From 3b3e387b6bca35a00a86ad41e39874eeadcb78b9 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 20 Feb 2010 21:52:38 -0800 Subject: Update documentation for support for storing nul data Update the wallet client, wallet-backend, and Wallet::Object::File documentation for the support for storing data containing nul characters using the new stdin support in remctld. Add this to NEWS. --- NEWS | 6 ++++++ client/wallet.pod | 12 +----------- perl/Wallet/Object/File.pm | 11 +++++------ server/wallet-backend | 7 +------ 4 files changed, 13 insertions(+), 23 deletions(-) diff --git a/NEWS b/NEWS index a87ae2f..b4c31d4 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,12 @@ wallet 0.10 (unreleased) right thing for sites that use a KDC that serves both Kerberos v4 and Kerberos v5 from the same database. + The wallet client can now store data containing nul characters and + wallet-backend will accept it if passed on standard input instead of + as a command-line argument. See config/wallet for the new required + remctld configuration. Storing data containing nul characters + requires remctl 2.14 or later. + Correctly handle storing of data that begins with a dash and don't parse it as an argument to wallet-backend. diff --git a/client/wallet.pod b/client/wallet.pod index 885b77e..db93700 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -5,7 +5,7 @@ wallet - Client for retrieving secure data from a central server =for stopwords -hv srvtab arg keytabs metadata keytab ACL PTS kinit klist remctl PKINIT acl timestamp autocreate backend-specific setacl enctypes enctype ktadd -KDC appdefaults remctld Allbery nul uuencode getacl backend +KDC appdefaults remctld Allbery uuencode getacl backend =head1 SYNOPSIS @@ -87,11 +87,6 @@ ktremove> or an equivalent later to clean up old keys. F.new> is still used as a temporary file and any existing file with that name will be deleted. -C does not yet support nul bytes in I (or in any other way of -specifying the data to be stored). To store binary files in the wallet, -you will need to encode them with uuencode, base64, or some similar scheme -and then decode them after retrieval. - =item B<-k> I The service principal of the wallet server. The default is to use the @@ -349,11 +344,6 @@ retrieval with C. Not all object types support this. If is not specified on the command line, it will be read from the file specified with B<-f> (if given) or from standard input. -Currently, the stored data must not contain nul characters and may -therefore not be binary data. Its length is also limited by the maximum -command line length of the operating system of the wallet server. These -restrictions will be lifted in the future. - If an object with type and name does not already exist when this command is issued (as checked with the check interface), B will attempt to automatically create it (using autocreate). diff --git a/perl/Wallet/Object/File.pm b/perl/Wallet/Object/File.pm index 69262f6..c655b44 100644 --- a/perl/Wallet/Object/File.pm +++ b/perl/Wallet/Object/File.pm @@ -221,12 +221,11 @@ dashes replaced by C<%> and the hex code of the character. =head1 LIMITATIONS -The wallet implementation itself can handle arbitrary file object names -and arbitrary content. However, due to limitations in the B -server usually used to run B, file object names and -contents containing nul characters (ASCII 0) may not be permitted. The -file system used for storing file objects may impose a length limitation -on the file object name. +The wallet implementation itself can handle arbitrary file object names. +However, due to limitations in the B server usually used to run +B, file object names containing nul characters (ASCII 0) +may not be permitted. The file system used for storing file objects may +impose a length limitation on the file object name. =head1 SEE ALSO diff --git a/server/wallet-backend b/server/wallet-backend index 453aa79..0a611db 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -317,7 +317,7 @@ __END__ =for stopwords wallet-backend backend backend-specific remctld ACL acl timestamp getacl -setacl metadata nul keytab keytabs enctypes enctype ktadd KDC Allbery +setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery autocreate =head1 NAME @@ -546,11 +546,6 @@ Stores for the object identified by and for later retrieval with C. Not all object types support this. If is not given as an argument, it will be read from standard input. -Currently, is limited to not containing nul characters and may -therefore not be binary data, and is limited by the maximum command line -length of the operating system of the wallet server. These restrictions -will be lifted in the future. - =back =head1 ATTRIBUTES -- cgit v1.2.3