diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-12-07 00:51:07 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-12-07 00:51:07 +0000 |
| commit | c2ca6dbc6caa51283a8fa587a622bcd870c97d93 (patch) | |
| tree | 47526cc3cc5ed78b52d128e1012aeb78f075112c | |
| parent | 2e9f1bbdab7ee4cbf9fba8b5c99cb3e970f35f4b (diff) | |
Check a default creation ACL first before the ADMIN ACL when deciding
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | perl/Wallet/Server.pm | 7 | ||||
| -rwxr-xr-x | server/wallet-backend | 2 | ||||
| -rw-r--r-- | tests/server/backend-t.in | 2 |
4 files changed, 12 insertions, 6 deletions
@@ -4,6 +4,9 @@ wallet 0.5 (unreleased) Allow the empty string in wallet-backend arguments. + Allow @ in wallet-backend arguments so that principal names can be + passed in. + Load the Perl modules for ACL verifiers and object types dynamically now that we're reading the class from the database. @@ -18,6 +21,10 @@ wallet 0.5 (unreleased) backup file before creating a new backup and don't fail if the backup already exists. + Check a default creation ACL first before the ADMIN ACL when deciding + whether we can auto-create a non-existent ACL, since creating one with + the ADMIN ACL doesn't create a useful object. + wallet 0.4 (2007-12-05) Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them diff --git a/perl/Wallet/Server.pm b/perl/Wallet/Server.pm index f04c139..87a5bab 100644 --- a/perl/Wallet/Server.pm +++ b/perl/Wallet/Server.pm @@ -243,10 +243,9 @@ sub create { my $dbh = $self->{dbh}; my $user = $self->{user}; my $host = $self->{host}; - my $acl; - unless ($self->{admin}->check ($user)) { - $acl = $self->create_check ($type, $name); - return unless $acl; + my $acl = $self->create_check ($type, $name); + unless ($acl) { + return unless $self->{admin}->check ($user); } my $object = eval { $class->create ($type, $name, $dbh, $user, $host) }; if ($@) { diff --git a/server/wallet-backend b/server/wallet-backend index 4af7490..e32581c 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -120,7 +120,7 @@ sub check_args { my %exclude = map { $_ => 1 } @$exclude; for (my $i = 1; $i <= @args; $i++) { next if $exclude{$i}; - unless ($args[$i - 1] =~ m,^[\w_/.-]*\z,) { + unless ($args[$i - 1] =~ m,^[\w_/\@.-]*\z,) { error "invalid characters in argument: $args[$i - 1]"; } } diff --git a/tests/server/backend-t.in b/tests/server/backend-t.in index 0c02598..ce4e30c 100644 --- a/tests/server/backend-t.in +++ b/tests/server/backend-t.in @@ -440,7 +440,7 @@ for my $command (sort keys %flag_commands) { is ($err, '', 'Allowed the empty argument'); is ($OUTPUT, "command show type from admin (1.2.3.4) succeeded\n", ' and success logged'); -my $ok = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_/.-'; +my $ok = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_/.@-'; ($out, $err) = run_backend ('show', 'type', $ok); is ($err, '', 'Allowed all valid characters'); is ($OUTPUT, "command show type $ok from admin (1.2.3.4) succeeded\n", |