summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Connon <richard@connon.me.uk>2014-02-14 23:29:48 +0000
committerRichard Connon <richard@connon.me.uk>2014-02-14 23:29:48 +0000
commite4b2b05de382743883ee613236d4647c588d811d (patch)
treebfa0c61e61e933a5088fa0f509384e4ca5c88c63
parent06bc91f8a8c919e5e552f46386841a75fcc3619a (diff)
downloadbcfg2-e4b2b05de382743883ee613236d4647c588d811d.tar.gz
bcfg2-e4b2b05de382743883ee613236d4647c588d811d.tar.bz2
bcfg2-e4b2b05de382743883ee613236d4647c588d811d.zip
Working lint check for invalid default ACLs
Diffstat
-rw-r--r--src/lib/Bcfg2/Server/Lint/RequiredAttrs.py47
1 files changed, 18 insertions, 29 deletions
diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py
index fce90154e..bb0d6956a 100644
--- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py
+++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py
@@ -119,7 +119,6 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin):
POSIXUser={None: dict(name=is_username)})
def Run(self):
- self.check_default_acls()
self.check_packages()
if "Defaults" in self.core.plugins:
self.logger.info("Defaults plugin enabled; skipping required "
@@ -137,34 +136,21 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin):
"required-attr-format": "error",
"extra-attrs": "warning"}
- def check_default_acls(self):
- """ Check Path entries have valid default ACLs """
- def check_acl(path):
- """ Check that a default ACL contains either no entries or minimum
- required entries """
- defaults = 1 if len(path.xpath(
- "/ACL[@type='default' and @scope='user']")) else 0
- defaults += 1 if len(path.xpath(
- "/ACL[@type='default' and @scope='user']")) else 0
- defaults += 1 if len(path.xpath(
- "/ACL[@type='default' and @scope='user']")) else 0
- if defaults > 0 and defaults < 3:
- self.LintError(
- "missing-elements",
- "A Path must have either no default ACLs or at"
- " least default:user::, default:group:: and"
- " default:other::")
-
- if 'Bundler' in self.core.plugins:
- for bundle in self.core.plugins['Bundler'].entries.values():
- xdata = lxml.etree.XML(bundle.data)
- for path in xdata.xpath("//BoundPath"):
- check_acl(path)
- if 'Rules' in self.core.plugins:
- for rules in self.core.plugins['Rules'].entries.values():
- xdata = rules.pnode.data
- for path in xdata.xpath("//Path"):
- check_acl(path)
+ def check_default_acl(self, path):
+ """ Check that a default ACL contains either no entries or minimum
+ required entries """
+ defaults = 1 if path.xpath(
+ "ACL[@type='default' and @scope='user' and @user='']") else 0
+ defaults += 1 if path.xpath(
+ "ACL[@type='default' and @scope='group' and @group='']") else 0
+ defaults += 1 if path.xpath(
+ "ACL[@type='default' and @scope='other']") else 0
+ if defaults > 0 and defaults < 3:
+ self.LintError(
+ "missing-elements",
+ "A Path must have either no default ACLs or at"
+ " least default:user::, default:group:: and"
+ " default:other::")
def check_packages(self):
""" Check Packages sources for Source entries with missing
@@ -265,6 +251,9 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin):
required_attrs['major'] = is_device_mode
required_attrs['minor'] = is_device_mode
+ if tag == 'Path':
+ self.check_default_acl(entry)
+
if tag == 'ACL' and 'scope' in required_attrs:
required_attrs[entry.get('scope')] = is_username
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-26 14:57:39 +0000