Russ Allbery [Thu, 9 Jan 2014 02:16:21 +0000 (18:16 -0800)]
Randomize the password on Heimdal principal creation
When creating new principals in a Heimdal KDC, generate a long, random
password as the temporary password of the disabled principal before
randomizing keys. This is necessary if password quality is being
enforced on create calls. Since the principal is always inactive
until the keys have been randomized, the password should not need to
be secure (and indeed is not cryptographically random).
Russ Allbery [Tue, 7 Jan 2014 05:09:00 +0000 (21:09 -0800)]
Fix wallet-rekey on keytabs containing multiple principals
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Jon Robertson [Thu, 17 Oct 2013 05:37:20 +0000 (22:37 -0700)]
ACL.pm: Fix a place where the acl history was getting raw timestamp
The acl_history table needed to get the DateTime object rather than the
raw epoch timestamp in one place. This was causing errors adding new
lines to the history.
Jon Robertson [Thu, 17 Oct 2013 05:35:34 +0000 (22:35 -0700)]
Changed postgres schema file to remove reference
The reference from object_history to the objects table needed to be
removed. We still want the relationship in the DBIx::Class files, but
we don't want the relationship enforced as we want to keep history
entries for deleted objects.
Jon Robertson [Fri, 29 Mar 2013 06:53:52 +0000 (23:53 -0700)]
admin.t: Fixed problem with not upgrading from unversioned db
Since we were reinstalling a fresh database via the same DBIx::Class
functions, the database we installed to upgrade from a non-versioned
setup was still getting a version table. Switched to delete the
database and reload it fresh from the sqlite3 command itself.
Russ Allbery [Wed, 27 Mar 2013 22:34:47 +0000 (15:34 -0700)]
Move single-debian-patch to local-options
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches.
Russ Allbery [Wed, 27 Mar 2013 19:51:46 +0000 (12:51 -0700)]
Allow owners of objects to destroy them by default
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Russ Allbery [Thu, 28 Feb 2013 00:24:04 +0000 (16:24 -0800)]
Fix some formatting issues in the POD for create-ddl
Use a proper list for the options, use italics for the argument
to an option, specify that argument in the SYNOPSIS, and use bold
for the name of the program.
Russ Allbery [Wed, 27 Feb 2013 23:35:32 +0000 (15:35 -0800)]
Update test configuration documentation
Remove the old tests/data/README documentation and move the note
about krb5.conf into tests/config/README. (This should change later
to use tests/config for that file.) Add a license statement to that
file. Create an empty tests/config directory in the build tree if
the build directory is not the source directory.
Russ Allbery [Wed, 27 Feb 2013 23:30:32 +0000 (15:30 -0800)]
Reformat README in my current format, add LICENSE
Add new SUPPORT and SOURCE REPOSITORY sections, reformat the copyright
and license information a bit, and add a new LICENSE section with the
general package license.
Russ Allbery [Wed, 27 Feb 2013 23:17:50 +0000 (15:17 -0800)]
Mark the LDAP verifier test as maintainer-only
This currently requires global read access to the Stanford LDAP
directory, so even other people at Stanford can't run it. Will
revisit when we have a chance to write mock LDAP classes.
Russ Allbery [Wed, 27 Feb 2013 22:25:37 +0000 (14:25 -0800)]
Update to rra-c-util 4.8 and C TAP Harness 1.12
Update to rra-c-util 4.8:
* Look for krb5-config in /usr/kerberos/bin after the user's PATH.
* Kerberos library probing fixes without transitive shared libraries.
* Fix Autoconf warnings when probing for AIX's bundled Kerberos.
* Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given.
* Correctly remove -I/usr/include from Kerberos and GSS-API flags.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Pass --deps to krb5-config unless --enable-reduced-depends was used.
* Do not use krb5-config results unless gssapi is supported.
* Fix probing for Heimdal's libroken to work with older versions.
* Update warning flags for GCC 4.6.1.
* Update utility library and test suite for newer GCC warnings.
* Fix broken GCC attribute markers causing compilation problems.
* Suppress warnings on compilers that support gcc's __attribute__.
* Add notices to all files copied over from rra-c-util.
* Fix warnings when reporting memory allocation failure in messages.c.
* Fix message utility library compiler warnings on 64-bit systems.
* Include strings.h for additional POSIX functions where found.
* Use an atexit handler to clean up after Kerberos tests.
* Kerberos test configuration now goes in tests/config.
* The principal of the test keytab is determined automatically.
