From 60210334fa3dbd5dd168199063c6ee850d750d0c Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 21 Feb 2010 17:45:55 -0800 Subject: Imported Upstream version 0.10 --- server/keytab-backend | 65 +++++---- server/keytab-backend.8 | 185 +++++++++++++++++++++++++ server/wallet-admin | 108 +++++++++++++-- server/wallet-admin.8 | 269 ++++++++++++++++++++++++++++++++++++ server/wallet-backend | 126 ++++++++--------- server/wallet-backend.8 | 357 ++++++++++++++++++++++++++++++++++++++++++++++++ server/wallet-report | 203 +++++++++++++++++++++++++++ server/wallet-report.8 | 253 ++++++++++++++++++++++++++++++++++ 8 files changed, 1454 insertions(+), 112 deletions(-) create mode 100644 server/keytab-backend.8 create mode 100644 server/wallet-admin.8 create mode 100644 server/wallet-backend.8 create mode 100755 server/wallet-report create mode 100644 server/wallet-report.8 (limited to 'server') diff --git a/server/keytab-backend b/server/keytab-backend index 06fed3d..7b6adb4 100755 --- a/server/keytab-backend +++ b/server/keytab-backend @@ -1,5 +1,4 @@ #!/usr/bin/perl -our $ID = q$Id$; # # keytab-backend -- Extract keytabs from the KDC without changing the key. # @@ -18,7 +17,8 @@ our $ID = q$Id$; # The keytab for the extracted principal will be printed to standard output. # # Written by Russ Allbery -# Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2006, 2007, 2008, 2010 +# Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -156,6 +156,10 @@ __END__ # Documentation ############################################################################## +=for stopwords +keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld +auth Allbery rekeying + =head1 NAME keytab-backend - Extract keytabs from the KDC without changing the key @@ -166,27 +170,28 @@ B retrieve I =head1 DESCRIPTION -B retrieves a keytab for an existing principal from the KDC -database without changing the current key. It allows generation of a keytab -for a service without rekeying that service. It requires a B -patched to support the B<-norandkey> option to B. +B retrieves a keytab for an existing principal from the +KDC database without changing the current key. It allows generation of a +keytab for a service without rekeying that service. It requires a +B patched to support the B<-norandkey> option to B. -This script is intended to run under B. On success, it prints the -keytab to standard output, logs a success message to syslog (facility auth, -priority info), and exits with status 0. On failure, it prints out an error -message, logs an error to syslog (facility auth, priority err), and exits -with a non-zero status. +This script is intended to run under B. On success, it prints +the keytab to standard output, logs a success message to syslog (facility +auth, priority info), and exits with status 0. On failure, it prints out +an error message, logs an error to syslog (facility auth, priority err), +and exits with a non-zero status. The principal is checked for basic sanity (only accepting alphanumerics, -C<_>, and C<-> with an optional instance and then only alphanumerics, C<_>, -C<->, and C<.> in the realm) and then checked against a configuration file -that lists regexes of principals that can be retrieved. When deploying this -software, limit as tightly as possible which principals can be downloaded in -this fashion. Generally only shared service principals used on multiple -systems should be made available in this way. +C<_>, and C<-> with an optional instance and then only alphanumerics, +C<_>, C<->, and C<.> in the realm) and then checked against a +configuration file that lists regexes of principals that can be retrieved. +When deploying this software, limit as tightly as possible which +principals can be downloaded in this fashion. Generally only shared +service principals used on multiple systems should be made available in +this way. -B does not do any authorization checks. Those should be done -by B before it is called. +B does not do any authorization checks. Those should be +done by B before it is called. =head1 FILES @@ -194,19 +199,19 @@ by B before it is called. =item F -The configuration file that controls which principals can have their keytabs -retrieved. Blank lines and lines starting with C<#>, as well as anything -after C<#> on a line, are ignored. All other lines should be Perl regular -expressions, one per line, that match principals whose keytabs can be -retrieved by B. Any principal that does not match one of -those regular expressions cannot be retrieved. +The configuration file that controls