2 files changed, 69 insertions, 2 deletions

diff --git a/server/wallet-backend b/server/wallet-backend
index 8dfc952..ea3e21e 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -173,6 +173,9 @@ sub command {
         } elsif ($action eq 'rename') {
             check_args (2, 2, [], @args);
             $server->acl_rename (@args) or failure ($server->error, @_);
+        } elsif ($action eq 'replace') {
+            check_args (2, 2, [], @args);
+            $server->acl_replace (@args) or failure ($server->error, @_);
         } elsif ($action eq 'show') {
             check_args (1, 1, [], @args);
             my $output = $server->acl_show (@args);
@@ -312,6 +315,14 @@ sub command {
         }
         splice (@_, 3);
         $server->store (@args) or failure ($server->error, @_);
+    } elsif ($command eq 'update') {
+        check_args (2, 2, [], @args);
+        my $output = $server->update (@args);
+        if (defined $output) {
+            print $output;
+        } else {
+            failure ($server->error, @_);
+        }
     } else {
         error "unknown command $command";
     }
@@ -449,6 +460,25 @@ accidental lockout, but administrators can remove themselves from the
 C<ADMIN> ACL and can leave only a non-functioning entry on the ACL.  Use
 caution when removing entries from the C<ADMIN> ACL.
 
+=item acl rename <id> <name>
+
+Renames the ACL identified by <id> to <name>.  This changes the
+human-readable name, not the underlying numeric ID, so the ACL's
+associations with objects will be unchanged.  The C<ADMIN> ACL may not be
+renamed.  <id> may be either the current name or the numeric ID.  <name>
+must not be all-numeric.  To rename an ACL, the current user must be
+authorized by the C<ADMIN> ACL.
+
+=item acl replace <id> <new-id>
+
+Find any objects owned by <id>, and then change their ownership to
+<new_id> instead.  <new-id> should already exist, and may already have
+some objects owned by it.  <id> is not deleted afterwards, though in
+most cases that is probably your next step.  The C<ADMIN> ACL may not be
+replaced from.  <id> and <new-id> may be either the current name or the
+numeric ID.  To replace an ACL, the current user must be authorized by
+the C<ADMIN> ACL.
+
 =item acl show <id>
 
 Display the name, numeric ID, and entries of the ACL <id>.
@@ -589,6 +619,14 @@ Stores <data> for the object identified by <type> and <name> for later
 retrieval with C<get>.  Not all object types support this.  If <data> is
 not given as an argument, it will be read from standard input.
 
+=item update <type> <name>
+
+Prints to standard output the data associated with the object identified
+by <type> and <name>.  If the object is one that can have changing
+information, such as a keytab or password, then we generate new data for
+that object regardless of whether there is current data or the unchanging
+flag is set.
+
 =back
 
 =head1 ATTRIBUTES
diff --git a/server/wallet-report b/server/wallet-report
index b5a2247..4719a8a 100755
--- a/server/wallet-report
+++ b/server/wallet-report
@@ -17,16 +17,22 @@ Wallet reporting help:
   acls duplicate                ACLs that duplicate another
   acls empty                    All empty ACLs
   acls entry <scheme> <id>      ACLs containing this entry (wildcarded)
+  acls nesting <acl>            ACLs containing this ACL as a nested entry
   acls unused                   ACLs that are not referenced by any object
   audit acls name               ACLs failing the naming policy
   audit objects name            Objects failing the naming policy
   objects                       All objects
   objects acl <acl>             Objects granting permissions to that ACL
   objects flag <flag>           Objects with that flag set
+  objects history               History of all objects
+  objects host <hostname>       All host-based objects for a specific host
   objects owner <owner>         Objects owned by that owner
   objects type <type>           Objects of that type
-  objects unused                Objects that have never been stored/gotten
+  objects unused                Objects that have never been gotten
+  objects unstored              Objects that have never been stored
   owners <type> <name>          All ACL entries owning matching objects
+  schemes                       All configured ACL schemes
+  types                         All configured wallet types
 EOH
 
 ##############################################################################
@@ -74,7 +80,14 @@ sub command {
         print $HELP;
     } elsif ($command eq 'objects') {
         die "too many arguments to objects\n" if @args > 2;
-        my @objects = $report->objects (@args);
+        my @objects;
+        if (@args && $args[0] eq 'history') {
+            @objects = $report->objects_history (@args);
+        } elsif (@args && $args[0] eq 'host') {
+            @objects = $report->objects_hostname (@args);
+        } else {
+            @objects = $report->objects (@args);
+        }
         if (!@objects and $report->error) {
             die $report->error, "\n";
         }
@@ -91,6 +104,20 @@ sub command {
         for my $entry (@entries) {
             print join (' ', @$entry), "\n";
         }
+    } elsif ($command eq 'schemes') {
+        die "too many arguments to schemes\n" if @args > 0;
+        my @schemes = $report->acl_schemes;
+        for my $entry (@schemes) {
+            print join (' ', @$entry), "\n";
+        }
+
+    } elsif ($command eq 'types') {
+        die "too many arguments to types\n" if @args > 0;
+        my @types = $report->types;
+        for my $entry (@types) {
+            print join (' ', @$entry), "\n";
+        }
+
     } else {
         die "unknown command $command\n";
     }
@@ -220,6 +247,8 @@ Displays a summary of all available commands.
 
 =item objects unused
 
+=item objects unstored
+
 Returns a list of objects in the database.  Objects will be listed in the
 form: