#include "acl.h"
#include "eval.h"
#include "cace/ari/text.h"
#include "cace/util/logging.h"
#include "cace/util/defs.h"

Include dependency graph for acl.c:

Functions
void	refda_acl_group_init (refda_acl_group_t *obj)

void	refda_acl_group_deinit (refda_acl_group_t *obj)

void	refda_acl_access_init (refda_acl_access_t *obj)

void	refda_acl_access_deinit (refda_acl_access_t *obj)

void	refda_acl_access_get_str_id (m_string_t out, const refda_acl_access_t *obj, bool append)

void	refda_acl_init (refda_acl_t *obj)

void	refda_acl_deinit (refda_acl_t *obj)

static cace_ari_translate_result_t	acl_endpoint_filter_sub_label (cace_ari_t out, const cace_ari_t in, const cace_ari_translate_ctx_t *ctx)
	Translation helper function to substitute LABEL value 0 in a filter with the endpoint identity.

int	refda_acl_search_endpoint (refda_agent_t agent, const cace_ari_t endpoint, refda_acl_id_tree_t groups)
	Search in an ACL for a specific endpoint.

bool	refda_acl_search_permission (refda_agent_t agent, const refda_acl_id_tree_t groups, const cace_amm_lookup_t acc_obj, const cace_amm_obj_desc_ptr_set_t perm_objs, refda_amm_ident_base_ptr_set_t match)
	Search in an ACL for specific access.

bool	refda_acl_search_one_permission (refda_agent_t agent, const refda_acl_id_tree_t groups, const cace_amm_lookup_t acc_obj, const cace_amm_obj_desc_t *perm_obj, refda_amm_ident_base_ptr_set_t match)
	This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. This searches for a single permission `perm_obj` which avoids needing to construct a permission set.

Function Documentation

◆ acl_endpoint_filter_sub_label()

static cace_ari_translate_result_t acl_endpoint_filter_sub_label	(	cace_ari_t *	out,
		const cace_ari_t *	in,
		const cace_ari_translate_ctx_t *	ctx
	)

static

Translation helper function to substitute LABEL value 0 in a filter with the endpoint identity.

References cace_ari_get_int(), cace_ari_is_lit_typed(), cace_ari_set_copy(), CACE_ARI_TRANSLATE_DEFAULT, CACE_ARI_TRANSLATE_FAILURE, CACE_ARI_TRANSLATE_FINAL, CACE_ARI_TYPE_LABEL, CACE_LOG_ERR, and cace_ari_translate_ctx_t::user_data.

Referenced by refda_acl_search_endpoint().

◆ refda_acl_access_deinit()

void refda_acl_access_deinit ( refda_acl_access_t * obj )

References cace_ari_deinit(), CHKVOID, refda_acl_access_t::groups, refda_acl_access_t::id, refda_acl_access_t::objects, and refda_acl_access_t::permissions.

◆ refda_acl_access_get_str_id()

void refda_acl_access_get_str_id	(	m_string_t	out,
		const refda_acl_access_t *	obj,
		bool	append
	)

References refda_acl_access_t::id.

◆ refda_acl_access_init()

void refda_acl_access_init ( refda_acl_access_t * obj )

References refda_acl_access_t::added_at, cace_ari_init(), CACE_ARI_INIT_UNDEFINED, CHKVOID, refda_acl_access_t::groups, refda_acl_access_t::id, refda_acl_access_t::objects, refda_acl_access_t::permissions, and refda_acl_access_t::updated_at.

◆ refda_acl_deinit()

void refda_acl_deinit ( refda_acl_t * obj )

References refda_acl_t::access, refda_acl_t::access_by_group, CHKVOID, refda_acl_t::groups, refda_acl_t::perm_base, and refda_acl_t::perm_produce.

Referenced by refda_agent_deinit().

◆ refda_acl_group_deinit()

void refda_acl_group_deinit ( refda_acl_group_t * obj )

References refda_acl_group_t::added_at, cace_ari_deinit(), CHKVOID, refda_acl_group_t::id, refda_acl_group_t::member_filter, refda_acl_group_t::name, and refda_acl_group_t::updated_at.

◆ refda_acl_group_init()

void refda_acl_group_init ( refda_acl_group_t * obj )

References refda_acl_group_t::added_at, CACE_ARI_INIT_UNDEFINED, CHKVOID, refda_acl_group_t::id, refda_acl_group_t::member_filter, refda_acl_group_t::name, and refda_acl_group_t::updated_at.

◆ refda_acl_init()

void refda_acl_init ( refda_acl_t * obj )

References refda_acl_t::access, refda_acl_t::access_by_group, CHKVOID, refda_acl_t::generation, refda_acl_t::groups, refda_acl_t::perm_base, and refda_acl_t::perm_produce.

Referenced by refda_agent_init().

◆ refda_acl_search_endpoint()

int refda_acl_search_endpoint	(	refda_agent_t *	agent,
		const cace_ari_t *	endpoint,
		refda_acl_id_tree_t	groups
	)

Search in an ACL for a specific endpoint.

Parameters

[in]	agent	The agent state for reference lookup.
[in]	endpoint	The endpoint to search for.
[out]	groups	The set of groups to add to.

Returns: Zero if successful, which may result in empty groups.

References refda_agent_t::acl, acl_endpoint_filter_sub_label(), refda_agent_t::acl_mutex, agent, cace_amm_ari_is_truthy(), cace_ari_deinit(), CACE_ARI_INIT_UNDEFINED, CACE_ARI_TEXT_ENC_OPTS_DEFAULT, cace_ari_text_encode(), cace_ari_translate(), CACE_LOG_CRIT, CACE_LOG_DEBUG, CACE_LOG_ERR, CACE_LOG_INFO, cace_log_is_enabled_for(), CHKERR1, refda_acl_t::groups, refda_acl_group_t::id, cace_ari_translator_t::map_ari, refda_acl_group_t::member_filter, REFDA_AGENT_LOCK, REFDA_AGENT_UNLOCK, refda_eval_ctx_deinit(), refda_eval_ctx_init(), refda_eval_expand_expr(), refda_eval_reduce(), refda_runctx_deinit(), refda_runctx_from(), and refda_runctx_init().

Referenced by refda_runctx_check_acl().

◆ refda_acl_search_one_permission()

bool refda_acl_search_one_permission	(	refda_agent_t *	agent,
		const refda_acl_id_tree_t	groups,
		const cace_amm_lookup_t *	acc_obj,
		const cace_amm_obj_desc_t *	perm_obj,
		refda_amm_ident_base_ptr_set_t	match
	)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. This searches for a single permission perm_obj which avoids needing to construct a permission set.

References agent, and refda_acl_search_permission().

Referenced by refda_valprod_run().

◆ refda_acl_search_permission()

bool refda_acl_search_permission	(	refda_agent_t *	agent,
		const refda_acl_id_tree_t	groups,
		const cace_amm_lookup_t *	acc_obj,
		const cace_amm_obj_desc_ptr_set_t	perm_objs,
		refda_amm_ident_base_ptr_set_t	match
	)

Search in an ACL for specific access.