New upstream version 1.4

1 files changed, 182 insertions, 0 deletions

diff --git a/server/wallet-admin.in b/server/wallet-admin.in
new file mode 100644
index 0000000..4940c89
--- /dev/null
+++ b/server/wallet-admin.in
@@ -0,0 +1,182 @@
+#!@PERL@
+# -*- perl -*-
+#
+# Wallet server administrative commands.
+
+use 5.008;
+use strict;
+use warnings;
+
+use Wallet::Admin;
+
+##############################################################################
+# Implementation
+##############################################################################
+
+# Parse and execute a command.  We wrap this in a subroutine call for easier
+# testing.
+sub command {
+    die "Usage: wallet-admin <command> [<args> ...]\n" unless @_;
+    my $admin = Wallet::Admin->new;
+
+    # Parse command-line options and dispatch to the appropriate calls.
+    my ($command, @args) = @_;
+    if ($command eq 'destroy') {
+        die "too many arguments to destroy\n" if @args;
+        print 'This will delete all data in the wallet database.  Are you'
+            . ' sure (N/y)? ';
+        my $response = <STDIN>;
+        unless ($response and $response =~ /^y/i) {
+            die "Aborted\n";
+        }
+        $admin->destroy or die $admin->error, "\n";
+    } elsif ($command eq 'initialize') {
+        die "too many arguments to initialize\n" if @args > 1;
+        die "too few arguments to initialize\n" if @args < 1;
+        die "invalid admin principal $args[0]\n"
+            unless $args[0] =~ /^[^\@\s]+\@\S+$/;
+        $admin->initialize (@args) or die $admin->error, "\n";
+    } elsif ($command eq 'register') {
+        die "too many arguments to register\n" if @args > 3;
+        die "too few arguments to register\n" if @args < 3;
+        my ($object, $type, $class) = @args;
+        if ($object eq 'object') {
+            unless ($admin->register_object ($type, $class)) {
+                die $admin->error, "\n";
+            }
+        } elsif ($object eq 'verifier') {
+            unless ($admin->register_verifier ($type, $class)) {
+                die $admin->error, "\n";
+            }
+        } else {
+            die "only object or verifier is supported for register\n";
+        }
+    } elsif ($command eq 'upgrade') {
+        die "too many arguments to upgrade\n" if @args;
+        $admin->upgrade or die $admin->error, "\n";
+    } else {
+        die "unknown command $command\n";
+    }
+}
+command (@ARGV);
+__END__
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+metadata ACL hostname backend acl acls wildcard SQL Allbery verifier
+MERCHANTABILITY NONINFRINGEMENT sublicense SPDX-License-Identifier MIT
+
+=head1 NAME
+
+wallet-admin - Wallet server administrative commands
+
+=head1 SYNOPSIS
+
+B<wallet-admin> I<command> [I<args> ...]
+
+=head1 DESCRIPTION
+
+B<wallet-admin> provides a command-line interface for performing
+administrative actions for the wallet system, such as setting up a new
+database or running reports.  It is intended to be run on the wallet
+server as a user with access to the wallet database and configuration.
+
+This program is a fairly thin wrapper around Wallet::Admin that translates
+command strings into method calls and returns the results.
+
+=head1 OPTIONS
+
+B<wallet-admin> takes no traditional options.
+
+=head1 COMMANDS
+
+=over 4
+
+=item destroy
+
+Deletes all data in the wallet database and drops all of the
+wallet-created tables, restoring the database to its state prior to an
+C<initialize> command.  Since this command is destructive and cannot be
+easily recovered from, B<wallet-admin> will prompt first to be sure the
+user intends to do this.
+
+=item initialize <principal>
+
+Given an empty database, initializes it for use with the wallet server by
+creating the necessary tables and initial metadata.  Also creates an ACL
+with the name ADMIN, used for administrative privileges to the wallet
+system, and adds an ACL entry to it with a scheme of C<krb5> and an
+instance of <principal>.  This bootstraps the authentication system and
+allows that user to make further changes to the ADMIN ACL and the rest of
+the wallet database.  C<initialize> uses C<localhost> as the hostname and
+<principal> as the user when logging the history of the ADMIN ACL creation
+and for any subsequent actions required to initialize the database.
+
+Before running C<initialize>, the wallet system has to be configured.  See
+Wallet::Config(3) for more details.  Depending on the database backend
+used, the database may also have to be created in advance.
+
+=item register (object | verifier) <type> <class>
+
+Registers an implementation of a wallet object or ACL verifier in the
+wallet database.  The Perl class <class> is registered as the
+implementation of an object of type <type> or an ACL verifier of scheme
+<type>, allowing creation of objects with that type or ACL lines with that
+scheme.
+
+All object and ACL implementations that come with wallet are registered by
+default as part of database initialization, so this command is used
+primarily to register local implementations of additional object types or
+ACL schemes.
+
+=item upgrade
+
+Upgrades the database to the latest schema version, preserving data as
+much as possible.
+
+=back
+
+=head1 AUTHOR
+
+Russ Allbery <eagle@eyrie.org>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2008-2011, 2013 The Board of Trustees of the Leland Stanford Junior
+University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+SPDX-License-Identifier: MIT
+
+=head1 SEE ALSO
+
+Wallet::Admin(3), Wallet::Config(3), wallet-backend(8)
+
+This program is part of the wallet system.  The current version is
+available from L<https://www.eyrie.org/~eagle/software/wallet/>.
+
+=cut
+
+# Local Variables:
+# copyright-at-end-flag: t
+# End: