3 files changed, 29 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index 8c03036..ce9a03a 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@
 
 wallet 0.5 (unreleased)
 
+    Load the Perl modules for ACL verifiers and object types dynamically
+    now that we're reading the class from the database.
+
     Fix the keytab principal validation regex to allow instances
     containing periods.  Otherwise, it's hard to manage host keytabs.  Add
     a missing test suite for that method.
diff --git a/perl/Wallet/ACL.pm b/perl/Wallet/ACL.pm
index f9a163b..7830523 100644
--- a/perl/Wallet/ACL.pm
+++ b/perl/Wallet/ACL.pm
@@ -18,12 +18,11 @@ use vars qw($VERSION);
 
 use DBI;
 use POSIX qw(strftime);
-use Wallet::ACL::Krb5;
 
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.03';
+$VERSION = '0.04';
 
 ##############################################################################
 # Constructors
@@ -129,7 +128,7 @@ sub name {
 }
 
 # Given an ACL scheme, return the mapping to a class by querying the
-# database, or undef if no mapping exists.
+# database, or undef if no mapping exists.  Also load the relevant module.
 sub scheme_mapping {
     my ($self, $scheme) = @_;
     my $class;
@@ -143,6 +142,17 @@ sub scheme_mapping {
         $self->{dbh}->rollback;
         return;
     }
+    if (defined $class) {
+        if ($class !~ /^Wallet::ACL::(\w+::)*\w+\z/) {
+            $self->error ("invalid class name $class for scheme $scheme");
+            return;
+        }
+        eval "require $class";
+        if ($@) {
+            $self->error ($@);
+            return;
+        }
+    }
     return $class;
 }
 
diff --git a/perl/Wallet/Server.pm b/perl/Wallet/Server.pm
index 1fa7e4a..b6ce92f 100644
--- a/perl/Wallet/Server.pm
+++ b/perl/Wallet/Server.pm
@@ -18,13 +18,12 @@ use vars qw(%MAPPING $VERSION);
 
 use Wallet::ACL;
 use Wallet::Config;
-use Wallet::Object::Keytab;
 use Wallet::Schema;
 
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.03';
+$VERSION = '0.04';
 
 ##############################################################################
 # Utility methods
@@ -139,7 +138,7 @@ sub DESTROY {
 ##############################################################################
 
 # Given an object type, return the mapping to a class by querying the
-# database, or undef if no mapping exists.
+# database, or undef if no mapping exists.  Also load the relevant module.
 sub type_mapping {
     my ($self, $type) = @_;
     my $class;
@@ -153,6 +152,17 @@ sub type_mapping {
         $self->{dbh}->rollback;
         return;
     }
+    if (defined $class) {
+        if ($class !~ /^Wallet::Object::(\w+::)*\w+\z/) {
+            $self->error ("invalid class name $class for type $type");
+            return;
+        }
+        eval "require $class";
+        if ($@) {
+            $self->error ($@);
+            return;
+        }
+    }
     return $class;
 }