diff options
Diffstat (limited to 'server/wallet-backend')
| -rwxr-xr-x | server/wallet-backend | 31 | 
1 files changed, 22 insertions, 9 deletions
| diff --git a/server/wallet-backend b/server/wallet-backend index 9850c0e..948b47c 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -3,7 +3,7 @@  # wallet-backend -- Wallet server for storing and retrieving secure data.  #  # Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008, 2010, 2011 +# Copyright 2007, 2008, 2010, 2011, 2012  #     The Board of Trustees of the Leland Stanford Junior University  #  # See LICENSE for licensing terms. @@ -150,6 +150,14 @@ sub command {          if ($action eq 'add') {              check_args (3, 3, [3], @args);              $server->acl_add (@args) or failure ($server->error, @_); +        } elsif ($action eq 'check') { +            check_args (1, 1, [], @args); +            my $status = $server->acl_check (@args); +            if (!defined ($status)) { +                failure ($server->error, @_); +            } else { +                print $status ? "yes\n" : "no\n"; +            }          } elsif ($action eq 'create') {              check_args (1, 1, [], @args);              $server->acl_create (@args) or failure ($server->error, @_); @@ -376,17 +384,17 @@ syslog.  =head1 COMMANDS  Most commands are only available to wallet administrators (users on the -C<ADMIN> ACL).  The exceptions are C<autocreate>, C<get>, C<store>, -C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>, C<setattr>, -and C<history>.  All of those commands have their own ACLs except +C<ADMIN> ACL).  The exceptions are C<acl check>, C<check>, C<get>, +C<store>, C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>, +C<setattr>, and C<history>.  C<acl check> and C<check> can be run by +anyone.  All of the rest of those commands have their own ACLs except  C<getattr> and C<history>, which use the C<show> ACL, C<setattr>, which -uses the C<store> ACL, and C<comment>, which uses the owner or C<show> -ACL depending on whether one is setting or retrieving the comment.  If the +uses the C<store> ACL, and C<comment>, which uses the owner or C<show> ACL +depending on whether one is setting or retrieving the comment.  If the  appropriate ACL is set, it alone is checked to see if the user has access.  Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, C<history>,  and C<comment> access is permitted if the user is authorized by the owner -ACL of the object.  C<autocreate> is permitted if the user is listed in -the default ACL for an object for that name. +ACL of the object.  Administrators can run any command on any object or ACL except for C<get>  and C<store>.  For C<get> and C<store>, they must still be authorized by @@ -404,9 +412,14 @@ For more information on attributes, see L<ATTRIBUTES>.  =item acl add <id> <scheme> <identifier> -Adds an entry with <scheme> and <identifier> to the ACL <id>.  <id> may be +Add an entry with <scheme> and <identifier> to the ACL <id>.  <id> may be  either the name of an ACL or its numeric identifier. +=item acl check <id> + +Check whether an ACL with the ID <id> already exists.  If it does, prints +C<yes>; if not, prints C<no>. +  =item acl create <name>  Create a new, empty ACL with name <name>.  When setting an ACL on an | 
