ReactOS  0.4.14-dev-606-g14ebc0b
security.c File Reference
#include "precomp.h"
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  _xsltSecurityPrefs
 

Functions

xsltSecurityPrefsPtr xsltNewSecurityPrefs (void)
 
void xsltFreeSecurityPrefs (xsltSecurityPrefsPtr sec)
 
int xsltSetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
 
xsltSecurityCheck xsltGetSecurityPrefs (xsltSecurityPrefsPtr sec, xsltSecurityOption option)
 
void xsltSetDefaultSecurityPrefs (xsltSecurityPrefsPtr sec)
 
xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs (void)
 
int xsltSetCtxtSecurityPrefs (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
 
int xsltSecurityAllow (xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
 
int xsltSecurityForbid (xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
 
static int xsltCheckFilename (const char *path)
 
static int xsltCheckWritePath (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
 
int xsltCheckWrite (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
 
int xsltCheckRead (xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
 

Variables

static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL
 

Function Documentation

◆ xsltCheckFilename()

static int xsltCheckFilename ( const char path)
static

xsltCheckFilename @path: the path to check

function checks to see if @path is a valid source (file, socket...) for XML.

TODO: remove at some point !!! Local copy of xmlCheckFilename to avoid a hard dependency on a new version of libxml2

if stat is not available on the target machine, returns 1. if stat fails, returns 0 (if calling stat on the filename fails, it can't be right). if stat succeeds and the file is a directory, returns 2. otherwise returns 1.

Definition at line 245 of file security.c.

246 {
247 #ifdef HAVE_STAT
248  struct stat stat_buffer;
249 #if defined(_WIN32) && !defined(__CYGWIN__)
250  DWORD dwAttrs;
251 
252  dwAttrs = GetFileAttributes(path);
253  if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
254  if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
255  return 2;
256  }
257  }
258 #endif
259 
260  if (stat(path, &stat_buffer) == -1)
261  return 0;
262 
263 #ifdef S_ISDIR
264  if (S_ISDIR(stat_buffer.st_mode)) {
265  return 2;
266  }
267 #endif
268 #endif
269  return 1;
270 }
#define FILE_ATTRIBUTE_DIRECTORY
Definition: nt_native.h:705
#define S_ISDIR(mode)
Definition: various.h:18
unsigned long DWORD
Definition: ntddk_ex.h:95
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
Definition: stat.h:55
#define GetFileAttributes
Definition: winbase.h:3649
_CRTIMP int __cdecl stat(const char *_Filename, struct stat *_Stat)
Definition: stat.h:345

Referenced by xsltCheckWritePath().

◆ xsltCheckRead()

int xsltCheckRead ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const xmlChar URL 
)

xsltCheckRead: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be read

Check if the resource is allowed to be read

Return 1 if read is allowed, 0 if not and -1 in case or error.

Definition at line 400 of file security.c.

401  {
402  int ret;
403  xmlURIPtr uri;
405 
406  uri = xmlParseURI((const char *)URL);
407  if (uri == NULL) {
409  "xsltCheckRead: URL parsing failed for %s\n",
410  URL);
411  return(-1);
412  }
413  if ((uri->scheme == NULL) ||
414  (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
415 
416  /*
417  * Check if we are allowed to read this file
418  */
420  if (check != NULL) {
421  ret = check(sec, ctxt, uri->path);
422  if (ret == 0) {
424  "Local file read for %s refused\n", URL);
425  xmlFreeURI(uri);
426  return(0);
427  }
428  }
429  } else {
430  /*
431  * Check if we are allowed to write this network resource
432  */
434  if (check != NULL) {
435  ret = check(sec, ctxt, (const char *)URL);
436  if (ret == 0) {
438  "Network file read for %s refused\n", URL);
439  xmlFreeURI(uri);
440  return(0);
441  }
442  }
443  }
444  xmlFreeURI(uri);
445  return(1);
446 }
const char * uri
Definition: sec_mgr.c:1594
XMLPUBFUN xmlURIPtr XMLCALL xmlParseURI(const char *str)
Definition: uri.c:932
smooth NULL
Definition: ftsmooth.c:416
#define BAD_CAST
Definition: xmlstring.h:35
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
void check(CONTEXT *pContext)
Definition: NtContinue.c:61
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
int ret
Definition: uri.h:33
XMLPUBFUN void XMLCALL xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1379
XMLPUBFUN int XMLCALL xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:157
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678

Referenced by xsltLoadDocument(), xsltLoadStyleDocument(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

◆ xsltCheckWrite()

int xsltCheckWrite ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const xmlChar URL 
)

xsltCheckWrite: @sec: the security options @ctxt: an XSLT transformation context @URL: the resource to be written

Check if the resource is allowed to be written, if necessary makes some preliminary work like creating directories

Return 1 if write is allowed, 0 if not and -1 in case or error.

Definition at line 335 of file security.c.

