search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix a few 'gcc -fanalyzer' warnings.
[pwmd.git] / src / xml.c
blobdd4a3e96afdfaf9eb721b14b44b2e0e75a6feca6
1 /*
2 Copyright (C) 2006-2023 Ben Kibbey <bjk@luxsci.net>
3
4 This file is part of pwmd.
5
6 Pwmd is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation.
9
10 Pwmd is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
17 */
18 #ifdef HAVE_CONFIG_H
19 #include <config.h>
20 #endif
21
22 #include <stdio.h>
23 #include <stdlib.h>
24 #ifdef HAVE_UNISTD_H
25 #include <unistd.h>
26 #endif
27 #include <errno.h>
28 #include <err.h>
29 #include <sys/stat.h>
30 #include <string.h>
31 #ifdef HAVE_FCNTL_H
32 #include <fcntl.h>
33 #endif
34 #include <ctype.h>
35 #include <libxml/xmlwriter.h>
36 #include <wctype.h>
37 #include <sys/types.h>
38 #include <pwd.h>
39
40 #ifndef _
41 #include "gettext.h"
42 #define _(msgid) gettext(msgid)
43 #endif
44
45 #include "pwmd-error.h"
46 #include "util-misc.h"
47 #include "xml.h"
48 #include "mem.h"
49 #include "rcfile.h"
50 #include "commands.h"
51 #include "acl.h"
52 #include "command-opt.h"
53
54 #define XML_LIST_FLAG_CHILDREN 0x0001
55 #define XML_LIST_HAS_TARGET 0x0002
56 #define XML_LIST_CHILD_TARGET 0x0004
57 #define XML_LIST_TARGET_ERROR 0x0008
58 #define XML_LIST_CHECK 0x0010
59
60 const char *reserved_attributes[] = {
61 "_name", "_mtime", "_ctime", "_acl", "_target",
62 NULL
63 };
64
65 const char *protected_attributes[] = {
66 "_name", "_mtime", "_ctime", NULL
67 };
68
69 void log_write (const char *fmt, ...);
70 static xmlRegexpPtr username_re;
71
72 gpg_error_t
73 xml_init ()
74 {
75 xmlMemSetup (xfree, xmalloc, xrealloc, str_dup);
76 xmlInitMemory ();
77 xmlInitGlobals ();
78 xmlInitParser ();
79 xmlXPathInit ();
80 username_re = xmlRegexpCompile ((xmlChar *)"[a-zA-Z#][-.a-zA-Z0-9_]*");
81 return username_re ? 0 : GPG_ERR_ENOMEM;
82 }
83
84 void
85 xml_deinit ()
86 {
87 xmlCleanupParser ();
88 xmlCleanupGlobals ();
89 xmlRegFreeRegexp (username_re);
90 }
91
92 gpg_error_t
93 xml_protected_attr (const char *a)
94 {
95 int i;
96
97 for (i = 0; protected_attributes[i]; i++)
98 {
99 if (!strcmp (a, protected_attributes[i]))
100 return GPG_ERR_EPERM;
101 }
102
103 return 0;
104 }
105
106 int
107 xml_valid_attribute_value (const char *str)
108 {
109 const char *p = str;
110
111 if (!p || !*p)
112 return 1;
113
114 while (*p)
115 {
116 if (*p++ == '\n')
117 return 0;
118 }
119
120 return 1;
121 }
122
123 int
124 xml_valid_attribute (const char *str)
125 {
126 wchar_t *wc;
127 size_t len, c;
128 int ret = xml_valid_element ((xmlChar *)str);
129
130 if (!ret)
131 return ret;
132
133 wc = str_to_wchar ((const char *)str);
134 if (!wc)
135 return 0;
136
137 len = wcslen (wc);
138 for (c = 0; c < len; c++)
139 {
140 /* Fixes cygwin compile time warning about exceeding the maximum value
141 * for the type in the switch() statement below. */
142 if (wc[c] >= 0x10000 && wc[c] <= 0xEFFFF)
143 continue;
144
145 switch (wc[c])
146 {
147 case '-':
148 case '.':
149 case '0' ... '9':
150 case 0xB7:
151 case 0x0300 ... 0x036F:
152 case 0x203F ... 0x2040:
153 if (!c)
154 {
155 xfree (wc);
156 return 0;
157 }
158 case ':': break;
159 case '_': break;
160 case 'A' ... 'Z': break;
161 case 'a' ... 'z': break;
162 case 0xC0 ... 0xD6: break;
163 case 0xD8 ... 0xF6: break;
164 case 0xF8 ... 0x2FF: break;
165 case 0x370 ... 0x37D: break;
166 case 0x37F ... 0x1FFF: break;
167 case 0x200C ... 0x200D: break;
168 case 0x2070 ... 0x218F: break;
169 case 0x2C00 ... 0x2FEF: break;
170 case 0x3001 ... 0xD7FF: break;
171 case 0xF900 ... 0xFDCF: break;
172 case 0xFDF0 ... 0xFFFD: break;
173 default:
174 xfree (wc);
175 return 0;
176 }
177 }
178
179 xfree (wc);
180 return 1;
181 }
182
183 int
184 xml_valid_element (xmlChar *str)
185 {
186 wchar_t *wc;
187 size_t len, c;
188
189 if (!str || !*str)
190 return 0;
191
192 wc = str_to_wchar ((const char *)str);
193 if (!wc)
194 return 0;
195
196 len = wcslen (wc);
197 for (c = 0; c < len; c++)
198 {
199 if (iswspace(wc[c]))
200 {
201 xfree (wc);
202 return 0;
203 }
204 }
205
206 xfree (wc);
207 return 1;
208 }
209
210 int
211 xml_valid_element_path (char **path, int with_content)
212 {
213 char **dup = NULL, **p;
214
215 if (!path || !*path)
216 return 0;
217
218 /* Save some memory by not duplicating the element content. */
219 if (with_content)
220 {
221 int i, t = strv_length (path);
222
223 for (i = 0; i < t - 1; i++)
224 {
225 char **tmp = xrealloc (dup, (i + 2) * sizeof (char *));
226
227 if (!tmp)
228 {
229 strv_free (dup);
230 return 0;
231 }
232
233 dup = tmp;
234 dup[i] = str_dup (path[i]);
235 dup[i + 1] = NULL;
236 }
237 }
238 else
239 dup = strv_dup (path);
240
241 if (!dup)
242 return 0;
243
244 for (p = dup; *p && *(*p); p++)
245 {
246 if (!xml_valid_element ((xmlChar *) * p))
247 {
248 strv_free (dup);
249 return 0;
250 }
251 }
252
253 strv_free (dup);
254 return 1;
255 }
256
257 static gpg_error_t
258 attr_ctime (struct client_s *client, xmlNodePtr n)
259 {
260 char *buf = str_asprintf ("%li", time (NULL));
261 gpg_error_t rc;
262
263 if (!buf)
264 return GPG_ERR_ENOMEM;
265
266 rc = xml_add_attribute (client, n, "_ctime", buf);
267 xfree (buf);
268 return rc;
269 }
270
271 gpg_error_t
272 xml_acl_check (struct client_s *client, xmlNodePtr n)
273 {
274 gpg_error_t rc = GPG_ERR_EACCES;
275 xmlChar *acl = xml_attribute_value (n, (xmlChar *) "_acl");
276 char **users = acl ? str_split((char *)acl, ",", 0) : NULL;
277 char **cmds = NULL;
278 char **p;
279 int allowed = 0;
280
281 if (!acl || !*acl || !users || !*users)
282 {
283 xmlFree (acl);
284 strv_free(users);
285 return peer_is_invoker(client);
286 }
287
288 if (!peer_is_invoker(client))
289 {
290 xmlFree (acl);
291 strv_free(users);
292 return 0;
293 }
294
295 for (p = users; p && *p; p++)
296 {
297 char *user = *p;
298 int not = 0;
299
300 if (*user == '-' || *user == '!')
301 {
302 not = 1;
303 user++;
304 }
305
306 if (*user == '/')
307 {
308 if (strv_printf (&cmds, "%s%s", not ? "!" : "", user) == 0)
309 {
310 xmlFree (acl);
311 strv_free (cmds);
312 strv_free (users);
313 return GPG_ERR_ENOMEM;
314 }
315 }
316 }
317
318 for (p = users; p && *p; p++)
319 {
320 char *user = *p;
321
322 // Skip command name until after user/group/TLS has been determined.
