1 files changed, 360 insertions, 0 deletions
diff --git a/server/wallet-report.in b/server/wallet-report.in
new file mode 100644
index 0000000..2b59803
--- /dev/null
+++ b/server/wallet-report.in
@@ -0,0 +1,360 @@
+#!WALLET_PERL_PATH
+#
+# Wallet server reporting interface.
+
+use 5.008;
+use strict;
+use warnings;
+
+use Wallet::Report;
+
+# The help output, sent in reply to the help command.  Lists each supported
+# report command with a brief description of what it does.
+our $HELP = <<'EOH';
+Wallet reporting help:
+  acls                          All ACLs
+  acls duplicate                ACLs that duplicate another
+  acls empty                    All empty ACLs
+  acls entry <scheme> <id>      ACLs containing this entry (wildcarded)
+  acls nesting <acl>            ACLs containing this ACL as a nested entry
+  acls unused                   ACLs that are not referenced by any object
+  audit acls name               ACLs failing the naming policy
+  audit objects name            Objects failing the naming policy
+  objects                       All objects
+  objects acl <acl>             Objects granting permissions to that ACL
+  objects flag <flag>           Objects with that flag set
+  objects history               History of all objects
+  objects host <hostname>       All host-based objects for a specific host
+  objects owner <owner>         Objects owned by that owner
+  objects type <type>           Objects of that type
+  objects unused                Objects that have never been gotten
+  objects unstored              Objects that have never been stored
+  owners <type> <name>          All ACL entries owning matching objects
+  schemes                       All configured ACL schemes
+  types                         All configured wallet types
+EOH
+
+##############################################################################
+# Implementation
+##############################################################################
+
+# Parse and execute a command.  We wrap this in a subroutine call for easier
+# testing.
+sub command {
+    die "Usage: wallet-report <command> [<args> ...]\n" unless @_;
+    my $report = Wallet::Report->new;
+
+    # Parse command-line options and dispatch to the appropriate calls.
+    my ($command, @args) = @_;
+    if ($command eq 'acls') {
+        die "too many arguments to acls\n" if @args > 3;
+        my @acls = $report->acls (@args);
+        if (!@acls and $report->error) {
+            die $report->error, "\n";
+        }
+        if (@args && $args[0] eq 'duplicate') {
+            for my $group (@acls) {
+                print join (' ', @$group), "\n";
+            }
+        } else {
+            for my $acl (sort { $$a[1] cmp $$b[1] } @acls) {
+                print "$$acl[1] (ACL ID: $$acl[0])\n";
+            }
+        }
+    } elsif ($command eq 'audit') {
+        die "too many arguments to audit\n" if @args > 2;
+        die "too few arguments to audit\n" if @args < 2;
+        my @result = $report->audit (@args);
+        if (!@result and $report->error) {
+            die $report->error, "\n";
+        }
+        for my $item (@result) {
+            if ($args[0] eq 'acls') {
+                print "$$item[1] (ACL ID: $$item[0])\n";
+            } else {
+                print join (' ', @$item), "\n";
+            }
+        }
+    } elsif ($command eq 'help') {
+        print $HELP;
+    } elsif ($command eq 'objects') {
+        die "too many arguments to objects\n" if @args > 2;
+        my @objects;
+        if (@args && $args[0] eq 'history') {
+            @objects = $report->objects_history (@args);
+        } elsif (@args && $args[0] eq 'host') {
+            @objects = $report->objects_hostname (@args);
+        } else {
+            @objects = $report->objects (@args);
+        }
+        if (!@objects and $report->error) {
+            die $report->error, "\n";
+        }
+        for my $object (@objects) {
+            print join (' ', @$object), "\n";
+        }
+    } elsif ($command eq 'owners') {
+        die "too many arguments to owners\n" if @args > 2;
+        die "too few arguments to owners\n" if @args < 2;
+        my @entries = $report->owners (@args);
+        if (!@entries and $report->error) {
+            die $report->error, "\n";
+        }
+        for my $entry (@entries) {
+            print join (' ', @$entry), "\n";
+        }
+    } elsif ($command eq 'schemes') {
+        die "too many arguments to schemes\n" if @args > 0;
+        my @schemes = $report->acl_schemes;
+        for my $entry (@schemes) {
+            print join (' ', @$entry), "\n";
+        }
+
+    } elsif ($command eq 'types') {
+        die "too many arguments to types\n" if @args > 0;
+        my @types = $report->types;
+        for my $entry (@types) {
+            print join (' ', @$entry), "\n";
+        }
+
+    } else {
+        die "unknown command $command\n";
+    }
+}
+command (@ARGV);
+__END__
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=head1 NAME
+
+wallet-report - Wallet server reporting interface
+
+=for stopwords
+metadata ACL hostname backend acl acls wildcard SQL Allbery remctl
+MERCHANTABILITY NONINFRINGEMENT sublicense unstored
+
+=head1 SYNOPSIS
+
+B<wallet-report> I<type> [I<args> ...]
