static void KeepQueryAccessPromise(EvalContext *ctx, const Promise *pp) { Auth *dp = GetOrCreateAuth(pp->promiser, &SV.vardeny, &SV.vardenytail), *ap = GetOrCreateAuth(pp->promiser, &SV.varadmit, &SV.varadmittail); RegisterLiteralServerData(ctx, pp->promiser, pp); ap->literal = true; size_t pos = acl_SortedInsert(&query_acl, pp->promiser); if (pos == (size_t) -1) { /* Should never happen, besides when allocation fails. */ Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr()); exit(255); } AccessPromise_AddAccessConstraints(ctx, pp, &query_acl->acls[pos], ap, dp); }
void KeepLiteralAccessPromise(EvalContext *ctx, const Promise *pp, const char *type) { Auth *ap, *dp; const char *handle = PromiseGetHandle(pp); if (handle == NULL && strcmp(type, "literal") == 0) { Log(LOG_LEVEL_ERR, "Access to literal server data requires you to define a promise handle for reference"); return; } if (strcmp(type, "literal") == 0) { Log(LOG_LEVEL_VERBOSE,"Looking at literal access promise '%s', type '%s'", pp->promiser, type); ap = GetOrCreateAuth(handle, &SV.varadmit, &SV.varadmittail); dp = GetOrCreateAuth(handle, &SV.vardeny, &SV.vardenytail); RegisterLiteralServerData(ctx, handle, pp); ap->literal = true; size_t pos = acl_SortedInsert(&literals_acl, handle); if (pos == (size_t) -1) { /* Should never happen, besides when allocation fails. */ Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr()); exit(255); } AccessPromise_AddAccessConstraints(ctx, pp, &literals_acl->acls[pos], ap, dp); } else { Log(LOG_LEVEL_VERBOSE,"Looking at context/var access promise '%s', type '%s'", pp->promiser, type); ap = GetOrCreateAuth(pp->promiser, &SV.varadmit, &SV.varadmittail); dp = GetOrCreateAuth(pp->promiser, &SV.vardeny, &SV.vardenytail); if (strcmp(type, "context") == 0) { ap->classpattern = true; size_t pos = acl_SortedInsert(&classes_acl, pp->promiser); if (pos == (size_t) -1) { /* Should never happen, besides when allocation fails. */ Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr()); exit(255); } AccessPromise_AddAccessConstraints(ctx, pp, &classes_acl->acls[pos], ap, dp); } else if (strcmp(type, "variable") == 0) { ap->variable = true; size_t pos = acl_SortedInsert(&vars_acl, pp->promiser); if (pos == (size_t) -1) { /* Should never happen, besides when allocation fails. */ Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr()); exit(255); } AccessPromise_AddAccessConstraints(ctx, pp, &vars_acl->acls[pos], ap, dp); } } }
void KeepQueryAccessPromise(EvalContext *ctx, Promise *pp, char *type) { Rlist *rp; Auth *ap, *dp; if (!GetAuthPath(pp->promiser, SV.varadmit)) { InstallServerAuthPath(pp->promiser, &SV.varadmit, &SV.varadmittop); } RegisterLiteralServerData(ctx, pp->promiser, pp); if (!GetAuthPath(pp->promiser, SV.vardeny)) { InstallServerAuthPath(pp->promiser, &SV.vardeny, &SV.vardenytop); } ap = GetAuthPath(pp->promiser, SV.varadmit); dp = GetAuthPath(pp->promiser, SV.vardeny); if (strcmp(type, "query") == 0) { ap->literal = true; } for (size_t i = 0; i < SeqLength(pp->conlist); i++) { Constraint *cp = SeqAt(pp->conlist, i); if (!IsDefinedClass(ctx, cp->classes, PromiseGetNamespace(pp))) { continue; } switch (cp->rval.type) { case RVAL_TYPE_SCALAR: if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ENCRYPTED].lval) == 0) { ap->encrypt = true; } break; case RVAL_TYPE_LIST: for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next) { if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ADMIT].lval) == 0) { PrependItem(&(ap->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_DENY].lval) == 0) { PrependItem(&(dp->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_MAPROOT].lval) == 0) { PrependItem(&(ap->maproot), rp->item, NULL); continue; } } break; default: /* Shouldn't happen */ break; } } }
