static void KeepQueryAccessPromise(EvalContext *ctx, const Promise *pp)
{
Auth *dp = GetOrCreateAuth(pp->promiser, &SV.vardeny, &SV.vardenytail),
*ap = GetOrCreateAuth(pp->promiser, &SV.varadmit, &SV.varadmittail);
RegisterLiteralServerData(ctx, pp->promiser, pp);
ap->literal = true;
size_t pos = acl_SortedInsert(&query_acl, pp->promiser);
if (pos == (size_t) -1)
{
/* Should never happen, besides when allocation fails. */
Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr());
exit(255);
}
AccessPromise_AddAccessConstraints(ctx, pp, &query_acl->acls[pos],
ap, dp);
}
void KeepLiteralAccessPromise(EvalContext *ctx, const Promise *pp, const char *type)
{
Auth *ap, *dp;
const char *handle = PromiseGetHandle(pp);
if (handle == NULL && strcmp(type, "literal") == 0)
{
Log(LOG_LEVEL_ERR, "Access to literal server data requires you to define a promise handle for reference");
return;
}
if (strcmp(type, "literal") == 0)
{
Log(LOG_LEVEL_VERBOSE,"Looking at literal access promise '%s', type '%s'", pp->promiser, type);
ap = GetOrCreateAuth(handle, &SV.varadmit, &SV.varadmittail);
dp = GetOrCreateAuth(handle, &SV.vardeny, &SV.vardenytail);
RegisterLiteralServerData(ctx, handle, pp);
ap->literal = true;
size_t pos = acl_SortedInsert(&literals_acl, handle);
if (pos == (size_t) -1)
{
/* Should never happen, besides when allocation fails. */
Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr());
exit(255);
}
AccessPromise_AddAccessConstraints(ctx, pp, &literals_acl->acls[pos],
ap, dp);
}
else
{
Log(LOG_LEVEL_VERBOSE,"Looking at context/var access promise '%s', type '%s'", pp->promiser, type);
ap = GetOrCreateAuth(pp->promiser, &SV.varadmit, &SV.varadmittail);
dp = GetOrCreateAuth(pp->promiser, &SV.vardeny, &SV.vardenytail);
if (strcmp(type, "context") == 0)
{
ap->classpattern = true;
size_t pos = acl_SortedInsert(&classes_acl, pp->promiser);
if (pos == (size_t) -1)
{
/* Should never happen, besides when allocation fails. */
Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr());
exit(255);
}
AccessPromise_AddAccessConstraints(ctx, pp, &classes_acl->acls[pos],
ap, dp);
}
else if (strcmp(type, "variable") == 0)
{
ap->variable = true;
size_t pos = acl_SortedInsert(&vars_acl, pp->promiser);
if (pos == (size_t) -1)
{
/* Should never happen, besides when allocation fails. */
Log(LOG_LEVEL_CRIT, "acl_Insert: %s", GetErrorStr());
exit(255);
}
AccessPromise_AddAccessConstraints(ctx, pp, &vars_acl->acls[pos],
ap, dp);
}
}
}
void KeepQueryAccessPromise(EvalContext *ctx, Promise *pp, char *type)
{
Rlist *rp;
Auth *ap, *dp;
if (!GetAuthPath(pp->promiser, SV.varadmit))
{
InstallServerAuthPath(pp->promiser, &SV.varadmit, &SV.varadmittop);
}
RegisterLiteralServerData(ctx, pp->promiser, pp);
if (!GetAuthPath(pp->promiser, SV.vardeny))
{
InstallServerAuthPath(pp->promiser, &SV.vardeny, &SV.vardenytop);
}
ap = GetAuthPath(pp->promiser, SV.varadmit);
dp = GetAuthPath(pp->promiser, SV.vardeny);
if (strcmp(type, "query") == 0)
{
ap->literal = true;
}
for (size_t i = 0; i < SeqLength(pp->conlist); i++)
{
Constraint *cp = SeqAt(pp->conlist, i);
if (!IsDefinedClass(ctx, cp->classes, PromiseGetNamespace(pp)))
{
continue;
}
switch (cp->rval.type)
{
case RVAL_TYPE_SCALAR:
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ENCRYPTED].lval) == 0)
{
ap->encrypt = true;
}
break;
case RVAL_TYPE_LIST:
for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next)
{
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ADMIT].lval) == 0)
{
PrependItem(&(ap->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_DENY].lval) == 0)
{
PrependItem(&(dp->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_MAPROOT].lval) == 0)
{
PrependItem(&(ap->maproot), rp->item, NULL);
continue;
}
}
break;
default:
/* Shouldn't happen */
break;
}
}
}
void KeepLiteralAccessPromise(EvalContext *ctx, Promise *pp, char *type)
{
Rlist *rp;
Auth *ap = NULL, *dp = NULL;
const char *handle = PromiseGetHandle(pp);
if ((handle == NULL) && (strcmp(type,"literal") == 0))
{
Log(LOG_LEVEL_ERR, "Access to literal server data requires you to define a promise handle for reference");
return;
}
if (strcmp(type, "literal") == 0)
{
Log(LOG_LEVEL_VERBOSE,"Looking at literal access promise '%s', type '%s'", pp->promiser, type);
if (!GetAuthPath(handle, SV.varadmit))
{
InstallServerAuthPath(handle, &SV.varadmit, &SV.varadmittop);
}
if (!GetAuthPath(handle, SV.vardeny))
{