323 if (*user == '/' || (*user == '!' && *(user+1) == '/')
324 || (*user == '-' && *(user+1) == '/'))
325 continue;
326
327 #ifdef WITH_GNUTLS
328 rc = acl_check_common (client, user,
329 client->thd->remote ? 0 : client->thd->peer->uid,
330 client->thd->remote ? 0 : client->thd->peer->gid,
331 &allowed);
332 #else
333 rc = acl_check_common (client, user, client->thd->peer->uid,
334 client->thd->peer->gid, &allowed);
335 if (rc)
336 break;
337 #endif
338 }
339
340 if (allowed && cmds)
341 {
342 allowed = 0;
343 for (p = cmds; !rc && p && *p && !allowed; p++)
344 {
345 rc = acl_check_common (client, *p, client->thd->peer->uid,
346 client->thd->peer->gid, &allowed);
347 }
348
349 if (!rc && !allowed && !xml_is_element_owner (client, n, 0))
350 allowed = 1;
351 }
352
353 xmlFree(acl);
354 strv_free(users);
355 strv_free(cmds);
356
357 if (rc)
358 return rc;
359
360 return allowed ? 0 : GPG_ERR_EACCES;
361 }
362
363 static char *
364 create_acl_user (struct client_s *client)
365 {
366 #ifdef WITH_GNUTLS
367 if (client->thd->remote)
368 return str_asprintf ("#%s", client->thd->tls->fp);
369 #endif
370
371 return get_username (client->thd->peer->uid);
372 }
373
374 static gpg_error_t
375 create_new_element (struct client_s *client, int verify, xmlNodePtr parent,
376 const char *name, xmlNodePtr * result)
377 {
378 xmlNodePtr n;
379 gpg_error_t rc;
380 int root = 0;
381
382 // Allow any client to create a non-existing root element.
383 if (parent->parent->type != XML_DOCUMENT_NODE)
384 {
385 rc = xml_acl_check(client, parent);
386 if (rc)
387 return rc;
388 }
389 else
390 root = 1;
391
392 n = xmlNewNode (NULL, (xmlChar *) "element");
393 if (!n)
394 return GPG_ERR_ENOMEM;
395
396 rc = xml_add_attribute (client, n, "_name", name);
397 if (!rc)
398 rc = attr_ctime (client, n);
399
400 if (!rc && verify && !root)
401 rc = xml_is_element_owner (client, parent, 0);
402
403 if (!rc)
404 {
405 xmlNodePtr p = xmlAddChild (parent, n);
406 char *user = create_acl_user (client);
407
408 if (result)
409 *result = p;
410
411 if (root || (client->opts & OPT_NO_INHERIT_ACL))
412 rc = xml_add_attribute(client, p, "_acl", user);
413 else
414 {
415 /* Inherit the parent _acl attribute and make the current user the
416 owner. */
417 xmlChar *a = xml_attribute_value (parent, (xmlChar *)"_acl");
418 if (a)
419 {
420 if (xml_is_element_owner (client, parent, 1))
421 {
422 char *tmp = str_asprintf ("%s,%s", user, a);
423
424 rc = xml_add_attribute(client, p, "_acl", tmp);
425 xfree (tmp);
426 }
427 else
428 rc = xml_add_attribute(client, p, "_acl", (char *)a);
429 }
430
431 xmlFree (a);
432 }
433
434 xfree (user);
435 }
436 else
437 xmlFreeNode (n);
438
439 return rc;
440 }
441
442 gpg_error_t
443 xml_new_root_element (struct client_s *client, xmlDocPtr doc, char *name)
444 {
445 xmlNodePtr root = xmlDocGetRootElement (doc);
446
447 if (!name || !root)
448 return GPG_ERR_BAD_DATA;
449
450 if (!xml_valid_element ((xmlChar *) name))
451 return GPG_ERR_INV_VALUE;
452
453 return create_new_element (client, 0, root, name, NULL);
454 }
455
456 static xmlDocPtr
457 create_dtd ()
458 {
459 xmlDocPtr doc;
460 xmlTextWriterPtr wr = xmlNewTextWriterDoc (&doc, 0);
461
462 if (!wr)
463 return NULL;
464
465 if (xmlTextWriterStartDocument (wr, NULL, "UTF-8", "yes"))
466 goto fail;
467
468 if (xmlTextWriterStartDTD (wr, (xmlChar *) "pwmd", NULL, NULL) == -1)
469 goto fail;
470
471 if (xmlTextWriterWriteDTDElement (wr, (xmlChar *) "pwmd",
472 (xmlChar *) "(element)") == -1)
473 goto fail;
474
475 xmlTextWriterEndDTDElement (wr);
476
477 if (xmlTextWriterWriteDTDAttlist (wr, (xmlChar *) "element",
478 (xmlChar *) "_name CDATA #REQUIRED") ==
479 -1)
480 goto fail;
481
482 xmlTextWriterEndDTDAttlist (wr);
483 xmlTextWriterEndDTD (wr);
484
485 if (xmlTextWriterStartElement (wr, (xmlChar *) "pwmd"))
486 goto fail;
487
488 xmlTextWriterEndElement (wr);
489 xmlTextWriterEndDocument (wr);
490 xmlFreeTextWriter (wr);
491 return doc;
492
493 fail:
494 xmlTextWriterEndDocument (wr);
495 xmlFreeTextWriter (wr);
496 xmlFreeDoc (doc);
497 return NULL;
498 }
499
500 xmlDocPtr
501 xml_new_document ()
502 {
503 return create_dtd ();
504 }
505
506 static xmlNodePtr
507 find_element_node (xmlNodePtr node)
508 {
509 xmlNodePtr n = node;
510
511 if (n && n->type == XML_ELEMENT_NODE)
512 return n;
513
514 for (n = node; n; n = n->next)
515 {
516 if (n->type == XML_ELEMENT_NODE)
517 return n;
518 }
519
520 return NULL;
521 }
522
523 xmlNodePtr
524 xml_resolve_path (struct client_s *client, xmlDocPtr doc, xmlChar * path,
525 char ***result, gpg_error_t *rc)
526 {
527 xmlNodePtr n;
528 struct xml_request_s *req;
529
530 *rc = xml_new_request (client, (char *)path, XML_CMD_REALPATH, &req);
531 if (*rc)
532 return NULL;
533
534 n = xml_find_elements (client, req, xmlDocGetRootElement (doc), rc);
535 if (!*rc)
536 {
537 if (result)
538 {
539 *result = strv_dup (req->args);
540 if (!*result)
541 {
542 *rc = GPG_ERR_ENOMEM;
543 n = NULL;
544 }
545 }
546 }
547
548 xml_free_request (req);
549 return n;
550 }
551
552 xmlNodePtr
553 xml_find_text_node (xmlNodePtr node)
554 {
555 xmlNodePtr n = node;
556
557 if (n && n->type == XML_TEXT_NODE)
558 return n;
559
560 for (n = node; n; n = n->next)
561 {
562 if (n->type == XML_TEXT_NODE)
563 return n;
564 }
565
566 return NULL;
567 }
568
569 /* Create an element 'path' starting at 'node'. Returns the node of the final
570 * created element.
571 */
572 xmlNodePtr
573 xml_create_element_path (struct client_s *client, struct xml_request_s *req,
574 xmlNodePtr node, char **path, gpg_error_t *rc)
575 {
576 char **p;
577
578 if (!xml_valid_element_path (path, 0))
579 {
580 *rc = GPG_ERR_INV_VALUE;
581 return NULL;
582 }
583
584 /* The parent node will be an XML_ELEMENT_NODE. Otherwise we would be
585 * creating element content. */
586 if (node->type == XML_TEXT_NODE)
587 node = node->parent;
588
589 for (p = path; p && *p; p++)
590 {
591 xmlNodePtr n = NULL;
592
593 if (node != xmlDocGetRootElement (req->doc))
594 {
595 n = xml_find_element (client, node->children, *p, rc);
596 if (*rc && *rc != GPG_ERR_ELEMENT_NOT_FOUND)
597 return NULL;
598
599 *rc = 0;
600 }
601
602 /*
603 * If the found element has the same parent as the current element then
604 * they are siblings and the new element needs to be created as a child
605 * of the current element (node).
