static void KeepServerPromise(Promise *pp)
{
char *sp = NULL;
if (!IsDefinedClass(pp->classes))
{
CfOut(cf_verbose, "", "Skipping whole promise, as context is %s\n", pp->classes);
return;
}
if (VarClassExcluded(pp, &sp))
{
CfOut(cf_verbose, "", "\n");
CfOut(cf_verbose, "", ". . . . . . . . . . . . . . . . . . . . . . . . . . . . \n");
CfOut(cf_verbose, "", "Skipping whole next promise (%s), as var-context %s is not relevant\n", pp->promiser,
sp);
CfOut(cf_verbose, "", ". . . . . . . . . . . . . . . . . . . . . . . . . . . . \n");
return;
}
if (strcmp(pp->agentsubtype, "classes") == 0)
{
KeepClassContextPromise(pp);
return;
}
sp = (char *) GetConstraintValue("resource_type", pp, CF_SCALAR);
if (strcmp(pp->agentsubtype, "access") == 0 && sp && strcmp(sp, "literal") == 0)
{
KeepLiteralAccessPromise(pp, "literal");
return;
}
if (strcmp(pp->agentsubtype, "access") == 0 && sp && strcmp(sp, "query") == 0)
{
KeepQueryAccessPromise(pp, "query");
return;
}
if (strcmp(pp->agentsubtype, "access") == 0 && sp && strcmp(sp, "context") == 0)
{
KeepLiteralAccessPromise(pp, "context");
return;
}
/* Default behaviour is file access */
if (strcmp(pp->agentsubtype, "access") == 0)
{
KeepFileAccessPromise(pp);
return;
}
if (strcmp(pp->agentsubtype, "roles") == 0)
{
KeepServerRolePromise(pp);
return;
}
}
static PromiseResult KeepServerPromise(EvalContext *ctx, const Promise *pp, ARG_UNUSED void *param)
{
assert(!param);
PromiseBanner(ctx, pp);
if (strcmp(pp->parent_promise_type->name, "vars") == 0)
{
return VerifyVarPromise(ctx, pp, NULL);
}
if (strcmp(pp->parent_promise_type->name, "classes") == 0)
{
return VerifyClassPromise(ctx, pp, NULL);
}
if (strcmp(pp->parent_promise_type->name, "access") == 0)
{
const char *resource_type =
PromiseGetConstraintAsRval(pp, "resource_type", RVAL_TYPE_SCALAR);
/* Default resource_type in access_rules is "path" */
if (resource_type == NULL ||
strcmp(resource_type, "path") == 0)
{
KeepFileAccessPromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "literal") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "literal");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "variable") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "variable");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "query") == 0)
{
KeepQueryAccessPromise(ctx, pp);
KeepReportDataSelectAccessPromise(pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "context") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "context");
return PROMISE_RESULT_NOOP;
}
}
else if (strcmp(pp->parent_promise_type->name, "roles") == 0)
{
KeepServerRolePromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
return PROMISE_RESULT_NOOP;
}
static void KeepServerPromise(EvalContext *ctx, Promise *pp, ARG_UNUSED void *param)
{
char *sp = NULL;
assert(param == NULL);
if (!IsDefinedClass(ctx, pp->classes, PromiseGetNamespace(pp)))
{
Log(LOG_LEVEL_VERBOSE, "Skipping whole promise, as context is %s", pp->classes);
return;
}
if (VarClassExcluded(ctx, pp, &sp))
{
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_VERBOSE, "\n");
Log(LOG_LEVEL_VERBOSE, ". . . . . . . . . . . . . . . . . . . . . . . . . . . . ");
Log(LOG_LEVEL_VERBOSE, "Skipping whole next promise (%s), as var-context %s is not relevant", pp->promiser,
sp);
Log(LOG_LEVEL_VERBOSE, ". . . . . . . . . . . . . . . . . . . . . . . . . . . . ");
}
else
{
Log(LOG_LEVEL_VERBOSE, "Skipping next promise '%s', as var-context '%s' is not relevant", pp->promiser, sp);
}
return;
}
if (strcmp(pp->parent_promise_type->name, "classes") == 0)
{
VerifyClassPromise(ctx, pp, NULL);
return;
}
sp = (char *) ConstraintGetRvalValue(ctx, "resource_type", pp, RVAL_TYPE_SCALAR);
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "literal") == 0))
{
KeepLiteralAccessPromise(ctx, pp, "literal");
return;
}
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "variable") == 0))
{
KeepLiteralAccessPromise(ctx, pp, "variable");
return;
}
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "query") == 0))
{
KeepQueryAccessPromise(ctx, pp, "query");