InstallServerAuthPath(handle, &SV.vardeny, &SV.vardenytop);
}
RegisterLiteralServerData(ctx, handle, pp);
ap = GetAuthPath(handle, SV.varadmit);
dp = GetAuthPath(handle, SV.vardeny);
ap->literal = true;
}
else
{
Log(LOG_LEVEL_VERBOSE,"Looking at context/var access promise '%s', type '%s'", pp->promiser, type);
if (!GetAuthPath(pp->promiser, SV.varadmit))
{
InstallServerAuthPath(pp->promiser, &SV.varadmittop, &SV.varadmittop);
}
if (!GetAuthPath(pp->promiser, SV.vardeny))
{
InstallServerAuthPath(pp->promiser, &SV.vardeny, &SV.vardenytop);
}
if (strcmp(type, "context") == 0)
{
ap = GetAuthPath(pp->promiser, SV.varadmit);
dp = GetAuthPath(pp->promiser, SV.vardeny);
ap->classpattern = true;
}
if (strcmp(type, "variable") == 0)
{
ap = GetAuthPath(pp->promiser, SV.varadmit); // Allow the promiser (preferred) as well as handle as variable name
dp = GetAuthPath(pp->promiser, SV.vardeny);
ap->variable = true;
}
}
for (size_t i = 0; i < SeqLength(pp->conlist); i++)
{
Constraint *cp = SeqAt(pp->conlist, i);
if (!IsDefinedClass(ctx, cp->classes, PromiseGetNamespace(pp)))
{
continue;
}
switch (cp->rval.type)
{
case RVAL_TYPE_SCALAR:
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ENCRYPTED].lval) == 0)
{
ap->encrypt = true;
}
break;
case RVAL_TYPE_LIST:
for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next)
{
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_ADMIT].lval) == 0)
{
PrependItem(&(ap->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_DENY].lval) == 0)
{
PrependItem(&(dp->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[REMOTE_ACCESS_MAPROOT].lval) == 0)
{
PrependItem(&(ap->maproot), rp->item, NULL);
continue;
}
}
break;
default:
/* Shouldn't happen */
break;
}
}
}
void KeepQueryAccessPromise(Promise *pp, char *type)
{
Constraint *cp;
Rlist *rp;
Auth *ap, *dp;
if (!GetAuthPath(pp->promiser, VARADMIT))
{
InstallServerAuthPath(pp->promiser, &VARADMIT, &VARADMITTOP);
}
RegisterLiteralServerData(pp->promiser, pp);
if (!GetAuthPath(pp->promiser, VARDENY))
{
InstallServerAuthPath(pp->promiser, &VARDENY, &VARDENYTOP);
}
ap = GetAuthPath(pp->promiser, VARADMIT);
dp = GetAuthPath(pp->promiser, VARDENY);
if (strcmp(type, "query") == 0)
{
ap->literal = true;
}
for (cp = pp->conlist; cp != NULL; cp = cp->next)
{
if (!IsDefinedClass(cp->classes))
{
continue;
}
switch (cp->rval.rtype)
{
case CF_SCALAR:
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_encrypted].lval) == 0)
{
ap->encrypt = true;
}
break;
case CF_LIST:
for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next)
{
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_admit].lval) == 0)
{
PrependItem(&(ap->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_deny].lval) == 0)
{
PrependItem(&(dp->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_maproot].lval) == 0)
{
PrependItem(&(ap->maproot), rp->item, NULL);
continue;
}
}
break;
case CF_FNCALL:
/* Shouldn't happen */
break;
}
}
}
void KeepLiteralAccessPromise(Promise *pp, char *type)
{
Constraint *cp;
Rlist *rp;
Auth *ap, *dp;
char *handle = GetConstraintValue("handle", pp, CF_SCALAR);
if (handle == NULL)
{
CfOut(cf_error, "", "Access to literal server data requires you to define a promise handle for reference");
return;
}
if (!GetAuthPath(handle, VARADMIT))
{
InstallServerAuthPath(handle, &VARADMIT, &VARADMITTOP);
}
RegisterLiteralServerData(handle, pp);
if (!GetAuthPath(handle, VARDENY))
{
InstallServerAuthPath(handle, &VARDENY, &VARDENYTOP);
}
ap = GetAuthPath(handle, VARADMIT);
dp = GetAuthPath(handle, VARDENY);
if (strcmp(type, "literal") == 0)
{
ap->literal = true;
}
if (strcmp(type, "context") == 0)
{
ap->classpattern = true;
}
for (cp = pp->conlist; cp != NULL; cp = cp->next)
{
if (!IsDefinedClass(cp->classes))
{
continue;
}
switch (cp->rval.rtype)
{
case CF_SCALAR:
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_encrypted].lval) == 0)
{
ap->encrypt = true;
}
break;
case CF_LIST:
for (rp = (Rlist *) cp->rval.item; rp != NULL; rp = rp->next)
{
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_admit].lval) == 0)
{
PrependItem(&(ap->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_deny].lval) == 0)
{
PrependItem(&(dp->accesslist), rp->item, NULL);
continue;
}
if (strcmp(cp->lval, CF_REMACCESS_BODIES[cfs_maproot].lval) == 0)
{
PrependItem(&(ap->maproot), rp->item, NULL);
continue;
}
}
break;
case CF_FNCALL:
/* Shouldn't happen */
break;
}
}
}
