Add Wallet::ACL::External ACL type

A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal and the ACL identifier to that command.  To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.

Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602

1 files changed, 32 insertions, 0 deletions

diff --git a/perl/t/verifier/external.t b/perl/t/verifier/external.t
new file mode 100755
index 0000000..3e7e776
--- /dev/null
+++ b/perl/t/verifier/external.t
@@ -0,0 +1,32 @@
+#!/usr/bin/perl
+#
+# Tests for the external wallet ACL verifier.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
+#
+# See LICENSE for licensing terms.
+
+use strict;
+use warnings;
+
+use Test::More tests => 9;
+
+use Wallet::ACL::External;
+use Wallet::Config;
+
+# Configure the external ACL verifier.
+$Wallet::Config::EXTERNAL_COMMAND = 't/data/acl-command';
+
+# Check a few verifications.
+my $verifier = Wallet::ACL::External->new;
+ok (defined $verifier, 'Wallet::ACL::External creation');
+ok ($verifier->isa ('Wallet::ACL::External'), ' and class verification');
+is ($verifier->check ('eagle@eyrie.org', 'test success'), 1, 'Success');
+is ($verifier->check ('eagle@eyrie.org', 'test failure'), 0, 'Failure');
+is ($verifier->error, undef, 'No error set');
+is ($verifier->check ('eagle@eyrie.org', 'test error'), undef, 'Error');
+is ($verifier->error, 'some error', ' and right error');
+is ($verifier->check (undef, 'eagle@eyrie.org'), undef,
+    'Undefined principal');
+is ($verifier->error, 'no principal specified', ' and right error');