606 */
607 if (n && n->parent == node->parent)
608 n = NULL;
609
610 if (!n)
611 {
612 *rc = create_new_element (client, 0, node, *p, &node);
613 if (*rc)
614 return NULL;
615 }
616 else
617 node = n;
618 }
619
620 return node;
621 }
622
623 /* Find the first XML_ELEMENT_NODE whose _name attribute matches 'element'. */
624 xmlNodePtr
625 xml_find_element (struct client_s *client, xmlNodePtr node, const char *element,
626 gpg_error_t *rc)
627 {
628 xmlNodePtr n;
629
630 *rc = 0;
631
632 if (!node || !element)
633 {
634 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
635 return NULL;
636 }
637
638 for (n = node; n; n = n->next)
639 {
640 if (n->type != XML_ELEMENT_NODE)
641 continue;
642
643 xmlChar *a = xml_attribute_value (n, (xmlChar *) "_name");
644 if (a && xmlStrEqual (a, (xmlChar *) element))
645 {
646 xmlFree (a);
647 *rc = xml_acl_check (client, n);
648 return n; // Not NULL since the node may be needed later
649 }
650
651 xmlFree (a);
652 }
653
654 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
655 return NULL;
656 }
657
658 xmlChar *
659 xml_attribute_value (xmlNodePtr n, xmlChar * attr)
660 {
661 xmlAttrPtr a = xmlHasProp (n, attr);
662
663 if (!a)
664 return NULL;
665
666 if (!a->children || !a->children->content)
667 return NULL;
668
669 return xmlGetProp (n, attr);
670 }
671
672 gpg_error_t
673 xml_remove_user_attributes (struct client_s *client, xmlNodePtr n)
674 {
675 gpg_error_t rc = 0;
676 xmlAttrPtr a = n->properties;
677
678 while (a)
679 {
680 if (!xml_reserved_attribute ((const char *)a->name))
681 {
682 rc = xml_delete_attribute (client, n, a->name);
683 if (rc)
684 break;
685
686 a = n->properties;
687 }
688 else
689 a = a->next;
690 }
691
692 return rc;
693 }
694
695 gpg_error_t
696 xml_valid_username (const char *str)
697 {
698 if (!str)
699 return GPG_ERR_INV_VALUE;
700
701 char **list = str_split (str, ",", 0);
702 char **p;
703
704 if (!list)
705 return str && *str ? GPG_ERR_ENOMEM : GPG_ERR_INV_VALUE;
706
707 for (p = list; *p; p++)
708 {
709 const char *t = *p;
710
711 if (*t == '!' || *t == '-')
712 t++;
713
714 int e = xmlRegexpExec (username_re, (xmlChar *)t);
715 if (e != 1 && *t != '/' && *t != '@') // client command name or group
716 {
717 strv_free (list);
718 return GPG_ERR_INV_USER_ID;
719 }
720 }
721
722 strv_free (list);
723 return 0;
724 }
725
726 gpg_error_t
727 xml_add_attribute (struct client_s *client, xmlNodePtr node, const char *name,
728 const char *value)
729 {
730 char *buf;
731 gpg_error_t rc = 0;
732 int is_target = 0;
733
734 if (client && name && !strcmp (name, "_target"))
735 {
736 rc = xml_is_element_owner (client, node, 0);
737 if (rc)
738 return rc;
739
740 is_target = 1;
741 }
742 else if (name && (!strcmp (name, "_expire")
743 || !strcmp (name, "_ctime")
744 || !strcmp (name, "_mtime")))
745 {
746 char *p;
747 time_t e;
748
749 if (!value || !*value)
750 return GPG_ERR_INV_VALUE;
751
752 errno = 0;
753 e = strtoul (value, &p, 10);
754 if (errno || *p || e == ULONG_MAX || *value == '-')
755 return GPG_ERR_INV_VALUE;
756 }
757
758 /* FIXME: Chained groups like "@group1,!@group2,user" wont work to find the
759 * owner of the element. */
760 if (client && name && xmlStrEqual ((xmlChar *) name, (xmlChar *) "_acl"))
761 if (*value == '@')
762 return GPG_ERR_INV_USER_ID;
763
764 if (name && !xmlSetProp (node, (xmlChar *) name, (xmlChar *) value))
765 return GPG_ERR_BAD_DATA;
766
767 if (client && name && xmlStrEqual ((xmlChar *) name, (xmlChar *) "_acl"))
768 {
769 xmlChar *acl = xml_attribute_value (node, (xmlChar *) "_acl");
770