which principals can have their +keytabs retrieved. Blank lines and lines starting with C<#>, as well as +anything after C<#> on a line, are ignored. All other lines should be +Perl regular expressions, one per line, that match principals whose +keytabs can be retrieved by B. Any principal that does +not match one of those regular expressions cannot be retrieved. =item F The temporary directory used for creating keytabs. B will -create the keytab in this directory, make sure that was successful, and then -delete the temporary file after the results have been sent to standard -output. +create the keytab in this directory, make sure that was successful, and +then delete the temporary file after the results have been sent to +standard output. =back @@ -214,8 +219,8 @@ output. kadmin.local(8), remctld(8) -This program is part of the wallet system. The current version is available -from L. +This program is part of the wallet system. The current version is +available from L. =head1 AUTHOR diff --git a/server/keytab-backend.8 b/server/keytab-backend.8 new file mode 100644 index 0000000..9dd4e76 --- /dev/null +++ b/server/keytab-backend.8 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.13) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "KEYTAB-BACKEND 8" +.TH KEYTAB-BACKEND 8 "2010-02-20" "0.10" "wallet" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +keytab\-backend \- Extract keytabs from the KDC without changing the key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBkeytab-backend\fR retrieve \fIprincipal\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBkeytab-backend\fR retrieves a keytab for an existing principal from the +\&\s-1KDC\s0 database without changing the current key. It allows generation of a +keytab for a service without rekeying that service. It requires a +\&\fBkadmin.local\fR patched to support the \fB\-norandkey\fR option to \fBktadd\fR. +.PP +This script is intended to run under \fBremctld\fR. On success, it prints +the keytab to standard output, logs a success message to syslog (facility +auth, priority info), and exits with status 0. On failure, it prints out +an error message, logs an error to syslog (facility auth, priority err), +and exits with a non-zero status. +.PP +The principal is checked for basic sanity (only accepting alphanumerics, +\&\f(CW\*(C`_\*(C'\fR, and \f(CW\*(C`\-\*(C'\fR with an optional instance and then only alphanumerics, +\&\f(CW\*(C`_\*(C'\fR, \f(CW\*(C`\-\*(C'\fR, and \f(CW\*(C`.\*(C'\fR in the realm) and then checked against a +configuration file that lists regexes of principals that can be retrieved. +When deploying this software, limit as tightly as possible which +principals can be downloaded in this fashion. Generally only shared +service principals used on multiple systems should be made available in +this way. +.PP +\&\fBkeytab-backend\fR does not do any authorization checks. Those should be +done by \fBremctld\fR before it is called. +.SH "FILES" +.IX Header "FILES" +.IP "\fI/etc/krb5kdc/allow\-extract\fR" 4 +.IX Item "/etc/krb5kdc/allow-extract" +The configuration file that controls which principals can have their +keytabs retrieved. Blank lines and lines starting with \f(CW\*(C`#\*(C'\fR, as well as +anything after \f(CW\*(C`#\*(C'\fR on a line, are ignored. All other lines should be +Perl regular expressions, one per line, that match principals whose +keytabs can be retrieved by \fBkeytab-backend\fR. Any principal that does +not match one of those regular expressions cannot be retrieved. +.IP "\fI/var/lib/keytabs\fR" 4 +.IX Item "/var/lib/keytabs" +The temporary directory used for creating keytabs. \fBkeytab-backend\fR will +create the keytab in this directory, make sure that was successful, and +then delete the temporary file after the results have been sent to +standard output. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIkadmin.local\fR\|(8), \fIremctld\fR\|(8) +.PP +This program is part of the wallet system. The current version is +available from . +.SH "AUTHOR" +.IX Header "AUTHOR" +Russ Allbery diff --git a/server/wallet-admin b/server/wallet-admin index 4c27e9b..828cfc5 100755 --- a/server/wallet-admin +++ b/server/wallet-admin @@ -1,10 +1,9 @@ #!/usr/bin/perl -w -our $ID = q$Id$; # -# wallet-admin -- Wallet server administrative commands. +# wallet-backend -- Wallet server administrative commands. # # Written by Russ Allbery -# Copyright 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -43,11 +42,11 @@ sub command { unless $args[0] =~ /^[^\@\s]+\@\S+$/; $admin->initialize (@args) or die $admin->error, "\n"; } elsif ($command eq 'list') { - die "too many arguments to list\n" if @args > 1; + die "too many arguments to list\n" if @args > 4; die "too few arguments to list\n" if @args < 1; - my ($type) = @args; + my ($type, $subtype, @search) = @args; if ($type eq 'objects') { - my @objects = $admin->list_objects; + my @objects = $admin->list_objects ($subtype, @search); if (!@objects and $admin->error) { die $admin->error, "\n"; } @@ -55,7 +54,7 @@ sub command { print join (' ', @$object), "\n"; } } elsif ($type eq 'acls') { - my @acls = $admin->list_acls; + my @acls = $admin->list_acls ($subtype, @search); if (!@acls and $admin->error) { die $admin->error, "\n"; } @@ -65,6 +64,22 @@ sub command { } else { die "only objects or acls are supported for list\n"; } + } elsif ($command eq 'report') { + die "too few arguments to report\n" if @args < 1; + my $report = shift @args; + if ($report eq 'owners') { + die "too many arguments to report owners\n" if @args > 2; + die "too few arguments to report owners\n" if @args < 2; + my @lines = $admin->report_owners (@args); + if (!@lines and $admin->error) { + die $admin->error, "\n"; + } + for my $line (@lines) { + print join (' ', @$line), "\n"; + } + } else { + die "unknown report type $report\n"; + } } elsif ($command eq 'register') { die "too many arguments to register\n" if @args > 3; die "too few arguments to register\n" if @args < 3; @@ -95,6 +110,9 @@ __END__ wallet-admin - Wallet server administrative commands +=for stopwords +metadata ACL hostname backend acl acls wildcard SQL Allbery + =head1 SYNOPSIS B I [I ...] @@ -141,10 +159,10 @@ Before running C, the wallet system has to be configured. See Wallet::Config(3) for more details. Depending on the database backend used, the database may also have to be created in advance. -=item list (acls | objects) +=item list (acls | objects) [ [ ... ] ] -Returns a list of all ACLs or objects in the database. ACLs will be -listed in the form: +Returns a list of ACLs or objects in the database. ACLs will be listed +in the form: (ACL ID: ) @@ -156,6 +174,51 @@ be listed in the form: In both cases, there will be one line per ACL or object. +If no search type is given, all the ACLs or objects in the database will +be returned. If a search type (and possible search arguments) are given, +then the ACLs or objects will be limited to those that match the search. + +The currently supported object search types are: + +=over 4 + +=item list objects type + +Returns all objects of the given type. + +=item list objects flag + +Returns all objects which have the given flag set. + +=item list objects owner + +Returns all objects owned by the given ACL name. + +=item list objects acl + +Returns all objects for which the given ACL name has any permissions. +This includes those objects owned by the ACL, but also those for which the +ACL has get permissions, for example. + +=back + +The currently supported ACL search types are: + +=over 4 + +=item list acls empty + +Returns all ACLs which have no entries, generally so that abandoned ACLs +can be destroyed. + +=item list acls entry + +Returns all ACLs containing an entry with given schema and identifier. +The schema is used for an exact search, while the identifier given will +match any identifier containing that text, for flexibility. + +=back + =item register (object | verifier) Registers an implementation of a wallet object or ACL verifier in the @@ -169,14 +232,35 @@ default as part of database initialization, so this command is used primarily to register local implementations of additional object types or ACL schemes. +=item report [ ... ] + +Runs a wallet report. The currently supported report types are: + +=over 4 + +=item report owners + +Returns a list of all ACL lines in owner ACLs for all objects matching +both and . These can be the type or name of +objects or they can be patterns using C<%> as the wildcard character +following the normal rules of SQL patterns. + +The output will be one line per ACL line in the form: + + + +with duplicates suppressed. + +=back + =back =head1 SEE ALSO Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) -This program is part of the wallet system. The current version is available -from L. +This program is part of the wallet system. The current version is +available from L. =head1 AUTHOR diff --git a/server/wallet-admin.8 b/server/wallet-admin.8 new file mode 100644 index 0000000..4d262dc --- /dev/null +++ b/server/wallet-admin.8 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.13) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "WALLET-ADMIN 8" +.TH WALLET-ADMIN 8 "2010-02-20" "0.10" "wallet" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +wallet\-admin \- Wallet server administrative commands +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBwallet-admin\fR \fIcommand\fR [\fIargs\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBwallet-admin\fR provides a command-line interface for performing +administrative actions for the wallet system, such as setting up a new +database or running reports. It is intended to be run on the wallet +server as a user with access to the wallet database and configuration. +.PP +This program is a fairly thin wrapper around Wallet::Admin that translates +command strings into method calls and returns the results. +.SH "OPTIONS" +.IX Header "OPTIONS" +\&\fBwallet-admin\fR takes no traditional options. +.SH "COMMANDS" +.IX Header "COMMANDS" +.IP "destroy" 4 +.IX Item "destroy" +Deletes all data in the wallet database and drops all of the +wallet-created tables, restoring the database to its state prior to an +\&\f(CW\*(C`initialize\*(C'\fR command. Since this command is destructive and cannot be +easily recovered from, \fBwallet-admin\fR will prompt first to be sure the +user intends to do this. +.IP "initialize " 4 +.IX Item "initialize " +Given an empty database, initializes it for use with the wallet server by +creating the necessary tables and initial metadata. Also creates an \s-1ACL\s0 +with the name \s-1ADMIN\s0, used for administrative privileges to the wallet +system, and adds an \s-1ACL\s0 entry to it with a scheme of \f(CW\*(C`krb5\*(C'\fR and an +instance of . This bootstraps the authentication system and +allows that user to make further changes to the \s-1ADMIN\s0 \s-1ACL\s0 and the rest of +the wallet database. \f(CW\*(C`initialize\*(C'\fR uses \f(CW\*(C`localhost\*(C'\fR as the hostname and + as the user when logging the history of the \s-1ADMIN\s0 \s-1ACL\s0 creation +and for any subsequent actions required to initialize the database. +.Sp +Before running \f(CW\*(C`initialize\*(C'\fR, the wallet system has to be configured. See +\&\fIWallet::Config\fR\|(3) for more details. Depending on the database backend +used, the database may also have to be created in advance. +.IP "list (acls | objects) [ [ ... ] ]" 4 +.IX Item "list (acls | objects) [ [ ... ] ]" +Returns a list of ACLs or objects in the database. ACLs will be listed +in the form: +.Sp +.Vb 1 +\& (ACL ID: ) +.Ve +.Sp +where is the human-readable name and is the numeric \s-1ID\s0. The +numeric \s-1ID\s0 is what's used internally by the wallet system. Objects will +be listed in the form: +.Sp +.Vb 1 +\& +.Ve +.Sp +In both cases, there will be one line per \s-1ACL\s0 or object. +.Sp +If no search type is given, all the ACLs or objects in the database will +be returned. If a search type (and possible search arguments) are given, +then the ACLs or objects will be limited to those that match the search. +.Sp +The currently supported object search types are: +.RS 4 +.IP "list objects type " 4 +.IX Item "list objects type " +Returns all objects of the given type. +.IP "list objects flag " 4 +.IX Item "list objects flag " +Returns all objects which have the given flag set. +.IP "list objects owner " 4 +.IX Item "list objects owner " +Returns all objects owned by the given \s-1ACL\s0 name. +.IP "list objects acl " 4 +.IX Item "list objects acl " +Returns all objects for which the given \s-1ACL\s0 name has any permissions. +This includes those objects owned by the \s-1ACL\s0, but also those for which the +\&\s-1ACL\s0 has get permissions, for example. +.RE +.RS 4 +.Sp +The currently supported \s-1ACL\s0 search types are: +.IP "list acls empty" 4 +.IX Item "list acls empty" +Returns all ACLs which have no entries, generally so that abandoned ACLs +can be destroyed. +.IP "list acls entry " 4 +.IX Item "list acls entry " +Returns all ACLs containing an entry with given schema and identifier. +The schema is used for an exact search, while the identifier given will +match any identifier containing that text, for flexibility. +.RE +.RS 4 +.RE +.IP "register (object | verifier) " 4 +.IX Item "register (object | verifier) " +Registers an implementation of a wallet object or \s-1ACL\s0 verifier in the +wallet database. The Perl class is registered as the +implementation of an object of type or an \s-1ACL\s0 verifier of scheme +, allowing creation of objects with that type or \s-1ACL\s0 lines with that +scheme. +.Sp +All object and \s-1ACL\s0 implementations that come with wallet are registered by +default as part of database initialization, so this command is used +primarily to register local implementations of additional object types or +\&\s-1ACL\s0 schemes. +.IP "report [ ... ]" 4 +.IX Item "report [ ... ]" +Runs a wallet report. The currently supported report types are: +.RS 4 +.IP "report owners " 4 +.IX Item "report owners " +Returns a list of all \s-1ACL\s0 lines in owner ACLs for all objects matching +both and . These can be the type or name of +objects or they can be patterns using \f(CW\*(C`%\*(C'\fR as the wildcard character +following the normal rules of \s-1SQL\s0 patterns. +.Sp +The output will be one line per \s-1ACL\s0 line in the form: +.Sp +.Vb 1 +\& +.Ve +.Sp +with duplicates suppressed. +.RE +.RS 4 +.RE +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIWallet::Admin\fR\|(3), \fIWallet::Config\fR\|(3), \fIwallet\-backend\fR\|(8) +.PP +This program is part of the wallet system. The current version is +available from . +.SH "AUTHOR" +.IX Header "AUTHOR" +Russ Allbery diff --git a/server/wallet-backend b/server/wallet-backend index 74e0eb0..0a611db 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -1,10 +1,9 @@ #!/usr/bin/perl -our $ID = q$Id$; # # wallet-backend -- Wallet server for storing and retrieving secure data. # # Written by Russ Allbery -# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -285,7 +284,11 @@ sub command { failure ($server->error, @_); } } elsif ($command eq 'store') { - check_args (3, 3, [3], @args); + check_args (2, 3, [3], @args); + if (@args == 2) { + local $/; + $args[2] = ; + } splice (@_, 3); $server->store (@args) or failure ($server->error, @_); } else { @@ -312,6 +315,11 @@ __END__ # The commands section of this document is duplicated from the documentation # for wallet and should be kept in sync. +=for stopwords +wallet-backend backend backend-specific remctld ACL acl timestamp getacl +setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery +autocreate + =head1 NAME wallet-backend - Wallet server for storing and retrieving secure data @@ -322,20 +330,22 @@ B [B<-q>] I [I ...] =head1 DESCRIPTION -B implements the interface between B and the wallet -system. It is written to run under B and expects the authenticated -identity of the remote user in the REMOTE_USER environment variable. It -uses REMOTE_HOST or REMOTE_ADDR if REMOTE_HOST isn't set for additional -trace information. It accepts the command from B on the command -line, creates a Wallet::Server object, and calls the appropriate methods. - -This program is a fairly thin wrapper around Wallet::Server that translates -command strings into method calls and returns the results. It does check -all arguments except for the argument to the store command and -rejects any argument not matching C<^[\w_/.-]+\z>; in other words, only -alphanumerics, underscore (C<_>), slash (C), period (C<.>), and hyphen -(C<->) are permitted in arguments. This provides some additional security -over and above the checking already done by the rest of the wallet code. +B implements the interface between B and the +wallet system. It is written to run under B and expects the +authenticated identity of the remote user in the REMOTE_USER environment +variable. It uses REMOTE_HOST or REMOTE_ADDR if REMOTE_HOST isn't set for +additional trace information. It accepts the command from B on +the command line, creates a Wallet::Server object, and calls the +appropriate methods. + +This program is a fairly thin wrapper around Wallet::Server that +translates command strings into method calls and returns the results. It +does check all arguments except for the argument to the store +command and rejects any argument not matching C<^[\w_/.-]+\z>; in other +words, only alphanumerics, underscore (C<_>), slash (C), period (C<.>), +and hyphen (C<->) are permitted in arguments. This provides some +additional security over and above the checking already done by the rest +of the wallet code. =head1 OPTIONS @@ -401,7 +411,7 @@ Display the history of the ACL . Each change to the ACL (not including changes to the name of the ACL) will be represented by two lines. The first line will have a timestamp of the change followed by a description of the change, and the second line will give the user who made -the change and the host from which the change was mde. +the change and the host from which the change was made. =item acl remove @@ -448,8 +458,8 @@ The expiration will be displayed in seconds since epoch. If is given, sets the expiration on the object identified by and to and (if given)