--- server/wallet-report 2016-01-17 19:13:02.000000000 -0800 +++ /dev/null 2016-01-23 14:00:27.000000000 -0800 @@ -1,360 +0,0 @@ -#!/usr/bin/perl -# -# Wallet server reporting interface. - -use 5.008; -use strict; -use warnings; - -use Wallet::Report; - -# The help output, sent in reply to the help command. Lists each supported -# report command with a brief description of what it does. -our $HELP = <<'EOH'; -Wallet reporting help: - acls All ACLs - acls duplicate ACLs that duplicate another - acls empty All empty ACLs - acls entry ACLs containing this entry (wildcarded) - acls nesting ACLs containing this ACL as a nested entry - acls unused ACLs that are not referenced by any object - audit acls name ACLs failing the naming policy - audit objects name Objects failing the naming policy - objects All objects - objects acl Objects granting permissions to that ACL - objects flag Objects with that flag set - objects history History of all objects - objects host All host-based objects for a specific host - objects owner Objects owned by that owner - objects type Objects of that type - objects unused Objects that have never been gotten - objects unstored Objects that have never been stored - owners All ACL entries owning matching objects - schemes All configured ACL schemes - types All configured wallet types -EOH - -############################################################################## -# Implementation -############################################################################## - -# Parse and execute a command. We wrap this in a subroutine call for easier -# testing. -sub command { - die "Usage: wallet-report [ ...]\n" unless @_; - my $report = Wallet::Report->new; - - # Parse command-line options and dispatch to the appropriate calls. - my ($command, @args) = @_; - if ($command eq 'acls') { - die "too many arguments to acls\n" if @args > 3; - my @acls = $report->acls (@args); - if (!@acls and $report->error) { - die $report->error, "\n"; - } - if (@args && $args[0] eq 'duplicate') { - for my $group (@acls) { - print join (' ', @$group), "\n"; - } - } else { - for my $acl (sort { $$a[1] cmp $$b[1] } @acls) { - print "$$acl[1] (ACL ID: $$acl[0])\n"; - } - } - } elsif ($command eq 'audit') { - die "too many arguments to audit\n" if @args > 2; - die "too few arguments to audit\n" if @args < 2; - my @result = $report->audit (@args); - if (!@result and $report->error) { - die $report->error, "\n"; - } - for my $item (@result) { - if ($args[0] eq 'acls') { - print "$$item[1] (ACL ID: $$item[0])\n"; - } else { - print join (' ', @$item), "\n"; - } - } - } elsif ($command eq 'help') { - print $HELP; - } elsif ($command eq 'objects') { - die "too many arguments to objects\n" if @args > 2; - my @objects; - if (@args && $args[0] eq 'history') { - @objects = $report->objects_history (@args); - } elsif (@args && $args[0] eq 'host') { - @objects = $report->objects_hostname (@args); - } else { - @objects = $report->objects (@args); - } - if (!@objects and $report->error) { - die $report->error, "\n"; - } - for my $object (@objects) { - print join (' ', @$object), "\n"; - } - } elsif ($command eq 'owners') { - die "too many arguments to owners\n" if @args > 2; - die "too few arguments to owners\n" if @args < 2; - my @entries = $report->owners (@args); - if (!@entries and $report->error) { - die $report->error, "\n"; - } - for my $entry (@entries) { - print join (' ', @$entry), "\n"; - } - } elsif ($command eq 'schemes') { - die "too many arguments to schemes\n" if @args > 0; - my @schemes = $report->acl_schemes; - for my $entry (@schemes) { - print join (' ', @$entry), "\n"; - } - - } elsif ($command eq 'types') { - die "too many arguments to types\n" if @args > 0; - my @types = $report->types; - for my $entry (@types) { - print join (' ', @$entry), "\n"; - } - - } else { - die "unknown command $command\n"; - } -} -command (@ARGV); -__END__ - -############################################################################## -# Documentation -############################################################################## - -=head1 NAME - -wallet-report - Wallet server reporting interface - -=for stopwords -metadata ACL hostname backend acl acls wildcard SQL Allbery remctl -MERCHANTABILITY NONINFRINGEMENT sublicense unstored - -=head1 SYNOPSIS - -B I [I ...] - -=head1 DESCRIPTION - -B provides a command-line interface for running reports on -the wallet database. It is intended to be run on the wallet server as a -user with access to the wallet database and configuration, but can also be -made available via remctl to users who should have reporting privileges. - -This