-
Notifications
You must be signed in to change notification settings - Fork 6
/
NEWS
781 lines (604 loc) · 36.2 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
User-Visible wallet Changes
wallet 1.5 (unreleased)
Fix the table drop order for wallet-admin destroy to avoid violating
foreign key constraints. Patch from macrotex.
In Wallet::Policy::Stanford, fix the default_owner logic for password
objects that are group-based rather than host-based. Thanks,
macrotex. (#82)
Update to rra-c-util 8.2:
* Implement explicit_bzero with memset if it is not available.
* Reformat all C source using clang-format 10.
* Work around Test::Strict not skipping .git directories.
* Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
* Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
Update to C TAP Harness 4.7:
* Fix warnings with GCC 10.
* Reformat all C source using clang-format 10.
* Fixed malloc error checking in bstrndup.
wallet 1.4 (2018-06-03)
Substantial improvements to Active Directory support: Add a
contrib/ad-keytab script that assists with initial setup and examining
the Active Directory objects, rename some configuration variables to
reflect that they are relative distinguished names, add a
configuration variable for the base DN, make sure userPrincipalName is
created for all keytabs and use it to search, allow creation of a
service principal, and truncate and make unique long names in AD if
necessary. This support should still be considered experimental.
When getting configuration values from krb5.conf, pass the default
local realm into the Kerberos appdefault functions. This will produce
more correct results with krb5.conf files that specify wallet
configuration for multiple realms.
Remove stray references to strlcpy and strlcat that broke builds on
platforms where those functions are part of libc. Thanks to Karl
Kornel for the report.
Detect the path to Perl during configure, allowing an override by
setting the PERL environment or configure variable, and use that path
for all Perl scripts. This allows wallet to use a version of Perl at
a non-standard path. Patches from Karl Kornel.
Rename the script to bootstrap from a Git checkout to bootstrap,
matching the emerging consensus in the Autoconf world.
Add SPDX-License-Identifier headers to all substantial source files.
Update to rra-c-util 7.2:
* Improve configure output for krb5-config testing.
* Define UINT32_MAX for systems that don't have it.
* Add SPDX-License-Identifier headers to all substantial source files.
* Fix new warnings from GCC 7 and Clang warnings.
* Require Test::Strict 0.25 or later to run those tests.
* Fix off-by-one error in return-value checks for snprintf.
* Use Autoconf to probe for supported warning flags.
* Fix running module-version-t -u with current versions of Perl.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Update to C TAP Harness 4.3:
* Add support for valgrind and libtool in test lists.
* Report test failures as left and right, not wanted and expected.
* Fix string comparisons with NULL pointers and the string "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
* Avoid zero-length realloc allocations in breallocarray.
* Fix new warnings from GCC 7 and Clang warnings.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
wallet 1.3 (2016-01-17)
All Duo object implementations have been merged into a single Perl
module. Duo objects should continue to behave as before, but the
database must be updated to map the object names to the correct Perl
modules. Run perl/sql/wallet-1.3-update-duo.sql on your database to
fix the Duo object type registrations if you were using Duo. Many
more Duo object types are now supported and can be manually registered
with wallet-admin register object.
This release adds initial, experimental support for using Active
Directory as the KDC for keytab creation. The interface to Active
Directory uses a combination of direct LDAP queries and the msktutil
utility. This version does not support the wallet unchanging flag.
Unchanging requires that a keytab be retrieved without changing the
password/kvno which is not supported by msktutil. Active Directory
can be selected by setting KEYTAB_KRBTYPE to AD in the wallet
configuration. Multiple other configuration options must also be set;
see Wallet::Config for more information and README for the additional
Perl modules required. Thanks to Bill MacAllister for the
implementation.
A new ACL type, nested (Wallet::ACL::Nested), is now supported. The
identifier of this ACL names another ACL, and access is granted if
that ACL would grant access. This lets one combine multiple other
ACLs and apply the union to an object. To enable this ACL type for an
existing wallet database, use wallet-admin to register the new
verifier.
A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal, type and name of the object, and the ACL
identifier to that command. To enable this ACL type for an existing
wallet database, use wallet-admin to register the new verifier.
