Added /cron principals to Stanford policy and summary

cron principals were being rejected due to not being a part of the
Stanford Policy module.

Change-Id: Ic67a8e2bce8474431163b74d97c2bf1fb184a4b7
Reviewed-on: https://gerrit.stanford.edu/1488
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>

2 files changed, 6 insertions, 0 deletions

diff --git a/contrib/wallet-summary b/contrib/wallet-summary
index 84a1cc7..55501ad 100755
--- a/contrib/wallet-summary
+++ b/contrib/wallet-summary
@@ -15,6 +15,7 @@ $ADDRESS = 'nobody@example.com';
 # The various classification patterns for srvtabs.
 @PATTERNS
     = ([qr(/cgi\z),       '*/cgi',        'CGI users'],
+       [qr(/cron\z),      '*/cron',       'Cron users'],
        [qr(^(?i)http/),   'HTTP/*',       'HTTP Negotiate-Auth'],
        [qr(^cifs/),       'cifs/*',       'CIFS'],
        [qr(^host/),       'host/*',       'Host login'],
diff --git a/perl/Wallet/Policy/Stanford.pm b/perl/Wallet/Policy/Stanford.pm
index 8bf4257..5ac29e0 100644
--- a/perl/Wallet/Policy/Stanford.pm
+++ b/perl/Wallet/Policy/Stanford.pm
@@ -279,6 +279,11 @@ sub verify_name {
                 and $principal !~ /^(class|dept|group)-[a-z0-9_-]+$/) {
                 return "invalid CGI principal name $name";
             }
+        } elsif ($instance eq 'cron') {
+            if ($principal !~ /^[a-z][a-z0-9]{1,7}$/
+                and $principal !~ /^(class|dept|group)-[a-z0-9_-]+$/) {
+                return "invalid cron principal name $name";
+            }
         } else {
             return "unknown principal type $principal";
         }