ReactOS 0.4.15-dev-7924-g5949c20
Classes | Functions | Variables
security.c File Reference
#include "precomp.h"
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _xsltSecurityPrefs
 

Functions

xsltSecurityPrefsPtr xsltNewSecurityPrefs (void)
 
void xsltFreeSecurityPrefs (xsltSecurityPrefsPtr sec)
 
int xsltSetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
 
xsltSecurityCheck xsltGetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option)
 
void xsltSetDefaultSecurityPrefs (xsltSecurityPrefsPtr sec)
 
xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs (void)
 
int xsltSetCtxtSecurityPrefs (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
 
int xsltSecurityAllow (xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
 
int xsltSecurityForbid (xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
 
static int xsltCheckFilename (const char *path)
 
static int xsltCheckWritePath (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
 
int xsltCheckWrite (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
 
int xsltCheckRead (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
 

Variables

static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL
 

Function Documentation

◆ xsltCheckFilename()

static int xsltCheckFilename ( const char path)
static

xsltCheckFilename @path: the path to check

function checks to see if @path is a valid source (file, socket...) for XML.

TODO: remove at some point !!! Local copy of xmlCheckFilename to avoid a hard dependency on a new version of libxml2

if stat is not available on the target machine, returns 1. if stat fails, returns 0 (if calling stat on the filename fails, it can't be right). if stat succeeds and the file is a directory, returns 2. otherwise returns 1.

Definition at line 245 of file security.c.

246{
247#ifdef HAVE_STAT
248 struct stat stat_buffer;
249#if defined(_WIN32)
250 DWORD dwAttrs;
251
252 dwAttrs = GetFileAttributesA(path);
253 if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
254 if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
255 return 2;
256 }
257 }
258#endif
259
260 if (stat(path, &stat_buffer) == -1)
261 return 0;
262
263#ifdef S_ISDIR
264 if (S_ISDIR(stat_buffer.st_mode)) {
265 return 2;
266 }
267#endif
268#endif
269 return 1;
270}
stat
#define stat
Definition: acwin.h:99
S_ISDIR
#define S_ISDIR(mode)
Definition: various.h:18
GetFileAttributesA
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:636
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
FILE_ATTRIBUTE_DIRECTORY
#define FILE_ATTRIBUTE_DIRECTORY
Definition: nt_native.h:705
stat
Definition: stat.h:55
INVALID_FILE_ATTRIBUTES
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23

Referenced by xsltCheckWritePath().

◆ xsltCheckRead()

int xsltCheckRead ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const xmlChar URL 
)

xsltCheckRead: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be read

Check if the resource is allowed to be read

Return 1 if read is allowed, 0 if not and -1 in case or error.

Definition at line 402 of file security.c.

403 {
404 int ret;
405 xmlURIPtr uri;
406 xsltSecurityCheck check;
407
408 uri = xmlParseURI((const char *)URL);
409 if (uri == NULL) {
410 xsltTransformError(ctxt, NULL, NULL,
411 "xsltCheckRead: URL parsing failed for %s\n",
412 URL);
413 return(-1);
414 }
415 if ((uri->scheme == NULL) ||
416 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
417
418 /*
419 * Check if we are allowed to read this file
420 */
421 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_FILE);
422 if (check != NULL) {
423 ret = check(sec, ctxt, uri->path);
424 if (ret == 0) {
425 xsltTransformError(ctxt, NULL, NULL,
426 "Local file read for %s refused\n", URL);
427 xmlFreeURI(uri);
428 return(0);
429 }
430 }
431 } else {
432 /*
433 * Check if we are allowed to write this network resource
434 */
435 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_NETWORK);
436 if (check != NULL) {
437 ret = check(sec, ctxt, (const char *)URL);
438 if (ret == 0) {
439 xsltTransformError(ctxt, NULL, NULL,
440 "Network file read for %s refused\n", URL);
441 xmlFreeURI(uri);
442 return(0);
443 }
444 }
445 }
446 xmlFreeURI(uri);
447 return(1);
448}
NULL
#define NULL
Definition: types.h:112
xsltGetSecurityPrefs
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
xsltSecurityCheck
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
XSLT_SECPREF_READ_NETWORK
@ XSLT_SECPREF_READ_NETWORK
Definition: security.h:41
XSLT_SECPREF_READ_FILE
@ XSLT_SECPREF_READ_FILE
Definition: security.h:38
check
#define check(expected, result)
Definition: dplayx.c:32
uri
const char * uri
Definition: sec_mgr.c:1588
_xmlURI
Definition: uri.h:33
xmlParseURI
XMLPUBFUN xmlURIPtr XMLCALL xmlParseURI(const char *str)
Definition: uri.c:940
xmlFreeURI
XMLPUBFUN void XMLCALL xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1387
ret
int ret
Definition: wcstombs-tests.c:31
BAD_CAST
#define BAD_CAST
Definition: xmlstring.h:35
xmlStrEqual
XMLPUBFUN int XMLCALL xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:160
xsltTransformError
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678

