wallet should now work properly with Autoconf 2.71. This required
updating tests/docs/spdx-license-t from rra-c-util, which in turn
bumped the minimum required Perl version for the test suite to 5.10.
That's not yet reflected in the documentation.
Russ Allbery [Mon, 18 May 2020 05:19:39 +0000 (22:19 -0700)]
Sort the ACL membership report
In Wallet::Report, sort the results of acl_membership(). This is
only used for the duplicate ACLs report currently, but it may help
external callers as well as produce reliable results for testing.
Patch from macrotex.
Russ Allbery [Mon, 18 May 2020 05:14:58 +0000 (22:14 -0700)]
Sort ACL history by unique key after date
If multiple ACL changes were made in the same second, the order of
results could be unstable. Sort by unique key after date to avoid
this. Based on work by macrotex.
Russ Allbery [Mon, 18 May 2020 03:44:05 +0000 (20:44 -0700)]
Send remctl test output to stderr
We were sending stderr to stdout for remctl output, but sometimes
tests would fail because the remctl output was intermixed with the
test output and confused runtests. runtests only looks at stdout
for test output and sends stderr to /dev/null, so send remctl
output there.
This isn't a great solution since it interferes with debugging
tests. The correct solution is to implement the same logging and
polling that's used by C TAP Harness, although that's more difficult
to do in Perl. But it should make the immediate problem go away.
Continue to send the message about which remctl command line is in
use to stdout, but prefix it with # so that it is a TAP comment.
Russ Allbery [Mon, 18 May 2020 03:01:32 +0000 (20:01 -0700)]
Fix client/basic test for keytab merging
Reordering to adjust for optional srvtab support broke some
assumptions in this test. Be a bit more robust by not reusing
the results from a previous test.
Russ Allbery [Mon, 18 May 2020 02:57:08 +0000 (19:57 -0700)]
Fix warnings from Clang's analyzer
Suppress a warning about not declaring a function noreturn that's
only noreturn in some configurations. Add an assert to unconfuse
the static analyzer about a default value for a struct.
Russ Allbery [Mon, 18 May 2020 02:30:54 +0000 (19:30 -0700)]
Fix compilation with Heimdal
Add a missing configure probe for krb5_xfree. If
krb5_524_conv_principal is not available, return an error if asked
to create a srvtab. (This function has been removed in current
Heimdal.) Adjust the test suite to handle this case.
Russ Allbery [Mon, 18 May 2020 02:01:47 +0000 (19:01 -0700)]
Add Heimdal CI testing
Set up a Heimdal KDC and add Heimdal to the test matrix. Remove
some unnecessary configuration from the MIT Kerberos CI
configuration. Ensure the user programs are installed for
whatever Kerberos we're using, which will enable more of the
Perl test suite.
Russ Allbery [Mon, 18 May 2020 00:05:30 +0000 (17:05 -0700)]
Update to rra-c-util 8.2 and C TAP Harness 4.7
Update to rra-c-util 8.2:
* Implement explicit_bzero with memset if it is not available.
* Reformat all C source using clang-format 10.
* Work around Test::Strict not skipping .git directories.
* Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
* Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
Update to C TAP Harness 4.7:
* Fix warnings with GCC 10.
* Reformat all C source using clang-format 10.
* Fixed malloc error checking in bstrndup.
Russ Allbery [Mon, 4 Jun 2018 00:52:20 +0000 (17:52 -0700)]
Fix skipping in verifier/netdb test
If AUTHOR_TESTING wasn't set, the test would plan twice. Fix this
by restructuring it to delay printing a plan and convert the
Kerberos ticket test to a skip_all plan.
Russ Allbery [Sun, 3 Jun 2018 23:47:33 +0000 (16:47 -0700)]
Fix loading of server programs in tests
The eval was hiding all error messages when the test didn't work
properly, and C_TAP_SOURCE doesn't have the generated version with
the proper path to Perl.
Russ Allbery [Sun, 3 Jun 2018 22:36:21 +0000 (15:36 -0700)]
Add SPDX-License-Identifier headers
Add SPDX-License-Identifier headers to all substantial source files.
Collapse copyright years. Add some Emacs configuration for files
where the copyright notice is at the end. Add a test that every
file has SPDX-License-Identifier.
Russ Allbery [Sun, 3 Jun 2018 20:43:24 +0000 (13:43 -0700)]
Rewrite documentation using DocKnot
Numerous fixes to the README file by converging on standard
templates. Add a README.md for GitHub. Break thanks out into
a separate THANKS file following the convention used by remctl.
Russ Allbery [Mon, 28 May 2018 22:06:46 +0000 (15:06 -0700)]
Pass realm to krb5_appdefault_* functions
When getting configuration values from krb5.conf, pass the default
local realm into the Kerberos appdefault functions. This will produce
more correct results with krb5.conf files that specify wallet
configuration for multiple realms.
Russ Allbery [Mon, 28 May 2018 05:05:31 +0000 (22:05 -0700)]
Add obsolete-strings test and fix problems it finds
Mostly changing http eyrie.org URLs to https, but also remove my
old email address in one place and switch some tests away from my
old RRA_MAINTAINER_TESTS environment variable to use the Lancaster
Consensus variables properly. This uncovered a bug in skipping one
test unless Stanford Kerberos credentials existed.
