Pass object type and name to external ACL verifiers

This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything.
author: Russ Allbery <eagle@eyrie.org> 2016-01-16 15:34:22 -0800
committer: Russ Allbery <eagle@eyrie.org> 2016-01-16 15:35:49 -0800
commit: d2fde5b8330cab6bd6210ef99a628b1897676897 (patch)
tree: 3bdb4383a95efc5c36b7fabe07ca7df0cb50f719 /docs
parent: 44b98b0005effceb6fb5497b336fa86e05675e6f (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/docs/design-acl b/docs/design-acl
index b8bb8b3..836c411 100644
--- a/docs/design-acl
+++ b/docs/design-acl
@@ -31,9 +31,10 @@ Semantics
     used:  Iterate through each ACL entry in the ACL in question.  If the
     ACL entry is malformatted or the scheme is not recognized, skip it.
     Otherwise, dispatch the question to the check function of the ACL
-    implementation, passing it the principal identifying the client and
-    the <identifier> portion of the ACL entry.  This function returns
-    either authorized or unauthorized.  If authorized, end the search; if
+    implementation, passing it the principal identifying the client, the
+    <identifier> portion of the ACL entry, and the type and name of the
+    object the user is attempting to access.  This function returns either
+    authorized or unauthorized.  If authorized, end the search; if
     unauthorized, continue to the next ACL entry.
 
     There is no support in this scheme for negative ACLs.
author	Russ Allbery <eagle@eyrie.org>	2016-01-16 15:34:22 -0800
committer	Russ Allbery <eagle@eyrie.org>	2016-01-16 15:35:49 -0800
commit	d2fde5b8330cab6bd6210ef99a628b1897676897 (patch)
tree	3bdb4383a95efc5c36b7fabe07ca7df0cb50f719 /docs
parent	44b98b0005effceb6fb5497b336fa86e05675e6f (diff)