+
+=head1 DESCRIPTION
+
+B<wallet-report> provides a command-line interface for running reports on
+the wallet database.  It is intended to be run on the wallet server as a
+user with access to the wallet database and configuration, but can also be
+made available via remctl to users who should have reporting privileges.
+
+This program is a fairly thin wrapper around Wallet::Report that
+translates command strings into method calls and returns the results.
+
+=head1 OPTIONS
+
+B<wallet-report> takes no traditional options.
+
+=head1 COMMANDS
+
+=over 4
+
+=item acls
+
+=item acls duplicate
+
+=item acls empty
+
+=item acls entry <scheme> <identifier>
+
+=item acls unused
+
+Returns a list of ACLs in the database.  Except for the C<duplicate>
+report, ACLs will be listed in the form:
+
+    <name> (ACL ID: <id>)
+
+where <name> is the human-readable name and <id> is the numeric ID.  The
+numeric ID is what's used internally by the wallet system.  There will be
+one line per ACL.
+
+For the C<duplicate> report, the output will instead be one duplicate set
+per line.  This will be a set of ACLs that all have the same entries.
+Only the names will be given, separated by spaces.
+
+If no search type is given, all the ACLs in the database will be returned.
+If a search type (and possible search arguments) are given, then the ACLs
+will be limited to those that match the search.
+
+The currently supported ACL search types are:
+
+=over 4
+
+=item acls duplicate
+
+Returns all sets of ACLs that are duplicates, meaning that they contain
+exactly the same entries.  Each line will be the names of the ACLs in a
+set of duplicates, separated by spaces.
+
+=item acls empty
+
+Returns all ACLs which have no entries, generally so that abandoned ACLs
+can be destroyed.
+
+=item acls entry <scheme> <identifier>
+
+Returns all ACLs containing an entry with given scheme and identifier.
+The scheme must be an exact match, but the <identifier> string will match
+any identifier containing that string.
+
+=item acls nested <acl>
+
+Returns all ACLs that contain this ACL as a nested entry.
+
+=item acls unused
+
+Returns all ACLs that are not referenced by any of the objects in the
+wallet database, either as an owner or on one of the more specific ACLs.
+
+=back
+
+=item audit acls name
+
+=item audit objects name
+
+Returns all ACLs or objects that violate the current site naming policy.
+Objects will be listed in the form:
+
+    <type> <name>
+
+and ACLs in the form:
+
+    <name> (ACL ID: <id>)
+
+where <name> is the human-readable name and <id> is the numeric ID.  The
+numeric ID is what's used internally by the wallet system.  There will be
+one line per object or ACL.
+
+=item help
+
+Displays a summary of all available commands.
+
+=item objects
+
+=item objects acl <acl>
+
+=item objects flag <flag>
+
+=item objects owner <owner>
+
+=item objects type <type>
+
+=item objects unused
+
+=item objects unstored
+
+Returns a list of objects in the database.  Objects will be listed in the
+form:
+
+    <type> <name>
+
+There will be one line per object.
+
+If no search type is given, all objects in the database will be returned.
+If a search type (and possible search arguments) are given, the objects
+will be limited to those that match the search.
+
+The currently supported object search types are:
+
+=over 4
+
+=item objects acl <acl>
+
+Returns all objects for which the given ACL name or ID has any
+permissions.  This includes those objects owned by the ACL as well as
+those where that ACL has any other, more limited permissions.
+
+=item objects flag <flag>
+
+Returns all objects which have the given flag set.
+
+=item objects host <hostname>
+
+Returns all objects that belong to the given host.  This requires adding
+local configuration to identify objects that belong to a given host.  See
+L<Wallet::Config/"OBJECT HOST-BASED NAMES"> for more information.
+
+=item objects owner <acl>
+
+Returns all objects owned by the given ACL name or ID.
+
+=item objects type <type>
+
+Returns all objects of the given type.
+
+=item objects unused
+
+Returns all objects that have never been downloaded (have never been the
+target of a get command).
+
+=back
+
+=item owners <type-pattern> <name-pattern>
+
+Returns a list of all ACL entries in owner ACLs for all objects matching
+both <type-pattern> and <name-pattern>.  These can be the type or name of
+objects or they can be patterns using C<%> as the wildcard character
+following the normal rules of SQL patterns.
+
+The output will be one line per ACL line in the form:
+
+    <scheme> <identifier>
+
+with duplicates suppressed.
+
+=item schemes
+
+Returns a list of all registered ACL schemes.
+
+=item types
+
+Returns a list of all registered object types.
+
+=back
+
+=head1 AUTHOR
+
+Russ Allbery <eagle@eyrie.org>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2016 Russ Allbery <eagle@eyrie.org>
+
+Copyright 2008, 2009, 2010, 2013, 2015 The Board of Trustees of the Leland
+Stanford Junior University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+=head1 SEE ALSO
+
+Wallet::Config(3), Wallet::Report(3), wallet-backend(8)
+
+This program is part of the wallet system.  The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=cut