security.h File Reference

#include <libxml/tree.h>
#include "xsltexports.h"
#include "xsltInternals.h"

Include dependency graph for security.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs
typedef struct _xsltSecurityPrefs	xsltSecurityPrefs
typedef xsltSecurityPrefs *	xsltSecurityPrefsPtr
typedef int(*	xsltSecurityCheck) (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)

Enumerations
enum	xsltSecurityOption {   XSLT_SECPREF_READ_FILE = 1 , XSLT_SECPREF_WRITE_FILE , XSLT_SECPREF_CREATE_DIRECTORY , XSLT_SECPREF_READ_NETWORK ,   XSLT_SECPREF_WRITE_NETWORK }

Functions
XSLTPUBFUN xsltSecurityPrefsPtr XSLTCALL	xsltNewSecurityPrefs (void)
XSLTPUBFUN void XSLTCALL	xsltFreeSecurityPrefs (xsltSecurityPrefsPtr sec)
XSLTPUBFUN int XSLTCALL	xsltSetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
XSLTPUBFUN xsltSecurityCheck XSLTCALL	xsltGetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option)
XSLTPUBFUN void XSLTCALL	xsltSetDefaultSecurityPrefs (xsltSecurityPrefsPtr sec)
XSLTPUBFUN xsltSecurityPrefsPtr XSLTCALL	xsltGetDefaultSecurityPrefs (void)
XSLTPUBFUN int XSLTCALL	xsltSetCtxtSecurityPrefs (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
XSLTPUBFUN int XSLTCALL	xsltSecurityAllow (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
XSLTPUBFUN int XSLTCALL	xsltSecurityForbid (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
XSLTPUBFUN int XSLTCALL	xsltCheckWrite (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
XSLTPUBFUN int XSLTCALL	xsltCheckRead (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)

Typedef Documentation

xsltSecurityCheck

typedef int(* xsltSecurityCheck) (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)

xsltSecurityCheck:

User provided function to check the value of a string like a file path or an URL ...

Definition at line 51 of file security.h.

xsltSecurityPrefs

typedef struct _xsltSecurityPrefs xsltSecurityPrefs

xsltSecurityPref:

structure to indicate the preferences for security in the XSLT transformation.

Definition at line 29 of file security.h.

xsltSecurityPrefsPtr

typedef xsltSecurityPrefs* xsltSecurityPrefsPtr

Definition at line 30 of file security.h.

Enumeration Type Documentation

xsltSecurityOption

enum xsltSecurityOption

xsltSecurityOption:

the set of option that can be configured

Enumerator
XSLT_SECPREF_READ_FILE
XSLT_SECPREF_WRITE_FILE
XSLT_SECPREF_CREATE_DIRECTORY
XSLT_SECPREF_READ_NETWORK
XSLT_SECPREF_WRITE_NETWORK

Definition at line 37 of file security.h.

             {
    XSLT_SECPREF_READ_FILE = 1,
    XSLT_SECPREF_WRITE_FILE,
    XSLT_SECPREF_CREATE_DIRECTORY,
    XSLT_SECPREF_READ_NETWORK,
    XSLT_SECPREF_WRITE_NETWORK
} xsltSecurityOption;

Function Documentation

xsltCheckRead()

XSLTPUBFUN int XSLTCALL xsltCheckRead	(	xsltSecurityPrefsPtr	sec,
		xsltTransformContextPtr	ctxt,
		const xmlChar *	URL
	)

xsltCheckRead: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be read

Check if the resource is allowed to be read

Return 1 if read is allowed, 0 if not and -1 in case or error.

Definition at line 419 of file security.c.

