Commit 4b3f858e authored by Russ Allbery's avatar Russ Allbery
Browse files

Imported Upstream version 1.3

parents 7856dc7c 76f93739
/Makefile.in
/aclocal.m4
/autom4te.cache/
/build-aux/
/client/wallet
/client/wallet-rekey
......
sudo: required
dist: trusty
language: c
compiler:
- gcc
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y libauthen-sasl-perl libcrypt-generatepassword-perl libdatetime-perl libdatetime-format-sqlite-perl libdbd-sqlite3-perl libdbi-perl libdbix-class-perl libheimdal-kadm5-perl libjson-perl libkrb5-dev libnet-dns-perl libnet-ldap-perl libnet-remctl-perl libperl6-slurp-perl libremctl-dev libsql-translator-perl libtest-minimumversion-perl libtest-pod-perl libtest-strict-perl libtimedate-perl libwebauth-perl perl sqlite3
env: AUTHOR_TESTING=1
script: ./autogen && ./configure && make warnings && make check
branches:
only:
- master
......@@ -10,23 +10,25 @@ Copyright: 2006-2010, 2012-2013
License: Expat
Files: *
Copyright: 2000-2002, 2004-2014 Russ Allbery <eagle@eyrie.org>
2001-2014 The Board of Trustees of the Leland Stanford Junior University
Copyright: 2000-2002, 2004-2016 Russ Allbery <eagle@eyrie.org>
2001-2015 The Board of Trustees of the Leland Stanford Junior University
2015 Dropbox, Inc.
License: Expat
Files: Makefile.in
Copyright: 1994-2013 Free Software Foundation, Inc.
Copyright: 1994-2014 Free Software Foundation, Inc.
2006-2008, 2010, 2013-2014
The Board of Trustees of the Leland Stanford Junior University
2016 Russ Allbery <eagle@eyrie.org>
License: FSF-unlimited and Expat
Files: aclocal.m4
Copyright: 1996-2013 Free Software Foundation, Inc.
Copyright: 1996-2015 Free Software Foundation, Inc.
License: FSF-unlimited
Files: build-aux/ar-lib build-aux/compile build-aux/depcomp
build-aux/missing
Copyright: 1996-2013 Free Software Foundation, Inc.
Copyright: 1996-2014 Free Software Foundation, Inc.
License: GPL-2+ with Autoconf exception or Expat
Files: build-aux/install-sh
......@@ -62,7 +64,7 @@ Files: client/wallet-rekey.1 client/wallet-rekey.pod client/wallet.1
docs/stanford-naming perl/t/data/README tests/HOWTO tests/config/README
Copyright: 2006-2014
The Board of Trustees of the Leland Stanford Junior University
2010 Russ Allbery <eagle@eyrie.org>
2010, 2016 Russ Allbery <eagle@eyrie.org>
License: all-permissive
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and
......@@ -75,10 +77,12 @@ License: FSF-configure
This script is free software; the Free Software Foundation gives unlimited
permission to copy, distribute and modify it.
Files: m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4 m4/lib-depends.m4
m4/lib-pathname.m4 m4/remctl.m4 m4/snprintf.m4 m4/vamacros.m4
Files: m4/clang.m4 m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4
m4/lib-depends.m4 m4/lib-pathname.m4 m4/remctl.m4 m4/snprintf.m4
m4/vamacros.m4
Copyright: 2005-2014
The Board of Trustees of the Leland Stanford Junior University
2015 Russ Allbery <eagle@eyrie.org>
License: unlimited
This file is free software; the authors give unlimited permission to copy
and/or distribute it, with or without modifications, as long as this
......@@ -87,10 +91,8 @@ License: unlimited
Files: portable/asprintf.c portable/dummy.c portable/krb5-extra.c
portable/krb5.h portable/macros.h portable/mkstemp.c
portable/reallocarray.c portable/setenv.c portable/stdbool.h
portable/strlcat.c portable/strlcpy.c portable/system.h portable/uio.h
tests/portable/asprintf-t.c tests/portable/mkstemp-t.c
tests/portable/setenv-t.c tests/portable/strlcat-t.c
tests/portable/strlcpy-t.c util/macros.h
portable/system.h portable/uio.h tests/portable/asprintf-t.c
tests/portable/mkstemp-t.c tests/portable/setenv-t.c util/macros.h
Copyright: no copyright notice, see License
License: rra-public-domain
The authors hereby relinquish any claim to any copyright that they may
......@@ -116,6 +118,7 @@ Copyright: 1991, 1994-2003 The Internet Software Consortium and Rich Salz
2004-2006 Internet Systems Consortium, Inc.
