diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-12-05 01:10:23 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-12-05 01:10:23 +0000 |
| commit | c0c34051887d08a94221f9cbc2b74fbfad34c22c (patch) | |
| tree | cf6dbd65beee76296f4a16fef21c86419eaa5ed8 /perl/Wallet/ACL.pm | |
| parent | 0e9a5e25ec9c1977c6426f4aea4b61a658fe6855 (diff) | |
Determine the class for object and ACL schema implementations from the
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
Diffstat (limited to 'perl/Wallet/ACL.pm')
| -rw-r--r-- | perl/Wallet/ACL.pm | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/perl/Wallet/ACL.pm b/perl/Wallet/ACL.pm index 12b3f7c..d654e68 100644 --- a/perl/Wallet/ACL.pm +++ b/perl/Wallet/ACL.pm @@ -14,7 +14,7 @@ package Wallet::ACL; require 5.006; use strict; -use vars qw(%MAPPING $VERSION); +use vars qw($VERSION); use DBI; use POSIX qw(strftime); @@ -23,13 +23,7 @@ use Wallet::ACL::Krb5; # This version should be increased on any code change to this module. Always # use two digits for the minor version with a leading zero if necessary so # that it will sort properly. -$VERSION = '0.02'; - -# This is a mapping of schemes to class names, used to determine which ACL -# verifier should be instantiated for a given ACL scheme. Currently, there's -# no dynamic way to recognize new ACL verifiers, so if you extend the wallet -# system to add new verifiers, you need to modify this list. -%MAPPING = (krb5 => 'Wallet::ACL::Krb5'); +$VERSION = '0.03'; ############################################################################## # Constructors @@ -134,6 +128,24 @@ sub name { return $self->{name}; } +# Given an ACL scheme, return the mapping to a class by querying the +# database, or undef if no mapping exists. +sub scheme_mapping { + my ($self, $scheme) = @_; + my $class; + eval { + my $sql = 'select as_class from acl_schemes where as_name = ?'; + ($class) = $self->{dbh}->selectrow_array ($sql, undef, $scheme); + $self->{dbh}->commit; + }; + if ($@) { + $self->error ($@); + $self->{dbh}->rollback; + return; + } + return $class; +} + # Record a change to an ACL. Takes the type of change, the scheme and # identifier of the entry, and the trace information (user, host, and time). # This function does not commit and does not catch exceptions. It should @@ -209,7 +221,7 @@ sub destroy { sub add { my ($self, $scheme, $identifier, $user, $host, $time) = @_; $time ||= time; - unless ($MAPPING{$scheme}) { + unless ($self->scheme_mapping ($scheme)) { $self->error ("unknown ACL scheme $scheme"); return undef; } @@ -359,11 +371,12 @@ sub check { for my $entry (@entries) { my ($scheme, $identifier) = @$entry; unless ($verifier{$scheme}) { - unless ($MAPPING{$scheme}) { + my $class = $self->scheme_mapping ($scheme); + unless ($class) { push (@{ $self->{check_errors} }, "unknown scheme $scheme"); next; } - $verifier{$scheme} = ($MAPPING{$scheme})->new; + $verifier{$scheme} = $class->new; unless (defined $verifier{$scheme}) { push (@{ $self->{check_errors} }, "cannot verify $scheme"); next; |