Fix: xml: Always allow new scaffolding - node with no attributes or only an id field

beekhof · beekhof · commit f242c1efc7df · 2014-03-04T12:31:40.000+11:00
diff --git a/lib/common/xml.c b/lib/common/xml.c
@@ -708,11 +708,29 @@ __xml_acl_post_process(xmlNode * xml)
     xmlNode *cIter = __xml_first_child(xml);
     xml_private_t *p = xml->_private;
 
-    if(is_set(p->flags, xpf_created) && __xml_acl_check(xml, NULL, xpf_acl_write) == FALSE) {
-        char *path = xml_get_path(xml);
-        crm_trace("Cannot add new node %s at %s", crm_element_name(xml), path);
-        free_xml(xml);
-        return;
+    if(is_set(p->flags, xpf_created)) {
+        xmlAttr *xIter = NULL;
+
+        /* Always allow new scaffolding, ie. node with no attributes or only an 'id' */
+
+        for (xIter = crm_first_attr(xml); xIter != NULL; xIter = xIter->next) {
+            const char *prop_name = (const char *)xIter->name;
+
+            if (strcmp(prop_name, XML_ATTR_ID) == 0) {
+                /* Delay the acl check */
+                continue;
+
+            } else if(__xml_acl_check(xml, NULL, xpf_acl_write)) {
+                crm_trace("Creation of %s=%s is allowed", crm_element_name(xml), ID(xml));
+                break;
+
+            } else {
+                char *path = xml_get_path(xml);
+                crm_trace("Cannot add new node %s at %s", crm_element_name(xml), path);
+                free_xml(xml);
+                return;
+            }
+        }
     }
 
     while (cIter != NULL) {
