This turned out to not be necessary for testing since I was already
using sqlite3 to load an unversioned schema. Remove the offending
line and restore the old code with some cleanup.
When reading the Duo object configuration to retrieve the Duo
admin server, parse the JSON in relaxed mode to match the behavior
of Net::Duo itself. Otherwise, we get hung up on trailing commas
that Net::Duo doesn't care about.
Include the Duo type in the name of Duo integrations
Eventually, there will be multiple object types for different Duo
integrations, and they will need to have unique names. Add the
Duo type in parentheses after the name to help ensure this.
Automake insists on not using DESTDIR for distcheck and instead
relying on prefix, but we don't want Perl module installation to
follow prefix since that may result in a module install directory that
isn't in Perl's search path. So, if and only if we're running under
distcheck, we pass the prefix in as --install_base.
When copying the Test::RRA Perl modules into the perl/t/lib tree,
use separate mkdir and $(INSTALL_DATA) instead of cp -R. The latter
copies the read-only permissions, and then distclean cannot remove
the files.
Fix ordering of table drops on wallet-admin destroy
Fix the ordering of table drops during a wallet-admin destroy action
to remove tables with foreign key references before the tables they
are referencing. Should fix destroy in MySQL and other database
engines that enforce referential integrity.
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Use DateTime objects uniformly, improve expires parsing
Always use DateTime objects for every date field in the database,
and translate them into the local time zone for display when
pulling them out of the database. This should provide better
portability to different database backends.
Change the parsing of expires arguments to use Date::Parse, thus
supporting a much broader variety of possible date and time
formats and allowing easy conversion to a DateTime object.
Document the new dependency.
Store the current name of the ACL with each history row, and index
the name. This will eventually allow retrieval of history by name
for ACLs that have been deleted, although the rest of the code is
not yet in place.
The initial creation and membership of the ADMIN ACL during database
initialization or reinitialization is no longer recorded in the
acl_history table, since otherwise it produces errors due to the
missing ah_name field when building the database with schema 0.07.
There should be some better solution to this, but this will be okay
for the time being.
Use DateTime objects in the database layer, not strings
Pass in DateTime objects for the date fields in the database instead
of formatted time strings. This provides better compatibility with
different database engines. Document in README the need to install
the DateTime::Format::* module corresponding to the DBD::* module used
for the server database.
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker. This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server. It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Also reorganize the test suite to use subdirectories.
* Use Lancaster Consensus environment variables to control tests.
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
* Assume calloc initializes pointers to NULL.
* Assume free(NULL) is properly ignored.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
Update to C TAP Harness 3.1:
* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.
* Suppress lazy plans and test summaries if the test failed with bail.
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
Clean up foreign keys and indices for history tables
Previous versions had erroneous foreign key constraints between the
object history table and the objects table. Remove those constraints,
and an incorrect linkage in the schema for the ACL history, and add
indices for the object type, name, and ACL instead.
Fix test cleanup code to run during global destruction
If we don't run the code to delete the wallet database very late,
destruction of the SQLite objects may recreate the database file.
Move the unlink to an END block to avoid this problem.
The global replacement of my email address broke this test as
well since I was using my address as part of the test. Revert
to the previous email address, since it's just example data.
Fix verifier-netdb test for Heimdal, email address
Undo the email address renaming for verifier-netdb as well, since
this has to use rra@stanford.edu for right now. Adjust so that the
test is not skipped with Heimdal Kerberos user space.
Adjust Heimdal keytab object tests to not compare keytabs
For some reason, two keytabs are comparing inequal even after
masking the timestamp but both keytabs work for authentication.
Stop doing a data comparison and instead attempt authentications
with both keytabs as a more reliable test.
Adjust ACL test for new SQLite autoincrement behavior
Similar to server, the ID of the last ACL created may vary
depending on whether SQLite reuses the last autoincrement key
when the highest-numbered record is deleted. Accept either
possibility.