A new variation on the ldap-attr ACL type, ldap-attr-root
(Wallet::ACL::LDAP::Attribute::Root), is now supported. This is
similar to netdb-root (compared to netdb): the authenticated principal
must end in /root, and the LDAP entry checked will be for the same
principal without the /root component. This is useful for limiting
access to certain privileged objects to Kerberos root instances. To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.
A new object type, password (Wallet::Object::Password), is now
supported. This is a subclass of the file object that will randomly
generate content for the object if you do a get before storing any
content inside it. To enable this object type for an existing
database, use wallet-admin to register the new object.
Add a new command to wallet-backend, update. This will update the
contents of an object before running a get on it, and is only valid
for objects that can automatically get new content, such as keytab and
password objects. A keytab will get a new kvno regardless of the
unchanging flag if called with update. In a future release get will
be changed to never update a keytab, and the unchanging flag will be
ignored. Please start moving to use get or update as the situation
warrants.
Add an acl replace command, to change all objects owned by one ACL to
be owned by another. This currently only handles owner, not any of
the more specific ACLs.
All ACL operations now refer to the ACL by name rather than ID.
Add a report for unstored objects to wallet-report, and cleaned up the
help for the existing unused report that implied it showed unstored as
well as unused.
Add reports that list all object types (types) and all ACL schemes
(schemes) currently registered in the wallet database.
Add a report of all ACLs that nest a given ACL. This requires some
additional local configuration (and probably some code). See
Wallet::Config for more information.
Took contributions from Commerzbank AG to improve wallet history. Add
a command to dump all object history for searching on to
wallet-report, and add a new script for more detailed object history
operations to the contrib directory.
Displays of ACLs and ACL entries are now sorted correctly.
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Update to rra-c-util 5.10:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Test infrastructure builds cleanly with Clang warnings.
* Support comments and blank lines in test lists.
wallet 1.2 (2014-12-08)
The duo object type has been split into several sub-types, each for a
specific type of Duo integration. The old type's functionality has
been moved to duo-pam (Wallet::Object::Duo::PAM), and new types are
supported for Duo's auth proxy configurations for LDAP and Radius, and
their RDP configuration. These types are duo-radius, duo-ldap, and
duo-rdp (Wallet::Object::Duo::RadiusProxy,
Wallet::Object::Duo::LDAPProxy, and Wallet::Object::Duo::RDP). The
old duo type still exists for compatability. To enable these object
types for an existing wallet database, use wallet-admin to register the
new object.
New rename command for file type objects. This will change the name
of the object itself and move any stored data for the file to the
correct location for the new name. Currently, rename is only
supported for file objects, but may be supported by other backends in
the future.
wallet 1.1 (2014-07-16)
A new object type, duo (Wallet::Object::Duo), is now supported. This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname. Currently, only UNIX integration
types are supported. The Net::Duo Perl module is required to use this
object type. New configuration settings are required as well; see
Wallet::Config for more information. To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
The owner and getacl commands now return the current name of the ACL
instead of its numeric ID, matching the documentation of owner.
The date passed to expires can now be any date format understood by
Date::Parse, and Date::Parse (part of the TimeDate CPAN distribution)
is now a required prerequisite for the wallet server.
Fix wallet-rekey on keytabs containing multiple principals. Previous
versions assumed one could concatenate keytab files together to make a
valid keytab file, which doesn't work with some Kerberos libraries.
This caused new keys downloaded for principals after the first to be
discarded. As a side effect of this fix, wallet-rekey always appends
new keys directly to the existing keytab file, and never creates a
backup copy of that file.
Fix the code to set enctype restrictions for keytab objects in the
wallet server and populate the reference table for valid enctypes on
initial database creation.
Fix the Wallet::Config documentation for the ldap-attr verifier to
reference an ldap_map_principal hook, not ldap_map_attribute, matching
the implementation.
When creating new principals in a Heimdal KDC, generate a long, random
password as the temporary password of the disabled principal before
randomizing keys. This is necessary if password quality is being
enforced on create calls. Since the principal is always inactive
until the keys have been randomized, the password should not need to
be secure (and indeed is not cryptographically random).