2008-2010, 2012-2014
The Board of Trustees of the Leland Stanford Junior University
2015 Russ Allbery <eagle@eyrie.org>
License: ISC
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
......
# Automake makefile for wallet.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2016 Russ Allbery <eagle@eyrie.org>
# Copyright 2006, 2007, 2008, 2010, 2013, 2014
# The Board of Trustees of the Leland Stanford Junior University
#
......@@ -20,17 +21,18 @@ WALLET_PERL_FLAGS ?=
# builddir != srcdir builds.
PERL_FILES = perl/Build.PL perl/MANIFEST perl/MANIFEST.SKIP perl/create-ddl \
perl/lib/Wallet/ACL.pm perl/lib/Wallet/ACL/Base.pm \
perl/lib/Wallet/ACL/Krb5.pm perl/lib/Wallet/ACL/Krb5/Regex.pm \
perl/lib/Wallet/ACL/LDAP/Attribute.pm perl/lib/Wallet/ACL/NetDB.pm \
perl/lib/Wallet/ACL/External.pm perl/lib/Wallet/ACL/Krb5.pm \
perl/lib/Wallet/ACL/Krb5/Regex.pm \
perl/lib/Wallet/ACL/LDAP/Attribute.pm \
perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm \
perl/lib/Wallet/ACL/NetDB.pm perl/lib/Wallet/ACL/Nested.pm \
perl/lib/Wallet/ACL/NetDB/Root.pm perl/lib/Wallet/Admin.pm \
perl/lib/Wallet/Config.pm perl/lib/Wallet/Database.pm \
perl/lib/Wallet/Kadmin.pm perl/lib/Wallet/Kadmin/Heimdal.pm \
perl/lib/Wallet/Kadmin/MIT.pm perl/lib/Wallet/Object/Base.pm \
perl/lib/Wallet/Object/Duo.pm \
perl/lib/Wallet/Object/Duo/LDAPProxy.pm \
perl/lib/Wallet/Object/Duo/PAM.pm perl/lib/Wallet/Object/Duo/RDP.pm \
perl/lib/Wallet/Object/Duo/RadiusProxy.pm \
perl/lib/Wallet/Kadmin.pm perl/lib/Wallet/Kadmin/AD.pm \
perl/lib/Wallet/Kadmin/Heimdal.pm perl/lib/Wallet/Kadmin/MIT.pm \
perl/lib/Wallet/Object/Base.pm perl/lib/Wallet/Object/Duo.pm \
perl/lib/Wallet/Object/File.pm perl/lib/Wallet/Object/Keytab.pm \
perl/lib/Wallet/Object/Password.pm \
perl/lib/Wallet/Object/WAKeyring.pm \
perl/lib/Wallet/Policy/Stanford.pm perl/lib/Wallet/Report.pm \
perl/lib/Wallet/Schema.pm perl/lib/Wallet/Server.pm \
......@@ -65,8 +67,9 @@ PERL_FILES = perl/Build.PL perl/MANIFEST perl/MANIFEST.SKIP perl/create-ddl \
perl/sql/Wallet-Schema-0.09-0.10-SQLite.sql \
perl/sql/Wallet-Schema-0.10-MySQL.sql \
perl/sql/Wallet-Schema-0.10-PostgreSQL.sql \
perl/sql/Wallet-Schema-0.10-SQLite.sql perl/t/data/README \
perl/t/data/duo/integration.json \
perl/sql/Wallet-Schema-0.10-SQLite.sql \
perl/sql/wallet-1.3-update-duo.sql perl/t/data/README \
perl/t/data/acl-command perl/t/data/duo/integration.json \
perl/t/data/duo/integration-ldap.json \
perl/t/data/duo/integration-radius.json \
perl/t/data/duo/integration-rdp.json perl/t/data/duo/keys.json \
......@@ -79,48 +82,52 @@ PERL_FILES = perl/Build.PL perl/MANIFEST perl/MANIFEST.SKIP perl/create-ddl \