771 if (!acl || !*acl || *acl == '/'
772 || ((*acl == '!' || *acl == '-') && *(acl+1) == '/'))
773 {
774 char *user = create_acl_user (client);
775
776 if (user)
777 {
778 buf = str_asprintf ("%s,%s", user, acl);
779
780 if (buf)
781 rc = xml_add_attribute (client, node, (char *) "_acl", buf);
782 else
783 rc = GPG_ERR_ENOMEM;
784
785 xfree (buf);
786 xfree (user);
787 }
788
789 xmlFree (acl);
790 return rc;
791 }
792
793 xmlFree (acl);
794 }
795
796 if (name && xmlStrEqual ((xmlChar *) name, (xmlChar *) "_mtime"))
797 return 0;
798
799 if (is_target)
800 xml_remove_user_attributes (client, node);
801
802 buf = str_asprintf ("%lu", time (NULL));
803 rc = xml_add_attribute (client, node, "_mtime", buf);
804 xfree (buf);
805 return rc;
806 }
807
808 static gpg_error_t
809 append_path_to_list (struct client_s *client, struct element_list_s *elements,
810 const char *path, gpg_error_t rc)
811 {
812 struct slist_s *l;
813 struct string_s *line;
814
815 (void)client;
816 line = string_new (NULL);
817 if (!line)
818 return GPG_ERR_ENOMEM;
819
820 if (rc == GPG_ERR_ELOOP)
821 string_append (line, "O");
822 else if (rc == GPG_ERR_EACCES)
823 string_append (line, "P");
824 else if (rc)
825 string_append (line, "E");
826
827 if (rc || elements->target)
828 string_prepend (line, " ");
829
830 if ((!rc || rc == GPG_ERR_ELOOP || rc == GPG_ERR_EACCES
831 || rc == GPG_ERR_ELEMENT_NOT_FOUND) && elements->target)
832 string_append_printf (line, "%sT %s",
833 (!rc && elements->flags & XML_LIST_FLAG_CHILDREN) ? "+" : "",
834 elements->target);
835 else if (!rc && (elements->flags & XML_LIST_FLAG_CHILDREN))
836 string_prepend (line, " +");
837
838 if (elements->prefix && elements->prefix->str)
839 string_prepend (line, elements->prefix->str);
840 else
841 string_prepend (line, path);
842
843 l = slist_append (elements->list, line->str);
844 if (l)
845 {
846 elements->list = l;
847 if (!(elements->flags & XML_LIST_CHECK))
848 rc = 0;
849 }
850 else
851 rc = GPG_ERR_ENOMEM;
852
853 string_free (line, 0);
854 return rc;
855 }
856
857 /* Removes the final element from the element prefix. */
858 static void
859 pop_element_prefix (struct element_list_s *elements)
860 {
861 char *p = strrchr (elements->prefix->str, '\t');
862
863 if (p)
864 string_truncate (elements->prefix,
865 elements->prefix->len - strlen (p));
866 }
867
868 #define RESUMABLE_ERROR(rc) (rc == GPG_ERR_ELOOP || rc == GPG_ERR_EACCES \
869 || rc == GPG_ERR_ELEMENT_NOT_FOUND || !rc)
870
871 /*
872 * From the element path 'path', find sub-nodes and append them to the list.
873 */
874 gpg_error_t
875 xml_create_path_list (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
876 struct element_list_s *elements, char *path,
877 gpg_error_t rc)
878 {
879 xmlNodePtr n = NULL;
880 struct xml_request_s *req = NULL;
881 gpg_error_t trc = rc;
882 char *target_orig;
883
884 target_orig = rc && elements->target ? str_dup (elements->target) : NULL;
885 rc = xml_new_request (client, path, XML_CMD_LIST, &req);
886 if (rc)
887 {
888 xfree (target_orig);
889 return rc;
890 }
891
892 req->data = elements;
893 n = xml_find_elements (client, req,
894 node ? node : xmlDocGetRootElement (doc), &rc);
895 if (!rc)
896 elements->flags |=
897 find_element_node (n->children) ? XML_LIST_FLAG_CHILDREN : 0;
898
899 if (!rc && trc)
900 {
901 xfree (elements->target);
902 elements->target = target_orig;
903 elements->flags = 0;
904 elements->flags |= XML_LIST_HAS_TARGET;
905 }
906 else
907 xfree (target_orig);
908
909 rc = append_path_to_list (client, elements, path, trc ? trc : rc);
910 xmlFree (elements->target);