Adjust server test for new SQLite autoincrement behavior
SQLite now, when the highest-numbered record with an autoincrement
key is deleted, will reuse that number instead of incrementing
further. Adjust the test suite so that this ambiguity is never
encountered, since it's not part of what we're testing.
A new object type, duo (Wallet::Object::Duo), is now supported. This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname. Currently, only UNIX integration
types are supported. The Net::Duo Perl module is required to use this
object type. New configuration settings are required as well; see
Wallet::Config for more information. To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
Russ Allbery [Thu, 9 Jan 2014 02:16:21 +0000 (18:16 -0800)]
Randomize the password on Heimdal principal creation
When creating new principals in a Heimdal KDC, generate a long, random
password as the temporary password of the disabled principal before
randomizing keys. This is necessary if password quality is being
enforced on create calls. Since the principal is always inactive
until the keys have been randomized, the password should not need to
be secure (and indeed is not cryptographically random).
Russ Allbery [Tue, 7 Jan 2014 05:09:55 +0000 (21:09 -0800)]
Update Test::RRA modules from the current rra-c-util
Further documentation of the changes will come later when the rest
of rra-c-util files have been updated and the package makes more
use of these modules, but this fixes a spelling error test failure.
Russ Allbery [Tue, 7 Jan 2014 05:09:00 +0000 (21:09 -0800)]
Fix wallet-rekey on keytabs containing multiple principals
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Jon Robertson [Thu, 17 Oct 2013 05:37:20 +0000 (22:37 -0700)]
ACL.pm: Fix a place where the acl history was getting raw timestamp
The acl_history table needed to get the DateTime object rather than the
raw epoch timestamp in one place. This was causing errors adding new
lines to the history.
Jon Robertson [Thu, 17 Oct 2013 05:35:34 +0000 (22:35 -0700)]
Changed postgres schema file to remove reference
The reference from object_history to the objects table needed to be
removed. We still want the relationship in the DBIx::Class files, but
we don't want the relationship enforced as we want to keep history
entries for deleted objects.
Russ Allbery [Tue, 28 May 2013 22:55:39 +0000 (15:55 -0700)]
Fix documentation of ldap_map_principal hook
Fix the Wallet::Config documentation for the ldap-attr verifier to
reference an ldap_map_principal hook, not ldap_map_attribute, matching
the implementation.
Fix recognition of the syntax error from Heimdal's klist -ke, which
doesn't exit with status 1. Assume that if we didn't see any known
enctypes, we're dealing with Heimdal. Remove the code to populate the
enctype table, since we do that in Wallet::Admin now. Show the error
if adding an enctype fails.
Populate the enctype table by default on new install
We actually know the enctypes that are in most common use, so rather
than making the user poke them into the database manually, save them
a step and put them in. We still need some mechanism to remove the
DES enctype and add new ones, though.
Update stanford.conf example to use Wallet::Policy::Stanford
Eliminate all the verification code that moved into the policy
object. Update coding style and remove some settings that were
no longer used at Stanford.
Jon Robertson [Fri, 29 Mar 2013 06:53:52 +0000 (23:53 -0700)]
admin.t: Fixed problem with not upgrading from unversioned db
Since we were reinstalling a fresh database via the same DBIx::Class
functions, the database we installed to upgrade from a non-versioned
setup was still getting a version table. Switched to delete the
database and reload it fresh from the sqlite3 command itself.
Russ Allbery [Wed, 27 Mar 2013 19:51:46 +0000 (12:51 -0700)]
Allow owners of objects to destroy them by default
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Russ Allbery [Thu, 28 Feb 2013 00:24:04 +0000 (16:24 -0800)]
Fix some formatting issues in the POD for create-ddl
Use a proper list for the options, use italics for the argument
to an option, specify that argument in the SYNOPSIS, and use bold
for the name of the program.
projects / kerberos / wallet.git / log