diff options
| author | Russ Allbery <eagle@eyrie.org> | 2021-09-04 13:03:36 -0700 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2021-09-04 13:03:36 -0700 |
| commit | b63cd1c55861194c84e8efd8fa713d96c651b43a (patch) | |
| tree | 49fa2079d606244061df006daede29ce303cc5eb | |
| parent | a5f322a55242a68613862d125d7fd0125b1c88bb (diff) | |
In Wallet::Policy::Stanford, fix the default_owner logic for password
objects that are group-based rather than host-based. Thanks,
macrotex.
Fixes #82
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | perl/lib/Wallet/Policy/Stanford.pm | 14 |
2 files changed, 13 insertions, 5 deletions
@@ -5,6 +5,10 @@ wallet 1.5 (unreleased) Fix the table drop order for wallet-admin destroy to avoid violating foreign key constraints. Patch from macrotex. + In Wallet::Policy::Stanford, fix the default_owner logic for password + objects that are group-based rather than host-based. Thanks, + macrotex. (#82) + Update to rra-c-util 8.2: * Implement explicit_bzero with memset if it is not available. diff --git a/perl/lib/Wallet/Policy/Stanford.pm b/perl/lib/Wallet/Policy/Stanford.pm index 3aeea1c..3094294 100644 --- a/perl/lib/Wallet/Policy/Stanford.pm +++ b/perl/lib/Wallet/Policy/Stanford.pm @@ -1,7 +1,7 @@ # Wallet::Policy::Stanford -- Stanford's wallet naming and ownership policy # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2016 Russ Allbery <eagle@eyrie.org> +# Copyright 2016, 2021 Russ Allbery <eagle@eyrie.org> # Copyright 2013-2015 # The Board of Trustees of the Leland Stanford Junior University # @@ -260,15 +260,19 @@ sub default_owner { } # We have no open if this is not a file object. - return if $type ne 'file'; + return if ($type ne 'file' && $type ne 'password'); # Parse the name of the file object only far enough to get type and group # (if there is a group). my ($file_type, $group) = split('/', $name); - # Host-based file objects should be caught by the above. We certainly - # can't do anything about them here. - return if $FILE_TYPE{$file_type}{host}; + # Host-based file and password objects should be caught by the above. We + # certainly can't do anything about them here. + if ($type eq 'file') { + return if $FILE_TYPE{$file_type}{host}; + } elsif ($type eq 'password') { + return if $PASSWORD_TYPE{$file_type}{host}; + } # If we have a mapping for this group, retrieve the ACL contents. We # would like to just return the ACL name, but wallet currently requires we |