Referenced by xsltLoadDocument(), xsltLoadStyleDocument(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

◆ xsltCheckWrite()

int xsltCheckWrite ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const xmlChar URL 
)

xsltCheckWrite: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be written

Check if the resource is allowed to be written, if necessary makes some preliminary work like creating directories

Return 1 if write is allowed, 0 if not and -1 in case or error.

Definition at line 335 of file security.c.

336 {
337 int ret;
338 xmlURIPtr uri;
339 xsltSecurityCheck check;
340
341 uri = xmlParseURI((const char *)URL);
342 if (uri == NULL) {
343 uri = xmlCreateURI();
344 if (uri == NULL) {
345 xsltTransformError(ctxt, NULL, NULL,
346 "xsltCheckWrite: out of memory for %s\n", URL);
347 return(-1);
348 }
349 uri->path = (char *)xmlStrdup(URL);
350 }
351 if ((uri->scheme == NULL) ||
352 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
353
354#if defined(_WIN32)
355 if ((uri->path)&&(uri->path[0]=='/')&&
356 (uri->path[1]!='\0')&&(uri->path[2]==':'))
357 ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
358 else
359#endif
360 {
361 /*
362 * Check if we are allowed to write this file
363 */
364 ret = xsltCheckWritePath(sec, ctxt, uri->path);
365 }
366
367 if (ret <= 0) {
368 xmlFreeURI(uri);
369 return(ret);
370 }
371 } else {
372 /*
373 * Check if we are allowed to write this network resource
374 */
375 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_NETWORK);
376 if (check != NULL) {
377 ret = check(sec, ctxt, (const char *)URL);
378 if (ret == 0) {
379 xsltTransformError(ctxt, NULL, NULL,
380 "File write for %s refused\n", URL);
381 xmlFreeURI(uri);
382 return(0);
383 }
384 }
385 }
386 xmlFreeURI(uri);
387 return(1);
388}
xsltCheckWritePath
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:273
XSLT_SECPREF_WRITE_NETWORK
@ XSLT_SECPREF_WRITE_NETWORK
Definition: security.h:42
xmlCreateURI
XMLPUBFUN xmlURIPtr XMLCALL xmlCreateURI(void)
Definition: uri.c:1020
xmlStrdup
XMLPUBFUN xmlChar *XMLCALL xmlStrdup(const xmlChar *cur)
Definition: xmlstring.c:67

Referenced by xsltApplyStylesheetInternal(), and xsltDocumentElem().

◆ xsltCheckWritePath()

static int xsltCheckWritePath ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const char path 
)
static

Definition at line 273 of file security.c.

