diff options
Diffstat (limited to 'client')
| -rw-r--r-- | client/file.c | 2 | ||||
| -rw-r--r-- | client/internal.h | 2 | ||||
| -rw-r--r-- | client/keytab.c | 54 | ||||
| -rw-r--r-- | client/krb5.c | 2 | ||||
| -rw-r--r-- | client/options.c | 2 | ||||
| -rw-r--r-- | client/remctl.c | 2 | ||||
| -rw-r--r-- | client/srvtab.c | 2 | ||||
| -rw-r--r-- | client/wallet-rekey.1 | 44 | ||||
| -rw-r--r-- | client/wallet-rekey.c | 2 | ||||
| -rw-r--r-- | client/wallet-rekey.pod | 17 | ||||
| -rw-r--r-- | client/wallet.1 | 70 | ||||
| -rw-r--r-- | client/wallet.c | 6 | ||||
| -rw-r--r-- | client/wallet.pod | 11 |
13 files changed, 111 insertions, 105 deletions
diff --git a/client/file.c b/client/file.c index 511c995..468eb30 100644 --- a/client/file.c +++ b/client/file.c @@ -1,7 +1,7 @@ /* * File handling for the wallet client. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * diff --git a/client/internal.h b/client/internal.h index 24dd875..fc0591f 100644 --- a/client/internal.h +++ b/client/internal.h @@ -1,7 +1,7 @@ /* * Internal support functions for the wallet client. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * diff --git a/client/keytab.c b/client/keytab.c index d7106e1..7bec459 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -1,8 +1,8 @@ /* * Implementation of keytab handling for the wallet client. * - * Written by Russ Allbery <rra@stanford.edu> - * Copyright 2007, 2008, 2010, 2013 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2007, 2008, 2010, 2013, 2014 * The Board of Trustees of the Leland Stanford Junior University * * See LICENSE for licensing terms. @@ -218,7 +218,7 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type, { char *realm = NULL; char *data = NULL; - char *tempfile, *backupfile; + char *tempfile; size_t length = 0; int status; bool error = false, rekeyed = false; @@ -231,15 +231,25 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type, status = download_keytab(r, type, current->princ, &data, &length); if (status != 0) { warn("error rekeying for principal %s", current->princ); - if (!rekeyed) - die("aborting, keytab unchanged"); error = true; - } else if (data != NULL) { - if (access(tempfile, F_OK) == 0) - append_file(tempfile, data, length); - else - write_file(tempfile, data, length); - rekeyed = true; + continue; + } + write_file(tempfile, data, length); + rekeyed = true; + + /* + * Now merge the original keytab file with the one containing the new + * keys from the rekeying of this principal. + */ + if (access(file, F_OK) != 0) { + if (link(tempfile, file) < 0) + sysdie("rename of temporary keytab %s to %s failed", tempfile, + file); + } else { + merge_keytab(ctx, tempfile, file); + if (unlink(tempfile) < 0) + syswarn("unlink of temporary keytab file %s failed", + tempfile); } } @@ -247,28 +257,6 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type, if (!rekeyed) die("no rekeyable principals found"); - /* - * Now merge the original keytab file with the one containing the new - * keys. If there is an error, first make a backup of the current keytab - * file as keytab.old. - */ - if (access(file, F_OK) != 0) { - if (link(tempfile, file) < 0) - sysdie("rename of temporary keytab %s to %s failed", tempfile, - file); - } else { - if (error) { - data = read_file(file, &length); - xasprintf(&backupfile, "%s.old", file); - overwrite_file(backupfile, data, length); - warn("partial failure to rekey keytab %s, old keytab left in %s", - file, backupfile); - free(backupfile); - } - merge_keytab(ctx, tempfile, file); - } - if (unlink(tempfile) < 0) - sysdie("unlink of temporary keytab file %s failed", tempfile); free(tempfile); return !error; } diff --git a/client/krb5.c b/client/krb5.c index dde37ed..345df64 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -5,7 +5,7 @@ * given principal and store it in memory for use by the rest of the wallet * client. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * diff --git a/client/options.c b/client/options.c index 67ecb7f..ae88485 100644 --- a/client/options.c +++ b/client/options.c @@ -4,7 +4,7 @@ * This file provides the functions to set default options from the krb5.conf * file for both wallet and wallet-rekey. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2006, 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * diff --git a/client/remctl.c b/client/remctl.c index 071e410..d4cd09e 100644 --- a/client/remctl.c +++ b/client/remctl.c @@ -1,7 +1,7 @@ /* * remctl interface for the wallet client. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2007, 2010 * The Board of Trustees of the Leland Stanford Junior University * diff --git a/client/srvtab.c b/client/srvtab.c index 73277e9..045f56d 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -1,7 +1,7 @@ /* * Implementation of srvtab handling for the wallet client. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * Copyright 2007, 2008, 2010 * The Board of Trustees of the Leland Stanford Junior University * diff --git a/client/wallet-rekey.1 b/client/wallet-rekey.1 index 10bc7fa..cd26421 100644 --- a/client/wallet-rekey.1 +++ b/client/wallet-rekey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-REKEY 1" -.TH WALLET-REKEY 1 "2013-03-27" "1.0" "wallet" +.TH WALLET-REKEY 1 "2014-07-16" "1.1" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +154,8 @@ from the local default realm, requests new wallet keytab objects for each principal (removing the realm when naming the keytab), and merges the new keys into the keytab. .PP -If an error occurs before any new keys were downloaded, \fBwallet-rekey\fR -aborts. If some new keys were successfully downloaded, \fBwallet-rekey\fR -warns about errors but continues to rekey all principals that it can. In -this case, a copy of the existing keytab prior to the rekeying is saved in -a file named by appending \f(CW\*(C`.old\*(C'\fR to the file name. +If an error occurs, \fBwallet-rekey\fR continues to rekey all principals that +it can, producing error messages for those that it cannot rekey. .PP If no keytab file name is given on the command line, \fBwallet-rekey\fR attempts to rekey \fI/etc/krb5.keytab\fR, the system default keytab file. @@ -171,8 +177,10 @@ or: \& ktutil \-k <keytab> purge .Ve .PP -for Heimdal. This functionality will eventually be provided by -\&\fBwallet-rekey\fR directly. +for Heimdal. The Heimdal command can be run by any user with access to +the keytab, but the \s-1MIT\s0 Kerberos command unfortunately has to be run by a +someone with direct \fBkadmin\fR access. This functionality will eventually +be provided by \fBwallet-rekey\fR directly. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-c\fR \fIcommand\fR" 4 @@ -259,7 +267,7 @@ version of the wallet code on the server. The \fB\-c\fR command-line option overrides this setting. .SH "AUTHOR" .IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior diff --git a/client/wallet-rekey.c b/client/wallet-rekey.c index 5007f41..95cd328 100644 --- a/client/wallet-rekey.c +++ b/client/wallet-rekey.c @@ -1,7 +1,7 @@ /* * A specialized wallet client for rekeying a keytab. * - * Written by Russ Allbery <rra@stanford.edu> + * Written by Russ Allbery <eagle@eyrie.org> * and Jon Robertson <jonrober@stanford.edu> * Copyright 2010 * The Board of Trustees of the Leland Stanford Junior University diff --git a/client/wallet-rekey.pod b/client/wallet-rekey.pod index 47413ad..a36a734 100644 --- a/client/wallet-rekey.pod +++ b/client/wallet-rekey.pod @@ -1,6 +1,6 @@ =for stopwords wallet-rekey rekey rekeying keytab -hv Heimdal remctl remctld PKINIT kinit -appdefaults Allbery +appdefaults Allbery kadmin =head1 NAME @@ -21,11 +21,8 @@ from the local default realm, requests new wallet keytab objects for each principal (removing the realm when naming the keytab), and merges the new keys into the keytab. -If an error occurs before any new keys were downloaded, B<wallet-rekey> -aborts. If some new keys were successfully downloaded, B<wallet-rekey> -warns about errors but continues to rekey all principals that it can. In -this case, a copy of the existing keytab prior to the rekeying is saved in -a file named by appending C<.old> to the file name. +If an error occurs, B<wallet-rekey> continues to rekey all principals that +it can, producing error messages for those that it cannot rekey. If no keytab file name is given on the command line, B<wallet-rekey> attempts to rekey F</etc/krb5.keytab>, the system default keytab file. @@ -43,8 +40,10 @@ or: ktutil -k <keytab> purge -for Heimdal. This functionality will eventually be provided by -B<wallet-rekey> directly. +for Heimdal. The Heimdal command can be run by any user with access to +the keytab, but the MIT Kerberos command unfortunately has to be run by a +someone with direct B<kadmin> access. This functionality will eventually +be provided by B<wallet-rekey> directly. =head1 OPTIONS @@ -150,7 +149,7 @@ overrides this setting. =head1 AUTHOR -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE diff --git a/client/wallet.1 b/client/wallet.1 index 959105d..4376f32 100644 --- a/client/wallet.1 +++ b/client/wallet.