Previous versions had erroneous foreign key constraints between the
object history table and the objects table. Remove those constraints,
and an incorrect linkage in the schema for the ACL history, and add
indices for the object type, name, and ACL instead.
Pass in DateTime objects for the date fields in the database instead
of formatted time strings. This provides better compatibility with
different database engines. Document in README the need to install
the DateTime::Format::* module corresponding to the DBD::* module used
for the server database.
ACL renames are now recorded in the ACL history.
Fix wallet-backend parsing of the expires command to expect only one
argument as the expiration. This was correctly documented in the
wallet client man page, but not in wallet-backend, and it accepted two
arguments (a date and time). However, Wallet::Server did not and
would just ignore the time. Now wallet-backend correctly requires the
date and time be passed as a single argument.
Fix the ordering of table drops during a wallet-admin destroy action
to remove tables with foreign key references before the tables they
are referencing. Should fix destroy in MySQL and other database
engines that enforce referential integrity.
The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker. This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server. It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Add a new contrib script, wallet-rekey-periodic, which is used at
Stanford to periodically rekey hosts from cron.
Update to rra-c-util 5.5:
* Use Lancaster Consensus environment variables to control tests.
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
* Assume calloc initializes pointers to NULL.
* Assume free(NULL) is properly ignored.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
Update to C TAP Harness 3.1:
* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.
* Suppress lazy plans and test summaries if the test failed with bail.
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
wallet 1.0 (2013-03-27)
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
wallet-admin has a new sub-command, upgrade, which upgrades the wallet
database to the latest schema version. This command should be run
when deploying any new version of the wallet server.
A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
supported. This ACL type grants access if the LDAP entry
corresponding to the principal contains the attribute name and value
specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are
required to use this ACL type. New configuration settings are
required as well; see Wallet::Config for more information. To enable
this ACL type for an existing wallet database, use wallet-admin to
register the new verifier.
A new object type, wa-keyring (Wallet::Object::WAKeyring), is now
supported. This stores a WebAuth keyring and handles both key
rotation and garbage collection of old keys on retrieval of the
keyring. The WebAuth Perl module is required to use this object
type. To enable this object type for an existing wallet database, use
wallet-admin to register the new object.
Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise. This is parallel to the check
command for objects.
Add a comment field to objects and corresponding commands to
wallet-backend and wallet to set and retrieve it. The comment field
can only be set by the owner or wallet administrators but can be seen
by anyone on the show ACL.
The wallet server backend now uses DBIx::Class for the database layer,
which means that DBIx::Class and SQL::Translator and all of their
dependencies now have to be installed for the server to work. If the
database in use is SQLite 3, DateTime::Format::SQLite should also be
installed.
Add docs/objects-and-schemes, which provides a brief summary of the
current supported object types and ACL schemes.
The Stanford wallet object and ACL naming policy is now available in
code form as the Wallet::Policy::Stanford module, which is installed
as part of the server. As-is, it is only useful for sites that want
to adopt an identical naming policy (and will still require overriding
some of the internal data, like group names), but it may provide a
useful code example for others wanting to do something similar.
Update to rra-c-util 4.8:
* Look for krb5-config in /usr/kerberos/bin after the user's PATH.
* Kerberos library probing fixes without transitive shared libraries.
* Fix Autoconf warnings when probing for AIX's bundled Kerberos.
* Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given.
* Correctly remove -I/usr/include from Kerberos and GSS-API flags.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Pass --deps to krb5-config unless --enable-reduced-depends was used.
* Do not use krb5-config results unless gssapi is supported.
* Fix probing for Heimdal's libroken to work with older versions.
* Update warning flags for GCC 4.6.1.
* Update utility library and test suite for newer GCC warnings.
* Fix broken GCC attribute markers causing compilation problems.
* Suppress warnings on compilers that support gcc's __attribute__.
* Add notices to all files copied over from rra-c-util.
* Fix warnings when reporting memory allocation failure in messages.c.
* Fix message utility library compiler warnings on 64-bit systems.
* Include strings.h for additional POSIX functions where found.
* Use an atexit handler to clean up after Kerberos tests.