* Simplify the test suite calls for Kerberos and remctl tests.
* Check for a missing ssize_t.
* Improve the xstrndup utility function.
* Checked asprintf variants are now void functions and cannot fail.
* Fix use of long long in portable/mkstemp.c.
* Fix test suite portability to Solaris.
* Substantial improvements to the POD syntax and spelling checks.
Update to C TAP Harness 1.12:
* Fix compliation of runtests with more aggressive warnings.
* Add a more complete usage message and a -h command-line flag.
* Flush stderr before printing output from tests.
* Better handle running shell tests without BUILD and SOURCE set.
* Fix runtests to honor -s even if BUILD and -b aren't given.
* runtests now frees all allocated resources on exit.
* Only use feature-test macros when requested or built with gcc -ansi.
* Drop is_double from the C TAP library to avoid requiring -lm.
* Avoid using local in the shell libtap.sh library.
* Suppress warnings on compilers that support gcc's __attribute__.
Russ Allbery [Thu, 14 Feb 2013 02:25:53 +0000 (18:25 -0800)]
Install the wallet schema during make install
Install the wallet schema files generated by DBIx::Class for the
various supported database engines into /usr/local/share/wallet
(by default, using pkgdatadir) on make install. Set the default
$DB_DDL_DIRECTORY value in Wallet::Config accordingly.
Russ Allbery [Wed, 6 Feb 2013 03:51:00 +0000 (19:51 -0800)]
Separate legacy groups from new groups in Stanford policy
Add all the new group names for the Stanford naming policy and
associate them with default ACLs (not yet used). Distinguish
them from the legacy group names, and use the appropriate ones
for naming policy enforcement.
Russ Allbery [Wed, 6 Feb 2013 02:09:49 +0000 (18:09 -0800)]
Refactor Stanford naming policy, add new file patterns
Refactor the Wallet::Policy::Stanford module to pull some of the
constants out, and then add data and support in the naming policy
for the new file object naming scheme.
Russ Allbery [Mon, 4 Feb 2013 07:24:40 +0000 (23:24 -0800)]
Add current Stanford naming policy and test suite
To make it easier to revise and test revisions to the Stanford
wallet naming policy, convert the code to a module and include it
in the distribution. Add a test suite for the current policy.
Jon Robertson [Fri, 1 Feb 2013 00:27:49 +0000 (16:27 -0800)]
Renamed dbh subroutines and variables for clarity
In moving from DBI to DBIx::Class, we at first left the various
variables the same. This goes through to update them for the proper
names.
* Wallet::Admin::schema was created to return the schema object (and
similarly for Wallet::Server and Wallet::Report).
* Wallet::Admin::dbh was modified to return the actual DBI handle again
(and similarly for Wallet::Server and Wallet::Report).
* Various places that used $admin->{dbh} were moved to $admin->{schema}.
* Various places using $dbh for the schema object were changed to
$schema.
Jon Robertson [Thu, 31 Jan 2013 22:38:25 +0000 (14:38 -0800)]
Fixed errors with Keytab object and its tests
perl/Wallet/Object/Keytab.pm was using the wrong value for the database
handle in some places (trying to load as a subroutine rather than part
of the object). Also, the keytab.t tests were attempting to run against
the DBIx::Class object rather than a direct dbh handle that they
expected.
Jon Robertson [Thu, 31 Jan 2013 04:06:37 +0000 (20:06 -0800)]
Suppress DBIx::Class::Schema::Versioned warnings
DBIx::Class::Schema::Versioned uses carp to send a few warnings that are
more just informational messages. Use a local warning handler to skip
the warnings we'll always get for normal upgrades.
Russ Allbery [Thu, 31 Jan 2013 02:52:07 +0000 (18:52 -0800)]
Remove initialize and update code out of wallet-admin
wallet-admin is solely a thin wrapper around Wallet::Admin, but it
gained specific code for initialize and update, which caused the
server/admin test to fail.
Move the update code to set a default version into into Wallet::Admin
instead. The initialize code appears to be unnecessary; it was
setting a default for a parameter that was already handled by
Wallet::Config.
Jon Robertson [Mon, 3 Dec 2012 06:07:16 +0000 (22:07 -0800)]
Moved the Perl wallet modules and tests to DBIx::Class
Moved all the Perl code to use DBIx::Class for the database interface.
This includes updating all database calls, how the schema is generated
and maintained, and the tests in places where some output has changed.
We also remove the schema.t test, as the tests for it are more covered
in the admin.t tests now.