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "WALLET 1" -.TH WALLET 1 "2013-03-27" "1.0" "wallet" +.TH WALLET 1 "2014-07-16" "1.1" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -264,8 +273,8 @@ administrators. The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by anyone. All of the rest of those commands have their own ACLs except -\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which -uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0 +\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which +uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0 depending on whether one is setting or retrieving the comment. If the appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access. Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, @@ -274,7 +283,7 @@ by the owner \s-1ACL\s0 of the object. .PP Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by -either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0. +either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL.\s0 .PP If the locked flag is set on an object, no commands can be run on that object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR @@ -294,7 +303,7 @@ Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists. If it does, .IP "acl create <name>" 4 .IX Item "acl create <name>" Create a new, empty \s-1ACL\s0 with name <name>. When setting an \s-1ACL\s0 on an -object with a set of entries that don't match an existing \s-1ACL\s0, first +object with a set of entries that don't match an existing \s-1ACL,\s0 first create a new \s-1ACL\s0 with \f(CW\*(C`acl create\*(C'\fR, add the appropriate entries to it with \f(CW\*(C`acl add\*(C'\fR, and then set the \s-1ACL\s0 on an object with the \f(CW\*(C`owner\*(C'\fR or \&\f(CW\*(C`setacl\*(C'\fR commands. @@ -305,7 +314,7 @@ or the \s-1ACL\s0 destruction will fail. The special \s-1ACL\s0 named \f(CW\*(C be destroyed. .IP "acl history <id>" 4 .IX Item "acl history <id>" -Display the history of the \s-1ACL\s0 <id>. Each change to the \s-1ACL\s0 (not +Display the history of the \s-1ACL\s0 <id>. Each change to the \s-1ACL \s0(not including changes to the name of the \s-1ACL\s0) will be represented by two lines. The first line will have a timestamp of the change followed by a description of the change, and the second line will give the user who made @@ -314,21 +323,21 @@ the change and the host from which the change was made. .IX Item "acl remove <id> <scheme> <identifier>" Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>. <id> may be either the name of an \s-1ACL\s0 or its numeric identifier. The last -entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against +entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against accidental lockout, but administrators can remove themselves from the -\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL\s0. Use -caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0. +\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use +caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl rename <id> <name>" 4 .IX Item "acl rename <id> <name>" Renames the \s-1ACL\s0 identified by <id> to <name>. This changes the -human-readable name, not the underlying numeric \s-1ID\s0, so the \s-1ACL\s0's +human-readable name, not the underlying numeric \s-1ID,\s0 so the \s-1ACL\s0's associations with objects will be unchanged. The \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 may not be -renamed. <id> may be either the current name or the numeric \s-1ID\s0. <name> -must not be all-numeric. To rename an \s-1ACL\s0, the current user must be -authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0. +renamed. <id> may be either the current name or the numeric \s-1ID. \s0 <name> +must not be all-numeric. To rename an \s-1ACL,\s0 the current user must be +authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0 .IP "acl show <id>" 4 .IX Item "acl show <id>" -Display the name, numeric \s-1ID\s0, and entries of the \s-1ACL\s0 <id>. +Display the name, numeric \s-1ID,\s0 and entries of the \s-1ACL\s0 <id>. .IP "autocreate <type> <name>" 4 .IX Item "autocreate <type> <name>" Create a new object of type <type> with name <name>. The user must be @@ -367,10 +376,11 @@ If <expires> is not given, displays the current expiration of the object identified by <type> and <name>, or \f(CW\*(C`No expiration set\*(C'\fR if none is set. The expiration will be displayed in seconds since epoch. .Sp -If <date> is given, sets the expiration on the object identified by <type> -and <name> to <date> and (if given) <time>. <date> must be in the format -\&\f(CW\*(C`YYYY\-MM\-DD\*(C'\fR and <time> in the format \f(CW\*(C`HH:MM:SS\*(C'\fR. If <date> is the empty -string, clears the expiration of the object. +If <expires> is given, sets the expiration on the object identified by +<type> and <name> to that date (and optionally time). <expires> must be +in some format that can be parsed by the Perl Date::Parse module. Most +common formats are supported; if in doubt, use \f(CW\*(C`YYYY\-MM\-DD HH:MM:SS\*(C'\fR. If +<expires> is the empty string, clears the expiration of the object. .Sp Currently, the expiration of an object is not used. .IP "flag clear <type> <name> <flag>" 4 @@ -400,7 +410,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\* \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>. Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object. Remember that if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls -back to checking the owner \s-1ACL\s0. See the \f(CW\*(C`owner\*(C'\fR command for displaying +back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying or setting it. .IP "getattr <type> <name> <attr>" 4 .IX Item "getattr <type> <name> <attr>" @@ -421,7 +431,7 @@ who performed the action and the host from which they performed it. .IX Item "owner <type> <name> [<owner>]" If <owner> is not given, displays the current owner \s-1ACL\s0 of the object identified by <type> and <name>, or \f(CW\*(C`No owner set\*(C'\fR if none is set. The -result will be the name of an \s-1ACL\s0. +result will be the name of an \s-1ACL.\s0 .Sp If <owner> is given, sets the owner of the object identified by <type> and <name> to <owner>. If <owner> is the empty string, clears the owner of @@ -524,7 +534,7 @@ version of the wallet code on the server. The \fB\-c\fR command-line option overrides this setting. .SH "AUTHOR" .IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org> .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the diff --git a/client/wallet.c b/client/wallet.c index c5a7877..c3b039f 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -1,8 +1,8 @@ /* * The client program for the wallet system. * - * Written by Russ Allbery <rra@stanford.edu> - * Copyright 2006, 2007, 2008, 2010 + * Written by Russ Allbery <eagle@eyrie.org> + * Copyright 2006, 2007, 2008, 2010, 2014 * The Board of Trustees of the Leland Stanford Junior University * * See LICENSE for licensing terms. @@ -181,7 +181,7 @@ main(int argc, char *argv[]) else if (argc < 4) count++; } - command = xmalloc(sizeof(struct iovec) * count); + command = xcalloc(count, sizeof(struct iovec)); command[0].iov_base = (char *) options.type; command[0].iov_len = strlen(options.type); for (i = 0; i < argc; i++) { diff --git a/client/wallet.pod b/client/wallet.pod index 214a157..4b58bbf 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -274,10 +274,11 @@ If <expires> is not given, displays the current expiration of the object identified by <type> and <name>, or C<No expiration set> if none is set. The expiration will be displayed in seconds since epoch. -If <date> is given, sets the expiration on the object identified by <type> -and <name> to <date> and (if given) <time>. <date> must be in the format -C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>. If <date> is the empty -string, clears the expiration of the object. +If <expires> is given, sets the expiration on the object identified by +<type> and <name> to that date (and optionally time). <expires> must be +in some format that can be parsed by the Perl Date::Parse module. Most +common formats are supported; if in doubt, use C<YYYY-MM-DD HH:MM:SS>. If +<expires> is the empty string, clears the expiration of the object. Currently, the expiration of an object is not used. @@ -459,7 +460,7 @@ overrides this setting. =head1 AUTHOR -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org> =head1 COPYRIGHT AND LICENSE |