perl/t/object/duo.t perl/t/object/duo-ldap.t \
perl/t/object/duo-pam.t perl/t/object/duo-radius.t \
perl/t/object/duo-rdp.t perl/t/object/file.t perl/t/object/keytab.t \
perl/t/object/wa-keyring.t perl/t/policy/stanford.t \
perl/t/style/minimum-version.t perl/t/style/strict.t \
perl/t/util/kadmin.t perl/t/verifier/basic.t \
perl/t/verifier/ldap-attr.t perl/t/verifier/netdb.t
perl/t/object/password.t perl/t/object/wa-keyring.t \
perl/t/policy/stanford.t perl/t/style/minimum-version.t \
perl/t/style/strict.t perl/t/util/kadmin.t perl/t/verifier/basic.t \
perl/t/verifier/external.t perl/t/verifier/ldap-attr.t \
perl/t/verifier/nested.t perl/t/verifier/netdb.t
# Directories that have to be created in builddir != srcdir builds before
# copying PERL_FILES over.
PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL \
perl/lib/Wallet/ACL/Krb5 perl/lib/Wallet/ACL/LDAP \
perl/lib/Wallet/ACL/NetDB perl/lib/Wallet/Kadmin \
perl/lib/Wallet/Object perl/lib/Wallet/Object/Duo \
perl/lib/Wallet/ACL/LDAP/Attribute perl/lib/Wallet/ACL/NetDB \
perl/lib/Wallet/Kadmin perl/lib/Wallet/Object \
perl/lib/Wallet/Policy perl/lib/Wallet/Schema \
perl/lib/Wallet/Schema/Result perl/sql perl/t perl/t/data \
perl/t/data/duo perl/t/docs perl/t/general perl/t/lib perl/t/object \
perl/t/policy perl/t/style perl/t/util perl/t/verifier
ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod \
client/wallet-rekey.pod config/allow-extract config/keytab \
config/keytab.acl config/wallet config/wallet-report.acl \
docs/design contrib/README contrib/convert-srvtab-db \
contrib/used-principals contrib/wallet-contacts \
contrib/wallet-rekey-periodic contrib/wallet-rekey-periodic.8 \
contrib/wallet-summary contrib/wallet-summary.8 \
contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8 \
docs/design-acl docs/design-api docs/netdb-role-api docs/notes \
docs/objects-and-schemes docs/setup docs/stanford-naming \
examples/stanford.conf tests/HOWTO tests/TESTS tests/config/README \
tests/data/allow-extract tests/data/basic.conf tests/data/cmd-fake \
tests/data/cmd-wrapper tests/data/fake-data tests/data/fake-kadmin \
tests/data/fake-keytab tests/data/fake-keytab-2 \
tests/data/fake-keytab-foreign tests/data/fake-keytab-merge \
tests/data/fake-keytab-old tests/data/fake-keytab-partial \
tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
tests/data/fake-keytab-unknown tests/data/fake-srvtab \
tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \
tests/docs/pod-spelling-t tests/docs/pod-t \
tests/perl/minimum-version-t tests/perl/strict-t \
tests/server/admin-t tests/server/backend-t tests/server/keytab-t \
tests/server/report-t tests/tap/kerberos.sh tests/tap/libtap.sh \
tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \
tests/tap/perl/Test/RRA/Config.pm tests/tap/remctl.sh \
EXTRA_DIST = .gitignore .travis.yml LICENSE autogen client/wallet.pod \
client/wallet-rekey.pod config/allow-extract config/keytab \
config/keytab.acl config/wallet config/wallet-report.acl \
docs/design contrib/README contrib/commerzbank/wallet-history \
contrib/convert-srvtab-db contrib/used-principals \
contrib/wallet-contacts contrib/wallet-rekey-periodic \
contrib/wallet-rekey-periodic.8 contrib/wallet-summary \
contrib/wallet-summary.8 contrib/wallet-unknown-hosts \
contrib/wallet-unknown-hosts.8 docs/design-acl docs/design-api \
docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup \
docs/stanford-naming examples/stanford.conf tests/HOWTO tests/TESTS \
tests/config/README tests/data/allow-extract tests/data/basic.conf \
tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \
tests/data/fake-kadmin tests/data/fake-keytab \
tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
tests/data/fake-keytab-merge tests/data/fake-keytab-old \
tests/data/fake-keytab-partial \
tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
tests/data/fake-keytab-unknown tests/data/fake-srvtab \
tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \
tests/docs/pod-spelling-t tests/docs/pod-t \
tests/perl/minimum-version-t tests/perl/module-version-t \
tests/perl/strict-t tests/server/admin-t tests/server/backend-t \
tests/server/keytab-t tests/server/report-t tests/tap/kerberos.sh \
tests/tap/libtap.sh tests/tap/perl/Test/RRA.pm \
tests/tap/perl/Test/RRA/Automake.pm \
tests/tap/perl/Test/RRA/Config.pm \
tests/tap/perl/Test/RRA/ModuleVersion.pm tests/tap/remctl.sh \
tests/util/xmalloc-t $(PERL_FILES)
