diff options
Diffstat (limited to 'server')
| -rwxr-xr-x | server/keytab-backend | 4 | ||||
| -rw-r--r-- | server/keytab-backend.8 | 45 | ||||
| -rwxr-xr-x | server/wallet-admin | 2 | ||||
| -rw-r--r-- | server/wallet-admin.8 | 51 | ||||
| -rwxr-xr-x | server/wallet-backend | 12 | ||||
| -rw-r--r-- | server/wallet-backend.8 | 74 | ||||
| -rwxr-xr-x | server/wallet-report | 2 | ||||
| -rw-r--r-- | server/wallet-report.8 | 55 | 
8 files changed, 143 insertions, 102 deletions
| diff --git a/server/keytab-backend b/server/keytab-backend index b0116c7..bd5a3f9 100755 --- a/server/keytab-backend +++ b/server/keytab-backend @@ -21,6 +21,7 @@  ##############################################################################  use strict; +use warnings;  use Sys::Syslog qw(openlog syslog); @@ -153,6 +154,7 @@ __END__  =for stopwords  keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld  auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense +kadmin.local.  =head1 NAME @@ -211,7 +213,7 @@ standard output.  =head1 AUTHOR -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  =head1 COPYRIGHT AND LICENSE diff --git a/server/keytab-backend.8 b/server/keytab-backend.8 index 4808d29..8eb4c3d 100644 --- a/server/keytab-backend.8 +++ b/server/keytab-backend.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)  .\"  .\" Standard preamble:  .\" ======================================================================== @@ -38,6 +38,8 @@  .    ds PI \(*p  .    ds L" ``  .    ds R" '' +.    ds C` +.    ds C'  'br\}  .\"  .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@  .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index  .\" entries marked with X<> in POD.  Of course, you'll have to process the  .\" output yourself in some meaningful fashion. -.ie \nF \{\ -.    de IX -.    tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX  .. -.    nr % 0 -.    rr F -.\} -.el \{\ -.    de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +.    if \nF \{ +.        de IX +.        tm Index:\\$1\t\\n%\t"\\$2"  .. +.        if !\nF==2 \{ +.            nr % 0 +.            nr F 2 +.        \} +.    \}  .\} +.rr rF  .\"  .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).  .\" Fear.  Run.  Save yourself.  No user-serviceable parts. @@ -124,7 +133,7 @@  .\" ========================================================================  .\"  .IX Title "KEYTAB-BACKEND 8" -.TH KEYTAB-BACKEND 8 "2013-03-27" "1.0" "wallet" +.TH KEYTAB-BACKEND 8 "2014-07-16" "1.1" "wallet"  .\" For nroff, turn off justification.  Always turn off hyphenation; it makes  .\" way too many mistakes in technical documents.  .if n .ad l @@ -176,7 +185,7 @@ then delete the temporary file after the results have been sent to  standard output.  .SH "AUTHOR"  .IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  .SH "COPYRIGHT AND LICENSE"  .IX Header "COPYRIGHT AND LICENSE"  Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland @@ -192,13 +201,13 @@ Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in  all copies or substantial portions of the Software.  .PP -\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0 -\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0, -\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0 -\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0 -\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0. +\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE.\s0  .SH "SEE ALSO"  .IX Header "SEE ALSO"  \&\fIkadmin.local\fR\|(8), \fIremctld\fR\|(8) diff --git a/server/wallet-admin b/server/wallet-admin index 02982dc..7ba1021 100755 --- a/server/wallet-admin +++ b/server/wallet-admin @@ -141,7 +141,7 @@ much as possible.  =head1 AUTHOR -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  =head1 COPYRIGHT AND LICENSE diff --git a/server/wallet-admin.8 b/server/wallet-admin.8 index b03dbcc..64226f7 100644 --- a/server/wallet-admin.8 +++ b/server/wallet-admin.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)  .\"  .\" Standard preamble:  .\" ======================================================================== @@ -38,6 +38,8 @@  .    ds PI \(*p  .    ds L" ``  .    ds R" '' +.    ds C` +.    ds C'  'br\}  .\"  .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@  .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index  .\" entries marked with X<> in POD.  Of course, you'll have to process the  .\" output yourself in some meaningful fashion. -.ie \nF \{\ -.    de IX -.    tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX  .. -.    nr % 0 -.    rr F -.\} -.el \{\ -.    de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +.    if \nF \{ +.        de IX +.        tm Index:\\$1\t\\n%\t"\\$2"  .. +.        if !\nF==2 \{ +.            nr % 0 +.            nr F 2 +.        \} +.    \}  .\} +.rr rF  .\"  .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).  .\" Fear.  Run.  Save yourself.  No user-serviceable parts. @@ -124,7 +133,7 @@  .\" ========================================================================  .\"  .IX Title "WALLET-ADMIN 8" -.TH WALLET-ADMIN 8 "2013-03-27" "1.0" "wallet" +.TH WALLET-ADMIN 8 "2014-07-16" "1.1" "wallet"  .\" For nroff, turn off justification.  Always turn off hyphenation; it makes  .\" way too many mistakes in technical documents.  .if n .ad l @@ -159,12 +168,12 @@ user intends to do this.  .IX Item "initialize <principal>"  Given an empty database, initializes it for use with the wallet server by  creating the necessary tables and initial metadata.  Also creates an \s-1ACL\s0 -with the name \s-1ADMIN\s0, used for administrative privileges to the wallet +with the name \s-1ADMIN,\s0 used for administrative privileges to the wallet  system, and adds an \s-1ACL\s0 entry to it with a scheme of \f(CW\*(C`krb5\*(C'\fR and an  instance of <principal>.  This bootstraps the authentication system and -allows that user to make further changes to the \s-1ADMIN\s0 \s-1ACL\s0 and the rest of +allows that user to make further changes to the \s-1ADMIN ACL\s0 and the rest of  the wallet database.  \f(CW\*(C`initialize\*(C'\fR uses \f(CW\*(C`localhost\*(C'\fR as the hostname and -<principal> as the user when logging the history of the \s-1ADMIN\s0 \s-1ACL\s0 creation +<principal> as the user when logging the history of the \s-1ADMIN ACL\s0 creation  and for any subsequent actions required to initialize the database.  .Sp  Before running \f(CW\*(C`initialize\*(C'\fR, the wallet system has to be configured.  See @@ -188,7 +197,7 @@ Upgrades the database to the latest schema version, preserving data as  much as possible.  .SH "AUTHOR"  .IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  .SH "COPYRIGHT AND LICENSE"  .IX Header "COPYRIGHT AND LICENSE"  Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland @@ -204,13 +213,13 @@ Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in  all copies or substantial portions of the Software.  .PP -\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0 -\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0, -\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0 -\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0 -\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0. +\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE.\s0  .SH "SEE ALSO"  .IX Header "SEE ALSO"  \&\fIWallet::Admin\fR\|(3), \fIWallet::Config\fR\|(3), \fIwallet\-backend\fR\|(8) diff --git a/server/wallet-backend b/server/wallet-backend index 3c87709..a2e6e6f 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -7,6 +7,7 @@  ##############################################################################  use strict; +use warnings;  use Getopt::Long qw(GetOptions);  use Sys::Syslog qw(openlog syslog); @@ -215,7 +216,7 @@ sub command {          check_args (2, 2, [], @args);          $server->destroy (@args) or failure ($server->error, @_);      } elsif ($command eq 'expires') { -        check_args (2, 4, [], @args); +        check_args (2, 3, [], @args);          if (@args > 2) {              $server->expires (@args) or failure ($server->error, @_);          } else { @@ -489,9 +490,10 @@ identified by <type> and <name>, or C<No expiration set> if none is set.  The expiration will be displayed in seconds since epoch.  If <date> is given, sets the expiration on the object identified by <type> -and <name> to <date> and (if given) <time>.  <date> must be in the format -C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>.  If <date> is the -empty string, clears the expiration of the object. +and <name> to <date> and (if given) <time>.  <date> and <time> must be in +some format that can be parsed by the Perl Date::Parse module.  Most +common formats are supported; if in doubt, use C<YYYY-MM-DD HH:MM:SS>.  If +<date> is the empty string, clears the expiration of the object.  Currently, the expiration of an object is not used. @@ -614,7 +616,7 @@ enctypes than those requested by this attribute.  =head1 AUTHOR -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  =head1 COPYRIGHT AND LICENSE diff --git a/server/wallet-backend.8 b/server/wallet-backend.8 index 980455f..b1c57d0 100644 --- a/server/wallet-backend.8 +++ b/server/wallet-backend.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)  .\"  .\" Standard preamble:  .\" ======================================================================== @@ -38,6 +38,8 @@  .    ds PI \(*p  .    ds L" ``  .    ds R" '' +.    ds C` +.    ds C'  'br\}  .\"  .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@  .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index  .\" entries marked with X<> in POD.  Of course, you'll have to process the  .\" output yourself in some meaningful fashion. -.ie \nF \{\ -.    de IX -.    tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX  .. -.    nr % 0 -.    rr F -.\} -.el \{\ -.    de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +.    if \nF \{ +.        de IX +.        tm Index:\\$1\t\\n%\t"\\$2"  .. +.        if !\nF==2 \{ +.            nr % 0 +.            nr F 2 +.        \} +.    \}  .\} +.rr rF  .\"  .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).  .\" Fear.  Run.  Save yourself.  No user-serviceable parts. @@ -124,7 +133,7 @@  .\" ========================================================================  .\"  .IX Title "WALLET-BACKEND 8" -.TH WALLET-BACKEND 8 "2013-03-27" "1.0" "wallet" +.TH WALLET-BACKEND 8 "2014-07-16" "1.1" "wallet"  .\" For nroff, turn off justification.  Always turn off hyphenation; it makes  .\" way too many mistakes in technical documents.  .if n .ad l @@ -165,8 +174,8 @@ Most commands are only available to wallet administrators (users on the  \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,  \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR.  \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by  anyone.  All of the rest of those commands have their own ACLs except -\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which -uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0 +\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which +uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0  depending on whether one is setting or retrieving the comment.  If the  appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.  Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, @@ -175,7 +184,7 @@ by the owner \s-1ACL\s0 of the object.  .PP  Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR  and \f(CW\*(C`store\*(C'\fR.  For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by -either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0. +either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL.\s0  .PP  If the locked flag is set on an object, no commands can be run on that  object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR @@ -195,7 +204,7 @@ Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists.  If it does,  .IP "acl create <name>" 4  .IX Item "acl create <name>"  Create a new, empty \s-1ACL\s0 with name <name>.  When setting an \s-1ACL\s0 on an -object with a set of entries that don't match an existing \s-1ACL\s0, first +object with a set of entries that don't match an existing \s-1ACL,\s0 first  create a new \s-1ACL\s0 with \f(CW\*(C`acl create\*(C'\fR, add the appropriate entries to it  with \f(CW\*(C`acl add\*(C'\fR, and then set the \s-1ACL\s0 on an object with the \f(CW\*(C`owner\*(C'\fR or  \&\f(CW\*(C`setacl\*(C'\fR commands. @@ -206,7 +215,7 @@ or the \s-1ACL\s0 destruction will fail.  The special \s-1ACL\s0 named \f(CW\*(C  be destroyed.  .IP "acl history <id>" 4  .IX Item "acl history <id>" -Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL\s0 (not +Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL \s0(not  including changes to the name of the \s-1ACL\s0) will be represented by two  lines.  The first line will have a timestamp of the change followed by a  description of the change, and the second line will give the user who made @@ -215,13 +224,13 @@ the change and the host from which the change was made.  .IX Item "acl remove <id> <scheme> <identifier>"  Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>.  <id>  may be either the name of an \s-1ACL\s0 or its numeric identifier.  The last -entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against +entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against  accidental lockout, but administrators can remove themselves from the -\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL\s0.  Use -caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0. +\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use +caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0  .IP "acl show <id>" 4  .IX Item "acl show <id>" -Display the name, numeric \s-1ID\s0, and entries of the \s-1ACL\s0 <id>. +Display the name, numeric \s-1ID,\s0 and entries of the \s-1ACL\s0 <id>.  .IP "autocreate <type> <name>" 4  .IX Item "autocreate <type> <name>"  Create a new object of type <type> with name <name>.  The user must be @@ -257,9 +266,10 @@ identified by <type> and <name>, or \f(CW\*(C`No expiration set\*(C'\fR if none  The expiration will be displayed in seconds since epoch.  .Sp  If <date> is given, sets the expiration on the object identified by <type> -and <name> to <date> and (if given) <time>.  <date> must be in the format -\&\f(CW\*(C`YYYY\-MM\-DD\*(C'\fR and <time> in the format \f(CW\*(C`HH:MM:SS\*(C'\fR.  If <date> is the -empty string, clears the expiration of the object. +and <name> to <date> and (if given) <time>.  <date> and <time> must be in +some format that can be parsed by the Perl Date::Parse module.  Most +common formats are supported; if in doubt, use \f(CW\*(C`YYYY\-MM\-DD HH:MM:SS\*(C'\fR.  If +<date> is the empty string, clears the expiration of the object.  .Sp  Currently, the expiration of an object is not used.  .IP "flag clear <type> <name> <flag>" 4 @@ -284,7 +294,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\*  \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>.  Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object.  Remember that  if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls -back to checking the owner \s-1ACL\s0.  See the \f(CW\*(C`owner\*(C'\fR command for displaying +back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying  or setting it.  .IP "getattr <type> <name> <attr>" 4  .IX Item "getattr <type> <name> <attr>" @@ -305,7 +315,7 @@ the action and the host from which they performed it.  .IX Item "owner <type> <name> [<owner>]"  If <owner> is not given, displays the current owner \s-1ACL\s0 of the object  identified by <type> and <name>, or \f(CW\*(C`No owner set\*(C'\fR if none is set.  The -result will be the name of an \s-1ACL\s0. +result will be the name of an \s-1ACL.\s0  .Sp  If <owner> is given, sets the owner of the object identified by <type> and  <name> to <owner>.  