ReactOS  0.4.14-dev-98-gb0d4763
security.c
Go to the documentation of this file.
1 /*
2  * security.c: Implementation of the XSLT security framework
3  *
4  * See Copyright for the status of this software.
5  *
6  * daniel@veillard.com
7  */
8 
9 #include "precomp.h"
10 
11 #ifdef HAVE_SYS_STAT_H
12 #include <sys/stat.h>
13 #endif
14 
15 #if defined(WIN32) && !defined(__CYGWIN__)
16 #ifndef INVALID_FILE_ATTRIBUTES
17 #define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
18 #endif
19 #endif
20 
21 #ifndef HAVE_STAT
22 # ifdef HAVE__STAT
23  /* MS C library seems to define stat and _stat. The definition
24  * is identical. Still, mapping them to each other causes a warning. */
25 # ifndef _MSC_VER
26 # define stat(x,y) _stat(x,y)
27 # endif
28 # define HAVE_STAT
29 # endif
30 #endif
31 
38 };
39 
41 
42 /************************************************************************
43  * *
44  * Module interfaces *
45  * *
46  ************************************************************************/
47 
58 
60 
62  if (ret == NULL) {
64  "xsltNewSecurityPrefs : malloc failed\n");
65  return(NULL);
66  }
67  memset(ret, 0, sizeof(xsltSecurityPrefs));
68  return(ret);
69 }
70 
77 void
79  if (sec == NULL)
80  return;
81  xmlFree(sec);
82 }
83 
94 int
98  if (sec == NULL)
99  return(-1);
100  switch (option) {
102  sec->readFile = func; return(0);
104  sec->createFile = func; return(0);
106  sec->createDir = func; return(0);
108  sec->readNet = func; return(0);
110  sec->writeNet = func; return(0);
111  }
112  return(-1);
113 }
114 
126  if (sec == NULL)
127  return(NULL);
128  switch (option) {
130  return(sec->readFile);
132  return(sec->createFile);
134  return(sec->createDir);
136  return(sec->readNet);
138  return(sec->writeNet);
139  }
140  return(NULL);
141 }
142 
149 void
151 
153 }
154 
164  return(xsltDefaultSecurityPrefs);
165 }
166 
176 int
179  if (ctxt == NULL)
180  return(-1);
181  ctxt->sec = (void *) sec;
182  return(0);
183 }
184 
185 
196 int
199  const char *value ATTRIBUTE_UNUSED) {
200  return(1);
201 }
202 
213 int
216  const char *value ATTRIBUTE_UNUSED) {
217  return(0);
218 }
219 
220 /************************************************************************
221  * *
222  * Internal interfaces *
223  * *
224  ************************************************************************/
225 
244 static int
245 xsltCheckFilename (const char *path)
246 {
247 #ifdef HAVE_STAT
248  struct stat stat_buffer;
249 #if defined(_WIN32) && !defined(__CYGWIN__)
250  DWORD dwAttrs;
251 
252  dwAttrs = GetFileAttributes(path);
253  if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
254  if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
255  return 2;
256  }
257  }
258 #endif
259 
260  if (stat(path, &stat_buffer) == -1)
261  return 0;
262 
263 #ifdef S_ISDIR
264  if (S_ISDIR(stat_buffer.st_mode)) {
265  return 2;
266  }
267 #endif
268 #endif
269  return 1;
270 }
271 
272 static int
275  const char *path)
276 {
277  int ret;
279  char *directory;
280 
282  if (check != NULL) {
283  ret = check(sec, ctxt, path);
284  if (ret == 0) {
286  "File write for %s refused\n", path);
287  return(0);
288  }
289  }
290 
292 
293  if (directory != NULL) {
295  if (ret == 0) {
296  /*
297  * The directory doesn't exist check for creation
298  */
301  if (check != NULL) {
302  ret = check(sec, ctxt, directory);
303  if (ret == 0) {
305  "Directory creation for %s refused\n",
306  path);
308  return(0);
309  }
310  }
311  ret = xsltCheckWritePath(sec, ctxt, directory);
312  if (ret == 1)
313  ret = mkdir(directory, 0755);
314  }
316  if (ret < 0)
317  return(ret);
318  }
319 
320  return(1);
321 }
322 
334 int
336  xsltTransformContextPtr ctxt, const xmlChar *URL) {
337  int ret;
338  xmlURIPtr uri;
340 
341  uri = xmlParseURI((const char *)URL);
342  if (uri == NULL) {
343  uri = xmlCreateURI();
344  if (uri == NULL) {
346  "xsltCheckWrite: out of memory for %s\n", URL);
347  return(-1);
348  }
349  uri->path = (char *)xmlStrdup(URL);
350  }
351  if ((uri->scheme == NULL) ||
352  (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
353 
354 #if defined(_WIN32) && !defined(__CYGWIN__)
355  if ((uri->path)&&(uri->path[0]=='/')&&
356  (uri->path[1]!='\0')&&(uri->path[2]==':'))
357  ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
358  else
359 #endif
360 
361  /*
362  * Check if we are allowed to write this file
363  */
364  ret = xsltCheckWritePath(sec, ctxt, uri->path);
365  if (ret <= 0) {
366  xmlFreeURI(uri);
367  return(ret);
368  }
369  } else {
370  /*
371  * Check if we are allowed to write this network resource
372  */
374  if (check != NULL) {
375  ret = check(sec, ctxt, (const char *)URL);
376  if (ret == 0) {
378  "File write for %s refused\n", URL);
379  xmlFreeURI(uri);
380  return(0);
381  }
382  }
383  }
384  xmlFreeURI(uri);
385  return(1);
386 }
387 
388 
399 int
401  xsltTransformContextPtr ctxt, const xmlChar *URL) {
402  int ret;
403  xmlURIPtr uri;
405 
406  uri = xmlParseURI((const char *)URL);
407  if (uri == NULL) {
409  "xsltCheckRead: URL parsing failed for %s\n",
410  URL);
411  return(-1);
412  }
413  if ((uri->scheme == NULL) ||
414  (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
415 
416  /*
417  * Check if we are allowed to read this file
418  */
420  if (check != NULL) {
421  ret = check(sec, ctxt, uri->path);
422  if (ret == 0) {
424  "Local file read for %s refused\n", URL);
425  xmlFreeURI(uri);
426  return(0);
427  }
428  }
429  } else {
430  /*
431  * Check if we are allowed to write this network resource
432  */
434  if (check != NULL) {
435  ret = check(sec, ctxt, (const char *)URL);
436  if (ret == 0) {
438  "Network file read for %s refused\n", URL);
439  xmlFreeURI(uri);
440  return(0);
441  }
442  }
443  }
444  xmlFreeURI(uri);
445  return(1);
446 }
447 
int xsltSetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option, xsltSecurityCheck func)
Definition: security.c:95
GLenum func
Definition: glext.h:6028
int xsltSecurityForbid(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
Definition: security.c:214
const char * uri
Definition: sec_mgr.c:1594
static int xsltCheckFilename(const char *path)
Definition: security.c:245
XMLPUBFUN char *XMLCALL xmlParserGetDirectory(const char *filename)
xsltSecurityPrefsPtr xsltNewSecurityPrefs(void)
Definition: security.c:56
int xsltCheckRead(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
Definition: security.c:400
XMLPUBFUN xmlURIPtr XMLCALL xmlParseURI(const char *str)
Definition: uri.c:932
xsltSecurityCheck readFile
Definition: security.c:33
xsltSecurityPrefs * xsltSecurityPrefsPtr
Definition: security.h:30
smooth NULL
Definition: ftsmooth.c:416
Definition: getopt.h:108
#define BAD_CAST
Definition: xmlstring.h:35
XMLPUBFUN xmlURIPtr XMLCALL xmlCreateURI(void)
Definition: uri.c:1012
static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs
Definition: security.c:40
void xsltFreeSecurityPrefs(xsltSecurityPrefsPtr sec)
Definition: security.c:78
xsltSecurityCheck xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option)
Definition: security.c:125
#define FILE_ATTRIBUTE_DIRECTORY
Definition: nt_native.h:705
static int xsltCheckWritePath(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *path)
Definition: security.c:273
#define mkdir
Definition: acwin.h:101
#define S_ISDIR(mode)
Definition: various.h:18
unsigned long DWORD
Definition: ntddk_ex.h:95
XMLPUBVAR xmlFreeFunc xmlFree
Definition: globals.h:250
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
void check(CONTEXT *pContext)
Definition: NtContinue.c:61
int(* xsltSecurityCheck)(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const char *value)
Definition: security.h:51
int ret
#define ATTRIBUTE_UNUSED
Definition: win32config.h:132
unsigned short st_mode
Definition: stat.h:58
Definition: stat.h:55
unsigned char xmlChar
Definition: xmlstring.h:28
void xsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec)
Definition: security.c:150
xsltSecurityCheck createDir
Definition: security.c:35
int xsltSecurityAllow(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED, xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED, const char *value ATTRIBUTE_UNUSED)
Definition: security.c:197
#define GetFileAttributes
Definition: winbase.h:3639
xsltSecurityCheck readNet
Definition: security.c:36
Definition: uri.h:33
_CRTIMP int __cdecl stat(const char *_Filename, struct stat *_Stat)
Definition: stat.h:345
Definition: services.c:325
XMLPUBFUN void XMLCALL xmlFreeURI(xmlURIPtr uri)
Definition: uri.c:1379
XMLPUBVAR xmlMallocFunc xmlMalloc
Definition: globals.h:247
int xsltCheckWrite(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt, const xmlChar *URL)
Definition: security.c:335
xsltSecurityCheck createFile
Definition: security.c:34
xsltSecurityCheck writeNet
Definition: security.c:37
xsltSecurityPrefsPtr xsltGetDefaultSecurityPrefs(void)
Definition: security.c:163
XMLPUBFUN int XMLCALL xmlStrEqual(const xmlChar *str1, const xmlChar *str2)
Definition: xmlstring.c:157
void xsltTransformError(xsltTransformContextPtr ctxt, xsltStylesheetPtr style, xmlNodePtr node, const char *msg,...)
Definition: xsltutils.c:678
xsltSecurityOption
Definition: security.h:37
void xsltInitGlobals(void)
Definition: extensions.c:2263
#define memset(x, y, z)
Definition: compat.h:39
XMLPUBFUN xmlChar *XMLCALL xmlStrdup(const xmlChar *cur)
Definition: xmlstring.c:66
int xsltSetCtxtSecurityPrefs(xsltSecurityPrefsPtr sec, xsltTransformContextPtr ctxt)
Definition: security.c:177