Russ Allbery [Mon, 28 May 2018 03:59:59 +0000 (20:59 -0700)]
Update to rra-c-util 7.2 and C TAP Harness 4.3
Update to rra-c-util 7.2:
* Improve configure output for krb5-config testing.
* Define UINT32_MAX for systems that don't have it.
* Add SPDX-License-Identifier headers to all substantial source files.
* Fix new warnings from GCC 7 and Clang warnings.
* Require Test::Strict 0.25 or later to run those tests.
* Fix off-by-one error in return-value checks for snprintf.
* Use Autoconf to probe for supported warning flags.
* Fix running module-version-t -u with current versions of Perl.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Update to C TAP Harness 4.3:
* Add support for valgrind and libtool in test lists.
* Report test failures as left and right, not wanted and expected.
* Fix string comparisons with NULL pointers and the string "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
* Avoid zero-length realloc allocations in breallocarray.
* Fix new warnings from GCC 7 and Clang warnings.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
It turns out that the length limitations apply to all keytabs, not
just service keytabs. This change creates unique ids for hostnames
that exceed the AD length limit.
Correction to AD handling of long service keytab IDs
The account name for a service keytab cannot exceed 20 characters.
The routine that was generating a unique id incorrectly attempted to
perform an LDAP query. This change fixes that problem.
Correction to AD handling of long service keytab IDs
The account name for a service keytab cannot exceed 20 characters.
The routine that was generating a unique id incorrectly attempted to
perform an LDAP query. This change fixes that problem.
* Make sure userPrincipalName is created for all keytabs and use it to
search for entries in AD.
* Allow the creation of any service principal. This requires making
sure that the cn used to create AD entries for service accounts not
be any longer than 20 characters.
Bill MacAllister [Wed, 13 Apr 2016 22:39:18 +0000 (22:39 +0000)]
Correct configuration reference in AD.pm
Correct a variable reference that was causing AD keytab creation to
fail. Update the debugging for shell command execution that makes
debugging more rebust and highlights problems.
* This ad-keytab is useful in the initial setup of AD as a keytab
store for wallet.
* Change configuration variables to correctly reflect that some values
are relative distinguished names.
* Add a configuration variable for the base distinguished name for
ActiveDirectory.
epackorigan [Wed, 22 Mar 2017 23:23:59 +0000 (16:23 -0700)]
correcting msktutil usage to support more enctypes
with multiple enctypes specified, only the last one will actually take effect. If you wish to provide support for more then one, you need to add the values (0x04 + 0x08 + 0x10 = 0x1C).
replacing the 3 lines with one line to enable all three. Note that the keytabs generated will have 3 line for each principal (one for each enctypes).
See msktutil man page for further details on enctypes.
Russ Allbery [Sat, 23 Jan 2016 23:17:49 +0000 (15:17 -0800)]
Clean up generation of Perl scripts
Use @PERL@ as the substitution variable instead of WALLET_PERL_PATH
to match normal Automake conventions. Write the scripts into the
build path, not the source path, to work properly with out-of-tree
builds. Clean up the distribution rules. Use separate Makefile rules
for each script so that make has proper dependencies.
Also fix the Perl paths in (some of) the test scripts, although there
are others for which this still isn't going to work.
A. Karl Kornel [Sat, 23 Jan 2016 07:36:04 +0000 (23:36 -0800)]
Customize the path to Perl in the server scripts
The server scripts now have a unique string where the Perl path should
be, and the Makefile uses sed to insert the correct path at build time
(using the path determined by configure).
The server scripts now have .in extensions, and setting the executable
flag is handled by the Makefile.
We also have to change autogen, because it looks for the scripts in
the server directory when it generates the man pages.
A. Karl Kornel [Sat, 23 Jan 2016 06:19:45 +0000 (22:19 -0800)]
Make Perl path configurable & check version
Use configure to determine the path to Perl, and error out if Perl is
not found or is too old. This also means users can set a path to a
custom or weirdly-named Perl binary.
Russ Allbery [Sat, 23 Jan 2016 22:49:52 +0000 (14:49 -0800)]
Remove dead strlcpy and strlcat declarations
Remove stray references to strlcpy and strlcat that broke builds on
platforms where those functions are part of libc. Thanks to Karl
Kornel for the report.
Russ Allbery [Mon, 18 Jan 2016 00:56:59 +0000 (16:56 -0800)]
Fix version source and prerequisites in Build.PL
Flesh out recommends for more accurate dependencies for the Perl
modules. Pull the version from one of the Perl modules, now that
we have another test that ensures that those versions are all
consistent.
Russ Allbery [Sun, 17 Jan 2016 22:30:53 +0000 (14:30 -0800)]
Update to rra-c-util 5.10 and C TAP Harness 3.4
Update to rra-c-util 5.10:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Test infrastructure builds cleanly with Clang warnings.
* Support comments and blank lines in test lists.
Russ Allbery [Sun, 17 Jan 2016 20:25:15 +0000 (12:25 -0800)]
Standardize Perl module versions
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Import the test from rra-c-util 5.10 and exclude Wallet::Schema from
the tests.
Go through all Perl modules and standardize the syntax for setting the
version and indicating the required version of Perl. Fix a few other
syntax issues while I'm in there.