From daca82f520f51834812fab7cf15411ae54f46d8f Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 3 Jan 2016 14:58:20 -0800 Subject: Document the new ACL schemes in docs/design-acl Change-Id: Idd2e1038fc02dd51aab9a9ffdd5b3400db2b106f --- docs/design-acl | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) (limited to 'docs/design-acl') diff --git a/docs/design-acl b/docs/design-acl index 424b3c6..32ac508 100644 --- a/docs/design-acl +++ b/docs/design-acl @@ -13,7 +13,7 @@ Introduction Syntax An ACL entry in the wallet consists of two pieces of data, a - and an . is one or more characters in the set + and an . is one or more characters in the set [a-z0-9-] that identifies the ACL backend to use when interpreting this ACL. is zero or more characters including all printable ASCII characters except whitespace. Only the implementation @@ -55,6 +55,24 @@ ACL Schemes The is a fully-qualified Kerberos principal. Access is granted if the principal of the client matches . + ldap-attr + + is an an attribute followed by an equal sign and a value. + If the LDAP entry corresponding to the given principal contains the + attribute and value specified by , access is granted. + + ldap-attr-root + + This is almost identical to netdb except that the user must be in the + form of a root instance (/root) and the "/root" portion is + stripped before checking the NetDB roles. + + nested + + is the name of another ACL, and access is granted if it + is granted by that ACL. This can be used to organize multiple ACLs + into a group and apply their union to an object. + netdb is the name of a system. Access is granted if the user @@ -67,13 +85,6 @@ ACL Schemes form of a root instance (/root) and the "/root" portion is stripped before checking the NetDB roles. - ldap-entitlement - - (Not yet implemented.) is an entitlement. If the - entitlement attribute of the LDAP entry corresponding to the given - principal contains the entitlement specified in , access - is granted. - pts (Not yet implemented.) is the name of an AFS PTS group. @@ -82,6 +93,7 @@ ACL Schemes License + Copyright 2016 Russ Allbery Copyright 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University -- cgit v1.2.3 From 23a6b180f975c24c8ee4190467c74b78fde0d084 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 3 Jan 2016 19:29:20 -0800 Subject: Add Wallet::ACL::External ACL type A new ACL type, external (Wallet::ACL::External), is now supported. This ACL runs an external command to check if access is allowed, and passes the principal and the ACL identifier to that command. To enable this ACL type for an existing wallet database, use wallet-admin to register the new verifier. Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602 --- NEWS | 6 ++ TODO | 4 + docs/design-acl | 6 ++ perl/lib/Wallet/ACL/External.pm | 197 ++++++++++++++++++++++++++++++++++++++++ perl/lib/Wallet/Config.pm | 35 ++++++- perl/t/data/acl-command | 43 +++++++++ perl/t/verifier/external.t | 32 +++++++ 7 files changed, 321 insertions(+), 2 deletions(-) create mode 100644 perl/lib/Wallet/ACL/External.pm create mode 100755 perl/t/data/acl-command create mode 100755 perl/t/verifier/external.t (limited to 'docs/design-acl') diff --git a/NEWS b/NEWS index 48ab131..3185b5b 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,12 @@ wallet 1.3 (unreleased) existing wallet database, use wallet-admin to register the new verifier. + A new ACL type, external (Wallet::ACL::External), is now supported. + This ACL runs an external command to check if access is allowed, and + passes the principal and the ACL identifier to that command. To + enable this ACL type for an existing wallet database, use wallet-admin + to register the new verifier. + A new variation on the ldap-attr ACL type, ldap-attr-root (Wallet::ACL::LDAP::Attribute::Root), is now supported. This is similar to netdb-root (compared to netdb): the authenticated principal diff --git a/TODO b/TODO index 24514d8..18b68eb 100644 --- a/TODO +++ b/TODO @@ -121,6 +121,10 @@ ACLs: * Add a comment field to ACLs. + * Support external ACLs under a backend other than remctl. This will + require some way of re-exporting the authenticated user identity + instead of relying on the existence of the remctl variables. + Database: * Fix case-insensitivity bug in unique keys with MySQL for objects. When diff --git a/docs/design-acl b/docs/design-acl index 32ac508..b8bb8b3 100644 --- a/docs/design-acl +++ b/docs/design-acl @@ -50,6 +50,12 @@ Semantics ACL Schemes + external + + The is arguments to an external command. Access is + granted if the external command returns success. The standard remctl + environment variables are exposed to the external command. + krb5 The is a fully-qualified Kerberos principal. Access is diff --git a/perl/lib/Wallet/ACL/External.pm b/perl/lib/Wallet/ACL/External.pm new file mode 100644 index 0000000..da013aa --- /dev/null +++ b/perl/lib/Wallet/ACL/External.pm @@ -0,0 +1,197 @@ +# Wallet::ACL::External -- Wallet external ACL verifier +# +# Written by Russ Allbery +# Copyright 2016 Russ Allbery +# +# See LICENSE for licensing terms. + +############################################################################## +# Modules and declarations +############################################################################## + +package Wallet::ACL::External; +require 5.008; + +use strict; +use warnings; +use vars qw(@ISA $VERSION); + +use Wallet::ACL::Base; +use Wallet::Config; + +@ISA = qw(Wallet::ACL::Base); + +# This version should be increased on any code change to this module. Always +# use two digits for the minor version with a leading zero if necessary so +# that it will sort properly. +$VERSION = '0.01'; + +############################################################################## +# Interface +############################################################################## + +# Creates a new persistent verifier. This just checks if the configuration +# is in place. +sub new { + my $type = shift; + unless ($Wallet::Config::EXTERNAL_COMMAND) { + die "external ACL support not configured\n"; + } + my $self = {}; + bless ($self, $type); + return $self; +} + +# The most trivial ACL verifier. Returns true if the provided principal +# matches the ACL. +sub check { + my ($self, $principal, $acl) = @_; + unless ($principal) { + $self->error ('no principal specified'); + return; + } + my @args = split (' ', $acl); + unshift @args, $principal; + my $pid = open (EXTERNAL, '-|'); + if (not defined $pid) { + $self->error ("cannot fork: $!"); + return; + } elsif ($pid == 0) { + unless (open (STDERR, '>&STDOUT')) { + warn "wallet: cannot dup stdout: $!\n"; + exit 1; + } + unless (exec ($Wallet::Config::EXTERNAL_COMMAND, @args)) { + warn "wallet: cannot run $Wallet::Config::EXTERNAL_COMMAND: $!\n"; + exit 1; + } + } + local $_; + my @output = ; + close EXTERNAL; + if ($? == 0) { + return 1; + } else { + if (@output) { + $self->error ($output[0]); + return; + } else { + return 0; + } + } +} + +1; +__END__ + +############################################################################## +# Documentation +############################################################################## + +=for stopwords +ACL Allbery verifier + +=head1 NAME + +Wallet::ACL::External - Wallet ACL verifier using an external command + +=head1 SYNOPSIS + + my $verifier = Wallet::ACL::External->new; + my $status = $verifier->check ($principal, $acl); + if (not defined $status) { + die "Something failed: ", $verifier->error, "\n"; + } elsif ($status) { + print "Access granted\n"; + } else { + print "Access denied\n"; + } + +=head1 DESCRIPTION + +Wallet::ACL::External runs an external command to determine whether access is +granted. The command configured via $EXTERNAL_COMMAND in L +will be run. The first argument to the command will be the principal +requesting access. The identifier of the ACL will be split on whitespace and +passed in as the remaining arguments to this command. + +No other arguments are passed to the command, but the command will have access +to all of the remctl environment variables seen by the wallet server (such as +REMOTE_USER). For a full list of environment variables, see +L. + +The external command should exit with a non-zero status but no output to +indicate a normal failure to