                                                            {
    int ret;
    xmlURIPtr uri;
    xsltSecurityCheck check;
 
    if (xmlStrstr(URL, BAD_CAST "://") == NULL) {
    check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_FILE);
    if (check != NULL) {
            ret = check(sec, ctxt, (const char *) URL);
            if (ret == 0) {
                xsltTransformError(ctxt, NULL, NULL,
                             "Local file read for %s refused\n", URL);
                return(0);
            }
        }
        return(1);
    }
 
    uri = xmlParseURI((const char *)URL);
    if (uri == NULL) {
    xsltTransformError(ctxt, NULL, NULL,
     "xsltCheckRead: URL parsing failed for %s\n",
             URL);
    return(-1);
    }
    if ((uri->scheme == NULL) ||
    (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
 
    /*
     * Check if we are allowed to read this file
     */
    check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_FILE);
    if (check != NULL) {
        ret = check(sec, ctxt, uri->path);
        if (ret == 0) {
        xsltTransformError(ctxt, NULL, NULL,
                 "Local file read for %s refused\n", URL);
        xmlFreeURI(uri);
        return(0);
        }
    }
    } else {
    /*
     * Check if we are allowed to write this network resource
     */
    check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_NETWORK);
    if (check != NULL) {
        ret = check(sec, ctxt, (const char *)URL);
        if (ret == 0) {
        xsltTransformError(ctxt, NULL, NULL,
                 "Network file read for %s refused\n", URL);
        xmlFreeURI(uri);
        return(0);
        }
    }
    }
    xmlFreeURI(uri);
    return(1);
}

Referenced by xsltLoadDocument(), xsltLoadStyleDocument(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

xsltCheckWrite()

XSLTPUBFUN int XSLTCALL xsltCheckWrite	(	xsltSecurityPrefsPtr	sec,
		xsltTransformContextPtr	ctxt,
		const xmlChar *	URL
	)

xsltCheckWrite: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be written

Check if the resource is allowed to be written, if necessary makes some preliminary work like creating directories

Return 1 if write is allowed, 0 if not and -1 in case or error.

Definition at line 352 of file security.c.

                                                             {
    int ret;
    xmlURIPtr uri;
    xsltSecurityCheck check;
 
    uri = xmlParseURI((const char *)URL);
    if (uri == NULL) {
        uri = xmlCreateURI();
    if (uri == NULL) {
        xsltTransformError(ctxt, NULL, NULL,
         "xsltCheckWrite: out of memory for %s\n", URL);
        return(-1);
    }
    uri->path = (char *)xmlStrdup(URL);
    }
    if ((uri->scheme == NULL) ||
    (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
 
#if defined(_WIN32)
        if ((uri->path)&&(uri->path[0]=='/')&&
            (uri->path[1]!='\0')&&(uri->path[2]==':'))
            ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
        else
#endif
        {
            /*
             * Check if we are allowed to write this file
             */
        ret = xsltCheckWritePath(sec, ctxt, uri->path);
        }
 
    if (ret <= 0) {
        xmlFreeURI(uri);
        return(ret);
    }
    } else {
    /*
     * Check if we are allowed to write this network resource
     */
    check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_NETWORK);
    if (check != NULL) {
        ret = check(sec, ctxt, (const char *)URL);
        if (ret == 0) {
        xsltTransformError(ctxt, NULL, NULL,
                 "File write for %s refused\n", URL);
        xmlFreeURI(uri);
        return(0);
        }
    }
    }
    xmlFreeURI(uri);
    return(1);
}

Referenced by xsltApplyStylesheetInternal(), and xsltDocumentElem().

xsltFreeSecurityPrefs()

XSLTPUBFUN void XSLTCALL xsltFreeSecurityPrefs

(

xsltSecurityPrefsPtr

sec

)

xsltFreeSecurityPrefs: @sec: the security block to free

Free up a security preference block

Definition at line 95 of file security.c.

                                                {
    if (sec == NULL)
    return;
    xmlFree(sec);
}

xsltGetDefaultSecurityPrefs()

XSLTPUBFUN xsltSecurityPrefsPtr XSLTCALL xsltGetDefaultSecurityPrefs

(

void

)

xsltGetDefaultSecurityPrefs:

Get the default security preference application-wide

Returns the current xsltSecurityPrefsPtr in use or NULL if none

Definition at line 180 of file security.c.

                                  {
    return(xsltDefaultSecurityPrefs);
}

Referenced by xsltLoadStyleDocument(), xsltNewTransformContext(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

xsltGetSecurityPrefs()

XSLTPUBFUN xsltSecurityCheck XSLTCALL xsltGetSecurityPrefs	(	xsltSecurityPrefsPtr	sec,
		xsltSecurityOption	option
	)

xsltGetSecurityPrefs: @sec: the security block to update @option: the option to lookup

Lookup the security option to get the callback checking function

Returns NULL if not found, the function otherwise

Definition at line 142 of file security.c.

                                                                          {
    if (sec == NULL)
    return(NULL);
    switch (option) {
        case XSLT_SECPREF_READ_FILE:
            return(sec->readFile);
        case XSLT_SECPREF_WRITE_FILE:
            return(sec->createFile);
        case XSLT_SECPREF_CREATE_DIRECTORY:
            return(sec->createDir);
        case XSLT_SECPREF_READ_NETWORK:
            return(sec->readNet);
        case XSLT_SECPREF_WRITE_NETWORK:
            return(sec->writeNet);
    }
    return(NULL);
}

Referenced by xsltCheckRead(), xsltCheckWrite(), and xsltCheckWritePath().

xsltNewSecurityPrefs()

XSLTPUBFUN xsltSecurityPrefsPtr XSLTCALL xsltNewSecurityPrefs

(

void

)

xsltNewSecurityPrefs:

Create a new security preference block

Returns a pointer to the new block or NULL in case of error

Definition at line 73 of file security.c.

                           {
    xsltSecurityPrefsPtr ret;
 
    xsltInitGlobals();
 
    ret = (xsltSecurityPrefsPtr) xmlMalloc(sizeof(xsltSecurityPrefs));
    if (ret == NULL) {
    xsltTransformError(NULL, NULL, NULL,
        "xsltNewSecurityPrefs : malloc failed\n");
    return(NULL);
    }
    memset(ret, 0, sizeof(xsltSecurityPrefs));
    return(ret);
}

xsltSecurityAllow()

XSLTPUBFUN int XSLTCALL xsltSecurityAllow	(	xsltSecurityPrefsPtr	sec,
		xsltTransformContextPtr	ctxt,
		const char *	value
	)

xsltSecurityForbid()

XSLTPUBFUN int XSLTCALL xsltSecurityForbid	(	xsltSecurityPrefsPtr	sec,
		xsltTransformContextPtr	ctxt,
		const char *	value
	)

xsltSetCtxtSecurityPrefs()

XSLTPUBFUN int XSLTCALL xsltSetCtxtSecurityPrefs	(	xsltSecurityPrefsPtr	sec,
		xsltTransformContextPtr	ctxt
	)

xsltSetCtxtSecurityPrefs: @sec: the security block to use @ctxt: an XSLT transformation context

Set the security preference for a specific transformation

Returns -1 in case of error, 0 otherwise

Definition at line 194 of file security.c.

                                                   {
    if (ctxt == NULL)
    return(-1);
    ctxt->sec = (void *) sec;
    return(0);
}

xsltSetDefaultSecurityPrefs()

XSLTPUBFUN void XSLTCALL xsltSetDefaultSecurityPrefs

(

xsltSecurityPrefsPtr

sec

)

xsltSetDefaultSecurityPrefs: @sec: the security block to use

Set the default security preference application-wide

Definition at line 167 of file security.c.

                                                      {
 
    xsltDefaultSecurityPrefs = sec;
}

xsltSetSecurityPrefs()

XSLTPUBFUN int XSLTCALL xsltSetSecurityPrefs	(	xsltSecurityPrefsPtr	sec,
		xsltSecurityOption	option,
		xsltSecurityCheck	func
	)

xsltSetSecurityPrefs: @sec: the security block to update @option: the option to update @func: the user callback to use for this option

Update the security option to use the new callback checking function

Returns -1 in case of error, 0 otherwise

Definition at line 112 of file security.c.

                                             {
    xsltInitGlobals();
    if (sec == NULL)
    return(-1);
    switch (option) {
        case XSLT_SECPREF_READ_FILE:
            sec->readFile = func; return(0);
        case XSLT_SECPREF_WRITE_FILE:
            sec->createFile = func; return(0);
        case XSLT_SECPREF_CREATE_DIRECTORY:
            sec->createDir = func; return(0);
        case XSLT_SECPREF_READ_NETWORK:
            sec->readNet = func; return(0);
        case XSLT_SECPREF_WRITE_NETWORK:
            sec->writeNet = func; return(0);
    }
    return(-1);
}