ReactOS 0.4.16-dev-336-gb667d82
security.c
Go to the documentation of this file.
1/*
2 * security.c: Implementation of the XSLT security framework
3 *
4 * See Copyright for the status of this software.
5 *
6 * daniel@veillard.com
7 */
8
9#include "precomp.h"
10
11#ifdef HAVE_SYS_STAT_H
12#include <sys/stat.h>
13#endif
14
15#if defined(_WIN32)
16#ifndef INVALID_FILE_ATTRIBUTES
17#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
18#endif
19#endif
20
21#ifndef HAVE_STAT
22# ifdef HAVE__STAT
23 /* MS C library seems to define stat and _stat. The definition
24 * is identical. Still, mapping them to each other causes a warning. */
25# ifndef _MSC_VER
26# define stat(x,y) _stat(x,y)
27# endif
28# define HAVE_STAT
29# endif
30#endif
31
38};
39
41
42/************************************************************************
43 * *
44 * Module interfaces *
45 * *
46 ************************************************************************/
47
58
60
62 if (ret == NULL) {
64 "xsltNewSecurityPrefs : malloc failed\n");
65 return(NULL);
66 }
67 memset(ret, 0, sizeof(xsltSecurityPrefs));
68 return(ret);
69}
70
77void
79 if (sec == NULL)
80 return;
81 xmlFree(sec);
82}
83
94int
98 if (sec == NULL)
99 return(-1);
100 switch (option) {
102 sec->readFile = func; return(0);
104 sec->createFile = func; return(0);
106 sec->createDir = func; return(0);
108 sec->readNet = func; return(0);
110 sec->writeNet = func; return(0);
111 }
112 return(-1);
113}
114
126 if (sec == NULL)
127 return(NULL);
128 switch (option) {
130 return(sec->readFile);
132 return(sec->createFile);
134 return(sec->createDir);
136 return(sec->readNet);
138 return(sec->writeNet);
139 }
140 return(NULL);
141}
142
149void
151
153}
154
165}
166
176int
179 if (ctxt == NULL)
180 return(-1);
181 ctxt->sec = (void *) sec;
182 return(0);
183}
184
185
196int
199 const char *value ATTRIBUTE_UNUSED) {
200 return(1);
201}
202
213int
216 const char *value ATTRIBUTE_UNUSED) {
217 return(0);
218}
219
220/************************************************************************
221 * *
222 * Internal interfaces *
223 * *
224 ************************************************************************/
225
244static int
246{
247#ifdef HAVE_STAT
248 struct stat stat_buffer;
249#if defined(_WIN32)
250 DWORD dwAttrs;
251
252 dwAttrs = GetFileAttributesA(path);
253 if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
254 if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
255 return 2;
256 }
257 }
258#endif
259
260 if (stat(path, &stat_buffer) == -1)
261 return 0;
262
263#ifdef S_ISDIR
264 if (S_ISDIR(stat_buffer.st_mode)) {
265 return 2;
266 }
267#endif
268#endif
269 return 1;
270}
271
272static int
275 const char *path)
276{
277 int ret;
279 char *directory;
280
282 if (check != NULL) {
283 ret = check(sec, ctxt, path);
284 if (ret == 0) {
286 "File write for %s refused\n", path);
287 return(0);
288 }
289 }
290
292
293 if (directory != NULL) {
295 if (ret == 0) {
296 /*
297 * The directory doesn't exist check for creation
298 */
301 if (check != NULL) {
302 ret = check(sec, ctxt, directory);
303 if (ret == 0) {
305 "Directory creation for %s refused\n",
306 path);
308 return(0);
309 }
310 }
311 ret = xsltCheckWritePath(sec, ctxt, directory);
312 if (ret == 1)
313 ret = mkdir(directory, 0755);
314 }
316 if (ret < 0)
317 return(ret);
318 }
319
320 return(1);
321}
322
334int
336 xsltTransformContextPtr ctxt, const xmlChar *URL) {
337 int ret;
340
341 uri = xmlParseURI((const char *)URL);
342 if (uri == NULL) {
343 uri = xmlCreateURI();
344 if (uri == NULL) {
346 "xsltCheckWrite: out of memory for %s\n", URL);
347 return(-1);
348 }
349 uri->path = (char *)xmlStrdup(URL);
350 }
351 if ((uri->scheme == NULL) ||
352 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
353
354#if defined(_WIN32)
355 if ((uri->path)&&(uri->path[0]=='/')&&
356 (uri->path[1]!='\0')&&(uri->path[2]==':'))
357 ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
358 else
359#endif
360 {
361 /*
362 * Check if we are allowed to write this file
363 */
364 ret = xsltCheckWritePath(sec, ctxt, uri->path);
365 }
366
367 if (ret <= 0) {
369 return(ret);
370 }
371 } else {
372 /*
373 * Check if we are allowed to write this network resource
374 */
376 if (check != NULL) {
377 ret = check(sec, ctxt, (const char *)URL);
378 if (ret == 0) {
380 "File write for %s refused\n", URL);
382 return(0);
383 }
384 }
385 }
387 return(1);
388}
389
390
401int
403 xsltTransformContextPtr ctxt, const xmlChar *URL) {
404 int ret;
407
408 uri = xmlParseURI((const char *)URL);
409 if (uri == NULL) {
411 "xsltCheckRead: URL parsing failed for %s\n",
412 URL);
413 return(-1);
414 }
415 if ((uri->scheme == NULL) ||
416 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
417
418 /*
419 * Check if we are allowed to read this file
420 */
422 if (check != NULL) {
423 ret = check(sec, ctxt, uri->path);
424 if (ret == 0) {
426 "Local file read for %s refused\n", URL);
428 return(0);
429 }
430 }
431 } else {
432 /*
433 * Check if we are allowed to write this network resource
434 */
436 if (check != NULL) {
437 ret = check(sec, ctxt, (const char *)URL);
438 if (ret == 0) {
440 "Network file read for %s refused\n", URL);
442 return(0);
443 }
444 }
445 }
447 return(1);
448}
449
void xsltInitGlobals(void)
Definition: extensions.c:2257
#define stat
Definition: acwin.h:99
#define mkdir
Definition: acwin.h:101
#define S_ISDIR(mode)
Definition: various.h:18
#define NULL
Definition: types.h:112
void xsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec)
Definition: security.c:150
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
int xsltSetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
Definition: security.c:95
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:273
void xsltFreeSecurityPrefs(xsltSecurityPrefsPtr sec)
Definition: security.c:78
int xsltSecurityForbid(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
Definition: security.c:214
int xsltCheckWrite(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
Definition: security.c:335
static int xsltCheckFilename(const char *path)
Definition: security.c:245
xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs(void)
Definition: security.c:163
int xsltSecurityAllow(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
Definition: security.c:197
int xsltSetCtxtSecurityPrefs(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
Definition: security.c:177
xsltSecurityPrefsPtr xsltNewSecurityPrefs(void)
Definition: security.c:56
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:40
int xsltCheckRead(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
Definition: security.c:402
xsltSecurityPrefs * xsltSecurityPrefsPtr
Definition: security.h:30
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
xsltSecurityOption
Definition: security.h:37
@ XSLT_SECPREF_READ_NETWORK
Definition: security.h:41
@ XSLT_SECPREF_WRITE_NETWORK
Definition: security.h:42
@ XSLT_SECPREF_CREATE_DIRECTORY
Definition: security.h:40
@ XSLT_SECPREF_WRITE_FILE
Definition: security.h:39
@ XSLT_SECPREF_READ_FILE
Definition: security.h:38
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:636
#define check(expected, result)
Definition: dplayx.c:32
unsigned long DWORD
Definition: ntddk_ex.h:95
GLenum func
Definition: glext.h:6028
#define ATTRIBUTE_UNUSED
Definition: i386-dis.c:36
const char * uri
Definition: sec_mgr.c:1588
#define FILE_ATTRIBUTE_DIRECTORY
Definition: nt_native.h:705
XMLPUBVAR xmlMallocFunc xmlMalloc
Definition: globals.h:248
XMLPUBVAR xmlFreeFunc xmlFree
Definition: globals.h:251
#define memset(x, y, z)
Definition: compat.h:39
Definition: uri.h:33
xsltSecurityCheck readFile
Definition: security.c:33
xsltSecurityCheck createFile
Definition: security.c:34
xsltSecurityCheck createDir
Definition: security.c:35
xsltSecurityCheck readNet
Definition: security.c:36
xsltSecurityCheck writeNet
Definition: security.c:37
Definition: getopt.h:109
Definition: stat.h:55
unsigned short st_mode
Definition: stat.h:58
Definition: pdh_main.c:94
XMLPUBFUN xmlURIPtr XMLCALL xmlCreateURI(void)
Definition: uri.c:1020
XMLPUBFUN xmlURIPtr XMLCALL xmlParseURI(const char *str)
Definition: uri.c:940
XMLPUBFUN void XMLCALL xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1387
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
int ret
XMLPUBFUN char *XMLCALL xmlParserGetDirectory(const char *filename)
XMLPUBFUN xmlChar *XMLCALL xmlStrdup(const xmlChar *cur)
Definition: xmlstring.c:67
#define BAD_CAST
Definition: xmlstring.h:35
XMLPUBFUN int XMLCALL xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:160
unsigned char xmlChar
Definition: xmlstring.h:28
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678