336  {
337  int ret;
338  xmlURIPtr uri;
340 
341  uri = xmlParseURI((const char *)URL);
342  if (uri == NULL) {
343  uri = xmlCreateURI();
344  if (uri == NULL) {
346  "xsltCheckWrite: out of memory for %s\n", URL);
347  return(-1);
348  }
349  uri->path = (char *)xmlStrdup(URL);
350  }
351  if ((uri->scheme == NULL) ||
352  (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
353 
354 #if defined(_WIN32) && !defined(__CYGWIN__)
355  if ((uri->path)&&(uri->path[0]=='/')&&
356  (uri->path[1]!='\0')&&(uri->path[2]==':'))
357  ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
358  else
359 #endif
360 
361  /*
362  * Check if we are allowed to write this file
363  */
364  ret = xsltCheckWritePath(sec, ctxt, uri->path);
365  if (ret <= 0) {
366  xmlFreeURI(uri);
367  return(ret);
368  }
369  } else {
370  /*
371  * Check if we are allowed to write this network resource
372  */
374  if (check != NULL) {
375  ret = check(sec, ctxt, (const char *)URL);
376  if (ret == 0) {
378  "File write for %s refused\n", URL);
379  xmlFreeURI(uri);
380  return(0);
381  }
382  }
383  }
384  xmlFreeURI(uri);
385  return(1);
386 }
const char * uri
Definition: sec_mgr.c:1594
XMLPUBFUN xmlURIPtr XMLCALL xmlParseURI(const char *str)
Definition: uri.c:932
smooth NULL
Definition: ftsmooth.c:416
#define BAD_CAST
Definition: xmlstring.h:35
XMLPUBFUN xmlURIPtr XMLCALL xmlCreateURI(void)
Definition: uri.c:1012
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:273
void check(CONTEXT *pContext)
Definition: NtContinue.c:61
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
int ret
Definition: uri.h:33
XMLPUBFUN void XMLCALL xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1379
XMLPUBFUN int XMLCALL xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:157
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678
XMLPUBFUN xmlChar *XMLCALL xmlStrdup(const xmlChar *cur)
Definition: xmlstring.c:66

Referenced by xsltApplyStylesheetInternal(), and xsltDocumentElem().

◆ xsltCheckWritePath()

static int xsltCheckWritePath ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt,
const char path 
)
static

Definition at line 273 of file security.c.

276 {
277  int ret;
279  char *directory;
280 
282  if (check != NULL) {
283  ret = check(sec, ctxt, path);
284  if (ret == 0) {
286  "File write for %s refused\n", path);
287  return(0);
288  }
289  }
290 
292 
293  if (directory != NULL) {
295  if (ret == 0) {
296  /*
297  * The directory doesn't exist check for creation
298  */
301  if (check != NULL) {
302  ret = check(sec, ctxt, directory);
303  if (ret == 0) {
305  "Directory creation for %s refused\n",
306  path);
308  return(0);
309  }
310  }
311  ret = xsltCheckWritePath(sec, ctxt, directory);
312  if (ret == 1)
313  ret = mkdir(directory, 0755);
314  }
316  if (ret < 0)
317  return(ret);
318  }
319 
320  return(1);
321 }
static int xsltCheckFilename(const char *path)
Definition: security.c:245
XMLPUBFUN char *XMLCALL xmlParserGetDirectory(const char *filename)
smooth NULL
Definition: ftsmooth.c:416
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:273
#define mkdir
Definition: acwin.h:101
XMLPUBVAR xmlFreeFunc xmlFree
Definition: globals.h:250
void check(CONTEXT *pContext)
Definition: NtContinue.c:61
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
int ret
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678

Referenced by xsltCheckWrite().

◆ xsltFreeSecurityPrefs()

void xsltFreeSecurityPrefs ( xsltSecurityPrefsPtr  sec)

xsltFreeSecurityPrefs: @sec: the security block to free

Free up a security preference block

Definition at line 78 of file security.c.

78  {
79  if (sec == NULL)
80  return;
81  xmlFree(sec);
82 }
smooth NULL
Definition: ftsmooth.c:416
XMLPUBVAR xmlFreeFunc xmlFree
Definition: globals.h:250

◆ xsltGetDefaultSecurityPrefs()

xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs ( void  )

xsltGetDefaultSecurityPrefs:

Get the default security preference application-wide

Returns the current xsltSecurityPrefsPtr in use or NULL if none

Definition at line 163 of file security.c.

163  {
164  return(xsltDefaultSecurityPrefs);
165 }
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:40

Referenced by xsltLoadStyleDocument(), xsltNewTransformContext(), xsltParseStylesheetFile(), and xsltParseStylesheetImport().

◆ xsltGetSecurityPrefs()

xsltSecurityCheck xsltGetSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltSecurityOption  option 
)

xsltGetSecurityPrefs: @sec: the security block to update @option: the option to lookup

Lookup the security option to get the callback checking function

Returns NULL if not found, the function otherwise

Definition at line 125 of file security.c.

125  {
126  if (sec == NULL)
127  return(NULL);
128  switch (option) {
130  return(sec->readFile);
132  return(sec->createFile);
134  return(sec->createDir);
136  return(sec->readNet);
138  return(sec->writeNet);
139  }
140  return(NULL);
141 }
xsltSecurityCheck readFile
Definition: security.c:33
smooth NULL
Definition: ftsmooth.c:416
Definition: getopt.h:108
xsltSecurityCheck createDir
Definition: security.c:35
xsltSecurityCheck readNet
Definition: security.c:36
xsltSecurityCheck createFile
Definition: security.c:34
xsltSecurityCheck writeNet
Definition: security.c:37

Referenced by xsltCheckRead(), xsltCheckWrite(), and xsltCheckWritePath().

◆ xsltNewSecurityPrefs()

xsltSecurityPrefsPtr xsltNewSecurityPrefs ( void  )

xsltNewSecurityPrefs:

Create a new security preference block

Returns a pointer to the new block or NULL in case of error

Definition at line 56 of file security.c.

56  {
58 
60 
62  if (ret == NULL) {
64  "xsltNewSecurityPrefs : malloc failed\n");
65  return(NULL);
66  }
67  memset(ret, 0, sizeof(xsltSecurityPrefs));
68  return(ret);
69 }
xsltSecurityPrefs * xsltSecurityPrefsPtr
Definition: security.h:30
smooth NULL
Definition: ftsmooth.c:416
int ret
XMLPUBVAR xmlMallocFunc xmlMalloc
Definition: globals.h:247
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678
void xsltInitGlobals(void)
Definition: extensions.c:2263
#define memset(x, y, z)
Definition: compat.h:39

◆ xsltSecurityAllow()

int xsltSecurityAllow ( xsltSecurityPrefsPtr sec  ATTRIBUTE_UNUSED,
xsltTransformContextPtr ctxt  ATTRIBUTE_UNUSED,
const char *value  ATTRIBUTE_UNUSED 
)

xsltSecurityAllow: @sec: the security block to use @ctxt: an XSLT transformation context @value: unused

Function used to always allow an operation

Returns 1 always

Definition at line 197 of file security.c.

199  {
200  return(1);
201 }

◆ xsltSecurityForbid()

int xsltSecurityForbid ( xsltSecurityPrefsPtr sec  ATTRIBUTE_UNUSED,
xsltTransformContextPtr ctxt  ATTRIBUTE_UNUSED,
const char *value  ATTRIBUTE_UNUSED 
)

xsltSecurityForbid: @sec: the security block to use @ctxt: an XSLT transformation context @value: unused

Function used to always forbid an operation

Returns 0 always

Definition at line 214 of file security.c.

216  {
217  return(0);
218 }

◆ xsltSetCtxtSecurityPrefs()

int xsltSetCtxtSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltTransformContextPtr  ctxt 
)

xsltSetCtxtSecurityPrefs: @sec: the security block to use @ctxt: an XSLT transformation context

Set the security preference for a specific transformation

Returns -1 in case of error, 0 otherwise

Definition at line 177 of file security.c.

178  {
179  if (ctxt == NULL)
180  return(-1);
181  ctxt->sec = (void *) sec;
182  return(0);
183 }
smooth NULL
Definition: ftsmooth.c:416

◆ xsltSetDefaultSecurityPrefs()

void xsltSetDefaultSecurityPrefs ( xsltSecurityPrefsPtr  sec)

xsltSetDefaultSecurityPrefs: @sec: the security block to use

Set the default security preference application-wide

Definition at line 150 of file security.c.

150  {
151 
153 }
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:40

◆ xsltSetSecurityPrefs()

int xsltSetSecurityPrefs ( xsltSecurityPrefsPtr  sec,
xsltSecurityOption  option,
xsltSecurityCheck  func 
)

xsltSetSecurityPrefs: @sec: the security block to update @option: the option to update @func: the user callback to use for this option

Update the security option to use the new callback checking function

Returns -1 in case of error, 0 otherwise

Definition at line 95 of file security.c.

96  {
98  if (sec == NULL)
99  return(-1);
100  switch (option) {
102  sec->readFile = func; return(0);
104  sec->createFile = func; return(0);
106  sec->createDir = func; return(0);
108  sec->readNet = func; return(0);
110  sec->writeNet = func; return(0);
111  }
112  return(-1);
113 }
GLenum func
Definition: glext.h:6028
xsltSecurityCheck readFile
Definition: security.c:33
smooth NULL
Definition: ftsmooth.c:416
Definition: getopt.h:108
xsltSecurityCheck createDir
Definition: security.c:35
xsltSecurityCheck readNet
Definition: security.c:36
xsltSecurityCheck createFile
Definition: security.c:34
xsltSecurityCheck writeNet
Definition: security.c:37
void xsltInitGlobals(void)
Definition: extensions.c:2263

Variable Documentation

◆ xsltDefaultSecurityPrefs

xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL
static

Definition at line 40 of file security.c.

Referenced by xsltGetDefaultSecurityPrefs(), and xsltSetDefaultSecurityPrefs().