KeepReportDataSelectAccessPromise(pp);
return;
}
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "context") == 0))
{
KeepLiteralAccessPromise(ctx, pp, "context");
return;
}
/* Default behaviour is file access */
if (strcmp(pp->parent_promise_type->name, "access") == 0)
{
KeepFileAccessPromise(ctx, pp);
return;
}
if (strcmp(pp->parent_promise_type->name, "roles") == 0)
{
KeepServerRolePromise(ctx, pp);
return;
}
}
static void KeepServerPromise(EvalContext *ctx, Promise *pp, const ReportContext *report_context)
{
char *sp = NULL;
if (!IsDefinedClass(ctx, pp->classes, PromiseGetNamespace(pp)))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Skipping whole promise, as context is %s\n", pp->classes);
return;
}
if (VarClassExcluded(ctx, pp, &sp))
{
CfOut(OUTPUT_LEVEL_VERBOSE, "", "\n");
CfOut(OUTPUT_LEVEL_VERBOSE, "", ". . . . . . . . . . . . . . . . . . . . . . . . . . . . \n");
CfOut(OUTPUT_LEVEL_VERBOSE, "", "Skipping whole next promise (%s), as var-context %s is not relevant\n", pp->promiser,
sp);
CfOut(OUTPUT_LEVEL_VERBOSE, "", ". . . . . . . . . . . . . . . . . . . . . . . . . . . . \n");
return;
}
if (strcmp(pp->parent_promise_type->name, "classes") == 0)
{
KeepClassContextPromise(ctx, pp, report_context);
return;
}
sp = (char *) ConstraintGetRvalValue(ctx, "resource_type", pp, RVAL_TYPE_SCALAR);
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "literal") == 0))
{
KeepLiteralAccessPromise(ctx, pp, "literal");
return;
}
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "variable") == 0))
{
KeepLiteralAccessPromise(ctx, pp, "variable");
return;
}
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "query") == 0))
{
KeepQueryAccessPromise(ctx, pp, "query");
return;
}
if ((strcmp(pp->parent_promise_type->name, "access") == 0) && sp && (strcmp(sp, "context") == 0))
{
KeepLiteralAccessPromise(ctx, pp, "context");
return;
}
/* Default behaviour is file access */
if (strcmp(pp->parent_promise_type->name, "access") == 0)
{
KeepFileAccessPromise(ctx, pp);
return;
}
if (strcmp(pp->parent_promise_type->name, "roles") == 0)
{
KeepServerRolePromise(ctx, pp);
return;
}
}
static PromiseResult KeepServerPromise(EvalContext *ctx, const Promise *pp, ARG_UNUSED void *param)
{
assert(!param);
if (!IsDefinedClass(ctx, pp->classes, PromiseGetNamespace(pp)))
{
Log(LOG_LEVEL_VERBOSE, "Skipping whole promise, as context is %s", pp->classes);
return PROMISE_RESULT_NOOP;
}
{
char *cls = NULL;
if (VarClassExcluded(ctx, pp, &cls))
{
if (LEGACY_OUTPUT)
{
Log(LOG_LEVEL_VERBOSE, "\n");
Log(LOG_LEVEL_VERBOSE, ". . . . . . . . . . . . . . . . . . . . . . . . . . . . ");
Log(LOG_LEVEL_VERBOSE, "Skipping whole next promise (%s), as var-context %s is not relevant", pp->promiser, cls);
Log(LOG_LEVEL_VERBOSE, ". . . . . . . . . . . . . . . . . . . . . . . . . . . . ");
}
else
{
Log(LOG_LEVEL_VERBOSE, "Skipping next promise '%s', as var-context '%s' is not relevant", pp->promiser, cls);
}
return PROMISE_RESULT_NOOP;
}
}
if (strcmp(pp->parent_promise_type->name, "classes") == 0)
{
return VerifyClassPromise(ctx, pp, NULL);
}
const char *resource_type = PromiseGetConstraintAsRval(pp, "resource_type", RVAL_TYPE_SCALAR);
if (resource_type && strcmp(pp->parent_promise_type->name, "access") == 0)
{
if (strcmp(resource_type, "literal") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "literal");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "variable") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "variable");
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "query") == 0)
{
KeepQueryAccessPromise(ctx, pp, "query");
KeepReportDataSelectAccessPromise(pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(resource_type, "context") == 0)
{
KeepLiteralAccessPromise(ctx, pp, "context");
return PROMISE_RESULT_NOOP;
}
}
if (strcmp(pp->parent_promise_type->name, "access") == 0)
{
KeepFileAccessPromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
else if (strcmp(pp->parent_promise_type->name, "roles") == 0)
{
KeepServerRolePromise(ctx, pp);
return PROMISE_RESULT_NOOP;
}
return PROMISE_RESULT_NOOP;
}