#include "amm/ident.h"#include "cace/amm/objpat_set.h"#include "cace/ari/base.h"#include <m-atomic.h>#include <m-deque.h>#include <m-rbtree.h>#include <m-bptree.h>#include <stdint.h>
Include dependency graph for acl.h: This graph shows which files directly or indirectly include this file:Data Structures | |
| struct | refda_acl_group_t |
| A single entry of the ACL group table. More... | |
| struct | refda_acl_access_t |
| A single entry of the ACL access table. More... | |
| struct | refda_acl_permissions_t |
| Objects from the ACL ADM. More... | |
| struct | refda_acl_t |
| Storage of the agent ACL and its derived caches. More... | |
Macros | |
| #define | M_OPL_refda_acl_group_t() (INIT(API_2(refda_acl_group_init)), CLEAR(API_2(refda_acl_group_deinit))) |
| #define | M_OPL_refda_acl_access_t() (INIT(API_2(refda_acl_access_init)), CLEAR(API_2(refda_acl_access_deinit))) |
Typedefs | |
| typedef cace_ari_uint | refda_acl_id_t |
| Identifier for ACL groups and access items. | |
| typedef struct refda_agent_s | refda_agent_t |
Functions | |
| void | refda_acl_group_init (refda_acl_group_t *obj) |
| void | refda_acl_group_deinit (refda_acl_group_t *obj) |
| void | refda_acl_access_init (refda_acl_access_t *obj) |
| void | refda_acl_access_deinit (refda_acl_access_t *obj) |
| void | refda_acl_access_get_str_id (m_string_t out, const refda_acl_access_t *obj, bool append) |
| void | refda_acl_init (refda_acl_t *obj) |
| void | refda_acl_deinit (refda_acl_t *obj) |
| int | refda_acl_search_endpoint (refda_agent_t *agent, const cace_ari_t *endpoint, refda_acl_id_tree_t groups) |
| Search in an ACL for a specific endpoint. | |
| bool | refda_acl_search_permission (refda_agent_t *agent, const refda_acl_id_tree_t groups, const cace_ari_t *tgt_ref, const cace_amm_lookup_t *tgt_deref, const cace_amm_obj_desc_ptr_set_t perm_objs, refda_amm_ident_base_ptr_set_t *match) |
| Search in an ACL for specific access. | |
| bool | refda_acl_search_one_permission (refda_agent_t *agent, const refda_acl_id_tree_t groups, const cace_ari_t *tgt_ref, const cace_amm_lookup_t *tgt_deref, const cace_amm_obj_desc_t *perm_obj, refda_amm_ident_base_ptr_set_t *match) |
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. This searches for a single permission perm_obj which avoids needing to construct a permission set. | |
Macro Definition Documentation
◆ M_OPL_refda_acl_access_t
| #define M_OPL_refda_acl_access_t | ( | ) | (INIT(API_2(refda_acl_access_init)), CLEAR(API_2(refda_acl_access_deinit))) |
◆ M_OPL_refda_acl_group_t
| #define M_OPL_refda_acl_group_t | ( | ) | (INIT(API_2(refda_acl_group_init)), CLEAR(API_2(refda_acl_group_deinit))) |
Typedef Documentation
◆ refda_acl_id_t
| typedef cace_ari_uint refda_acl_id_t |
Identifier for ACL groups and access items.
The group ID zero is reserved for the agent itself.
◆ refda_agent_t
| typedef struct refda_agent_s refda_agent_t |
Function Documentation
◆ refda_acl_access_deinit()
| void refda_acl_access_deinit | ( | refda_acl_access_t * | obj | ) |
◆ refda_acl_access_get_str_id()
| void refda_acl_access_get_str_id | ( | m_string_t | out, |
| const refda_acl_access_t * | obj, | ||
| bool | append | ||
| ) |
References refda_acl_access_t::id.
◆ refda_acl_access_init()
| void refda_acl_access_init | ( | refda_acl_access_t * | obj | ) |
◆ refda_acl_deinit()
| void refda_acl_deinit | ( | refda_acl_t * | obj | ) |
References refda_acl_t::access, refda_acl_t::access_by_group, CHKVOID, refda_acl_t::groups, and refda_acl_t::permissions.
Referenced by refda_agent_deinit().
◆ refda_acl_group_deinit()
| void refda_acl_group_deinit | ( | refda_acl_group_t * | obj | ) |
◆ refda_acl_group_init()
| void refda_acl_group_init | ( | refda_acl_group_t * | obj | ) |
◆ refda_acl_init()
| void refda_acl_init | ( | refda_acl_t * | obj | ) |
References refda_acl_t::access, refda_acl_t::access_by_group, CHKVOID, refda_acl_t::generation, refda_acl_t::groups, and refda_acl_t::permissions.
