Russ Allbery [Mon, 4 Jun 2018 00:52:20 +0000 (17:52 -0700)]
Fix skipping in verifier/netdb test
If AUTHOR_TESTING wasn't set, the test would plan twice. Fix this
by restructuring it to delay printing a plan and convert the
Kerberos ticket test to a skip_all plan.
Russ Allbery [Mon, 4 Jun 2018 00:14:01 +0000 (17:14 -0700)]
Update standards version to 4.1.4
* Update standards version to 4.1.4.
- Use https URLs for Vcs-* fields in debian/control.
- Use https URL for debian/copyright Format field.
- Change Priority: extra to optional since extra has been retired.
Russ Allbery [Sun, 3 Jun 2018 23:47:33 +0000 (16:47 -0700)]
Fix loading of server programs in tests
The eval was hiding all error messages when the test didn't work
properly, and C_TAP_SOURCE doesn't have the generated version with
the proper path to Perl.
Russ Allbery [Sun, 3 Jun 2018 22:36:21 +0000 (15:36 -0700)]
Add SPDX-License-Identifier headers
Add SPDX-License-Identifier headers to all substantial source files.
Collapse copyright years. Add some Emacs configuration for files
where the copyright notice is at the end. Add a test that every
file has SPDX-License-Identifier.
Russ Allbery [Sun, 3 Jun 2018 20:43:24 +0000 (13:43 -0700)]
Rewrite documentation using DocKnot
Numerous fixes to the README file by converging on standard
templates. Add a README.md for GitHub. Break thanks out into
a separate THANKS file following the convention used by remctl.
Russ Allbery [Mon, 28 May 2018 22:06:46 +0000 (15:06 -0700)]
Pass realm to krb5_appdefault_* functions
When getting configuration values from krb5.conf, pass the default
local realm into the Kerberos appdefault functions. This will produce
more correct results with krb5.conf files that specify wallet
configuration for multiple realms.
Russ Allbery [Mon, 28 May 2018 05:05:31 +0000 (22:05 -0700)]
Add obsolete-strings test and fix problems it finds
Mostly changing http eyrie.org URLs to https, but also remove my
old email address in one place and switch some tests away from my
old RRA_MAINTAINER_TESTS environment variable to use the Lancaster
Consensus variables properly. This uncovered a bug in skipping one
test unless Stanford Kerberos credentials existed.
Russ Allbery [Mon, 28 May 2018 03:59:59 +0000 (20:59 -0700)]
Update to rra-c-util 7.2 and C TAP Harness 4.3
Update to rra-c-util 7.2:
* Improve configure output for krb5-config testing.
* Define UINT32_MAX for systems that don't have it.
* Add SPDX-License-Identifier headers to all substantial source files.
* Fix new warnings from GCC 7 and Clang warnings.
* Require Test::Strict 0.25 or later to run those tests.
* Fix off-by-one error in return-value checks for snprintf.
* Use Autoconf to probe for supported warning flags.
* Fix running module-version-t -u with current versions of Perl.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Update to C TAP Harness 4.3:
* Add support for valgrind and libtool in test lists.
* Report test failures as left and right, not wanted and expected.
* Fix string comparisons with NULL pointers and the string "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
* Avoid zero-length realloc allocations in breallocarray.
* Fix new warnings from GCC 7 and Clang warnings.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
It turns out that the length limitations apply to all keytabs, not
just service keytabs. This change creates unique ids for hostnames
that exceed the AD length limit.
Correction to AD handling of long service keytab IDs
The account name for a service keytab cannot exceed 20 characters.
The routine that was generating a unique id incorrectly attempted to
perform an LDAP query. This change fixes that problem.
Correction to AD handling of long service keytab IDs
The account name for a service keytab cannot exceed 20 characters.
The routine that was generating a unique id incorrectly attempted to
perform an LDAP query. This change fixes that problem.
* Make sure userPrincipalName is created for all keytabs and use it to
search for entries in AD.
* Allow the creation of any service principal. This requires making
sure that the cn used to create AD entries for service accounts not
be any longer than 20 characters.
Bill MacAllister [Wed, 13 Apr 2016 22:39:18 +0000 (22:39 +0000)]
Correct configuration reference in AD.pm
Correct a variable reference that was causing AD keytab creation to
fail. Update the debugging for shell command execution that makes
debugging more rebust and highlights problems.
* This ad-keytab is useful in the initial setup of AD as a keytab
store for wallet.
* Change configuration variables to correctly reflect that some values
are relative distinguished names.
* Add a configuration variable for the base distinguished name for
ActiveDirectory.
epackorigan [Wed, 22 Mar 2017 23:23:59 +0000 (16:23 -0700)]
correcting msktutil usage to support more enctypes
with multiple enctypes specified, only the last one will actually take effect. If you wish to provide support for more then one, you need to add the values (0x04 + 0x08 + 0x10 = 0x1C).
replacing the 3 lines with one line to enable all three. Note that the keytabs generated will have 3 line for each principal (one for each enctypes).
See msktutil man page for further details on enctypes.
Russ Allbery [Sat, 23 Jan 2016 23:17:49 +0000 (15:17 -0800)]
Clean up generation of Perl scripts
Use @PERL@ as the substitution variable instead of WALLET_PERL_PATH
to match normal Automake conventions. Write the scripts into the
build path, not the source path, to work properly with out-of-tree
builds. Clean up the distribution rules. Use separate Makefile rules
for each script so that make has proper dependencies.
Also fix the Perl paths in (some of) the test scripts, although there
are others for which this still isn't going to work.
A. Karl Kornel [Sat, 23 Jan 2016 07:36:04 +0000 (23:36 -0800)]
Customize the path to Perl in the server scripts
The server scripts now have a unique string where the Perl path should
be, and the Makefile uses sed to insert the correct path at build time
(using the path determined by configure).
The server scripts now have .in extensions, and setting the executable
flag is handled by the Makefile.
We also have to change autogen, because it looks for the scripts in
the server directory when it generates the man pages.
A. Karl Kornel [Sat, 23 Jan 2016 06:19:45 +0000 (22:19 -0800)]
Make Perl path configurable & check version
Use configure to determine the path to Perl, and error out if Perl is
not found or is too old. This also means users can set a path to a
custom or weirdly-named Perl binary.
Russ Allbery [Sat, 23 Jan 2016 22:49:52 +0000 (14:49 -0800)]
Remove dead strlcpy and strlcat declarations
Remove stray references to strlcpy and strlcat that broke builds on
platforms where those functions are part of libc. Thanks to Karl
Kornel for the report.
Russ Allbery [Mon, 18 Jan 2016 04:02:29 +0000 (20:02 -0800)]
Add new dependencies, run wrap-and-sort -ast
New wallet object types, ACLs, and kadmin backends require new
modules. Flesh out the build dependencies and suggests, and then
clean up all the control files with wrap-and-sort -ast.
Russ Allbery [Mon, 18 Jan 2016 00:56:59 +0000 (16:56 -0800)]
Fix version source and prerequisites in Build.PL
Flesh out recommends for more accurate dependencies for the Perl
modules. Pull the version from one of the Perl modules, now that
we have another test that ensures that those versions are all
consistent.