* Kerberos test configuration now goes in tests/config.
* The principal of the test keytab is determined automatically.
* Simplify the test suite calls for Kerberos and remctl tests.
* Check for a missing ssize_t.
* Improve the xstrndup utility function.
* Checked asprintf variants are now void functions and cannot fail.
* Fix use of long long in portable/mkstemp.c.
* Fix test suite portability to Solaris.
* Substantial improvements to the POD syntax and spelling checks.
Update to C TAP Harness 1.12:
* Fix compliation of runtests with more aggressive warnings.
* Add a more complete usage message and a -h command-line flag.
* Flush stderr before printing output from tests.
* Better handle running shell tests without BUILD and SOURCE set.
* Fix runtests to honor -s even if BUILD and -b aren't given.
* runtests now frees all allocated resources on exit.
* Only use feature-test macros when requested or built with gcc -ansi.
* Drop is_double from the C TAP library to avoid requiring -lm.
* Avoid using local in the shell libtap.sh library.
* Suppress warnings on compilers that support gcc's __attribute__.
wallet 0.12 (2010-08-25)
New client program wallet-rekey that, given a list of keytabs on the
command line, requests new keytab objects for each principal in the
local realm and then merges the new objects into that keytab. The
current implementation only acquires new keys and doesn't purge any
old keys.
A new ACL type, krb5-regex, is now supported. This ACL type is the
same as krb5 except that the identifier is interpreted as a Perl
regular expression and matched against the authenticated identity
attempting to run a wallet command. Patch from Ian Durkacz.
Add a objects unused report to wallet-report and Wallet::Report,
returning all objects that have never been downloaded (in other words,
have never been the target of a get command).
Add an acls duplicate report to wallet-report and Wallet::Report,
returning sets of ACLs that have exactly the same entries.
Add a help command to wallet-report, which returns a summary of all
available commands.
Update to C TAP Harness 1.5:
* Better reporting of fatal errors in the test suite.
* Summarize results at the end of test execution.
* Add tests/HOWTO from docs/writing-tests in C TAP Harness.
Update to rra-c-util 2.6:
* Fix portability to bundled Heimdal on OpenBSD.
* Improve checking for krb5_kt_free_entry with older MIT Kerberos.
* Fix portability for missing krb5_get_init_creds_opt_free.
* Fix header guard for util/xwrite.h.
* Restore default compiler configuration after GSS-API library probe.
wallet 0.11 (2010-03-08)
When deleting an ACL on the server, verify that the ACL is not
referenced by any object first. Database referential integrity should
also catch this, but not all database backends may enforce referential
integrity. This also allows us to return a better error message
naming an object that's still using that ACL.
Wallet::Config now supports an additional local function,
verify_acl_name, which can be used to enforce ACL naming policies. If
set, it is called for any ACL creation or rename and can reject the
new ACL name.
Add an audit command to wallet-report and two audits: acls name, which
returns all ACLs that do not pass the local naming policy, and objects
name, which does the same for objects. The corresponding
Wallet::Report method is audit().
Add the acls unused report to wallet-report and Wallet::Report,
returning all ACLs not referenced by any database objects.
Wallet::Config::verify_name may now be called with an undefined third
argument (normally the user attempting to create an object). This
calling convention is used when auditing, and the local policy
function should select the correct policy to apply for useful audit
results.
Fix portability to older Kerberos libraries without
krb5_free_error_message.
wallet 0.10 (2010-02-21)
Add support for Heimdal KDCs as well as MIT Kerberos KDCs. There is
now a mandatory new setting in Wallet::Config: $KEYTAB_KRBTYPE. It
should be set to either "MIT" or "Heimdal" depending on the Kerberos
KDC implementation used. The Heimdal support requires the
Heimdal::Kadm5 Perl module.
Remove kaserver synchronization support. It is no longer tested, and
retaining the code was increasing the complexity of wallet, and some
specific requirements (such as different realm names between kaserver
and Kerberos v5 and the kvno handling) were Stanford-specific. Rather
than using this support, AFS sites running kaserver will probably find
deploying Heimdal with its internal kaserver compatibility is probably
an easier transition approach.
Remove the kasetkey client for setting keys in an AFS kaserver.
The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S. Instead, it just extracts the DES key
from the keytab and writes it to a srvtab. It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab. This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.
The wallet client can now store data containing nul characters and
wallet-backend will accept it if passed on standard input instead of
as a command-line argument. See config/wallet for the new required
remctld configuration. Storing data containing nul characters
requires remctl 2.14 or later.
Correctly handle storing of data that begins with a dash and don't
parse it as an argument to wallet-backend.
Fix logging in wallet-backend and the remctl configuration to not log
the data passed to store.
Move all reporting from Wallet::Admin to Wallet::Report and simplify
the method names since they're now part of a dedicated reporting
class. Similarly, create a new wallet-report script to wrap
Wallet::Report, moving all reporting commands to it from wallet-admin,
and simplify the commands since they're for a dedicated reporting
script.
Add additional reports for wallet-report: objects owned by a specific
ACL, objects owned by no one, objects of a specific type, objects with
a specific flag, objects for which a specific ACL has privileges, ACLs
with an entry with a given type and identifier, and ACLs with no
members.
Add a new owners command to wallet-report and corresponding owners()
method to Wallet::Report, which returns all ACL lines on owner ACLs
for matching objects.
Report ACL names as well as numbers in object history.
The wallet client now uses a temporary disk ticket cache when
obtaining tickets with the -u option rather than an in-memory cache,
allowing for a libremctl built against a different Kerberos
implementation than the wallet client. This primarily helps with
testing.
Update to rra-c-util 2.3:
* Use Kerberos portability layer to support Heimdal.
* Avoid Kerberos API calls deprecated on Heimdal.
* Sanity-check the results of krb5-config before proceeding.
* Fall back on manual probing if krb5-config results don't work.
* Add --with-krb5-include and --with-krb5-lib configure options.
* Add --with-remctl-include and --with-remctl-lib configure options.
* Add --with-gssapi-include and --with-gssapi-lib configure options.
* Don't break if the user clobbers CPPFLAGS at build time.
* Suppress error output from krb5-config probes.
* Prefer KRB5_CONFIG over a path constructed from --with-*.
* Update GSS-API probes for Solaris 10's native implementation.
* Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf.
* Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]).
* Provide a proper bool type with Sun Studio 12 on Solaris 10.
* Break util/util.h into separate header files per module.
* Update portable and util tests for C TAP Harness 1.1.
Update to C TAP Harness 1.1:
* Remove the need for Autoconf substitution in test programs.
* Support running a single test program with runtests -o.
* Properly handle test cases that are skipped in their entirety.
* Much improved C TAP library more closely matching Test::More.
wallet 0.9 (2008-04-24)
The wallet command-line client now reads the data for store from a
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line. The data still must not
contain nul characters.
Add support for enabling and disabling principals (clearing or setting
the NOTGS flag) and examining principals to kasetkey. This
functionality isn't used by wallet (and probably won't be) but is
convenient for other users of kasetkey such as kadmin-remctl.
Report the correct error message when addprinc fails while creating a
keytab object.
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
nonexistent file.
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Fix Autoconf syntax error when probing for libkrb5support. Thanks,
Mike Garrison.
wallet can now be built in a different directory than the source
directory.
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
Perl 5.8 is required to run the test suite, but IO::String is not.
Include Stanford's wallet.conf as an example (examples/stanford.conf).
wallet 0.8 (2008-02-13)
Fix the wallet client to use check instead of exists.
Add file object support to the wallet server.
Correctly handle get of an empty object in the wallet client. The
empty string is valid object content.
Wallet::Config and hence the wallet server now checks for the
environment variable WALLET_CONFIG and loads configuration from the
file specified there instead of /etc/wallet/wallet.conf if it is set.
wallet-backend now supports a -q flag, which disables syslog logging.
wallet-admin now supports registering new object or ACL verifier
implementations in the database.