program is a fairly thin wrapper around Wallet::Report that -translates command strings into method calls and returns the results. - -=head1 OPTIONS - -B takes no traditional options. - -=head1 COMMANDS - -=over 4 - -=item acls - -=item acls duplicate - -=item acls empty - -=item acls entry - -=item acls unused - -Returns a list of ACLs in the database. Except for the C -report, ACLs will be listed in the form: - - (ACL ID: ) - -where is the human-readable name and is the numeric ID. The -numeric ID is what's used internally by the wallet system. There will be -one line per ACL. - -For the C report, the output will instead be one duplicate set -per line. This will be a set of ACLs that all have the same entries. -Only the names will be given, separated by spaces. - -If no search type is given, all the ACLs in the database will be returned. -If a search type (and possible search arguments) are given, then the ACLs -will be limited to those that match the search. - -The currently supported ACL search types are: - -=over 4 - -=item acls duplicate - -Returns all sets of ACLs that are duplicates, meaning that they contain -exactly the same entries. Each line will be the names of the ACLs in a -set of duplicates, separated by spaces. - -=item acls empty - -Returns all ACLs which have no entries, generally so that abandoned ACLs -can be destroyed. - -=item acls entry - -Returns all ACLs containing an entry with given scheme and identifier. -The scheme must be an exact match, but the string will match -any identifier containing that string. - -=item acls nested - -Returns all ACLs that contain this ACL as a nested entry. - -=item acls unused - -Returns all ACLs that are not referenced by any of the objects in the -wallet database, either as an owner or on one of the more specific ACLs. - -=back - -=item audit acls name - -=item audit objects name - -Returns all ACLs or objects that violate the current site naming policy. -Objects will be listed in the form: - - - -and ACLs in the form: - - (ACL ID: ) - -where is the human-readable name and is the numeric ID. The -numeric ID is what's used internally by the wallet system. There will be -one line per object or ACL. - -=item help - -Displays a summary of all available commands. - -=item objects - -=item objects acl - -=item objects flag - -=item objects owner - -=item objects type - -=item objects unused - -=item objects unstored - -Returns a list of objects in the database. Objects will be listed in the -form: - - - -There will be one line per object. - -If no search type is given, all objects in the database will be returned. -If a search type (and possible search arguments) are given, the objects -will be limited to those that match the search. - -The currently supported object search types are: - -=over 4 - -=item objects acl - -Returns all objects for which the given ACL name or ID has any -permissions. This includes those objects owned by the ACL as well as -those where that ACL has any other, more limited permissions. - -=item objects flag - -Returns all objects which have the given flag set. - -=item objects host - -Returns all objects that belong to the given host. This requires adding -local configuration to identify objects that belong to a given host. See -L for more information. - -=item objects owner - -Returns all objects owned by the given ACL name or ID. - -=item objects type - -Returns all objects of the given type. - -=item objects unused - -Returns all objects that have never been downloaded (have never been the -target of a get command). - -=back - -=item owners - -Returns a list of all ACL entries in owner ACLs for all objects matching -both and . These can be the type or name of -objects or they can be patterns using C<%> as the wildcard character -following the normal rules of SQL patterns. - -The output will be one line per ACL line in the form: - - - -with duplicates suppressed. - -=item schemes - -Returns a list of all registered ACL schemes. - -=item types - -Returns a list of all registered object types. - -=back - -=head1 AUTHOR - -Russ Allbery - -=head1 COPYRIGHT AND LICENSE - -Copyright 2016 Russ Allbery - -Copyright 2008, 2009, 2010, 2013, 2015 The Board of Trustees of the Leland -Stanford Junior University - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the "Software"), -to deal in the Software without restriction, including without limitation -the rights to use, copy, modify, merge, publish, distribute, sublicense, -and/or sell copies of the Software, and to permit persons to whom the -Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. - -=head1 SEE ALSO - -Wallet::Config(3), Wallet::Report(3), wallet-backend(8) - -This program is part of the wallet system. The current version is -available from L. - -=cut --- /dev/null 2016-01-23 14:00:27.000000000 -0800 +++ server/wallet-report.in 2016-01-17 19:13:02.000000000 -0800 @@ -0,0 +1,360 @@ +#!