Pass object type and name to external ACL verifiers

This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything.
author: Russ Allbery <eagle@eyrie.org> 2016-01-16 15:34:22 -0800
committer: Russ Allbery <eagle@eyrie.org> 2016-01-16 15:35:49 -0800
commit: d2fde5b8330cab6bd6210ef99a628b1897676897 (patch)
tree: 3bdb4383a95efc5c36b7fabe07ca7df0cb50f719 /perl/lib/Wallet/Config.pm
parent: 44b98b0005effceb6fb5497b336fa86e05675e6f (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm
index 98b5dc9..e8bc00c 100644
--- a/perl/lib/Wallet/Config.pm
+++ b/perl/lib/Wallet/Config.pm
@@ -551,10 +551,10 @@ runs an external command to determine if access is granted.
 
 =item EXTERNAL_COMMAND
 
-Path to the command to run to determine whether access is granted.  The
-first argument to the command will be the principal requesting access.
-The identifier of the ACL will be split on whitespace and passed in as the
-remaining arguments to this command.
+Path to the command to run to determine whether access is granted.  The first
+argument to the command will be the principal requesting access.  The second
+and third arguments will be the type and name of the object that principal is
+requesting access to.  The final argument will be the identifier of the ACL.
 
 No other arguments are passed to the command, but the command will have
 access to all of the remctl environment variables seen by the wallet
author	Russ Allbery <eagle@eyrie.org>	2016-01-16 15:34:22 -0800
committer	Russ Allbery <eagle@eyrie.org>	2016-01-16 15:35:49 -0800
commit	d2fde5b8330cab6bd6210ef99a628b1897676897 (patch)
tree	3bdb4383a95efc5c36b7fabe07ca7df0cb50f719 /perl/lib/Wallet/Config.pm
parent	44b98b0005effceb6fb5497b336fa86e05675e6f (diff)