From e4b2b05de382743883ee613236d4647c588d811d Mon Sep 17 00:00:00 2001 From: Richard Connon Date: Fri, 14 Feb 2014 23:29:48 +0000 Subject: Working lint check for invalid default ACLs --- src/lib/Bcfg2/Server/Lint/RequiredAttrs.py | 47 ++++++++++++------------------ 1 file changed, 18 insertions(+), 29 deletions(-) diff --git a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py index fce90154e..bb0d6956a 100644 --- a/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py +++ b/src/lib/Bcfg2/Server/Lint/RequiredAttrs.py @@ -119,7 +119,6 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): POSIXUser={None: dict(name=is_username)}) def Run(self): - self.check_default_acls() self.check_packages() if "Defaults" in self.core.plugins: self.logger.info("Defaults plugin enabled; skipping required " @@ -137,34 +136,21 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): "required-attr-format": "error", "extra-attrs": "warning"} - def check_default_acls(self): - """ Check Path entries have valid default ACLs """ - def check_acl(path): - """ Check that a default ACL contains either no entries or minimum - required entries """ - defaults = 1 if len(path.xpath( - "/ACL[@type='default' and @scope='user']")) else 0 - defaults += 1 if len(path.xpath( - "/ACL[@type='default' and @scope='user']")) else 0 - defaults += 1 if len(path.xpath( - "/ACL[@type='default' and @scope='user']")) else 0 - if defaults > 0 and defaults < 3: - self.LintError( - "missing-elements", - "A Path must have either no default ACLs or at" - " least default:user::, default:group:: and" - " default:other::") - - if 'Bundler' in self.core.plugins: - for bundle in self.core.plugins['Bundler'].entries.values(): - xdata = lxml.etree.XML(bundle.data) - for path in xdata.xpath("//BoundPath"): - check_acl(path) - if 'Rules' in self.core.plugins: - for rules in self.core.plugins['Rules'].entries.values(): - xdata = rules.pnode.data - for path in xdata.xpath("//Path"): - check_acl(path) + def check_default_acl(self, path): + """ Check that a default ACL contains either no entries or minimum + required entries """ + defaults = 1 if path.xpath( + "ACL[@type='default' and @scope='user' and @user='']") else 0 + defaults += 1 if path.xpath( + "ACL[@type='default' and @scope='group' and @group='']") else 0 + defaults += 1 if path.xpath( + "ACL[@type='default' and @scope='other']") else 0 + if defaults > 0 and defaults < 3: + self.LintError( + "missing-elements", + "A Path must have either no default ACLs or at" + " least default:user::, default:group:: and" + " default:other::") def check_packages(self): """ Check Packages sources for Source entries with missing @@ -265,6 +251,9 @@ class RequiredAttrs(Bcfg2.Server.Lint.ServerPlugin): required_attrs['major'] = is_device_mode required_attrs['minor'] = is_device_mode + if tag == 'Path': + self.check_default_acl(entry) + if tag == 'ACL' and 'scope' in required_attrs: required_attrs[entry.get('scope')] = is_username -- cgit v1.2.3-1-g7c22