1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
#!@PERL@
# -*- perl -*-
#
# Wallet server administrative commands.
use 5.008;
use strict;
use warnings;
use Wallet::Admin;
##############################################################################
# Implementation
##############################################################################
# Parse and execute a command. We wrap this in a subroutine call for easier
# testing.
sub command {
die "Usage: wallet-admin <command> [<args> ...]\n" unless @_;
my $admin = Wallet::Admin->new;
# Parse command-line options and dispatch to the appropriate calls.
my ($command, @args) = @_;
if ($command eq 'destroy') {
die "too many arguments to destroy\n" if @args;
print 'This will delete all data in the wallet database. Are you'
. ' sure (N/y)? ';
my $response = <STDIN>;
unless ($response and $response =~ /^y/i) {
die "Aborted\n";
}
$admin->destroy or die $admin->error, "\n";
} elsif ($command eq 'initialize') {
die "too many arguments to initialize\n" if @args > 1;
die "too few arguments to initialize\n" if @args < 1;
die "invalid admin principal $args[0]\n"
unless $args[0] =~ /^[^\@\s]+\@\S+$/;
$admin->initialize (@args) or die $admin->error, "\n";
} elsif ($command eq 'register') {
die "too many arguments to register\n" if @args > 3;
die "too few arguments to register\n" if @args < 3;
my ($object, $type, $class) = @args;
if ($object eq 'object') {
unless ($admin->register_object ($type, $class)) {
die $admin->error, "\n";
}
} elsif ($object eq 'verifier') {
unless ($admin->register_verifier ($type, $class)) {
die $admin->error, "\n";
}
} else {
die "only object or verifier is supported for register\n";
}
} elsif ($command eq 'upgrade') {
die "too many arguments to upgrade\n" if @args;
$admin->upgrade or die $admin->error, "\n";
} else {
die "unknown command $command\n";
}
}
command (@ARGV);
__END__
##############################################################################
# Documentation
##############################################################################
=for stopwords
metadata ACL hostname backend acl acls wildcard SQL Allbery verifier
MERCHANTABILITY NONINFRINGEMENT sublicense
=head1 NAME
wallet-admin - Wallet server administrative commands
=head1 SYNOPSIS
B<wallet-admin> I<command> [I<args> ...]
=head1 DESCRIPTION
B<wallet-admin> provides a command-line interface for performing
administrative actions for the wallet system, such as setting up a new
database or running reports. It is intended to be run on the wallet
server as a user with access to the wallet database and configuration.
This program is a fairly thin wrapper around Wallet::Admin that translates
command strings into method calls and returns the results.
=head1 OPTIONS
B<wallet-admin> takes no traditional options.
=head1 COMMANDS
=over 4
=item destroy
Deletes all data in the wallet database and drops all of the
wallet-created tables, restoring the database to its state prior to an
C<initialize> command. Since this command is destructive and cannot be
easily recovered from, B<wallet-admin> will prompt first to be sure the
user intends to do this.
=item initialize <principal>
Given an empty database, initializes it for use with the wallet server by
creating the necessary tables and initial metadata. Also creates an ACL
with the name ADMIN, used for administrative privileges to the wallet
system, and adds an ACL entry to it with a scheme of C<krb5> and an
instance of <principal>. This bootstraps the authentication system and
allows that user to make further changes to the ADMIN ACL and the rest of
the wallet database. C<initialize> uses C<localhost> as the hostname and
<principal> as the user when logging the history of the ADMIN ACL creation
and for any subsequent actions required to initialize the database.
Before running C<initialize>, the wallet system has to be configured. See
Wallet::Config(3) for more details. Depending on the database backend
used, the database may also have to be created in advance.
=item register (object | verifier) <type> <class>
Registers an implementation of a wallet object or ACL verifier in the
wallet database. The Perl class <class> is registered as the
implementation of an object of type <type> or an ACL verifier of scheme
<type>, allowing creation of objects with that type or ACL lines with that
scheme.
All object and ACL implementations that come with wallet are registered by
default as part of database initialization, so this command is used
primarily to register local implementations of additional object types or
ACL schemes.
=item upgrade
Upgrades the database to the latest schema version, preserving data as
much as possible.
=back
=head1 AUTHOR
Russ Allbery <eagle@eyrie.org>
=head1 COPYRIGHT AND LICENSE
Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland
Stanford Junior University
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
=head1 SEE ALSO
Wallet::Admin(3), Wallet::Config(3), wallet-backend(8)
This program is part of the wallet system. The current version is
available from L<https://www.eyrie.org/~eagle/software/wallet/>.
=cut
|
