1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
#!/usr/bin/perl
our $ID = q$Id$;
#
# wallet-backend -- Wallet server for storing and retrieving secure data.
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2007 Board of Trustees, Leland Stanford Jr. University
#
# See README for licensing terms.
##############################################################################
# Declarations and site configuration
##############################################################################
use strict;
use DBI;
use Sys::Syslog qw(openlog syslog);
use Wallet::Config;
use Wallet::Server;
##############################################################################
# Parameter checking
##############################################################################
# Check all arguments against a very restricted set of allowed characters and
# to ensure the right number of arguments are taken. The arguments are the
# number of arguments expected, a reference to an array of which argument
# numbers shouldn't be checked, and then the arguments.
#
# This function is probably temporary and will be replaced with something that
# knows more about the syntax of each command and can check more things.
sub check_args {
my ($count, $exclude, @args) = @_;
if (@args < $count) {
die "insufficient arguments\n";
} elsif (@args > $count) {
die "too many arguments\n";
}
my %exclude = map { $_ => 1 } @$exclude;
for (my $i = 1; $i <= @args; $i++) {
next if $exclude{$i};
unless ($args[$i - 1] =~ m,^[\w_/.-]+\z,) {
die "invalid characters in argument: $args[$i - 1]\n";
}
}
}
##############################################################################
# Implementation
##############################################################################
# Separately log our actions. remctl keeps some logs and we store extensive
# logs of successful actions in the database, but neither logs failed actions.
openlog ('wallet-backend', 'pid', 'auth');
# Get our trace information.
my $user = $ENV{REMOTE_USER} or die "REMOTE_USER not set\n";
my $host = $ENV{REMOTE_HOST} || $ENV{REMOTE_ADDR}
or die "Neither REMOTE_HOST nor REMOTE_USER set\n";
# Instantiate the server object.
my $server = Wallet::Server->new ($user, $host);
# Parse command-line options and dispatch to the appropriate calls.
my ($command, @args) = @ARGV;
if ($command eq 'acl') {
my $action = shift @args;
if ($action eq 'add') {
check_args (3, [], @args);
$server->acl_add (@args) or die $server->error;
} elsif ($action eq 'create') {
check_args (1, [], @args);
$server->acl_create (@args) or die $server->error;
} elsif ($action eq 'remove') {
check_args (3, [], @args);
$server->acl_remove (@args) or die $server->error;
} elsif ($action eq 'rename') {
check_args (2, [], @args);
$server->acl_rename (@args) or die $server->error;
}
} elsif ($command eq 'create') {
check_args (2, [], @args);
$server->create (@args) or die $server->error;
} elsif ($command eq 'destroy') {
check_args (2, [], @args);
$server->destroy (@args) or die $server->error;
} elsif ($command eq 'expires') {
if (@args > 2) {
check_args (3, [], @args);
$server->expires (@args) or die $server->error;
} else {
check_args (2, [], @args);
my $output = $server->expires (@args);
if (defined $output) {
print $output;
} else {
die $server->error;
}
}
} elsif ($command eq 'get') {
check_args (2, [], @args);
my $output = $server->get (@args);
if (defined $output) {
print $output;
} else {
die $server->error;
}
} elsif ($command eq 'getacl') {
check_args (3, [], @args);
my $output = $server->acl (@args);
if (defined $output) {
print $output;
} else {
die $server->error;
}
} elsif ($command eq 'owner') {
if (@args > 2) {
check_args (3, [], @args);
$server->owner (@args) or die $server->error;
} else {
check_args (2, [], @args);
my $output = $server->owner (@args);
if (defined $output) {
print $output;
} else {
die $server->error;
}
}
} elsif ($command eq 'setacl') {
check_args (4, [], @args);
$server->acl (@args) or die $server->error;
} elsif ($command eq 'show') {
check_args (2, [], @args);
my $output = $server->show (@args);
if (defined $output) {
print $output;
} else {
die $server->error;
}
} elsif ($command eq 'store') {
check_args (3, [2], @args);
$server->store (@args) or die $server->error;
}
|