276{
277 int ret;
278 xsltSecurityCheck check;
279 char *directory;
280
281 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_FILE);
282 if (check != NULL) {
283 ret = check(sec, ctxt, path);
284 if (ret == 0) {
285 xsltTransformError(ctxt, NULL, NULL,
286 "File write for %s refused\n", path);
287 return(0);
288 }
289 }
290
291 directory = xmlParserGetDirectory (path);
292
293 if (directory != NULL) {
294 ret = xsltCheckFilename(directory);
295 if (ret == 0) {
296 /*
297 * The directory doesn't exist check for creation
298 */
299 check = xsltGetSecurityPrefs(sec,
300 XSLT_SECPREF_CREATE_DIRECTORY);
301 if (check != NULL) {
302 ret = check(sec, ctxt, directory);
303 if (ret == 0) {
304 xsltTransformError(ctxt, NULL, NULL,
305 "Directory creation for %s refused\n",
306 path);
307 xmlFree(directory);
308 return(0);
309 }
310 }
311 ret = xsltCheckWritePath(sec, ctxt, directory);
312 if (ret == 1)
313 ret = mkdir(directory, 0755);
314 }
315 xmlFree(directory);
316 if (ret < 0)
317 return(ret);
318 }
319
320 return(1);
321}
mkdir
#define mkdir
Definition: acwin.h:101
xsltCheckFilename
static int xsltCheckFilename(const char *path)
Definition: security.c:245
XSLT_SECPREF_CREATE_DIRECTORY
@ XSLT_SECPREF_CREATE_DIRECTORY
Definition: security.h:40
XSLT_SECPREF_WRITE_FILE
@ XSLT_SECPREF_WRITE_FILE
Definition: security.h:39
xmlFree
XMLPUBVAR xmlFreeFunc xmlFree
Definition: globals.h:251
xmlParserGetDirectory
XMLPUBFUN char *XMLCALL xmlParserGetDirectory(const char *filename)

Referenced by xsltCheckWrite(), and xsltCheckWritePath().

◆ xsltFreeSecurityPrefs()

void xsltFreeSecurityPrefs ( xsltSecurityPrefsPtr  sec)

xsltFreeSecurityPrefs: @sec: the security block to free

Free up a security preference block

Definition at line 78 of file security.c.

78 {
79 if (sec == NULL)
80 return;
81 xmlFree(sec);
82}

◆ xsltGetDefaultSecurityPrefs()

xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs ( void  )

xsltGetDefaultSecurityPrefs:

Get the default security preference application-wide

Returns the current xsltSecurityPrefsPtr in use or NULL if none

Definition at line 163 of file security.c.

163 {
164 return(xsltDefaultSecurityPrefs);
165}
xsltDefaultSecurityPrefs
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:40

Referenced by xsltLoadStyleDocument(), xsltNewTransformContext(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

◆ xsltGetSecurityPrefs()

xsltSecurityCheck xsltGetSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltSecurityOption  option 
)

xsltGetSecurityPrefs: @sec: the security block to update @option: the option to lookup

Lookup the security option to get the callback checking function

Returns NULL if not found, the function otherwise

Definition at line 125 of file security.c.

125 {
126 if (sec == NULL)
127 return(NULL);
128 switch (option) {
129 case XSLT_SECPREF_READ_FILE:
130 return(sec->readFile);
131 case XSLT_SECPREF_WRITE_FILE:
132 return(sec->createFile);
133 case XSLT_SECPREF_CREATE_DIRECTORY:
134 return(sec->createDir);
135 case XSLT_SECPREF_READ_NETWORK:
136 return(sec->readNet);
137 case XSLT_SECPREF_WRITE_NETWORK:
138 return(sec->writeNet);
139 }
140 return(NULL);
141}
_xsltSecurityPrefs::readFile
xsltSecurityCheck readFile
Definition: security.c:33
_xsltSecurityPrefs::createFile
xsltSecurityCheck createFile
Definition: security.c:34
_xsltSecurityPrefs::createDir
xsltSecurityCheck createDir
Definition: security.c:35
_xsltSecurityPrefs::readNet
xsltSecurityCheck readNet
Definition: security.c:36
_xsltSecurityPrefs::writeNet
xsltSecurityCheck writeNet
Definition: security.c:37
option
Definition: getopt.h:109

Referenced by xsltCheckRead(), xsltCheckWrite(), and xsltCheckWritePath().

◆ xsltNewSecurityPrefs()

xsltSecurityPrefsPtr xsltNewSecurityPrefs ( void  )

xsltNewSecurityPrefs:

Create a new security preference block

Returns a pointer to the new block or NULL in case of error

Definition at line 56 of file security.c.

