/usr/share/pacemaker/upgrade-1.3.xsl is in pacemaker-common 1.1.18-0ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" encoding="UTF-8" indent="yes"/>
<xsl:template match="role_ref">
<xsl:element name="role">
<xsl:apply-templates select="@*|node()"/>
</xsl:element>
</xsl:template>
<xsl:template match="read|write|deny">
<xsl:element name="acl_permission">
<xsl:copy-of select="@id"/>
<xsl:attribute name="kind"><xsl:value-of select="name()"/></xsl:attribute>
<!-- previously, one could have a single element "matched" multiple times,
each time using a different attribute (or no attribute at all), which
would result, after the generalization (stripping @attribute) in
multiple possibly conflicting ACL behaviours for given element(s);
we could take this into account by, at the very least, preferring
the behavior at attribute-less specification, if any -->
<xsl:choose>
<xsl:when test="@ref">
<xsl:attribute name="reference"><xsl:value-of select="@ref"/></xsl:attribute>
<xsl:if test="@attribute">
<!-- alternatively, rephrase (generalized a bit) turning it to @xpath -->
<xsl:message>ACLs: @attribute cannot accompany @ref for upgrade-1.3.xsl purposes, ignoring</xsl:message>
</xsl:if>
</xsl:when>
<xsl:when test="@tag">
<xsl:attribute name="object-type"><xsl:value-of select="@tag"/></xsl:attribute>
<xsl:if test="@attribute">
<xsl:message>ACLs: @attribute (with @tag) handling generalized a bit for upgrade-1.3.xsl purposes</xsl:message>
<xsl:copy-of select="@attribute"/>
</xsl:if>
</xsl:when>
<xsl:otherwise>
<!-- must have been xpath per the schema, then -->
<xsl:choose>
<xsl:when test="@attribute">
<xsl:message>ACLs: @attribute (with @xpath) handling generalized a bit for upgrade-1.3.xsl purposes</xsl:message>
<xsl:attribute name="xpath">
<xsl:value-of select="concat(@xpath,'[@', @attribute, ']')"/>
</xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:copy-of select="@xpath"/>
</xsl:otherwise>
</xsl:choose>
</xsl:otherwise>
</xsl:choose>
</xsl:element>
</xsl:template>
<xsl:template match="acl_user[role_ref]">
<!-- schema disallows role_ref's AND deny/read/write -->
<xsl:element name="acl_target">
<xsl:apply-templates select="@*|node()"/>
</xsl:element>
</xsl:template>
<xsl:template match="acl_user[not(role_ref)]">
<xsl:element name="acl_target">
<xsl:apply-templates select="@*"/>
<xsl:if test="count(deny|read|write)" >
<xsl:element name="role">
<xsl:attribute name="id">
<xsl:value-of select="concat('auto-', @id)"/>
</xsl:attribute>
</xsl:element>
</xsl:if>
</xsl:element>
<xsl:if test="count(deny|read|write)" >
<xsl:element name="acl_role">
<xsl:attribute name="id">
<xsl:value-of select="concat('auto-', @id)"/>
</xsl:attribute>
<xsl:apply-templates select="*"/>
</xsl:element>
</xsl:if>
</xsl:template>
<xsl:template match="@*|*">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>
|