@PERL@ +# +# Wallet server reporting interface. + +use 5.008; +use strict; +use warnings; + +use Wallet::Report; + +# The help output, sent in reply to the help command. Lists each supported +# report command with a brief description of what it does. +our $HELP = <<'EOH'; +Wallet reporting help: + acls All ACLs + acls duplicate ACLs that duplicate another + acls empty All empty ACLs + acls entry ACLs containing this entry (wildcarded) + acls nesting ACLs containing this ACL as a nested entry + acls unused ACLs that are not referenced by any object + audit acls name ACLs failing the naming policy + audit objects name Objects failing the naming policy + objects All objects + objects acl Objects granting permissions to that ACL + objects flag Objects with that flag set + objects history History of all objects + objects host All host-based objects for a specific host + objects owner Objects owned by that owner + objects type Objects of that type + objects unused Objects that have never been gotten + objects unstored Objects that have never been stored + owners All ACL entries owning matching objects + schemes All configured ACL schemes + types All configured wallet types +EOH + +############################################################################## +# Implementation +############################################################################## + +# Parse and execute a command. We wrap this in a subroutine call for easier +# testing. +sub command { + die "Usage: wallet-report [ ...]\n" unless @_; + my $report = Wallet::Report->new; + + # Parse command-line options and dispatch to the appropriate calls. + my ($command, @args) = @_; + if ($command eq 'acls') { + die "too many arguments to acls\n" if @args > 3; + my @acls = $report->acls (@args); + if (!@acls and $report->error) { + die $report->error, "\n"; + } + if (@args && $args[0] eq 'duplicate') { + for my $group (@acls) { + print join (' ', @$group), "\n"; + } + } else { + for my $acl (sort { $$a[1] cmp $$b[1] } @acls) { + print "$$acl[1] (ACL ID: $$acl[0])\n"; + } + } + } elsif ($command eq 'audit') { + die "too many arguments to audit\n" if @args > 2; + die "too few arguments to audit\n" if @args < 2; + my @result = $report->audit (@args); + if (!@result and $report->error) { + die $report->error, "\n"; + } + for my $item (@result) { + if ($args[0] eq 'acls') { + print "$$item[1] (ACL ID: $$item[0])\n"; + } else { + print join (' ', @$item), "\n"; + } + } + } elsif ($command eq 'help') { + print $HELP; + } elsif ($command eq 'objects') { + die "too many arguments to objects\n" if @args > 2; + my @objects; + if (@args && $args[0] eq 'history') { + @objects = $report->objects_history (@args); + } elsif (@args && $args[0] eq 'host') { + @objects = $report->objects_hostname (@args); + } else { + @objects = $report->objects (@args); + } + if (!@objects and $report->error) { + die $report->error, "\n"; + } + for my $object (@objects) { + print join (' ', @$object), "\n"; + } + } elsif ($command eq 'owners') { + die "too many arguments to owners\n" if @args > 2; + die "too few arguments to owners\n" if @args < 2; + my @entries = $report->owners (@args); + if (!@entries and $report->error) { + die $report->error, "\n"; + } + for my $entry (@entries) { + print join (' ', @$entry), "\n"; + } + } elsif ($command eq 'schemes') { + die "too many arguments to schemes\n" if @args > 0; + my @schemes = $report->acl_schemes; + for my $entry (@schemes) { + print join (' ', @$entry), "\n"; + } + + } elsif ($command eq 'types') { + die "too many arguments to types\n" if @args > 0; + my @types = $report->types; + for my $entry (@types) { + print join (' ', @$entry), "\n"; + } + + } else { + die "unknown command $command\n"; + } +} +command (@ARGV); +__END__ + +############################################################################## +# Documentation +############################################################################## + +=head1 NAME + +wallet-report - Wallet server reporting interface + +=for stopwords +metadata ACL hostname backend acl acls wildcard SQL Allbery remctl +MERCHANTABILITY NONINFRINGEMENT sublicense unstored + +=head1 SYNOPSIS + +B I [I ...] + +=head1 DESCRIPTION + +B provides a command-line interface for running reports on +the wallet database. It is intended to be run on the wallet server as a +user with access to the wallet database and configuration, but can also be +made available via remctl to users who should have reporting privileges. + +This program is a fairly thin wrapper around Wallet::Report that +translates command strings into method calls and returns the results. + +=head1 OPTIONS + +B takes no traditional options. + +=head1 COMMANDS + +=over 4 + +=item acls + +=item acls duplicate + +=item acls empty + +=item acls entry + +=item acls unused + +Returns a list of ACLs in the database. Except for the C +report, ACLs will be listed in the form: + + (ACL ID: ) + +where is the human-readable name and is the numeric ID. The +numeric ID is what's used internally by the wallet system. There will be +one line per ACL. + +For the C report, the output will instead be one duplicate set +per line. This will be a set of ACLs that all have the same entries. +Only the names will be given, separated by spaces. + +If no search type is given, all the ACLs in the database will be returned. +If a search type (and possible search arguments) are given, then the ACLs +will be limited to those that match the search. + +The currently supported ACL search types are: + +=over 4 + +=item acls duplicate + +Returns all sets of ACLs that are duplicates, meaning that they contain +exactly the same entries. Each line will be the names of the ACLs in a +set of duplicates, separated by spaces. + +=item acls empty + +Returns all ACLs which have no entries, generally so that abandoned ACLs +can be destroyed. + +=item acls entry + +Returns all ACLs containing an entry with given scheme and identifier. +The scheme must be an exact match, but the string will match +any identifier containing that string. + +=item acls nested + +Returns all ACLs that contain this ACL as a nested entry. + +=item acls unused + +Returns all ACLs that are not referenced by any of the objects in the +wallet database, either as an owner or on one of the more specific ACLs. + +=back + +=item audit acls name + +=item audit objects name + +Returns all ACLs or objects that violate the current site naming policy. +Objects will be listed in the form: + + + +and ACLs in the form: + + (ACL ID: ) + +where is the human-readable name and is the numeric ID. The +numeric ID is what's used internally by the wallet system. There will be +one line per object or ACL. + +=item help + +Displays a summary of all available commands. + +=item objects + +=item objects acl + +=item objects flag + +=item objects owner + +=item objects type + +=item objects unused + +=item objects unstored + +Returns a list of objects in the database. Objects will be listed in the +form: + + + +There will be one line per object. + +If no search type is given, all objects in the database will be returned. +If a search type (and possible search arguments) are given, the objects +will be limited to those that match the search. + +The currently supported object search types are: + +=over 4 + +=item objects acl + +Returns all objects for which the given ACL name or ID has any +permissions. This includes those objects owned by the ACL as well as +those where that ACL has any other, more limited permissions. + +=item objects flag + +Returns all objects which have the given flag set. + +=item objects host + +Returns all objects that belong to the given host. This requires adding +local configuration to identify objects that belong to a given host. See +L for more information. + +=item objects owner + +Returns all objects owned by the given ACL name or ID. + +=item objects type + +Returns all objects of the given type. + +=item objects unused + +Returns all objects that have never been downloaded (have never been the +target of a get command). + +=back + +=item owners + +Returns a list of all ACL entries in owner ACLs for all objects matching +both and . These can be the type or name of +objects or they can be patterns using C<%> as the wildcard character +following the normal rules of SQL patterns. + +The output will be one line per ACL line in the form: + + + +with duplicates suppressed. + +=item schemes + +Returns a list of all registered ACL schemes. + +=item types + +Returns a list of all registered object types. + +=back + +=head1 AUTHOR + +Russ Allbery + +=head1 COPYRIGHT AND LICENSE + +Copyright 2016 Russ Allbery + +Copyright 2008, 2009, 2010, 2013, 2015 The Board of Trustees of the Leland +Stanford Junior University + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +=head1 SEE ALSO + +Wallet::Config(3), Wallet::Report(3), wallet-backend(8) + +This program is part of the wallet system. The current version is +available from L. + +=cut