56 {
57 xsltSecurityPrefsPtr ret;
58
59 xsltInitGlobals();
60
61 ret = (xsltSecurityPrefsPtr) xmlMalloc(sizeof(xsltSecurityPrefs));
62 if (ret == NULL) {
63 xsltTransformError(NULL, NULL, NULL,
64 "xsltNewSecurityPrefs : malloc failed\n");
65 return(NULL);
66 }
67 memset(ret, 0, sizeof(xsltSecurityPrefs));
68 return(ret);
69}
xsltInitGlobals
void xsltInitGlobals(void)
Definition: extensions.c:2257
xsltSecurityPrefsPtr
xsltSecurityPrefs * xsltSecurityPrefsPtr
Definition: security.h:30
xmlMalloc
XMLPUBVAR xmlMallocFunc xmlMalloc
Definition: globals.h:248
memset
#define memset(x, y, z)
Definition: compat.h:39
_xsltSecurityPrefs
Definition: security.c:32

◆ xsltSecurityAllow()

int xsltSecurityAllow ( xsltSecurityPrefsPtr sec  ATTRIBUTE_UNUSED,
xsltTransformContextPtr ctxt  ATTRIBUTE_UNUSED,
const char *value  ATTRIBUTE_UNUSED 
)

xsltSecurityAllow: @sec: the security block to use @ctxt: an XSLT transformation context @value: unused

Function used to always allow an operation

Returns 1 always

Definition at line 197 of file security.c.

199 {
200 return(1);
201}

◆ xsltSecurityForbid()

int xsltSecurityForbid ( xsltSecurityPrefsPtr sec  ATTRIBUTE_UNUSED,
xsltTransformContextPtr ctxt  ATTRIBUTE_UNUSED,
const char *value  ATTRIBUTE_UNUSED 
)

xsltSecurityForbid: @sec: the security block to use @ctxt: an XSLT transformation context @value: unused

Function used to always forbid an operation

Returns 0 always

Definition at line 214 of file security.c.

216 {
217 return(0);
218}

◆ xsltSetCtxtSecurityPrefs()

int xsltSetCtxtSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt 
)

xsltSetCtxtSecurityPrefs: @sec: the security block to use @ctxt: an XSLT transformation context

Set the security preference for a specific transformation

Returns -1 in case of error, 0 otherwise

Definition at line 177 of file security.c.

178 {
179 if (ctxt == NULL)
180 return(-1);
181 ctxt->sec = (void *) sec;
182 return(0);
183}
_xsltTransformContext::sec
void * sec
Definition: xsltInternals.h:1734

◆ xsltSetDefaultSecurityPrefs()

void xsltSetDefaultSecurityPrefs ( xsltSecurityPrefsPtr  sec)

xsltSetDefaultSecurityPrefs: @sec: the security block to use

Set the default security preference application-wide

Definition at line 150 of file security.c.

150 {
151
152 xsltDefaultSecurityPrefs = sec;
153}

◆ xsltSetSecurityPrefs()

int xsltSetSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltSecurityOption  option,
xsltSecurityCheck  func 
)

xsltSetSecurityPrefs: @sec: the security block to update @option: the option to update @func: the user callback to use for this option

Update the security option to use the new callback checking function

Returns -1 in case of error, 0 otherwise

Definition at line 95 of file security.c.

96 {
97 xsltInitGlobals();
98 if (sec == NULL)
99 return(-1);
100 switch (option) {
101 case XSLT_SECPREF_READ_FILE:
102 sec->readFile = func; return(0);
103 case XSLT_SECPREF_WRITE_FILE:
104 sec->createFile = func; return(0);
105 case XSLT_SECPREF_CREATE_DIRECTORY:
106 sec->createDir = func; return(0);
107 case XSLT_SECPREF_READ_NETWORK:
108 sec->readNet = func; return(0);
109 case XSLT_SECPREF_WRITE_NETWORK:
110 sec->writeNet = func; return(0);
111 }
112 return(-1);
113}
func
GLenum func
Definition: glext.h:6028

Variable Documentation

◆ xsltDefaultSecurityPrefs

xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL
static

Definition at line 40 of file security.c.

Referenced by xsltGetDefaultSecurityPrefs(), and xsltSetDefaultSecurityPrefs().