Remove the restriction that all object implementations must have class
names of Wallet::Object::* and all ACL verifier implementations must
have class names of Wallet::ACL::*.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
Update the design documentation to reflect the current protocol and
implementation.
wallet 0.7 (2008-02-08)
Add new exists and autocreate wallet server interfaces. The first
states whether a given object exists and the second attempts to create
the object using the default owner rules. Remove default owner
handling from the create interface, which is now for administrators
only. Remove server-side auto-creation of objects on get or store and
instead have the client check for object existence and call autocreate
if necessary. This removes confusion between default ACLs and
administrative object creation for users who are also on the ADMIN
ACL.
When creating a srvtab based on a just-downloaded keytab, extract the
srvtab key before merging the keytab into an existing file.
Otherwise, if the new keys had a lower kvno than the old keys
(possible after deleting and recreating the object), the wrong key
would be extracted for the srvtab.
keytab-backend now passes kadmin.local ktadd its options in a specific
order to satisfy the picky option parser.
Check naming policy on wallet object creation before checking the
default ACLs to avoid creating and stranding an ACL when the naming
policy check fails.
The current version of Net::Remctl can't handle explicit undef or the
empty string as a principal argument. Be careful not to provide a
principal argument if no principal was set. This workaround can be
removed once we depend on a later version of Net::Remctl.
Correctly enable syslog logging in wallet-backend.
Fix the example remctl configuration for keytab-backend to use the
correct script name.
wallet 0.6 (2008-01-28)
SECURITY: If -f is used and the output file name with ".new" appended
already exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
The wallet client can now get the server, port, principal, and remctl
type from krb5.conf as well as from compile-time defaults and
command-line options.
When getting a keytab with the client with no -f option, correctly
write the keytab to standard output rather than dying with a cryptic
error.
When downloading a keytab to a file that already exists, merge the new
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
The wallet client now supports a -u option, saying to obtain Kerberos
credentials for the given user and use those for authentication rather
than using an existing ticket cache.
Add a wallet-admin program which can initialize and destroy the
database and list all objects and ACLs in the database.
Support enforcing a naming policy for wallet objects via a Perl
function in the wallet server configuration file.
The build system now probes for GSS-API, Kerberos v5 and v4, and AFS
libraries as necessary rather than hard-coding libraries. Building
on systems without strong shared library dependencies and building
against static libraries should now work.
Building kasetkey (for AFS kaserver synchronization) is now optional
and not enabled by default. Pass --with-afs to configure to enable
it. This allows wallet to be easily built in an environment without
AFS.
Add a sample script (contrib/wallet-report) showing one way of
reporting on the contents of the wallet database. This will
eventually become more general.
wallet 0.5 (2007-12-06)
Allow the empty string in wallet-backend arguments.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
Load the Perl modules for ACL verifiers and object types dynamically
now that we're reading the class from the database.
Correctly implement the documented intention that setting an attribute
to the empty string clears the attribute values.
Fix the keytab principal validation regex to allow instances
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
Check a default creation ACL first before the ADMIN ACL when deciding
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
wallet 0.4 (2007-12-05)
Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them
over the life of the process if we see another ACL line from the same
scheme, rather than only reusing ACL verifiers within a single ACL.
Add a subclass of the NetDB ACL verifier that requires the principal
have an instance of "root" and strips that instance before checking
NetDB roles.
Determine the class for object and ACL schema implementations from the
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
Various coding style fixes and cleanup based on a much-appreciated
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
wallet 0.3 (2007-12-03)
MySQL is now a supported database backend and the full test suite
passes with MySQL.
Add support for running a user-defined function whenever an object is
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
Attempt to create the object with a default owner on get and store
when the object doesn't exist.
Add support for displaying the history of objects and ACLs.
Add an ACL verifier that checks access against NetDB roles using the
NetDB remctl interface.
The wallet backend script now logs all commands and errors to syslog.
The keytab backend now supports limiting generated keytabs to
particular enctypes by setting an attribute on the object.
Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
The wallet backend test suite now supports using a database other than
SQLite for testing.
wallet 0.2 (2007-10-08)
First public alpha release. Only tested with SQLite 3, no history
support, no object list support, and only keytab object and krb5 ACL
support.
wallet 0.1 (2007-03-08)
Internal release containing only kasetkey, a stub client, and design
documentation.