From 60210334fa3dbd5dd168199063c6ee850d750d0c Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Sun, 21 Feb 2010 17:45:55 -0800
Subject: Imported Upstream version 0.10

---
 server/wallet-backend | 126 ++++++++++++++++++++++----------------------------
 1 file changed, 56 insertions(+), 70 deletions(-)

(limited to 'server/wallet-backend')

diff --git a/server/wallet-backend b/server/wallet-backend
index 74e0eb0..0a611db 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -1,10 +1,9 @@
 #!/usr/bin/perl
-our $ID = q$Id$;
 #
 # wallet-backend -- Wallet server for storing and retrieving secure data.
 #
 # Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
 #
 # See LICENSE for licensing terms.
 
@@ -285,7 +284,11 @@ sub command {
             failure ($server->error, @_);
         }
     } elsif ($command eq 'store') {
-        check_args (3, 3, [3], @args);
+        check_args (2, 3, [3], @args);
+        if (@args == 2) {
+            local $/;
+            $args[2] = <STDIN>;
+        }
         splice (@_, 3);
         $server->store (@args) or failure ($server->error, @_);
     } else {
@@ -312,6 +315,11 @@ __END__
 # The commands section of this document is duplicated from the documentation
 # for wallet and should be kept in sync.
 
+=for stopwords
+wallet-backend backend backend-specific remctld ACL acl timestamp getacl
+setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery
+autocreate
+
 =head1 NAME
 
 wallet-backend - Wallet server for storing and retrieving secure data
@@ -322,20 +330,22 @@ B<wallet-backend> [B<-q>] I<command> [I<args> ...]
 
 =head1 DESCRIPTION
 
-B<wallet-backend> implements the interface between B<remctld> and the wallet
-system.  It is written to run under B<remctld> and expects the authenticated
-identity of the remote user in the REMOTE_USER environment variable.  It
-uses REMOTE_HOST or REMOTE_ADDR if REMOTE_HOST isn't set for additional
-trace information.  It accepts the command from B<remctld> on the command
-line, creates a Wallet::Server object, and calls the appropriate methods.
-
-This program is a fairly thin wrapper around Wallet::Server that translates
-command strings into method calls and returns the results.  It does check
-all arguments except for the <data> argument to the store command and
-rejects any argument not matching C<^[\w_/.-]+\z>; in other words, only
-alphanumerics, underscore (C<_>), slash (C</>), period (C<.>), and hyphen
-(C<->) are permitted in arguments.  This provides some additional security
-over and above the checking already done by the rest of the wallet code.
+B<wallet-backend> implements the interface between B<remctld> and the
+wallet system.  It is written to run under B<remctld> and expects the
+authenticated identity of the remote user in the REMOTE_USER environment
+variable.  It uses REMOTE_HOST or REMOTE_ADDR if REMOTE_HOST isn't set for
+additional trace information.  It accepts the command from B<remctld> on
+the command line, creates a Wallet::Server object, and calls the
+appropriate methods.
+
+This program is a fairly thin wrapper around Wallet::Server that
+translates command strings into method calls and returns the results.  It
+does check all arguments except for the <data> argument to the store
+command and rejects any argument not matching C<^[\w_/.-]+\z>; in other
+words, only alphanumerics, underscore (C<_>), slash (C</>), period (C<.>),
+and hyphen (C<->) are permitted in arguments.  This provides some
+additional security over and above the checking already done by the rest
+of the wallet code.
 
 =head1 OPTIONS
 
@@ -401,7 +411,7 @@ Display the history of the ACL <id>.  Each change to the ACL (not
 including changes to the name of the ACL) will be represented by two
 lines.  The first line will have a timestamp of the change followed by a
 description of the change, and the second line will give the user who made
-the change and the host from which the change was mde.
+the change and the host from which the change was made.
 
 =item acl remove <id> <scheme> <identifier>
 
@@ -448,8 +458,8 @@ The expiration will be displayed in seconds since epoch.
 
 If <date> is given, sets the expiration on the object identified by <type>
 and <name> to <date> and (if given) <time>.  <date> must be in the format
-C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>.  If <date> is the empty
-string, clears the expiration of the object.
+C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>.  If <date> is the
+empty string, clears the expiration of the object.
 
 Currently, the expiration of an object is not used.
 
@@ -461,16 +471,16 @@ Clears the flag <flag> on the object identified by <type> and <name>.
 
 Sets the flag <flag> on the object identified by <type> and <name>.
 Recognized flags are C<locked>, which prevents all further actions on that
-object until the flag is cleared, and C<unchanging>, which tells the object
-backend to not generate new data on get but instead return the same data as
-previously returned.  The C<unchanging> flag is not meaningful for objects
-that do not generate new data on the fly.
+object until the flag is cleared, and C<unchanging>, which tells the
+object backend to not generate new data on get but instead return the same
+data as previously returned.  The C<unchanging> flag is not meaningful for
+objects that do not generate new data on the fly.
 
 =item get <type> <name>
 
-Prints to standard output the data associated with the object identified by
-<type> and <name>.  This may trigger generation of new data and invalidate
-old data for that object depending on the object type.
+Prints to standard output the data associated with the object identified
+by <type> and <name>.  This may trigger generation of new data and
+invalidate old data for that object depending on the object type.
 
 =item getacl <type> <name> <acl>
 
@@ -486,17 +496,17 @@ or setting it.
 Prints the object attribute <attr> for the object identified by <type> and
 <name>.  Attributes are used to store backend-specific information for a
 particular object type, and <attr> must be an attribute type known to the
-underlying object implementation.  The attribute values, if any, are printed
-one per line.  If the attribute is not set on this object, nothing is
-printed.
+underlying object implementation.  The attribute values, if any, are
+printed one per line.  If the attribute is not set on this object, nothing
+is printed.
 
 =item history <type> <name>
 
-Displays the history for the object identified by <type> and <name>.
-This human-readable output will have two lines for each action that
-changes the object, plus for any get action.  The first line has the
-timestamp of the action and the action, and the second line gives the user
-who performed the action and the host from which they performed it.
+Displays the history for the object identified by <type> and <name>.  This
+human-readable output will have two lines for each action that changes the
+object, plus for any get action.  The first line has the timestamp of the
+action and the action, and the second line gives the user who performed
+the action and the host from which they performed it.
 
 =item owner <type> <name> [<owner>]
 
@@ -530,15 +540,11 @@ name, the owner, any specific ACLs set on the object, the expiration if
 any, and the user, remote host, and time when the object was created, last
 stored, and last downloaded.
 
-=item store <type> <name> <data>
+=item store <type> <name> [<data>]
 
 Stores <data> for the object identified by <type> and <name> for later
-retrieval with C<get>.  Not all object types support this.
-
-Currently, <data> is limited to not containing nul characters and may
-therefore not be binary data, and is limited by the maximum command line
-length of the operating system of the wallet server.  These restrictions
-will be lifted in the future.
+retrieval with C<get>.  Not all object types support this.  If <data> is
+not given as an argument, it will be read from standard input.
 
 =back
 
@@ -559,47 +565,27 @@ Keytab objects support the following attributes:
 
 Restricts the generated keytab to a specific set of encryption types.  The
 values of this attribute must be enctype strings recognized by Kerberos
-(strings like C<aes256-cts> or C<des-cbc-crc>).  Note that the salt should
-not be included; since the salt is irrelevant for keytab keys, it will
-always be set to C<normal> by the wallet.
+(strings like C<aes256-cts-hmac-sha1-96> or C<des-cbc-crc>).  Note that
+the salt should not be included; since the salt is irrelevant for keytab
+keys, it will always be set to C<normal> by the wallet.
 
-If this attribute is set, the specified enctype list will be passed to ktadd
-when get() is called for that keytab.  If it is not set, the default set in
-the KDC will be used.
+If this attribute is set, the specified enctype list will be passed to
+ktadd when get() is called for that keytab.  If it is not set, the default
+set in the KDC will be used.
 
 This attribute is ignored if the C<unchanging> flag is set on a keytab.
 Keytabs retrieved with C<unchanging> set will contain all keys present in
 the KDC for that Kerberos principal and therefore may contain different
 enctypes than those requested by this attribute.
 
-=item sync
-
-Sets the external systems to which the key of a given principal is
-synchronized.  The only supported value for this attribute is C<kaserver>,
-which says to synchronize the key with an AFS Kerberos v4 kaserver.
-
-If this attribute is set on a keytab, whenever the C<get> command is run for
-that keytab, the DES key will be extracted from that keytab and set in the
-configured AFS kaserver.  The Kerberos v4 principal name will be the same as
-the Kerberos v5 principal name except that the components are separated by
-C<.> instead of C</>; the second component is truncated after the first C<.>
-if the first component is one of C<host>, C<ident>, C<imap>, C<pop>, or
-C<smtp>; and the first component is C<rcmd> if the Kerberos v5 principal
-component is C<host>.  The principal name must not contain more than two
-components.
-
-If this attribute is set, calling C<destroy> will also destroy the
-principal from the AFS kaserver, with a principal mapping determined as
-above.
-
 =back
 
 =head1 SEE ALSO
 
 Wallet::Server(3), remctld(8)
 
-This program is part of the wallet system.  The current version is available
-from L<http://www.eyrie.org/~eagle/software/wallet/>.
+This program is part of the wallet system.  The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-- 
cgit v1.2.3