If <owner> is the empty string, clears the owner of @@ -361,7 +371,7 @@ the \s-1KDC\s0 for that Kerberos principal and therefore may contain different  enctypes than those requested by this attribute.  .SH "AUTHOR"  .IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  .SH "COPYRIGHT AND LICENSE"  .IX Header "COPYRIGHT AND LICENSE"  Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the @@ -377,13 +387,13 @@ Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in  all copies or substantial portions of the Software.  .PP -\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0 -\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0, -\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0 -\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0 -\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0. +\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE.\s0  .SH "SEE ALSO"  .IX Header "SEE ALSO"  \&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8) diff --git a/server/wallet-report b/server/wallet-report index 87755b8..b5a2247 100755 --- a/server/wallet-report +++ b/server/wallet-report @@ -277,7 +277,7 @@ with duplicates suppressed.  =head1 AUTHOR -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  =head1 COPYRIGHT AND LICENSE diff --git a/server/wallet-report.8 b/server/wallet-report.8 index 003bafb..f0ab9fd 100644 --- a/server/wallet-report.8 +++ b/server/wallet-report.8 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)  .\"  .\" Standard preamble:  .\" ======================================================================== @@ -38,6 +38,8 @@  .    ds PI \(*p  .    ds L" ``  .    ds R" '' +.    ds C` +.    ds C'  'br\}  .\"  .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@  .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index  .\" entries marked with X<> in POD.  Of course, you'll have to process the  .\" output yourself in some meaningful fashion. -.ie \nF \{\ -.    de IX -.    tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX  .. -.    nr % 0 -.    rr F -.\} -.el \{\ -.    de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +.    if \nF \{ +.        de IX +.        tm Index:\\$1\t\\n%\t"\\$2"  .. +.        if !\nF==2 \{ +.            nr % 0 +.            nr F 2 +.        \} +.    \}  .\} +.rr rF  .\"  .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).  .\" Fear.  Run.  Save yourself.  No user-serviceable parts. @@ -124,7 +133,7 @@  .\" ========================================================================  .\"  .IX Title "WALLET-REPORT 8" -.TH WALLET-REPORT 8 "2013-03-27" "1.0" "wallet" +.TH WALLET-REPORT 8 "2014-07-16" "1.1" "wallet"  .\" For nroff, turn off justification.  Always turn off hyphenation; it makes  .\" way too many mistakes in technical documents.  .if n .ad l @@ -167,9 +176,9 @@ report, ACLs will be listed in the form:  \&    <name> (ACL ID: <id>)  .Ve  .Sp -where <name> is the human-readable name and <id> is the numeric \s-1ID\s0.  The +where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The  numeric \s-1ID\s0 is what's used internally by the wallet system.  There will be -one line per \s-1ACL\s0. +one line per \s-1ACL.\s0  .Sp  For the \f(CW\*(C`duplicate\*(C'\fR report, the output will instead be one duplicate set  per line.  This will be a set of ACLs that all have the same entries. @@ -221,9 +230,9 @@ and ACLs in the form:  \&    <name> (ACL ID: <id>)  .Ve  .Sp -where <name> is the human-readable name and <id> is the numeric \s-1ID\s0.  The +where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The  numeric \s-1ID\s0 is what's used internally by the wallet system.  There will be -one line per object or \s-1ACL\s0. +one line per object or \s-1ACL.\s0  .IP "help" 4  .IX Item "help"  Displays a summary of all available commands. @@ -266,7 +275,7 @@ those where that \s-1ACL\s0 has any other, more limited permissions.  Returns all objects which have the given flag set.  .IP "objects owner <acl>" 4  .IX Item "objects owner <acl>" -Returns all objects owned by the given \s-1ACL\s0 name or \s-1ID\s0. +Returns all objects owned by the given \s-1ACL\s0 name or \s-1ID.\s0  .IP "objects type <type>" 4  .IX Item "objects type <type>"  Returns all objects of the given type. @@ -293,7 +302,7 @@ The output will be one line per \s-1ACL\s0 line in the form:  with duplicates suppressed.  .SH "AUTHOR"  .IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> +Russ Allbery <eagle@eyrie.org>  .SH "COPYRIGHT AND LICENSE"  .IX Header "COPYRIGHT AND LICENSE"  Copyright 2008, 2009, 2010, 2013 The Board of Trustees of the Leland @@ -309,13 +318,13 @@ Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in  all copies or substantial portions of the Software.  .PP -\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0 -\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0, -\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0 -\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0 -\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0 -\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0. +\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE.\s0  .SH "SEE ALSO"  .IX Header "SEE ALSO"  \&\fIWallet::Config\fR\|(3), \fIWallet::Report\fR\|(3), \fIwallet\-backend\fR\|(8) | 
