diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-03-08 10:19:03 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-03-08 10:19:03 -0800 |
| commit | bc105004b8e88e1ede75dae0028d3ef10c15b57a (patch) | |
| tree | af19792633b6b68be1fc01ba95d9eb9313cf6a55 /perl/Wallet/Report.pm | |
| parent | 29452c3daeeb15670322907c53f5db2b43d2559f (diff) | |
Add an ACL name audit to wallet-report and Wallet::Report
Parallel to objects name, add an acls name audit that returns all ACLs
that do not follow the site naming standard.
Diffstat (limited to 'perl/Wallet/Report.pm')
| -rw-r--r-- | perl/Wallet/Report.pm | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/perl/Wallet/Report.pm b/perl/Wallet/Report.pm index f6e6753..c743060 100644 --- a/perl/Wallet/Report.pm +++ b/perl/Wallet/Report.pm @@ -310,10 +310,10 @@ sub owners { ############################################################################## # Audit the database for violations of local policy. Returns a list of -# objects (as type and name pairs) or a list of ACLs. On error and for no -# matching entries, the empty list will be returned. To distinguish between -# an empty return and an error, call error(), which will return undef if there -# was no error. +# objects (as type and name pairs) or a list of ACLs (as ID and name pairs). +# On error and for no matching entries, the empty list will be returned. To +# distinguish between an empty return and an error, call error(), which will +# return undef if there was no error. sub audit { my ($self, $type, $audit) = @_; undef $self->{error}; @@ -336,6 +336,20 @@ sub audit { $self->error ("unknown object audit: $audit"); return; } + } elsif ($type eq 'acls') { + if ($audit eq 'name') { + return unless defined &Wallet::Config::verify_acl_name; + my @acls = $self->acls; + my @results; + for my $acl (@acls) { + my $error = Wallet::Config::verify_acl_name ($acl->[1]); + push (@results, $acl) if $error; + } + return @results; + } else { + $self->error ("unknown acl audit: $audit"); + return; + } } else { $self->error ("unknown audit type: $type"); return; @@ -424,11 +438,12 @@ the error message if there was an error and undef if there was no error. Audits the wallet database for violations of local policy. TYPE is the general class of thing to audit, and AUDIT is the specific audit to -perform. Currently, the only implemented type is C<objects> and the only -audit is C<name>. This returns a list of all objects, as references to -pairs of type and name, that are not accepted by the verify_name() -function defined in the wallet configuration. See L<Wallet::Config> for -more information. +perform. TYPE may be either C<objects> or C<acls>. Currently, the only +implemented audit is C<name>. This returns a list of all objects, as +references to pairs of type and name, or ACLs, as references to pairs of +ID and name, that are not accepted by the verify_name() or +verify_acl_name() function defined in the wallet configuration. See +L<Wallet::Config> for more information. Returns the empty list on failure. An error can be distinguished from empty search results by calling error(). error() is guaranteed to return |