ReactOS 0.4.16-dev-306-g647d351
security.c File Reference
#include "precomp.h"
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _xsltSecurityPrefs
 

Functions

xsltSecurityPrefsPtr xsltNewSecurityPrefs (void)
 
void xsltFreeSecurityPrefs (xsltSecurityPrefsPtr sec)
 
int xsltSetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
 
xsltSecurityCheck xsltGetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option)
 
void xsltSetDefaultSecurityPrefs (xsltSecurityPrefsPtr sec)
 
xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs (void)
 
int xsltSetCtxtSecurityPrefs (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
 
int xsltSecurityAllow (xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
 
int xsltSecurityForbid (xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
 
static int xsltCheckFilename (const char *path)
 
static int xsltCheckWritePath (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
 
int xsltCheckWrite (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
 
int xsltCheckRead (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
 

Variables

static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL
 

Function Documentation

◆ xsltCheckFilename()

static int xsltCheckFilename ( const char path)
static

xsltCheckFilename @path: the path to check

function checks to see if @path is a valid source (file, socket...) for XML.

TODO: remove at some point !!! Local copy of xmlCheckFilename to avoid a hard dependency on a new version of libxml2

if stat is not available on the target machine, returns 1. if stat fails, returns 0 (if calling stat on the filename fails, it can't be right). if stat succeeds and the file is a directory, returns 2. otherwise returns 1.

Definition at line 245 of file security.c.

246{
247#ifdef HAVE_STAT
248 struct stat stat_buffer;
249#if defined(_WIN32)
250 DWORD dwAttrs;
251
252 dwAttrs = GetFileAttributesA(path);
253 if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
254 if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
255 return 2;
256 }
257 }
258#endif
259
260 if (stat(path, &stat_buffer) == -1)
261 return 0;
262
263#ifdef S_ISDIR
264 if (S_ISDIR(stat_buffer.st_mode)) {
265 return 2;
266 }
267#endif
268#endif
269 return 1;
270}
#define stat
Definition: acwin.h:99
#define S_ISDIR(mode)
Definition: various.h:18
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:636
unsigned long DWORD
Definition: ntddk_ex.h:95
#define FILE_ATTRIBUTE_DIRECTORY
Definition: nt_native.h:705
Definition: stat.h:55
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23

Referenced by xsltCheckWritePath().

◆ xsltCheckRead()

int xsltCheckRead ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const xmlChar URL 
)

xsltCheckRead: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be read

Check if the resource is allowed to be read

Return 1 if read is allowed, 0 if not and -1 in case or error.

Definition at line 402 of file security.c.

403 {
404 int ret;
407
408 uri = xmlParseURI((const char *)URL);
409 if (uri == NULL) {
411 "xsltCheckRead: URL parsing failed for %s\n",
412 URL);
413 return(-1);
414 }
415 if ((uri->scheme == NULL) ||
416 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
417
418 /*
419 * Check if we are allowed to read this file
420 */
422 if (check != NULL) {
423 ret = check(sec, ctxt, uri->path);
424 if (ret == 0) {
426 "Local file read for %s refused\n", URL);
428 return(0);
429 }
430 }
431 } else {
432 /*
433 * Check if we are allowed to write this network resource
434 */
436 if (check != NULL) {
437 ret = check(sec, ctxt, (const char *)URL);
438 if (ret == 0) {
440 "Network file read for %s refused\n", URL);
442 return(0);
443 }
444 }
445 }
447 return(1);
448}
#define NULL
Definition: types.h:112
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
@ XSLT_SECPREF_READ_NETWORK
Definition: security.h:41
@ XSLT_SECPREF_READ_FILE
Definition: security.h:38
#define check(expected, result)
Definition: dplayx.c:32
const char * uri
Definition: sec_mgr.c:1588
Definition: uri.h:33
XMLPUBFUN xmlURIPtr XMLCALL xmlParseURI(const char *str)
Definition: uri.c:940
XMLPUBFUN void XMLCALL xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1387
int ret
#define BAD_CAST
Definition: xmlstring.h:35
XMLPUBFUN int XMLCALL xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:160
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678

Referenced by xsltLoadDocument(), xsltLoadStyleDocument(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

◆ xsltCheckWrite()

int xsltCheckWrite ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const xmlChar URL 
)

xsltCheckWrite: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be written

Check if the resource is allowed to be written, if necessary makes some preliminary work like creating directories

Return 1 if write is allowed, 0 if not and -1 in case or error.