satisfy the ACL. Any output will be treated as +an error. + +=head1 METHODS + +=over 4 + +=item new() + +Creates a new ACL verifier. For this verifier, this just confirms that +the wallet configuration sets an external command. + +=item check(PRINCIPAL, ACL) + +Returns true if the external command returns success when run with that +PRINCIPAL and ACL. ACL will be split on whitespace and passed as multiple +arguments. So, for example, the ACL C will, when +triggered by a request from rra@EXAMPLE.COM, result in the command: + + $Wallet::Config::EXTERNAL_COMMAND rra@EXAMPLE.COM mdbset shell + +=item error() + +Returns the error if check() returned undef. + +=back + +=head1 DIAGNOSTICS + +The new() method may fail with one of the following exceptions: + +=over 4 + +=item external ACL support not configured + +The required configuration parameters were not set. See L +for the required configuration parameters and how to set them. + +=back + +Verifying an external ACL may fail with the following errors (returned by +the error() method): + +=over 4 + +=item cannot fork: %s + +The attempt to fork in order to execute the external ACL verifier +command failed, probably due to a lack of system resources. + +=item no principal specified + +The PRINCIPAL parameter to check() was undefined or the empty string. + +=back + +In addition, if the external command fails and produces some output, +that will be considered a failure and the first line of its output will +be returned as the error message. The external command should exit +with a non-zero status but no error to indicate a normal failure. + +=head1 SEE ALSO + +remctld(8), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), +wallet-backend(8) + +This module is part of the wallet system. The current version is +available from L. + +=head1 AUTHOR + +Russ Allbery + +=cut diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index b3e1931..98b5dc9 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -1,7 +1,8 @@ # Wallet::Config -- Configuration handling for the wallet server. # # Written by Russ Allbery -# Copyright 2007, 2008, 2010, 2013, 2014 +# Copyright 2016 Russ Allbery +# Copyright 2007, 2008, 2010, 2013, 2014, 2015 # The Board of Trustees of the Leland Stanford Junior University # # See LICENSE for licensing terms. @@ -16,7 +17,7 @@ use vars qw($PATH $VERSION); # This version should be increased on any code change to this module. Always # use two digits for the minor version with a leading zero if necessary so # that it will sort properly. -$VERSION = '0.05'; +$VERSION = '0.06'; # Path to the config file to load. $PATH = $ENV{WALLET_CONFIG} || '/etc/wallet/wallet.conf'; @@ -540,6 +541,36 @@ our $WAKEYRING_PURGE_INTERVAL = 60 * 60 * 24 * 90; =back +=head1 EXTERNAL ACL CONFIGURATION + +This configuration variable is only needed if you intend to use the +C ACL type (the Wallet::ACL::External class). This ACL type +runs an external command to determine if access is granted. + +=over 4 + +=item EXTERNAL_COMMAND + +Path to the command to run to determine whether access is granted. The +first argument to the command will be the principal requesting access. +The identifier of the ACL will be split on whitespace and passed in as the +remaining arguments to this command. + +No other arguments are passed to the command, but the command will have +access to all of the remctl environment variables seen by the wallet +server (such as REMOTE_USER). For a full list of environment variables, +see L. + +The external command should exit with a non-zero status but no output to +indicate a normal failure to satisfy the ACL. Any output will be treated +as an error. + +=cut + +our $EXTERNAL_COMMAND; + +=back + =head1 LDAP ACL CONFIGURATION These configuration variables are only needed if you intend to use the diff --git a/perl/t/data/acl-command b/perl/t/data/acl-command new file mode 100755 index 0000000..e368118 --- /dev/null +++ b/perl/t/data/acl-command @@ -0,0 +1,43 @@ +#!/bin/sh +# +# An external ACL implementation. Checks that the first argument is +# eagle@eyrie.org, the second argument is "test", and then returns success, +# failure, or reports an error based on whether the second argument is +# success, failure, or error. +# +# Written by Russ Allbery +# Copyright 2016 Russ Allbery +# +# See LICENSE for licensing terms. + +set -e + +# Check the initial principal argument. +if [ "$1" != 'eagle@eyrie.org' ]; then + echo 'incorrect principal' >&2 + exit 1 +fi + +# Check that the second argument is test. +if [ "$2" != 'test' ]; then + echo 'incorrect second argument' >&2 + exit 1 +fi + +# Process the third argument. +case $3 in + success) + exit 0 + ;; + failure) + exit 1 + ;; + error) + echo 'some error' >&2 + exit 1 + ;; + *) + echo 'unknown third argument' >&2 + exit 1 + ;; +esac diff --git a/perl/t/verifier/external.t b/perl/t/verifier/external.t new file mode 100755 index 0000000..3e7e776 --- /dev/null +++ b/perl/t/verifier/external.t @@ -0,0 +1,32 @@ +#!/usr/bin/perl +# +# Tests for the external wallet ACL verifier. +# +# Written by Russ Allbery +# Copyright 2016 Russ Allbery +# +# See LICENSE for licensing terms. + +use strict; +use warnings; + +use Test::More tests => 9; + +use Wallet::ACL::External; +use Wallet::Config; + +# Configure the external ACL verifier. +$Wallet::Config::EXTERNAL_COMMAND = 't/data/acl-command'; + +# Check a few verifications. +my $verifier = Wallet::ACL::External->new; +ok (defined $verifier, 'Wallet::ACL::External creation'); +ok ($verifier->isa ('Wallet::ACL::External'), ' and class verification'); +is ($verifier->check ('eagle@eyrie.org', 'test success'), 1, 'Success'); +is ($verifier->check ('eagle@eyrie.org', 'test failure'), 0, 'Failure'); +is ($verifier->error, undef, 'No error set'); +is ($verifier->check ('eagle@eyrie.org', 'test error'), undef, 'Error'); +is ($verifier->error, 'some error', ' and right error'); +is ($verifier->check (undef, 'eagle@eyrie.org'), undef, + 'Undefined principal'); +is ($verifier->error, 'no principal specified', ' and right error'); -- cgit v1.2.3 From d2fde5b8330cab6bd6210ef99a628b1897676897 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 16 Jan 2016 15:34:22 -0800 Subject: Pass object type and name to external ACL verifiers This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything. --- NEWS | 6 +++--- docs/design-acl | 7 ++++--- perl/lib/Wallet/ACL.pm | 20 +++++++++++--------- perl/lib/Wallet/ACL/Base.pm | 6 ++++-- perl/lib/Wallet/ACL/External.pm | 16 ++++++++-------- perl/lib/Wallet/ACL/Nested.pm | 7 ++++--- perl/lib/Wallet/Config.pm | 8 ++++---- perl/t/data/acl-command | 20 ++++++++++++-------- perl/t/verifier/external.t | 11 +++++++---- 9 files changed, 57 insertions(+), 44 deletions(-) (limited to 'docs/design-acl') diff --git a/NEWS b/NEWS index eee61bd..aa9cf47 100644 --- a/NEWS +++ b/NEWS @@ -11,9 +11,9 @@ wallet 1.3 (unreleased) A new ACL type, external (Wallet::ACL::External), is now supported. This ACL runs an external command to check if access is allowed, and - passes the principal and the ACL identifier to that command. To - enable this ACL type for an existing wallet database, use wallet-admin - to register the new verifier. + passes the principal, type and name of the object, and the ACL + identifier to that command. To enable this ACL type for an existing + wallet database, use wallet-admin to register the new verifier. A new variation on the ldap-attr ACL type, ldap-attr-root (Wallet::ACL::LDAP::Attribute::Root), is now supported. This is diff --git a/docs/design-acl b/docs/design-acl index b8bb8b3..836c411 100644 --- a/docs/design-acl +++ b/docs/design-acl @@ -31,9 +31,10 @@ Semantics used: Iterate through each ACL entry in the ACL in question. If the ACL entry is malformatted or the scheme is not recognized, skip it. Otherwise, dispatch the question to the check function of the ACL - implementation, passing it the principal identifying the client and - the portion of the ACL entry. This function returns - either authorized or unauthorized. If authorized, end the search; if + implementation, passing it the principal identifying the client, the + portion of the ACL entry, and the type and name of the + object the user is attempting to access. This function returns either + authorized or unauthorized. If