owner ACL programmatically determined from the name of the object.

    Attempt to create the object with a default owner on get and store
    when the object doesn't exist.

    Add support for displaying the history of objects and ACLs.

    Add an ACL verifier that checks access against NetDB roles using the
    NetDB remctl interface.

    The wallet backend script now logs all commands and errors to syslog.

    The keytab backend now supports limiting generated keytabs to
    particular enctypes by setting an attribute on the object.

    Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of
    seconds since epoch and returned the same way.  Timestamps are now
    stored in the database as correct date and time types rather than
    seconds since epoch to work properly with MySQL.

    The wallet backend test suite now supports using a database other than
    SQLite for testing.

wallet 0.2 (2007-10-08)

    First public alpha release.  Only tested with SQLite 3, no history
    support, no object list support, and only keytab object and krb5 ACL
    support.

wallet 0.1 (2007-03-08)

    Internal release containing only kasetkey, a stub client, and design
    documentation.