diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-02-20 21:52:38 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-02-20 21:52:38 -0800 |
| commit | 3b3e387b6bca35a00a86ad41e39874eeadcb78b9 (patch) | |
| tree | 4bcf411ad194268b919a40a559ac39fa98bed9c3 | |
| parent | 78d83f1d2757fbbc36bbb1e5463cb7c263053a22 (diff) | |
Update documentation for support for storing nul data
Update the wallet client, wallet-backend, and Wallet::Object::File
documentation for the support for storing data containing nul
characters using the new stdin support in remctld. Add this to NEWS.
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | client/wallet.pod | 12 | ||||
| -rw-r--r-- | perl/Wallet/Object/File.pm | 11 | ||||
| -rwxr-xr-x | server/wallet-backend | 7 |
4 files changed, 13 insertions, 23 deletions
@@ -26,6 +26,12 @@ wallet 0.10 (unreleased) right thing for sites that use a KDC that serves both Kerberos v4 and Kerberos v5 from the same database. + The wallet client can now store data containing nul characters and + wallet-backend will accept it if passed on standard input instead of + as a command-line argument. See config/wallet for the new required + remctld configuration. Storing data containing nul characters + requires remctl 2.14 or later. + Correctly handle storing of data that begins with a dash and don't parse it as an argument to wallet-backend. diff --git a/client/wallet.pod b/client/wallet.pod index 885b77e..db93700 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -5,7 +5,7 @@ wallet - Client for retrieving secure data from a central server =for stopwords -hv srvtab arg keytabs metadata keytab ACL PTS kinit klist remctl PKINIT acl timestamp autocreate backend-specific setacl enctypes enctype ktadd -KDC appdefaults remctld Allbery nul uuencode getacl backend +KDC appdefaults remctld Allbery uuencode getacl backend =head1 SYNOPSIS @@ -87,11 +87,6 @@ ktremove> or an equivalent later to clean up old keys. F<I<output>.new> is still used as a temporary file and any existing file with that name will be deleted. -C<store> does not yet support nul bytes in I<file> (or in any other way of -specifying the data to be stored). To store binary files in the wallet, -you will need to encode them with uuencode, base64, or some similar scheme -and then decode them after retrieval. - =item B<-k> I<principal> The service principal of the wallet server. The default is to use the @@ -349,11 +344,6 @@ retrieval with C<get>. Not all object types support this. If <data> is not specified on the command line, it will be read from the file specified with B<-f> (if given) or from standard input. -Currently, the stored data must not contain nul characters and may -therefore not be binary data. Its length is also limited by the maximum -command line length of the operating system of the wallet server. These -restrictions will be lifted in the future. - If an object with type <type> and name <name> does not already exist when this command is issued (as checked with the check interface), B<wallet> will attempt to automatically create it (using autocreate). diff --git a/perl/Wallet/Object/File.pm b/perl/Wallet/Object/File.pm index 69262f6..c655b44 100644 --- a/perl/Wallet/Object/File.pm +++ b/perl/Wallet/Object/File.pm @@ -221,12 +221,11 @@ dashes replaced by C<%> and the hex code of the character. =head1 LIMITATIONS -The wallet implementation itself can handle arbitrary file object names -and arbitrary content. However, due to limitations in the B<remctld> -server usually used to run B<wallet-backend>, file object names and -contents containing nul characters (ASCII 0) may not be permitted. The -file system used for storing file objects may impose a length limitation -on the file object name. +The wallet implementation itself can handle arbitrary file object names. +However, due to limitations in the B<remctld> server usually used to run +B<wallet-backend>, file object names containing nul characters (ASCII 0) +may not be permitted. The file system used for storing file objects may +impose a length limitation on the file object name. =head1 SEE ALSO diff --git a/server/wallet-backend b/server/wallet-backend index 453aa79..0a611db 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -317,7 +317,7 @@ __END__ =for stopwords wallet-backend backend backend-specific remctld ACL acl timestamp getacl -setacl metadata nul keytab keytabs enctypes enctype ktadd KDC Allbery +setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery autocreate =head1 NAME @@ -546,11 +546,6 @@ Stores <data> for the object identified by <type> and <name> for later retrieval with C<get>. Not all object types support this. If <data> is not given as an argument, it will be read from standard input. -Currently, <data> is limited to not containing nul characters and may -therefore not be binary data, and is limited by the maximum command line -length of the operating system of the wallet server. These restrictions -will be lifted in the future. - =back =head1 ATTRIBUTES |