authorized, end the search; if unauthorized, continue to the next ACL entry. There is no support in this scheme for negative ACLs. diff --git a/perl/lib/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm index 862b88f..69e6890 100644 --- a/perl/lib/Wallet/ACL.pm +++ b/perl/lib/Wallet/ACL.pm @@ -480,7 +480,7 @@ sub history { { my %verifier; sub check_line { - my ($self, $principal, $scheme, $identifier) = @_; + my ($self, $principal, $scheme, $identifier, $type, $name) = @_; unless ($verifier{$scheme}) { my $class = $self->scheme_mapping ($scheme); unless ($class) { @@ -493,7 +493,8 @@ sub history { return; } } - my $result = ($verifier{$scheme})->check ($principal, $identifier); + my $result = ($verifier{$scheme})->check ($principal, $identifier, + $type, $name); if (not defined $result) { push (@{ $self->{check_errors} }, ($verifier{$scheme})->error); return; @@ -503,13 +504,13 @@ sub history { } } -# Given a principal, check whether it should be granted access according to -# this ACL. Returns 1 if access was granted, 0 if access was denied, and -# undef on some error. Errors from ACL verifiers do not cause an error -# return, but are instead accumulated in the check_errors variable returned by -# the check_errors() method. +# Given a principal, object type, and object name, check whether that +# principal should be granted access according to this ACL. Returns 1 if +# access was granted, 0 if access was denied, and undef on some error. Errors +# from ACL verifiers do not cause an error return, but are instead accumulated +# in the check_errors variable returned by the check_errors() method. sub check { - my ($self, $principal) = @_; + my ($self, $principal, $type, $name) = @_; unless ($principal) { $self->error ('no principal specified'); return; @@ -520,7 +521,8 @@ sub check { $self->{check_errors} = []; for my $entry (@entries) { my ($scheme, $identifier) = @$entry; - my $result = $self->check_line ($principal, $scheme, $identifier); + my $result = $self->check_line ($principal, $scheme, $identifier, + $type, $name); return 1 if $result; } return 0; diff --git a/perl/lib/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm index 19ca612..3778c07 100644 --- a/perl/lib/Wallet/ACL/Base.pm +++ b/perl/lib/Wallet/ACL/Base.pm @@ -103,10 +103,12 @@ This method should be overridden by any child classes that want to implement validating the name of an ACL before creation. The default implementation allows any name for an ACL. -=item check(PRINCIPAL, ACL) +=item check(PRINCIPAL, ACL, TYPE, NAME) This method should always be overridden by child classes. The default -implementation just declines all access. +implementation just declines all access. TYPE and NAME are the type and +name of the object being accessed, which may be used by some ACL schemes +or may be ignored. =item error([ERROR ...]) diff --git a/perl/lib/Wallet/ACL/External.pm b/perl/lib/Wallet/ACL/External.pm index 77c2499..f1bd577 100644 --- a/perl/lib/Wallet/ACL/External.pm +++ b/perl/lib/Wallet/ACL/External.pm @@ -46,13 +46,12 @@ sub new { # The most trivial ACL verifier. Returns true if the provided principal # matches the ACL. sub check { - my ($self, $principal, $acl) = @_; + my ($self, $principal, $acl, $type, $name) = @_; unless ($principal) { $self->error ('no principal specified'); return; } - my @args = split (' ', $acl); - unshift @args, $principal; + my @args = ($principal, $type, $name, $acl); my $pid = open (EXTERNAL, '-|'); if (not defined $pid) { $self->error ("cannot fork: $!"); @@ -134,14 +133,15 @@ an error. Creates a new ACL verifier. For this verifier, this just confirms that the wallet configuration sets an external command. -=item check(PRINCIPAL, ACL) +=item check(PRINCIPAL, ACL, TYPE, NAME) Returns true if the external command returns success when run with that -PRINCIPAL and ACL. ACL will be split on whitespace and passed as multiple -arguments. So, for example, the ACL C will, when -triggered by a request from rra@EXAMPLE.COM, result in the command: +PRINCIPAL, object TYPE and NAME, and ACL. So, for example, the ACL C will, when triggered by a request from rra@EXAMPLE.COM for the +object C, result in the command: - $Wallet::Config::EXTERNAL_COMMAND rra@EXAMPLE.COM mdbset shell + $Wallet::Config::EXTERNAL_COMMAND rra@EXAMPLE.COM file password \ + 'mdbset shell' =item error() diff --git a/perl/lib/Wallet/ACL/Nested.pm b/perl/lib/Wallet/ACL/Nested.pm index 07833f8..3b6c827 100644 --- a/perl/lib/Wallet/ACL/Nested.pm +++ b/perl/lib/Wallet/ACL/Nested.pm @@ -59,7 +59,7 @@ sub syntax_check { # that entry. We also want to keep track of things already checked in order # to avoid any loops. sub check { - my ($self, $principal, $group) = @_; + my ($self, $principal, $group, $type, $name) = @_; unless ($principal) { $self->error ('no principal specified'); return; @@ -78,8 +78,9 @@ sub check { # to go through each entry and decide if the given acl has access. my @members = $self->get_membership ($group); for my $entry (@members) { - my ($type, $name) = @{ $entry }; - my $result = $acl->check_line ($principal, $type, $name); + my ($scheme, $identifier) = @{ $entry }; + my $result = $acl->check_line ($principal, $scheme, $identifier, + $type, $name); return 1 if $result; } return 0; diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 98b5dc9..e8bc00c 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -551,10 +551,10 @@ runs an external command to determine if access is granted. =item EXTERNAL_COMMAND -Path to the command to run to determine whether access is granted. The -first argument to the command will be the principal requesting access. -The identifier of the ACL will be split on whitespace and passed in as the -remaining arguments to this command. +Path to the command to run to determine whether access is granted. The first +argument to the command will be the principal requesting access. The second +and third arguments will be the type and name of the object that principal is +requesting access to. The final argument will be the identifier of the ACL. No other arguments are passed to the command, but the command will have access to all of the remctl environment variables seen by the wallet diff --git a/perl/t/data/acl-command b/perl/t/data/acl-command index e368118..b7c3066 100755 --- a/perl/t/data/acl-command +++ b/perl/t/data/acl-command @@ -18,26 +18,30 @@ if [ "$1" != 'eagle@eyrie.org' ]; then exit 1 fi -# Check that the second argument is test. -if [ "$2" != 'test' ]; then +# Check that the second and third arguments are file test (the test object). +if [ "$2" != 'file' ]; then echo 'incorrect second argument' >&2 exit 1 fi +if [ "$3" != 'test' ]; then + echo 'incorrect third argument' >&2 + exit 1 +fi -# Process the third argument. -case $3 in - success) +# Process the fourth argument. +case $4 in + 'test success') exit 0 ;; - failure) + 'test failure') exit 1 ;; - error) + 'test error') echo 'some error' >&2 exit 1 ;; *) - echo 'unknown third argument' >&2 + echo 'unknown fourth argument' >&2 exit 1 ;; esac diff --git a/perl/t/verifier/external.t b/perl/t/verifier/external.t index 3e7e776..d1438de 100755 --- a/perl/t/verifier/external.t +++ b/perl/t/verifier/external.t @@ -22,11 +22,14 @@ $Wallet::Config::EXTERNAL_COMMAND = 't/data/acl-command'; my $verifier = Wallet::ACL::External->new; ok (defined $verifier, 'Wallet::ACL::External creation'); ok ($verifier->isa ('Wallet::ACL::External'), ' and class verification'); -is ($verifier->check ('eagle@eyrie.org', 'test success'), 1, 'Success'); -is ($verifier->check ('eagle@eyrie.org', 'test failure'), 0, 'Failure'); +is ($verifier->check ('eagle@eyrie.org', 'test success', 'file', 'test'), + 1, 'Success'); +is ($verifier->check ('eagle@eyrie.org', 'test failure', 'file', 'test'), + 0, 'Failure'); is ($verifier->error, undef, 'No error set'); -is ($verifier->check ('eagle@eyrie.org', 'test error'), undef, 'Error'); +is ($verifier->check ('eagle@eyrie.org', 'test error', 'file', 'test'), + undef, 'Error'); is ($verifier->error, 'some error', ' and right error'); -is ($verifier->check (undef, 'eagle@eyrie.org'), undef, +is ($verifier->check (undef, 'eagle@eyrie.org', 'file', 'test'), undef, 'Undefined principal'); is ($verifier->error, 'no principal specified', ' and right error'); -- cgit v1.2.3