void KeepLiteralAccessPromise(EvalContext *ctx, Promise *pp, char *type) { Rlist *rp; Auth *ap = NULL, *dp = NULL; const char *handle = PromiseGetHandle(pp); if ((handle == NULL) && (strcmp(type,"literal") == 0)) { Log(LOG_LEVEL_ERR, "Access to literal server data requires you to define a promise handle for reference"); return; } if (strcmp(type, "literal") == 0) { Log(LOG_LEVEL_VERBOSE,"Looking at literal access promise '%s', type '%s'", pp->promiser, type); if (!GetAuthPath(handle, SV.varadmit)) { InstallServerAuthPath(handle, &SV.varadmit, &SV.varadmittop); } if (!GetAuthPath(handle, SV.vardeny)) { InstallServerAuthPath(handle, &SV.vardeny, &SV.vardenytop); } RegisterLiteralServerData(ctx, handle, pp); ap = GetAuthPath(handle, SV.varadmit); dp = GetAuthPath(handle, SV.vardeny); ap->literal = true; } else { Log(LOG_LEVEL_VERBOSE,"Looking at context/var access promise '%s', type '%s'", pp->promiser, type); if (!GetAuthPath(pp->promiser, SV.varadmit)) { InstallServerAuthPath(pp->promiser, &SV.varadmittop, &SV.varadmittop); } if (!GetAuthPath(pp->promiser, SV.vardeny)) { InstallServerAuthPath(pp->promiser, &SV.vardeny, &SV.vardenytop); } if (strcmp(type, "context") == 0) { ap = GetAuthPath(pp->promiser, SV.varadmit); dp = GetAuthPath(pp->promiser, SV.vardeny); ap->classpattern = true; } if (strcmp(type, "variable") == 0) { ap = GetAuthPath(pp->promiser, SV.varadmit); // Allow the promiser (preferred) as well as handle as variable name dp = GetAuthPath(pp->promiser, SV.vardeny); ap->variable = true; } } for (size_t i = 0; i < SeqLength(pp->conlist); i++) { Constraint *cp = SeqAt(pp->conlist, i); if (!IsDefinedClass(ctx, cp->classes, PromiseGetNamespace(pp))) { continue; } switch (cp->rval.type) { case RVAL_TYPE_SCALAR: if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ENCRYPTED].lval) == 0) { ap->encrypt = true; } break; case RVAL_TYPE_LIST: for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next) { if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ADMIT].lval) == 0) { PrependItem(&(ap->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_DENY].lval) == 0) { PrependItem(&(dp->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_MAPROOT].lval) == 0) { PrependItem(&(ap->maproot), rp->item, NULL); continue; } } break; default: /* Shouldn't happen */ break; } } }
void KeepQueryAccessPromise(Promise *pp, char *type) { Constraint *cp; Rlist *rp; Auth *ap, *dp; if (!GetAuthPath(pp->promiser, VARADMIT)) { InstallServerAuthPath(pp->promiser, &VARADMIT, &VARADMITTOP); } RegisterLiteralServerData(pp->promiser, pp); if (!GetAuthPath(pp->promiser, VARDENY)) { InstallServerAuthPath(pp->promiser, &VARDENY, &VARDENYTOP); } ap = GetAuthPath(pp->promiser, VARADMIT); dp = GetAuthPath(pp->promiser, VARDENY); if (strcmp(type, "query") == 0) { ap->literal = true; } for (cp = pp->conlist; cp != NULL; cp = cp->next) { if (!IsDefinedClass(cp->classes)) { continue; } switch (cp->rval.rtype) { case CF_SCALAR: if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_encrypted].lval) == 0) { ap->encrypt = true; } break; case CF_LIST: for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next) { if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_admit].lval) == 0) { PrependItem(&(ap->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_deny].lval) == 0) { PrependItem(&(dp->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_maproot].lval) == 0) { PrependItem(&(ap->maproot), rp->item, NULL); continue; } } break; case CF_FNCALL: /* Shouldn't happen */ break; } } }
void KeepLiteralAccessPromise(Promise *pp, char *type) { Constraint *cp; Rlist *rp; Auth *ap, *dp; char *handle = GetConstraintValue("handle", pp, CF_SCALAR); if (handle == NULL) { CfOut(cf_error, "", "Access to literal server data requires you to define a promise handle for reference"); return; } if (!GetAuthPath(handle, VARADMIT)) { InstallServerAuthPath(handle, &VARADMIT, &VARADMITTOP); } RegisterLiteralServerData(handle, pp); if (!GetAuthPath(handle, VARDENY)) { InstallServerAuthPath(handle, &VARDENY, &VARDENYTOP); } ap = GetAuthPath(handle, VARADMIT); dp = GetAuthPath(handle, VARDENY); if (strcmp(type, "literal") == 0) { ap->literal = true; } if (strcmp(type, "context") == 0) { ap->classpattern = true; } for (cp = pp->conlist; cp != NULL; cp = cp->next) { if (!IsDefinedClass(cp->classes)) { continue; } switch (cp->rval.rtype) { case CF_SCALAR: if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_encrypted].lval) == 0) { ap->encrypt = true; } break; case CF_LIST: for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next) { if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_admit].lval) == 0) { PrependItem(&(ap->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_deny].lval) == 0) { PrependItem(&(dp->accesslist), rp->item, NULL); continue; } if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_maproot].lval) == 0) { PrependItem(&(ap->maproot), rp->item, NULL); continue; } } break; case CF_FNCALL: /* Shouldn't happen */ break; } } }