DTNMA Reference Tools v2.2.0 - 5.ga116361
Delay-Tolerant Networking Management Architecture (DTNMA) Tool Suite
Loading...
Searching...
No Matches
Functions
acl.c File Reference
#include "acl.h"
#include "eval.h"
#include "cace/ari/text.h"
#include "cace/util/logging.h"
#include "cace/util/defs.h"
+ Include dependency graph for acl.c:

Functions

void refda_acl_group_init (refda_acl_group_t *obj)
 
void refda_acl_group_deinit (refda_acl_group_t *obj)
 
void refda_acl_access_init (refda_acl_access_t *obj)
 
void refda_acl_access_deinit (refda_acl_access_t *obj)
 
void refda_acl_access_get_str_id (m_string_t out, const refda_acl_access_t *obj, bool append)
 
void refda_acl_init (refda_acl_t *obj)
 
void refda_acl_deinit (refda_acl_t *obj)
 
static cace_ari_translate_result_t acl_endpoint_filter_sub_label (cace_ari_t *out, const cace_ari_t *in, const cace_ari_translate_ctx_t *ctx)
 Translation helper function to substitute LABEL value 0 in a filter with the endpoint identity.
 
int refda_acl_search_endpoint (refda_agent_t *agent, const cace_ari_t *endpoint, refda_acl_id_tree_t groups)
 Search in an ACL for a specific endpoint.
 
static cace_ari_translate_result_t acl_target_filter_sub_label (cace_ari_t *out, const cace_ari_t *in, const cace_ari_translate_ctx_t *ctx)
 Translation helper function to substitute LABEL value 0 in a filter with the endpoint identity.
 
bool refda_acl_search_permission (refda_agent_t *agent, const refda_acl_id_tree_t groups, const cace_ari_t *tgt_ref, const cace_amm_lookup_t *tgt_deref, const cace_amm_obj_desc_ptr_set_t perm_objs, refda_amm_ident_base_ptr_set_t *match)
 Search in an ACL for specific access.
 
bool refda_acl_search_one_permission (refda_agent_t *agent, const refda_acl_id_tree_t groups, const cace_ari_t *tgt_ref, const cace_amm_lookup_t *tgt_deref, const cace_amm_obj_desc_t *perm_obj, refda_amm_ident_base_ptr_set_t *match)
 This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. This searches for a single permission perm_obj which avoids needing to construct a permission set.
 

Function Documentation

◆ acl_endpoint_filter_sub_label()

static cace_ari_translate_result_t acl_endpoint_filter_sub_label ( cace_ari_t out,
const cace_ari_t in,
const cace_ari_translate_ctx_t ctx 
)
static

Translation helper function to substitute LABEL value 0 in a filter with the endpoint identity.

References cace_ari_get_int(), cace_ari_is_lit_typed(), CACE_ARI_TRANSLATE_DEFAULT, CACE_ARI_TRANSLATE_FAILURE, CACE_ARI_TRANSLATE_FINAL, CACE_ARI_TYPE_LABEL, CACE_LOG_ERR, refda_eval_label_subst(), and cace_ari_translate_ctx_t::user_data.

Referenced by refda_acl_search_endpoint().

◆ acl_target_filter_sub_label()

static cace_ari_translate_result_t acl_target_filter_sub_label ( cace_ari_t out,
const cace_ari_t in,
const cace_ari_translate_ctx_t ctx 
)
static

Translation helper function to substitute LABEL value 0 in a filter with the endpoint identity.

References cace_ari_get_int(), cace_ari_is_lit_typed(), CACE_ARI_TRANSLATE_DEFAULT, CACE_ARI_TRANSLATE_FAILURE, CACE_ARI_TRANSLATE_FINAL, CACE_ARI_TYPE_LABEL, CACE_LOG_ERR, refda_eval_label_subst(), and cace_ari_translate_ctx_t::user_data.

Referenced by refda_acl_search_permission().

◆ refda_acl_access_deinit()

void refda_acl_access_deinit ( refda_acl_access_t obj)

References cace_ari_deinit(), CHKVOID, refda_acl_access_t::groups, refda_acl_access_t::id, refda_acl_access_t::objects_filter, and refda_acl_access_t::permissions.

◆ refda_acl_access_get_str_id()

void refda_acl_access_get_str_id ( m_string_t  out,
const refda_acl_access_t obj,
bool  append 
)

References refda_acl_access_t::id.

◆ refda_acl_access_init()

void refda_acl_access_init ( refda_acl_access_t obj)

References refda_acl_access_t::added_at, cace_ari_init(), CACE_ARI_INIT_UNDEFINED, CHKVOID, refda_acl_access_t::groups, refda_acl_access_t::id, refda_acl_access_t::objects_filter, refda_acl_access_t::permissions, and refda_acl_access_t::updated_at.

◆ refda_acl_deinit()

void refda_acl_deinit ( refda_acl_t obj)

References refda_acl_t::access, refda_acl_t::access_by_group, CHKVOID, refda_acl_t::groups, and refda_acl_t::permissions.

Referenced by refda_agent_deinit().

◆ refda_acl_group_deinit()

void refda_acl_group_deinit ( refda_acl_group_t obj)

References refda_acl_group_t::added_at, cace_ari_deinit(), CHKVOID, refda_acl_group_t::id, refda_acl_group_t::member_filter, refda_acl_group_t::name, and refda_acl_group_t::updated_at.

◆ refda_acl_group_init()

void refda_acl_group_init ( refda_acl_group_t obj)

References refda_acl_group_t::added_at, CACE_ARI_INIT_UNDEFINED, CHKVOID, refda_acl_group_t::id, refda_acl_group_t::member_filter, refda_acl_group_t::name, and refda_acl_group_t::updated_at.

◆ refda_acl_init()

void refda_acl_init ( refda_acl_t obj)

References refda_acl_t::access, refda_acl_t::access_by_group, CHKVOID, refda_acl_t::generation, refda_acl_t::groups, and refda_acl_t::permissions.

Referenced by refda_agent_init().

◆ refda_acl_search_endpoint()

int refda_acl_search_endpoint ( refda_agent_t agent,
const cace_ari_t endpoint,
refda_acl_id_tree_t  groups 
)

Search in an ACL for a specific endpoint.

Parameters
[in]agentThe agent state for reference lookup.
[in]endpointThe endpoint to search for.
[out]groupsThe set of groups to add to.
Returns
Zero if successful, which may result in empty groups.

References refda_agent_t::acl, acl_endpoint_filter_sub_label(), refda_agent_t::acl_mutex, agent, cace_amm_ari_is_truthy(), cace_ari_deinit(), CACE_ARI_INIT_UNDEFINED, CACE_ARI_TEXT_ENC_OPTS_DEFAULT, cace_ari_text_encode(), CACE_LOG_CRIT, CACE_LOG_DEBUG, CACE_LOG_INFO, cace_log_is_enabled_for(), CHKERR1, refda_acl_t::groups, refda_acl_group_t::id, cace_ari_translator_t::map_ari, refda_acl_group_t::member_filter, refda_eval_filter(), refda_runctx_deinit(), refda_runctx_from(), and refda_runctx_init().

Referenced by refda_runctx_check_acl().

◆ refda_acl_search_one_permission()

bool refda_acl_search_one_permission ( refda_agent_t agent,
const refda_acl_id_tree_t  groups,
const cace_ari_t tgt_ref,
const cace_amm_lookup_t tgt_deref,
const cace_amm_obj_desc_t perm_obj,
refda_amm_ident_base_ptr_set_t match 
)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. This searches for a single permission perm_obj which avoids needing to construct a permission set.

References agent, CACE_LOG_ERR, CHKFALSE, cace_amm_idseg_val_t::name, cace_amm_obj_desc_t::obj_id, and refda_acl_search_permission().

Referenced by refda_acl_check_ensure_object(), refda_adm_ietf_dtnma_agent_ctrl_ensure_odm(), refda_adm_ietf_dtnma_agent_ctrl_ensure_rule_enabled(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_const(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_ident(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_odm(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_rule(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_var(), refda_adm_ietf_dtnma_agent_ctrl_reset_rule_enabled(), refda_adm_ietf_dtnma_agent_ctrl_var_reset(), refda_adm_ietf_dtnma_agent_ctrl_var_store(), refda_exec_proc_exp_ref(), and refda_valprod_run().

◆ refda_acl_search_permission()

bool refda_acl_search_permission ( refda_agent_t agent,
const refda_acl_id_tree_t  groups,
const cace_ari_t tgt_ref,
const cace_amm_lookup_t tgt_deref,
const cace_amm_obj_desc_ptr_set_t  perm_objs,
refda_amm_ident_base_ptr_set_t match 
)

Search in an ACL for specific access.

Group 0 is granted special all-access without referring to specific permissions.

Parameters
[in]agentThe agent state for reference lookup.
[in]groupsThe set of groups to filter-in.
[in]tgt_refThe original target object/namespace reference.
[in]tgt_derefThe optional target object/namespace being accessed, if valid.
[in]perm_objsThe set of permission objects to filter-in.
[out]matchThe matching permissions, or null pointer if they are not needed.
Returns
True if either group 0 is present, or if the permission is present (and match would be non-empty).

References refda_acl_t::access_by_group, refda_agent_t::acl, refda_agent_t::acl_mutex, acl_target_filter_sub_label(), agent, cace_amm_ari_is_truthy(), cace_amm_lookup_ref_int(), cace_ari_deinit(), CACE_ARI_INIT_UNDEFINED, CACE_ARI_TEXT_ENC_OPTS_DEFAULT, cace_ari_text_encode(), CACE_LOG_CRIT, CACE_LOG_DEBUG, cace_log_is_enabled_for(), CHKFALSE, refda_amm_ident_base_t::deref, cace_ari_translator_t::map_ari, cace_amm_lookup_t::obj, refda_acl_access_t::objects_filter, refda_acl_access_t::permissions, refda_eval_filter(), refda_runctx_deinit(), refda_runctx_from(), and refda_runctx_init().

Referenced by refda_acl_search_one_permission().