Definition at line 335 of file security.c.

336 {
337 int ret;
340
341 uri = xmlParseURI((const char *)URL);
342 if (uri == NULL) {
343 uri = xmlCreateURI();
344 if (uri == NULL) {
346 "xsltCheckWrite: out of memory for %s\n", URL);
347 return(-1);
348 }
349 uri->path = (char *)xmlStrdup(URL);
350 }
351 if ((uri->scheme == NULL) ||
352 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
353
354#if defined(_WIN32)
355 if ((uri->path)&&(uri->path[0]=='/')&&
356 (uri->path[1]!='\0')&&(uri->path[2]==':'))
357 ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
358 else
359#endif
360 {
361 /*
362 * Check if we are allowed to write this file
363 */
364 ret = xsltCheckWritePath(sec, ctxt, uri->path);
365 }
366
367 if (ret <= 0) {
369 return(ret);
370 }
371 } else {
372 /*
373 * Check if we are allowed to write this network resource
374 */
376 if (check != NULL) {
377 ret = check(sec, ctxt, (const char *)URL);
378 if (ret == 0) {
380 "File write for %s refused\n", URL);
382 return(0);
383 }
384 }
385 }
387 return(1);
388}
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:273
@ XSLT_SECPREF_WRITE_NETWORK
Definition: security.h:42
XMLPUBFUN xmlURIPtr XMLCALL xmlCreateURI(void)
Definition: uri.c:1020
XMLPUBFUN xmlChar *XMLCALL xmlStrdup(const xmlChar *cur)
Definition: xmlstring.c:67

Referenced by xsltApplyStylesheetInternal(), and xsltDocumentElem().

◆ xsltCheckWritePath()

static int xsltCheckWritePath ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const char path 
)
static

Definition at line 273 of file security.c.

276{
277 int ret;
279 char *directory;
280
282 if (check != NULL) {
283 ret = check(sec, ctxt, path);
284 if (ret == 0) {
286 "File write for %s refused\n", path);
287 return(0);
288 }
289 }
290
292
293 if (directory != NULL) {
295 if (ret == 0) {
296 /*
297 * The directory doesn't exist check for creation
298 */
301 if (check != NULL) {
302 ret = check(sec, ctxt, directory);
303 if (ret == 0) {
305 "Directory creation for %s refused\n",
306 path);
308 return(0);
309 }
310 }
311 ret = xsltCheckWritePath(sec, ctxt, directory);
312 if (ret == 1)
313 ret = mkdir(directory, 0755);
314 }
316 if (ret < 0)
317 return(ret);
318 }
319
320 return(1);
321}
#define mkdir
Definition: acwin.h:101
static int xsltCheckFilename(const char *path)
Definition: security.c:245
@ XSLT_SECPREF_CREATE_DIRECTORY
Definition: security.h:40
@ XSLT_SECPREF_WRITE_FILE
Definition: security.h:39
XMLPUBVAR xmlFreeFunc xmlFree
Definition: globals.h:251
XMLPUBFUN char *XMLCALL xmlParserGetDirectory(const char *filename)

Referenced by xsltCheckWrite(), and xsltCheckWritePath().

◆ xsltFreeSecurityPrefs()

void xsltFreeSecurityPrefs ( xsltSecurityPrefsPtr  sec)

xsltFreeSecurityPrefs: @sec: the security block to free

Free up a security preference block

Definition at line 78 of file security.c.

78 {
79 if (sec == NULL)
80 return;
81 xmlFree(sec);
82}

◆ xsltGetDefaultSecurityPrefs()

xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs ( void  )

xsltGetDefaultSecurityPrefs:

Get the default security preference application-wide

Returns the current xsltSecurityPrefsPtr in use or NULL if none

Definition at line 163 of file security.c.

163 {
165}
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:40

Referenced by xsltLoadStyleDocument(), xsltNewTransformContext(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

◆ xsltGetSecurityPrefs()

xsltSecurityCheck xsltGetSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltSecurityOption  option 
)

xsltGetSecurityPrefs: @sec: the security block to update @option: the option to lookup

Lookup the security option to get the callback checking function

Returns NULL if not found, the function otherwise

Definition at line 125 of file security.c.

125 {
126 if (sec == NULL)
127 return(NULL);
128 switch (option) {
130 return(sec->readFile);
132 return(sec->createFile);
134 return(sec->createDir);
136 return(sec->readNet);
138 return(sec->writeNet);
139 }
140 return(NULL);
141}
xsltSecurityCheck readFile
Definition: security.c:33
xsltSecurityCheck createFile
Definition: security.c:34
xsltSecurityCheck createDir
Definition: security.c:35
xsltSecurityCheck readNet
Definition: security.c:36
xsltSecurityCheck writeNet
Definition: security.c:37
Definition: getopt.h:109

Referenced by xsltCheckRead(), xsltCheckWrite(), and xsltCheckWritePath().

◆ xsltNewSecurityPrefs()

xsltSecurityPrefsPtr xsltNewSecurityPrefs ( void  )

xsltNewSecurityPrefs:

Create a new security preference block

Returns a pointer to the new block or NULL in case of error

Definition at line 56 of file security.c.

56 {
58
60
62 if (ret == NULL) {
64 "xsltNewSecurityPrefs : malloc failed\n");
65 return(NULL);
66 }
67 memset(ret, 0, sizeof(xsltSecurityPrefs));
68 return(ret);
69}
void xsltInitGlobals(void)
Definition: extensions.c:2257
xsltSecurityPrefs * xsltSecurityPrefsPtr
Definition: security.h:30
XMLPUBVAR xmlMallocFunc xmlMalloc
Definition: globals.h:248
#define memset(x, y, z)
Definition: compat.h:39

◆ xsltSecurityAllow()

int xsltSecurityAllow ( xsltSecurityPrefsPtr sec  ATTRIBUTE_UNUSED,
xsltTransformContextPtr ctxt  ATTRIBUTE_UNUSED,
const char *value  ATTRIBUTE_UNUSED 
)

xsltSecurityAllow: @sec: the security block to use @ctxt: an XSLT transformation context @value: unused

Function used to always allow an operation

Returns 1 always

Definition at line 197 of file security.c.

199 {
200 return(1);
201}

◆ xsltSecurityForbid()

int xsltSecurityForbid ( xsltSecurityPrefsPtr sec  ATTRIBUTE_UNUSED,
xsltTransformContextPtr ctxt  ATTRIBUTE_UNUSED,
const char *value  ATTRIBUTE_UNUSED 
)

xsltSecurityForbid: @sec: the security block to use @ctxt: an XSLT transformation context @value: unused

Function used to always forbid an operation

Returns 0 always

Definition at line 214 of file security.c.

216 {
217 return(0);
218}

◆ xsltSetCtxtSecurityPrefs()

int xsltSetCtxtSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt 
)

xsltSetCtxtSecurityPrefs: @sec: the security block to use @ctxt: an XSLT transformation context

Set the security preference for a specific transformation

Returns -1 in case of error, 0 otherwise

Definition at line 177 of file security.c.

178 {
179 if (ctxt == NULL)
180 return(-1);
181 ctxt->sec = (void *) sec;
182 return(0);
183}

◆ xsltSetDefaultSecurityPrefs()

void xsltSetDefaultSecurityPrefs ( xsltSecurityPrefsPtr  sec)

xsltSetDefaultSecurityPrefs: @sec: the security block to use

Set the default security preference application-wide

Definition at line 150 of file security.c.

150 {
151
153}

◆ xsltSetSecurityPrefs()

int xsltSetSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltSecurityOption  option,
xsltSecurityCheck  func 
)

xsltSetSecurityPrefs: @sec: the security block to update @option: the option to update @func: the user callback to use for this option

Update the security option to use the new callback checking function

Returns -1 in case of error, 0 otherwise

Definition at line 95 of file security.c.

96 {
98 if (sec == NULL)
99 return(-1);
100 switch (option) {
102 sec->readFile = func; return(0);
104 sec->createFile = func; return(0);
106 sec->createDir = func; return(0);
108 sec->readNet = func; return(0);
110 sec->writeNet = func; return(0);
111 }
112 return(-1);
113}
GLenum func
Definition: glext.h:6028

Variable Documentation

◆ xsltDefaultSecurityPrefs

xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL
static

Definition at line 40 of file security.c.

Referenced by xsltGetDefaultSecurityPrefs(), and xsltSetDefaultSecurityPrefs().