Referenced by refda_agent_init().
◆ refda_acl_search_endpoint()
| int refda_acl_search_endpoint | ( | refda_agent_t * | agent, |
| const cace_ari_t * | endpoint, | ||
| refda_acl_id_tree_t | groups | ||
| ) |
Search in an ACL for a specific endpoint.
- Parameters
-
[in] agent The agent state for reference lookup. [in] endpoint The endpoint to search for. [out] groups The set of groups to add to.
- Returns
- Zero if successful, which may result in empty groups.
References refda_agent_t::acl, acl_endpoint_filter_sub_label(), refda_agent_t::acl_mutex, agent, cace_amm_ari_is_truthy(), cace_ari_deinit(), CACE_ARI_INIT_UNDEFINED, CACE_ARI_TEXT_ENC_OPTS_DEFAULT, cace_ari_text_encode(), CACE_LOG_CRIT, CACE_LOG_DEBUG, CACE_LOG_INFO, cace_log_is_enabled_for(), CHKERR1, refda_acl_t::groups, refda_acl_group_t::id, cace_ari_translator_t::map_ari, refda_acl_group_t::member_filter, refda_eval_filter(), refda_runctx_deinit(), refda_runctx_from(), and refda_runctx_init().
Referenced by refda_runctx_check_acl().
◆ refda_acl_search_one_permission()
| bool refda_acl_search_one_permission | ( | refda_agent_t * | agent, |
| const refda_acl_id_tree_t | groups, | ||
| const cace_ari_t * | tgt_ref, | ||
| const cace_amm_lookup_t * | tgt_deref, | ||
| const cace_amm_obj_desc_t * | perm_obj, | ||
| refda_amm_ident_base_ptr_set_t * | match | ||
| ) |
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. This searches for a single permission perm_obj which avoids needing to construct a permission set.
References agent, CACE_LOG_ERR, CHKFALSE, cace_amm_idseg_val_t::name, cace_amm_obj_desc_t::obj_id, and refda_acl_search_permission().
Referenced by refda_acl_check_ensure_object(), refda_adm_ietf_dtnma_agent_ctrl_ensure_odm(), refda_adm_ietf_dtnma_agent_ctrl_ensure_rule_enabled(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_const(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_ident(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_odm(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_rule(), refda_adm_ietf_dtnma_agent_ctrl_obsolete_var(), refda_adm_ietf_dtnma_agent_ctrl_reset_rule_enabled(), refda_adm_ietf_dtnma_agent_ctrl_var_reset(), refda_adm_ietf_dtnma_agent_ctrl_var_store(), refda_exec_proc_exp_ref(), and refda_valprod_run().
◆ refda_acl_search_permission()
| bool refda_acl_search_permission | ( | refda_agent_t * | agent, |
| const refda_acl_id_tree_t | groups, | ||
| const cace_ari_t * | tgt_ref, | ||
| const cace_amm_lookup_t * | tgt_deref, | ||
| const cace_amm_obj_desc_ptr_set_t | perm_objs, | ||
| refda_amm_ident_base_ptr_set_t * | match | ||
| ) |
Search in an ACL for specific access.
Group 0 is granted special all-access without referring to specific permissions.
- Parameters
-
[in] agent The agent state for reference lookup. [in] groups The set of groups to filter-in. [in] tgt_ref The original target object/namespace reference. [in] tgt_deref The optional target object/namespace being accessed, if valid. [in] perm_objs The set of permission objects to filter-in. [out] match The matching permissions, or null pointer if they are not needed.
- Returns
- True if either group 0 is present, or if the permission is present (and
matchwould be non-empty).
References refda_acl_t::access_by_group, refda_agent_t::acl, refda_agent_t::acl_mutex, acl_target_filter_sub_label(), agent, cace_amm_ari_is_truthy(), cace_amm_lookup_ref_int(), cace_ari_deinit(), CACE_ARI_INIT_UNDEFINED, CACE_ARI_TEXT_ENC_OPTS_DEFAULT, cace_ari_text_encode(), CACE_LOG_CRIT, CACE_LOG_DEBUG, cace_log_is_enabled_for(), CHKFALSE, refda_amm_ident_base_t::deref, cace_ari_translator_t::map_ari, cace_amm_lookup_t::obj, refda_acl_access_t::objects_filter, refda_acl_access_t::permissions, refda_eval_filter(), refda_runctx_deinit(), refda_runctx_from(), and refda_runctx_init().
Referenced by refda_acl_search_one_permission().
