diff options
Diffstat (limited to 'server/wallet-admin')
| -rwxr-xr-x | server/wallet-admin | 108 |
1 files changed, 96 insertions, 12 deletions
diff --git a/server/wallet-admin b/server/wallet-admin index 4c27e9b..828cfc5 100755 --- a/server/wallet-admin +++ b/server/wallet-admin @@ -1,10 +1,9 @@ #!/usr/bin/perl -w -our $ID = q$Id$; # -# wallet-admin -- Wallet server administrative commands. +# wallet-backend -- Wallet server administrative commands. # # Written by Russ Allbery <rra@stanford.edu> -# Copyright 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -43,11 +42,11 @@ sub command { unless $args[0] =~ /^[^\@\s]+\@\S+$/; $admin->initialize (@args) or die $admin->error, "\n"; } elsif ($command eq 'list') { - die "too many arguments to list\n" if @args > 1; + die "too many arguments to list\n" if @args > 4; die "too few arguments to list\n" if @args < 1; - my ($type) = @args; + my ($type, $subtype, @search) = @args; if ($type eq 'objects') { - my @objects = $admin->list_objects; + my @objects = $admin->list_objects ($subtype, @search); if (!@objects and $admin->error) { die $admin->error, "\n"; } @@ -55,7 +54,7 @@ sub command { print join (' ', @$object), "\n"; } } elsif ($type eq 'acls') { - my @acls = $admin->list_acls; + my @acls = $admin->list_acls ($subtype, @search); if (!@acls and $admin->error) { die $admin->error, "\n"; } @@ -65,6 +64,22 @@ sub command { } else { die "only objects or acls are supported for list\n"; } + } elsif ($command eq 'report') { + die "too few arguments to report\n" if @args < 1; + my $report = shift @args; + if ($report eq 'owners') { + die "too many arguments to report owners\n" if @args > 2; + die "too few arguments to report owners\n" if @args < 2; + my @lines = $admin->report_owners (@args); + if (!@lines and $admin->error) { + die $admin->error, "\n"; + } + for my $line (@lines) { + print join (' ', @$line), "\n"; + } + } else { + die "unknown report type $report\n"; + } } elsif ($command eq 'register') { die "too many arguments to register\n" if @args > 3; die "too few arguments to register\n" if @args < 3; @@ -95,6 +110,9 @@ __END__ wallet-admin - Wallet server administrative commands +=for stopwords +metadata ACL hostname backend acl acls wildcard SQL Allbery + =head1 SYNOPSIS B<wallet-admin> I<command> [I<args> ...] @@ -141,10 +159,10 @@ Before running C<initialize>, the wallet system has to be configured. See Wallet::Config(3) for more details. Depending on the database backend used, the database may also have to be created in advance. -=item list (acls | objects) +=item list (acls | objects) [ <searchtype> [ <arg> ... ] ] -Returns a list of all ACLs or objects in the database. ACLs will be -listed in the form: +Returns a list of ACLs or objects in the database. ACLs will be listed +in the form: <name> (ACL ID: <id>) @@ -156,6 +174,51 @@ be listed in the form: In both cases, there will be one line per ACL or object. +If no search type is given, all the ACLs or objects in the database will +be returned. If a search type (and possible search arguments) are given, +then the ACLs or objects will be limited to those that match the search. + +The currently supported object search types are: + +=over 4 + +=item list objects type <type> + +Returns all objects of the given type. + +=item list objects flag <flag> + +Returns all objects which have the given flag set. + +=item list objects owner <acl name> + +Returns all objects owned by the given ACL name. + +=item list objects acl <acl name> + +Returns all objects for which the given ACL name has any permissions. +This includes those objects owned by the ACL, but also those for which the +ACL has get permissions, for example. + +=back + +The currently supported ACL search types are: + +=over 4 + +=item list acls empty + +Returns all ACLs which have no entries, generally so that abandoned ACLs +can be destroyed. + +=item list acls entry <schema> <identifier> + +Returns all ACLs containing an entry with given schema and identifier. +The schema is used for an exact search, while the identifier given will +match any identifier containing that text, for flexibility. + +=back + =item register (object | verifier) <type> <class> Registers an implementation of a wallet object or ACL verifier in the @@ -169,14 +232,35 @@ default as part of database initialization, so this command is used primarily to register local implementations of additional object types or ACL schemes. +=item report <type> [ <arg> ... ] + +Runs a wallet report. The currently supported report types are: + +=over 4 + +=item report owners <type-pattern> <name-pattern> + +Returns a list of all ACL lines in owner ACLs for all objects matching +both <type-pattern> and <name-pattern>. These can be the type or name of +objects or they can be patterns using C<%> as the wildcard character +following the normal rules of SQL patterns. + +The output will be one line per ACL line in the form: + + <scheme> <identifier> + +with duplicates suppressed. + +=back + =back =head1 SEE ALSO Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) -This program is part of the wallet system. The current version is available -from L<http://www.eyrie.org/~eagle/software/wallet/>. +This program is part of the wallet system. The current version is +available from L<http://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHOR |