ReactOS 0.4.16-dev-2208-g6350669
security.c
Go to the documentation of this file.
1/*
2 * security.c: Implementation of the XSLT security framework
3 *
4 * See Copyright for the status of this software.
5 *
6 * daniel@veillard.com
7 */
8
9#define IN_LIBXSLT
10#include "libxslt.h"
11
12#include <string.h>
13
14#ifdef HAVE_SYS_TYPES_H
15#include <sys/types.h>
16#endif
17#ifdef HAVE_SYS_STAT_H
18#include <sys/stat.h>
19#endif
20
21#if defined(_WIN32)
22#include <windows.h>
23#ifndef INVALID_FILE_ATTRIBUTES
24#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
25#endif
26#endif
27
28#ifndef HAVE_STAT
29# ifdef HAVE__STAT
30 /* MS C library seems to define stat and _stat. The definition
31 * is identical. Still, mapping them to each other causes a warning. */
32# ifndef _MSC_VER
33# define stat(x,y) _stat(x,y)
34# endif
35# define HAVE_STAT
36# endif
37#endif
38
39#include <libxml/xmlmemory.h>
40#include <libxml/parser.h>
41#include <libxml/uri.h>
42#include "xslt.h"
43#include "xsltInternals.h"
44#include "xsltutils.h"
45#include "extensions.h"
46#include "security.h"
47
48
49struct _xsltSecurityPrefs {
50 xsltSecurityCheck readFile;
51 xsltSecurityCheck createFile;
52 xsltSecurityCheck createDir;
53 xsltSecurityCheck readNet;
54 xsltSecurityCheck writeNet;
55};
56
57static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL;
58
59/************************************************************************
60 * *
61 * Module interfaces *
62 * *
63 ************************************************************************/
64
72xsltSecurityPrefsPtr
73xsltNewSecurityPrefs(void) {
74 xsltSecurityPrefsPtr ret;
75
76 xsltInitGlobals();
77
78 ret = (xsltSecurityPrefsPtr) xmlMalloc(sizeof(xsltSecurityPrefs));
79 if (ret == NULL) {
80 xsltTransformError(NULL, NULL, NULL,
81 "xsltNewSecurityPrefs : malloc failed\n");
82 return(NULL);
83 }
84 memset(ret, 0, sizeof(xsltSecurityPrefs));
85 return(ret);
86}
87
94void
95xsltFreeSecurityPrefs(xsltSecurityPrefsPtr sec) {
96 if (sec == NULL)
97 return;
98 xmlFree(sec);
99}
100
111int
112xsltSetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option,
113 xsltSecurityCheck func) {
114 xsltInitGlobals();
115 if (sec == NULL)
116 return(-1);
117 switch (option) {
118 case XSLT_SECPREF_READ_FILE:
119 sec->readFile = func; return(0);
120 case XSLT_SECPREF_WRITE_FILE:
121 sec->createFile = func; return(0);
122 case XSLT_SECPREF_CREATE_DIRECTORY:
123 sec->createDir = func; return(0);
124 case XSLT_SECPREF_READ_NETWORK:
125 sec->readNet = func; return(0);
126 case XSLT_SECPREF_WRITE_NETWORK:
127 sec->writeNet = func; return(0);
128 }
129 return(-1);
130}
131
141xsltSecurityCheck
142xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option) {
143 if (sec == NULL)
144 return(NULL);
145 switch (option) {
146 case XSLT_SECPREF_READ_FILE:
147 return(sec->readFile);
148 case XSLT_SECPREF_WRITE_FILE:
149 return(sec->createFile);
150 case XSLT_SECPREF_CREATE_DIRECTORY:
151 return(sec->createDir);
152 case XSLT_SECPREF_READ_NETWORK:
153 return(sec->readNet);
154 case XSLT_SECPREF_WRITE_NETWORK:
155 return(sec->writeNet);
156 }
157 return(NULL);
158}
159
166void
167xsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec) {
168
169 xsltDefaultSecurityPrefs = sec;
170}
171
179xsltSecurityPrefsPtr
180xsltGetDefaultSecurityPrefs(void) {
181 return(xsltDefaultSecurityPrefs);
182}
183
193int
194xsltSetCtxtSecurityPrefs(xsltSecurityPrefsPtr sec,
195 xsltTransformContextPtr ctxt) {
196 if (ctxt == NULL)
197 return(-1);
198 ctxt->sec = (void *) sec;
199 return(0);
200}
201
202
213int
214xsltSecurityAllow(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED,
215 xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED,
216 const char *value ATTRIBUTE_UNUSED) {
217 return(1);
218}
219
230int
231xsltSecurityForbid(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED,
232 xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED,
233 const char *value ATTRIBUTE_UNUSED) {
234 return(0);
235}
236
237/************************************************************************
238 * *
239 * Internal interfaces *
240 * *
241 ************************************************************************/
242
261static int
262xsltCheckFilename (const char *path)
263{
264#ifdef HAVE_STAT
265 struct stat stat_buffer;
266#if defined(_WIN32)
267 DWORD dwAttrs;
268
269 dwAttrs = GetFileAttributesA(path);
270 if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
271 if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
272 return 2;
273 }
274 }
275#endif
276
277 if (stat(path, &stat_buffer) == -1)
278 return 0;
279
280#ifdef S_ISDIR
281 if (S_ISDIR(stat_buffer.st_mode)) {
282 return 2;
283 }
284#endif
285#endif
286 return 1;
287}
288
289static int
290xsltCheckWritePath(xsltSecurityPrefsPtr sec,
291 xsltTransformContextPtr ctxt,
292 const char *path)
293{
294 int ret;
295 xsltSecurityCheck check;
296 char *directory;
297
298 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_FILE);
299 if (check != NULL) {
300 ret = check(sec, ctxt, path);
301 if (ret == 0) {
302 xsltTransformError(ctxt, NULL, NULL,
303 "File write for %s refused\n", path);
304 return(0);
305 }
306 }
307
308 directory = xmlParserGetDirectory (path);
309
310 if (directory != NULL) {
311 ret = xsltCheckFilename(directory);
312 if (ret == 0) {
313 /*
314 * The directory doesn't exist check for creation
315 */
316 check = xsltGetSecurityPrefs(sec,
317 XSLT_SECPREF_CREATE_DIRECTORY);
318 if (check != NULL) {
319 ret = check(sec, ctxt, directory);
320 if (ret == 0) {
321 xsltTransformError(ctxt, NULL, NULL,
322 "Directory creation for %s refused\n",
323 path);
324 xmlFree(directory);
325 return(0);
326 }
327 }
328 ret = xsltCheckWritePath(sec, ctxt, directory);
329 if (ret == 1)
330 ret = mkdir(directory, 0755);
331 }
332 xmlFree(directory);
333 if (ret < 0)
334 return(ret);
335 }
336
337 return(1);
338}
339
351int
352xsltCheckWrite(xsltSecurityPrefsPtr sec,
353 xsltTransformContextPtr ctxt, const xmlChar *URL) {
354 int ret;
355 xmlURIPtr uri;
356 xsltSecurityCheck check;
357
358 uri = xmlParseURI((const char *)URL);
359 if (uri == NULL) {
360 uri = xmlCreateURI();
361 if (uri == NULL) {
362 xsltTransformError(ctxt, NULL, NULL,
363 "xsltCheckWrite: out of memory for %s\n", URL);
364 return(-1);
365 }
366 uri->path = (char *)xmlStrdup(URL);
367 }
368 if ((uri->scheme == NULL) ||
369 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
370
371#if defined(_WIN32)
372 if ((uri->path)&&(uri->path[0]=='/')&&
373 (uri->path[1]!='\0')&&(uri->path[2]==':'))
374 ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
375 else
376#endif
377 {
378 /*
379 * Check if we are allowed to write this file
380 */
381 ret = xsltCheckWritePath(sec, ctxt, uri->path);
382 }
383
384 if (ret <= 0) {
385 xmlFreeURI(uri);
386 return(ret);
387 }
388 } else {
389 /*
390 * Check if we are allowed to write this network resource
391 */
392 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_NETWORK);
393 if (check != NULL) {
394 ret = check(sec, ctxt, (const char *)URL);
395 if (ret == 0) {
396 xsltTransformError(ctxt, NULL, NULL,
397 "File write for %s refused\n", URL);
398 xmlFreeURI(uri);
399 return(0);
400 }
401 }
402 }
403 xmlFreeURI(uri);
404 return(1);
405}
406
407
418int
419xsltCheckRead(xsltSecurityPrefsPtr sec,
420 xsltTransformContextPtr ctxt, const xmlChar *URL) {
421 int ret;
422 xmlURIPtr uri;
423 xsltSecurityCheck check;
424
425 if (xmlStrstr(URL, BAD_CAST "://") == NULL) {
426 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_FILE);
427 if (check != NULL) {
428 ret = check(sec, ctxt, (const char *) URL);
429 if (ret == 0) {
430 xsltTransformError(ctxt, NULL, NULL,
431 "Local file read for %s refused\n", URL);
432 return(0);
433 }
434 }
435 return(1);
436 }
437
438 uri = xmlParseURI((const char *)URL);
439 if (uri == NULL) {
440 xsltTransformError(ctxt, NULL, NULL,
441 "xsltCheckRead: URL parsing failed for %s\n",
442 URL);
443 return(-1);
444 }
445 if ((uri->scheme == NULL) ||
446 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
447
448 /*
449 * Check if we are allowed to read this file
450 */
451 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_FILE);
452 if (check != NULL) {
453 ret = check(sec, ctxt, uri->path);
454 if (ret == 0) {
455 xsltTransformError(ctxt, NULL, NULL,
456 "Local file read for %s refused\n", URL);
457 xmlFreeURI(uri);
458 return(0);
459 }
460 }
461 } else {
462 /*
463 * Check if we are allowed to write this network resource
464 */
465 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_NETWORK);
466 if (check != NULL) {
467 ret = check(sec, ctxt, (const char *)URL);
468 if (ret == 0) {
469 xsltTransformError(ctxt, NULL, NULL,
470 "Network file read for %s refused\n", URL);
471 xmlFreeURI(uri);
472 return(0);
473 }
474 }
475 }
476 xmlFreeURI(uri);
477 return(1);
478}
xsltInitGlobals
void xsltInitGlobals(void)
Definition: extensions.c:2282
stat
#define stat
Definition: acwin.h:99
mkdir
#define mkdir
Definition: acwin.h:101
S_ISDIR
#define S_ISDIR(mode)
Definition: various.h:18
NULL
#define NULL
Definition: types.h:112
xsltSetDefaultSecurityPrefs
void xsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec)
Definition: security.c:167
xsltGetSecurityPrefs
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:142
xsltSetSecurityPrefs
int xsltSetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
Definition: security.c:112
xsltCheckWritePath
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:290
xsltFreeSecurityPrefs
void xsltFreeSecurityPrefs(xsltSecurityPrefsPtr sec)
Definition: security.c:95
xsltSecurityForbid
int xsltSecurityForbid(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
Definition: security.c:231
xsltCheckWrite
int xsltCheckWrite(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
Definition: security.c:352
xsltCheckFilename
static int xsltCheckFilename(const char *path)
Definition: security.c:262
xsltGetDefaultSecurityPrefs
xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs(void)
Definition: security.c:180
xsltSecurityAllow
int xsltSecurityAllow(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
Definition: security.c:214
xsltSetCtxtSecurityPrefs
int xsltSetCtxtSecurityPrefs(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
Definition: security.c:194
xsltNewSecurityPrefs
xsltSecurityPrefsPtr xsltNewSecurityPrefs(void)
Definition: security.c:73
xsltDefaultSecurityPrefs
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:57
xsltCheckRead
int xsltCheckRead(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
Definition: security.c:419
xsltSecurityPrefsPtr
xsltSecurityPrefs * xsltSecurityPrefsPtr
Definition: security.h:30
xsltSecurityCheck
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
xsltSecurityOption
xsltSecurityOption
Definition: security.h:37
XSLT_SECPREF_READ_NETWORK
@ XSLT_SECPREF_READ_NETWORK
Definition: security.h:41
XSLT_SECPREF_WRITE_NETWORK
@ XSLT_SECPREF_WRITE_NETWORK
Definition: security.h:42
XSLT_SECPREF_CREATE_DIRECTORY
@ XSLT_SECPREF_CREATE_DIRECTORY
Definition: security.h:40
XSLT_SECPREF_WRITE_FILE
@ XSLT_SECPREF_WRITE_FILE
Definition: security.h:39
XSLT_SECPREF_READ_FILE
@ XSLT_SECPREF_READ_FILE
Definition: security.h:38
GetFileAttributesA
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:636
check
#define check(expected, result)
Definition: dplayx.c:32
ret
return ret
Definition: mutex.c:146
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
func
GLenum func
Definition: glext.h:6028
ATTRIBUTE_UNUSED
#define ATTRIBUTE_UNUSED
Definition: i386-dis.c:36
uri
const char * uri
Definition: sec_mgr.c:1588
FILE_ATTRIBUTE_DIRECTORY
#define FILE_ATTRIBUTE_DIRECTORY
Definition: nt_native.h:705
xmlFree
xmlFreeFunc xmlFree
Definition: globals.c:184
xmlMalloc
xmlMallocFunc xmlMalloc
Definition: globals.c:193
memset
#define memset(x, y, z)
Definition: compat.h:39
_xmlURI
Definition: uri.h:34
_xsltSecurityPrefs
Definition: security.c:49
_xsltSecurityPrefs::readFile
xsltSecurityCheck readFile
Definition: security.c:50
_xsltSecurityPrefs::createFile
xsltSecurityCheck createFile
Definition: security.c:51
_xsltSecurityPrefs::createDir
xsltSecurityCheck createDir
Definition: security.c:52
_xsltSecurityPrefs::readNet
xsltSecurityCheck readNet
Definition: security.c:53
_xsltSecurityPrefs::writeNet
xsltSecurityCheck writeNet
Definition: security.c:54
_xsltTransformContext
Definition: xsltInternals.h:1679
_xsltTransformContext::sec
void * sec
Definition: xsltInternals.h:1741
option
Definition: getopt.h:109
stat
Definition: stat.h:66
stat::st_mode
unsigned short st_mode
Definition: stat.h:69
value
Definition: pdh_main.c:96
xmlFreeURI
XMLPUBFUN void xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1396
xmlCreateURI
XMLPUBFUN xmlURIPtr xmlCreateURI(void)
Definition: uri.c:1027
xmlParseURI
XMLPUBFUN xmlURIPtr xmlParseURI(const char *str)
Definition: uri.c:947
INVALID_FILE_ATTRIBUTES
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
xmlParserGetDirectory
XMLPUBFUN char * xmlParserGetDirectory(const char *filename)
xmlStrstr
XMLPUBFUN const xmlChar * xmlStrstr(const xmlChar *str, const xmlChar *val)
Definition: xmlstring.c:347
BAD_CAST
#define BAD_CAST
Definition: xmlstring.h:35
xmlStrEqual
XMLPUBFUN int xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:162
xmlChar
unsigned char xmlChar
Definition: xmlstring.h:28
xmlStrdup
XMLPUBFUN xmlChar * xmlStrdup(const xmlChar *cur)
Definition: xmlstring.c:69
xsltTransformError
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:762