acl.c File Reference

#include <crm_internal.h>
#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>
#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <libxml/tree.h>
#include <libxml/xmlstring.h>
#include <libxml/xpath.h>
#include <crm/crm.h>
#include <crm/common/xml.h>
#include <crm/common/xml_internal.h>
#include "crmcommon_private.h"

Include dependency graph for acl.c:

Go to the source code of this file.

Macros
#define	display_id(xml)
#define	check_acl_deny(xml, attr_name, prefix, user, mode)

Typedefs
typedef struct xml_acl_s	xml_acl_t

Functions
void	pcmk__free_acls (GList *acls)
void	pcmk__apply_acl (xmlNode *xml)
void	pcmk__unpack_acl (xmlNode *source, xmlNode *target, const char *user)
void	pcmk__enable_acl (xmlNode *acl_source, xmlNode *target, const char *user)
bool	xml_acl_filtered_copy (const char *user, xmlNode *acl_source, xmlNode *xml, xmlNode **result)
	Copy ACL-allowed portions of specified XML.
void	pcmk__apply_creation_acl (xmlNode *xml, bool check_top)
bool	xml_acl_denied (const xmlNode *xml)
	Check whether or not an XML node is ACL-denied.
void	xml_acl_disable (xmlNode *xml)
bool	xml_acl_enabled (const xmlNode *xml)
	Check whether or not an XML node is ACL-enabled.
bool	pcmk__check_acl (xmlNode *xml, const char *attr_name, enum pcmk__xml_flags mode)
bool	pcmk_acl_required (const char *user)
	Check whether ACLs are required for a given user.
char *	pcmk__uid2username (uid_t uid)
const char *	pcmk__update_acl_user (xmlNode *request, const char *field, const char *peer_user)

Macro Definition Documentation

check_acl_deny

#define check_acl_deny	(		xml,
			attr_name,
			prefix,
			user,
			mode )

Value:

        do {             \
        xmlNode *tree = xml;                                                \
                                                                            \
        pcmk__xml_doc_set_flags(tree->doc, pcmk__xf_acl_denied);            \
        pcmk__if_tracing(                                                   \
            {                                                               \
                GString *xpath = pcmk__element_xpath(tree);                 \
                                                                            \
                if ((attr_name) != NULL) {                                  \
                    pcmk__g_strcat(xpath, "[@", attr_name, "]", NULL);      \
                }                                                           \
                qb_log_from_external_source(__func__, __FILE__,             \
                                            "%sACL denies user '%s' %s "    \
                                            "access to %s",                 \
                                            LOG_TRACE, __LINE__, 0 ,        \
                                            prefix, user,                   \
                                            acl_to_text(mode), xpath->str); \
                g_string_free(xpath, TRUE);                                 \
            },                                                              \
            {}                                                              \
        );                                                                  \
    } while (false);

Definition at line 724 of file acl.c.

display_id

#define display_id

(

xml

)

Value:

pcmk__s(pcmk__xe_id(xml), "<unset>")

Definition at line 594 of file acl.c.

Typedef Documentation

xml_acl_t

typedef struct xml_acl_s xml_acl_t

Function Documentation

pcmk__apply_acl()

void pcmk__apply_acl

(

xmlNode *

xml

)

Definition at line 216 of file acl.c.

pcmk__apply_creation_acl()

void pcmk__apply_creation_acl	(	xmlNode *	xml,
		bool	check_top )

Definition at line 612 of file acl.c.

pcmk__check_acl()

bool pcmk__check_acl	(	xmlNode *	xml,
		const char *	attr_name,
		enum pcmk__xml_flags	mode )

Definition at line 748 of file acl.c.

pcmk__enable_acl()

void pcmk__enable_acl	(	xmlNode *	acl_source,
		xmlNode *	target,
		const char *	user )

Definition at line 378 of file acl.c.

pcmk__free_acls()

void pcmk__free_acls

(

GList *

acls

)

Definition at line 45 of file acl.c.

pcmk__uid2username()

char * pcmk__uid2username

(

uid_t

uid

)

Definition at line 823 of file acl.c.

pcmk__unpack_acl()

void pcmk__unpack_acl	(	xmlNode *	source,
		xmlNode *	target,
		const char *	user )

Definition at line 315 of file acl.c.

pcmk__update_acl_user()

const char * pcmk__update_acl_user	(	xmlNode *	request,
		const char *	field,
		const char *	peer_user )

Definition at line 853 of file acl.c.

pcmk_acl_required()

bool pcmk_acl_required

(

const char *

user

)

Check whether ACLs are required for a given user.

Parameters

[in]

User

name to check

Returns

true if the user requires ACLs, false otherwise

Definition at line 808 of file acl.c.

xml_acl_denied()

bool xml_acl_denied

(

const xmlNode *

xml

)

Check whether or not an XML node is ACL-denied.

Parameters

[in]

xml

node to check

Returns

true if XML node exists and is ACL-denied, false otherwise

Definition at line 671 of file acl.c.

xml_acl_disable()

void xml_acl_disable

(

xmlNode *

xml

)

Definition at line 682 of file acl.c.

xml_acl_enabled()

bool xml_acl_enabled

(

const xmlNode *

xml

)

Check whether or not an XML node is ACL-enabled.

Parameters

[in]

xml

node to check

Returns

true if XML node exists and is ACL-enabled, false otherwise

Definition at line 702 of file acl.c.

xml_acl_filtered_copy()

bool xml_acl_filtered_copy	(	const char *	user,
		xmlNode *	acl_source,
		xmlNode *	xml,
		xmlNode **	result )

Copy ACL-allowed portions of specified XML.

Parameters

[in]	user	Username whose ACLs should be used
[in]	acl_source	XML containing ACLs
[in]	xml	XML to be copied
[out]	result	Copy of XML portions readable via ACLs

Returns

true if xml exists and ACLs are required for user, false otherwise

Note

If this returns true, caller should use result rather than xml

Definition at line 473 of file acl.c.