From c2ca6dbc6caa51283a8fa587a622bcd870c97d93 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Fri, 7 Dec 2007 00:51:07 +0000 Subject: Check a default creation ACL first before the ADMIN ACL when deciding whether we can auto-create a non-existent ACL, since creating one with the ADMIN ACL doesn't create a useful object. Allow @ in wallet-backend arguments so that principal names can be passed in. --- NEWS | 7 +++++++ perl/Wallet/Server.pm | 7 +++---- server/wallet-backend | 2 +- tests/server/backend-t.in | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 6752302..b1a4a48 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,9 @@ wallet 0.5 (unreleased) Allow the empty string in wallet-backend arguments. + Allow @ in wallet-backend arguments so that principal names can be + passed in. + Load the Perl modules for ACL verifiers and object types dynamically now that we're reading the class from the database. @@ -18,6 +21,10 @@ wallet 0.5 (unreleased) backup file before creating a new backup and don't fail if the backup already exists. + Check a default creation ACL first before the ADMIN ACL when deciding + whether we can auto-create a non-existent ACL, since creating one with + the ADMIN ACL doesn't create a useful object. + wallet 0.4 (2007-12-05) Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them diff --git a/perl/Wallet/Server.pm b/perl/Wallet/Server.pm index f04c139..87a5bab 100644 --- a/perl/Wallet/Server.pm +++ b/perl/Wallet/Server.pm @@ -243,10 +243,9 @@ sub create { my $dbh = $self->{dbh}; my $user = $self->{user}; my $host = $self->{host}; - my $acl; - unless ($self->{admin}->check ($user)) { - $acl = $self->create_check ($type, $name); - return unless $acl; + my $acl = $self->create_check ($type, $name); + unless ($acl) { + return unless $self->{admin}->check ($user); } my $object = eval { $class->create ($type, $name, $dbh, $user, $host) }; if ($@) { diff --git a/server/wallet-backend b/server/wallet-backend index 4af7490..e32581c 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -120,7 +120,7 @@ sub check_args { my %exclude = map { $_ => 1 } @$exclude; for (my $i = 1; $i <= @args; $i++) { next if $exclude{$i}; - unless ($args[$i - 1] =~ m,^[\w_/.-]*\z,) { + unless ($args[$i - 1] =~ m,^[\w_/\@.-]*\z,) { error "invalid characters in argument: $args[$i - 1]"; } } diff --git a/tests/server/backend-t.in b/tests/server/backend-t.in index 0c02598..ce4e30c 100644 --- a/tests/server/backend-t.in +++ b/tests/server/backend-t.in @@ -440,7 +440,7 @@ for my $command (sort keys %flag_commands) { is ($err, '', 'Allowed the empty argument'); is ($OUTPUT, "command show type from admin (1.2.3.4) succeeded\n", ' and success logged'); -my $ok = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_/.-'; +my $ok = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_/.@-'; ($out, $err) = run_backend ('show', 'type', $ok); is ($err, '', 'Allowed all valid characters'); is ($OUTPUT, "command show type $ok from admin (1.2.3.4) succeeded\n", -- cgit v1.2.3