This file is indexed.

/usr/share/bcfg2/schemas/acl-metadata.xsd is in bcfg2-server 1.4.0~pre2+git141-g6d40dace6358-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
            xmlns:py="http://genshi.edgewall.org/" xml:lang="en">
  <xsd:annotation>
    <xsd:documentation>
      Schema for metadata-based client ACLs:
      :ref:`server-plugins-misc-acl` ``metadata.xml``
    </xsd:documentation>
  </xsd:annotation>

  <xsd:import namespace="http://genshi.edgewall.org/"
              schemaLocation="genshi.xsd"/>

  <xsd:complexType name="MetadataACLGroupType">
    <xsd:annotation>
      <xsd:documentation>
        An **MetadataACLGroupType** is a tag used to provide logic.
        Child entries of a MetadataACLGroupType tag only apply to
        machines that match the condition specified -- either
        membership in a group, or a matching client name.
        :xml:attribute:`MetadataACLGroupType:negate` can be set to
        negate the sense of the match.
      </xsd:documentation>
    </xsd:annotation>
    <xsd:group ref="MetadataACLElements" minOccurs="1" maxOccurs="unbounded"/>
    <xsd:attribute name='name' type='xsd:string'>
      <xsd:annotation>
        <xsd:documentation>
          The name of the client or group to match on.  Child entries
          will only apply to this client or group (unless
          :xml:attribute:`MetadataACLGroupType:negate` is set).
        </xsd:documentation>
      </xsd:annotation>
    </xsd:attribute>
    <xsd:attribute name='negate' type='xsd:boolean'>
      <xsd:annotation>
        <xsd:documentation>
          Negate the sense of the match, so that child entries only
          apply to a client if it is not a member of the given group
          or does not have the given name.
        </xsd:documentation>
      </xsd:annotation>
    </xsd:attribute>
    <xsd:attributeGroup ref="py:genshiAttrs"/>
  </xsd:complexType>

  <xsd:complexType name="MetadataACLType">
    <xsd:attribute type="xsd:string" name="method" use="required">
      <xsd:annotation>
        <xsd:documentation>
          The name of the XML-RPC method to allow or deny.  Limited
          wildcards are supported.
        </xsd:documentation>
      </xsd:annotation>
    </xsd:attribute>
    <xsd:attributeGroup ref="py:genshiAttrs"/>
  </xsd:complexType>

  <xsd:complexType name="MetadataACLContainerType">
    <xsd:annotation>
      <xsd:documentation>
        Top-level tag for describing metadata-based client ACLs.
      </xsd:documentation>
    </xsd:annotation>
    <xsd:group ref="MetadataACLElements" minOccurs="1" maxOccurs="unbounded"/>
    <xsd:attribute name="lax_decryption" type="xsd:boolean">
      <xsd:annotation>
        <xsd:documentation>
          Override the global lax_decryption setting in
          ``bcfg2.conf``.
        </xsd:documentation>
      </xsd:annotation>
    </xsd:attribute>
  </xsd:complexType>

  <xsd:group name="MetadataACLElements">
    <xsd:choice>
      <xsd:group ref="py:genshiElements"/>
      <xsd:element name="Allow" type="MetadataACLType"/>
      <xsd:element name="Deny" type="MetadataACLType"/>
      <xsd:element name="Group" type="MetadataACLGroupType"/>
      <xsd:element name="Client" type="MetadataACLGroupType"/>
      <xsd:element name="ACL" type="MetadataACLContainerType"/>
    </xsd:choice>
  </xsd:group>

  <xsd:element name="ACL" type="MetadataACLContainerType"/>
</xsd:schema>