diff options
Diffstat (limited to 'server/wallet-admin.in')
| -rw-r--r-- | server/wallet-admin.in | 182 |
1 files changed, 182 insertions, 0 deletions
diff --git a/server/wallet-admin.in b/server/wallet-admin.in new file mode 100644 index 0000000..4940c89 --- /dev/null +++ b/server/wallet-admin.in @@ -0,0 +1,182 @@ +#!@PERL@ +# -*- perl -*- +# +# Wallet server administrative commands. + +use 5.008; +use strict; +use warnings; + +use Wallet::Admin; + +############################################################################## +# Implementation +############################################################################## + +# Parse and execute a command. We wrap this in a subroutine call for easier +# testing. +sub command { + die "Usage: wallet-admin <command> [<args> ...]\n" unless @_; + my $admin = Wallet::Admin->new; + + # Parse command-line options and dispatch to the appropriate calls. + my ($command, @args) = @_; + if ($command eq 'destroy') { + die "too many arguments to destroy\n" if @args; + print 'This will delete all data in the wallet database. Are you' + . ' sure (N/y)? '; + my $response = <STDIN>; + unless ($response and $response =~ /^y/i) { + die "Aborted\n"; + } + $admin->destroy or die $admin->error, "\n"; + } elsif ($command eq 'initialize') { + die "too many arguments to initialize\n" if @args > 1; + die "too few arguments to initialize\n" if @args < 1; + die "invalid admin principal $args[0]\n" + unless $args[0] =~ /^[^\@\s]+\@\S+$/; + $admin->initialize (@args) or die $admin->error, "\n"; + } elsif ($command eq 'register') { + die "too many arguments to register\n" if @args > 3; + die "too few arguments to register\n" if @args < 3; + my ($object, $type, $class) = @args; + if ($object eq 'object') { + unless ($admin->register_object ($type, $class)) { + die $admin->error, "\n"; + } + } elsif ($object eq 'verifier') { + unless ($admin->register_verifier ($type, $class)) { + die $admin->error, "\n"; + } + } else { + die "only object or verifier is supported for register\n"; + } + } elsif ($command eq 'upgrade') { + die "too many arguments to upgrade\n" if @args; + $admin->upgrade or die $admin->error, "\n"; + } else { + die "unknown command $command\n"; + } +} +command (@ARGV); +__END__ + +############################################################################## +# Documentation +############################################################################## + +=for stopwords +metadata ACL hostname backend acl acls wildcard SQL Allbery verifier +MERCHANTABILITY NONINFRINGEMENT sublicense SPDX-License-Identifier MIT + +=head1 NAME + +wallet-admin - Wallet server administrative commands + +=head1 SYNOPSIS + +B<wallet-admin> I<command> [I<args> ...] + +=head1 DESCRIPTION + +B<wallet-admin> provides a command-line interface for performing +administrative actions for the wallet system, such as setting up a new +database or running reports. It is intended to be run on the wallet +server as a user with access to the wallet database and configuration. + +This program is a fairly thin wrapper around Wallet::Admin that translates +command strings into method calls and returns the results. + +=head1 OPTIONS + +B<wallet-admin> takes no traditional options. + +=head1 COMMANDS + +=over 4 + +=item destroy + +Deletes all data in the wallet database and drops all of the +wallet-created tables, restoring the database to its state prior to an +C<initialize> command. Since this command is destructive and cannot be +easily recovered from, B<wallet-admin> will prompt first to be sure the +user intends to do this. + +=item initialize <principal> + +Given an empty database, initializes it for use with the wallet server by +creating the necessary tables and initial metadata. Also creates an ACL +with the name ADMIN, used for administrative privileges to the wallet +system, and adds an ACL entry to it with a scheme of C<krb5> and an +instance of <principal>. This bootstraps the authentication system and +allows that user to make further changes to the ADMIN ACL and the rest of +the wallet database. C<initialize> uses C<localhost> as the hostname and +<principal> as the user when logging the history of the ADMIN ACL creation +and for any subsequent actions required to initialize the database. + +Before running C<initialize>, the wallet system has to be configured. See +Wallet::Config(3) for more details. Depending on the database backend +used, the database may also have to be created in advance. + +=item register (object | verifier) <type> <class> + +Registers an implementation of a wallet object or ACL verifier in the +wallet database. The Perl class <class> is registered as the +implementation of an object of type <type> or an ACL verifier of scheme +<type>, allowing creation of objects with that type or ACL lines with that +scheme. + +All object and ACL implementations that come with wallet are registered by +default as part of database initialization, so this command is used +primarily to register local implementations of additional object types or +ACL schemes. + +=item upgrade + +Upgrades the database to the latest schema version, preserving data as +much as possible. + +=back + +=head1 AUTHOR + +Russ Allbery <eagle@eyrie.org> + +=head1 COPYRIGHT AND LICENSE + +Copyright 2008-2011, 2013 The Board of Trustees of the Leland Stanford Junior +University + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +SPDX-License-Identifier: MIT + +=head1 SEE ALSO + +Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) + +This program is part of the wallet system. The current version is +available from L<https://www.eyrie.org/~eagle/software/wallet/>. + +=cut + +# Local Variables: +# copyright-at-end-flag: t +# End: |