# Supporting convenience libraries used by other targets.
......@@ -173,22 +180,28 @@ dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
perl/sql/Wallet-Schema-0.09-PostgreSQL.sql \
perl/sql/Wallet-Schema-0.09-SQLite.sql
# A set of flags for warnings. Add -O because gcc won't find some warnings
# A set of flags for warnings. Add -O because gcc won't find some warnings
# without optimization turned on. Desirable warnings that can't be turned
# on due to other problems:
#
# -Wconversion http://bugs.debian.org/488884 (htons warnings)
# -Wconversion http://bugs.debian.org/488884 (htons warnings)
#
# Last checked against gcc 4.8.2 (2014-04-12). -D_FORTIFY_SOURCE=2 enables
# Last checked against gcc 4.8.2 (2014-04-12). -D_FORTIFY_SOURCE=2 enables
# warn_unused_result attribute markings on glibc functions on Linux, which
# catches a few more issues.
WARNINGS = -g -O -fstrict-overflow -fstrict-aliasing -D_FORTIFY_SOURCE=2 \
-Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self -Wswitch-enum \
-Wstrict-overflow=5 -Wfloat-equal -Wdeclaration-after-statement \
-Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align \
-Wwrite-strings -Wjump-misses-init -Wlogical-op -Wstrict-prototypes \
-Wold-style-definition -Wmissing-prototypes -Wnormalized=nfc \
-Wpacked -Wredundant-decls -Wnested-externs -Winline -Wvla -Werror
if WARNINGS_GCC
WARNINGS = -g -O -fstrict-overflow -fstrict-aliasing -D_FORTIFY_SOURCE=2 \
-Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self -Wswitch-enum \
-Wstrict-overflow=5 -Wmissing-format-attribute -Wfloat-equal \
-Wdeclaration-after-statement -Wshadow -Wpointer-arith \
-Wbad-function-cast -Wcast-align -Wwrite-strings -Wjump-misses-init \
-Wlogical-op -Wstrict-prototypes -Wold-style-definition \
-Wmissing-prototypes -Wnormalized=nfc -Wpacked -Wredundant-decls \
-Wnested-externs -Winline -Wvla -Werror
endif
if WARNINGS_CLANG
WARNINGS = -Weverything -Wno-padded
endif
warnings:
$(MAKE) V=0 CFLAGS='$(WARNINGS)' KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)'
......@@ -247,8 +260,10 @@ clean-local:
cd perl && ./Build realclean ; \
fi
# Remove the files that we copy over if and only if builddir != srcdir.
# Remove the Autoconf cache. Remove the files that we copy over if and only
# if builddir != srcdir.
distclean-local:
rm -rf autom4te.cache
set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
for f in $(PERL_FILES) ; do \
rm -f "$(builddir)/$$f" ; \
......@@ -258,8 +273,7 @@ distclean-local:
# The bits below are for the test suite, not for the main package.
check_PROGRAMS = tests/runtests tests/portable/asprintf-t \
tests/portable/mkstemp-t tests/portable/setenv-t \
tests/portable/snprintf-t tests/portable/strlcat-t \
tests/portable/strlcpy-t tests/util/messages-krb5-t \
tests/portable/snprintf-t tests/util/messages-krb5-t \
tests/util/messages-t tests/util/xmalloc
tests_runtests_CPPFLAGS = -DSOURCE='"$(abs_top_srcdir)/tests"' \
-DBUILD='"$(abs_top_builddir)/tests"'
......@@ -283,12 +297,6 @@ tests_portable_setenv_t_LDADD = tests/tap/libtap.a portable/libportable.a
tests_portable_snprintf_t_SOURCES = tests/portable/snprintf-t.c \
tests/portable/snprintf.c
tests_portable_snprintf_t_LDADD = tests/tap/libtap.a portable/libportable.a
tests_portable_strlcat_t_SOURCES = tests/portable/strlcat-t.c \
tests/portable/strlcat.c
tests_portable_strlcat_t_LDADD = tests/tap/libtap.a portable/libportable.a
tests_portable_strlcpy_t_SOURCES = tests/portable/strlcpy-t.c \
tests/portable/strlcpy.c
tests_portable_strlcpy_t_LDADD = tests/tap/libtap.a portable/libportable.a
tests_util_messages_krb5_t_CPPFLAGS = $(KRB5_CPPFLAGS)
tests_util_messages_krb5_t_LDFLAGS = $(KRB5_LDFLAGS)
tests_util_messages_krb5_t_LDADD = tests/tap/libtap.a util/libutil.a \
......
This diff is collapsed.
User-Visible wallet Changes
wallet 1.3 (2016-01-17)
This release adds initial, experimental support for using Active
Directory as the KDC for keytab creation. The interface to Active
Directory uses a combination of direct LDAP queries and the msktutil
utility. This version does not support the wallet unchanging flag.
Unchanging requires that a keytab be retrieved without changing the
password/kvno which is not supported by msktutil. Active Directory
can be selected by setting KEYTAB_KRBTYPE to AD in the wallet
configuration. Multiple other configuration options must also be set;
see Wallet::Config for more information and README for the additional
Perl modules required. Thanks to Bill MacAllister for the
implementation.
A new ACL type, nested (Wallet::ACL::Nested), is now supported. The
identifier of this ACL names another ACL, and access is granted if
that ACL would grant access. This lets one combine multiple other
ACLs and apply the union to an object. To enable this ACL type for an
existing wallet database, use wallet-admin to register the new
verifier.
A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal, type and name of the object, and the ACL
identifier to that command. To enable this ACL type for an existing
wallet database, use wallet-admin to register the new verifier.
A new variation on the ldap-attr ACL type, ldap-attr-root
(Wallet::ACL::LDAP::Attribute::Root), is now supported. This is
similar to netdb-root (compared to netdb): the authenticated principal
must end in /root, and the LDAP entry checked will be for the same
principal without the /root component. This is useful for limiting
access to certain privileged objects to Kerberos root instances. To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.
A new object type, password (Wallet::Object::Password), is now
supported. This is a subclass of the file object that will randomly
generate content for the object if you do a get before storing any
content inside it. To enable this object type for an existing
database, use wallet-admin to register the new object.
Add a new command to wallet-backend, update. This will update the
contents of an object before running a get on it, and is only valid
for objects that can automatically get new content, such as keytab and
password objects. A keytab will get a new kvno regardless of the
unchanging flag if called with update. In a future release get will
be changed to never update a keytab, and the unchanging flag will be
ignored. Please start moving to use get or update as the situation
warrants.
Add an acl replace command, to change all objects owned by one ACL to
be owned by another. This currently only handles owner, not any of
the more specific ACLs.
All ACL operations now refer to the ACL by name rather than ID.
Add a report for unstored objects to wallet-report, and cleaned up the
help for the existing unused report that implied it showed unstored as
well as unused.
Add reports that list all object types (types) and all ACL schemes
(schemes) currently registered in the wallet database.
Add a report of all ACLs that nest a given ACL. This requires some
additional local configuration (and probably some code). See
Wallet::Config for more information.
Took contributions from Commerzbank AG to improve wallet history. Add
a command to dump all object history for searching on to
wallet-report, and add a new script for more detailed object history
operations to the contrib directory.
Displays of ACLs and ACL entries are now sorted correctly.
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Update to rra-c-util 5.10:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Test infrastructure builds cleanly with Clang warnings.
* Support comments and blank lines in test lists.
wallet 1.2 (2014-12-08)
The duo object type has been split into several sub-types, each for a
......
wallet release 1.2
wallet release 1.3
(secure data management system)
Written by Russ Allbery <eagle@eyrie.org>
Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013, 2014 The Board of
Trustees of the Leland Stanford Junior University. This software is
distributed under a BSD-style license. Please see the section LICENSE
below for more information.
Copyright 2014, 2016 Russ Allbery <eagle@eyrie.org>. Copyright 2006,
2007, 2008, 2009, 2010, 2012, 2013, 2014 The Board of Trustees of the
Leland Stanford Junior University. This software is distributed under a
BSD-style license. Please see the section LICENSE below for more
information.
BLURB
......@@ -91,12 +92,15 @@ REQUIREMENTS
on CPAN for older versions.
The keytab support in the wallet server supports either Heimdal or MIT
Kerberos KDCs. The Heimdal support requires the Heimdal::Kadm5 Perl
module. The MIT Kerberos support requires the MIT Kerberos kadmin
client program be installed. In either case, wallet also requires that
the wallet server have a keytab for a principal with appropriate access
to create, modify, and delete principals from the KDC (as configured in
kadm5.acl on an MIT Kerberos KDC).
Kerberos KDCs and has exeprimental support for Active Directory. The
Heimdal support requires the Heimdal::Kadm5 Perl module. The MIT
Kerberos support requires the MIT Kerberos kadmin client program be
installed. The Active Directory support requires the Net::LDAP,
Authen::SASL, and IPC::Run Perl modules and the msktutil client program.
In all cases, wallet also requires that the wallet server have a keytab
for a principal with appropriate access to create, modify, and delete
principals from the KDC (as configured in kadm5.acl on an MIT Kerberos
KDC).
To support the unchanging flag on keytab objects with an MIT Kerberos
KDC, the Net::Remctl Perl module (shipped with remctl) must be installed
......@@ -109,7 +113,10 @@ REQUIREMENTS
WebAuth Perl module from WebAuth 4.4.0 or later.
The Duo integration object support in the wallet server requires the
Net::Duo Perl module.
Net::Duo, JSON, and Perl6::Slurp Perl modules.
The password object support in the wallet server requires the
Crypt::GeneratePassword Perl module.
To support the LDAP attribute ACL verifier, the Authen::SASL and
Net::LDAP Perl modules must be installed on the server. This verifier
......@@ -336,14 +343,19 @@ THANKS
security models.
To Jon Robertson for the refactoring of Wallet::Kadmin, Heimdal support,
many of the wallet server-side reports, and the initial wallet-rekey
implementation.
many of the wallet server-side reports, the initial wallet-rekey
implementation, and lots of work on object and ACL types including
nested ACLs.
To Bill MacAllister for Wallet::Kadmin::AD and the implementation of
keytab object types backed by Active Directory.
LICENSE
The wallet distribution as a whole is covered by the following copyright
statement and license:
Copyright 2014, 2016 Russ Allbery <eagle@eyrie.org>
Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013, 2014
The Board of Trustees of the Leland Stanford Junior University
......
This diff is collapsed.
# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -21,7 +21,7 @@ If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# longlong.m4 serial 17
dnl Copyright (C) 1999-2007, 2009-2014 Free Software Foundation, Inc.
dnl Copyright (C) 1999-2007, 2009-2015 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
......@@ -134,7 +134,7 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
| (ullmax / ull) | (ullmax % ull));]])
])
# Copyright (C) 2002-2013 Free Software Foundation, Inc.
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -146,10 +146,10 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.14'
[am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.14.1], [],
m4_if([$1], [1.15], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
......@@ -165,12 +165,12 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.14.1])dnl
[AM_AUTOMAKE_VERSION([1.15])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# Copyright (C) 2011-2013 Free Software Foundation, Inc.
# Copyright (C) 2011-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -232,7 +232,7 @@ AC_SUBST([AR])dnl
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -284,7 +284,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -315,7 +315,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -506,7 +506,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -582,7 +582,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -672,8 +672,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_SET_LEADING_DOT])dnl
......@@ -747,6 +747,9 @@ END
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
fi
fi
dnl The trailing newline in this macro's definition is deliberate, for
dnl backward compatibility and to allow trailing 'dnl'-style comments
dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
])
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
......@@ -776,7 +779,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -787,7 +790,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
if test x"${install_sh}" != xset; then
if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
......@@ -797,7 +800,7 @@ if test x"${install_sh}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2013 Free Software Foundation, Inc.
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -819,7 +822,7 @@ AC_SUBST([am__leading_dot])])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -854,7 +857,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2013 Free Software Foundation, Inc.
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -904,7 +907,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2013 Free Software Foundation, Inc.
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -943,7 +946,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-