911 elements->target = NULL;
912
913 if (rc || trc || (elements->flags & XML_LIST_CHECK)
914 || (!elements->recurse && elements->depth) || elements->root_only)
915 {
916 xml_free_request (req);
917 return rc;
918 }
919
920 elements->flags = 0;
921
922 if (!rc && n && n->children)
923 {
924 for (n = n->children; n; n = n->next)
925 {
926 xmlChar *target = NULL;
927 xmlNodePtr tmp = NULL;
928 xmlChar *name;
929 struct string_s *newpath;
930
931 if (n->type != XML_ELEMENT_NODE)
932 continue;
933
934 name = xml_attribute_value (n, (xmlChar *) "_name");
935 if (!name)
936 continue;
937
938 newpath = string_new (NULL);
939 if (!newpath)
940 {
941 xmlFree (name);
942 rc = GPG_ERR_ENOMEM;
943 goto fail;
944 }
945
946 target = xml_attribute_value (n, (xmlChar *) "_target");
947 if (target)
948 {
949 rc = xml_validate_target (client, req->doc, (char *)target, n);
950 elements->target = (char *)target;
951 elements->flags |= rc ? XML_LIST_TARGET_ERROR : 0;
952 }
953 else
954 tmp = n;
955
956 if (RESUMABLE_ERROR (rc))
957 {
958 struct string_s *s;
959
960 /* If there is a target for this node then resolve the full path
961 * starting at the document root. Otherwise, resolve the next
962 * element starting from the child node of the current node. In
963 * either case, append the current element in the element path to
964 * the prefix of the list string.
965 */
966 if (target)
967 {
968 string_truncate (newpath, 0);
969 s = string_append_printf (newpath, "%s", (char *)target);
970 }
971 else
972 s = string_append (newpath, (char *)name);
973
974 if (!s)
975 {
976 xmlFree (name);
977 string_free (newpath, 1);
978 rc = GPG_ERR_ENOMEM;
979 goto fail;
980 }
981
982 newpath = s;
983 if (!elements->depth)
984 {
985 /* There may be a single remaining element in the prefix left
986 * over from the previous truncation (see below). It is safe
987 * to truncate it here since depth == 0. */
988 string_truncate (elements->prefix, 0);
989 s = string_append_printf (elements->prefix, "%s\t%s",
990 path, name);
991 }
992 else
993 s = string_append_printf (elements->prefix, "\t%s", name);
994
995 if (!s)
996 {
997 xmlFree (name);
998 string_free (newpath, 1);
999 rc = GPG_ERR_ENOMEM;
1000 goto fail;
1001 }
1002
1003 elements->prefix = s;
1004 elements->depth++;
1005 rc = xml_create_path_list (client, doc, target ? NULL : tmp,
1006 elements, newpath->str, rc);
1007 elements->depth--;
1008 if (!rc)
1009 pop_element_prefix (elements);
1010 }
1011
1012 string_free (newpath, 1);
1013 xmlFree (name);
1014 if (rc)
1015 break;
1016 }
1017 }
1018
1019 fail:
1020 xml_free_request (req);
1021 return rc;
1022 }
1023
1024 gpg_error_t
1025 xml_recurse_xpath_nodeset (struct client_s *client, xmlDocPtr doc,
1026 xmlNodeSetPtr nodes, xmlChar * value,
1027 xmlBufferPtr * result, int cmd, const xmlChar * attr)
1028 {
1029 int i = value ? nodes->nodeNr - 1 : 0;
1030 xmlBufferPtr buf;
1031
1032 buf = xmlBufferCreate ();
1033
1034 if (!buf)
1035 return GPG_ERR_ENOMEM;
1036
1037 for (; value ? i >= 0 : i < nodes->nodeNr; value ? i-- : i++)
1038 {
1039 xmlNodePtr n = nodes->nodeTab[i];
1040 gpg_error_t rc;
1041
1042 if (!n)
1043 continue;
1044
1045 if (!value && !attr)
1046 {
1047 if (xmlNodeDump (buf, doc, n, 0, 0) == -1)
1048 {
1049 *result = buf;
1050 return GPG_ERR_BAD_DATA;
1051 }
1052
1053 continue;
1054 }
1055
1056 if (!attr)
1057 {
1058 xmlNodeSetContent (n, value);
1059 rc = xml_update_element_mtime (client, n);
1060
1061 if (rc)
1062 return rc;
1063 }
1064 else
1065 {
1066 if (!cmd)
1067 rc = xml_add_attribute (client, n, (char *) attr, (char *) value);
1068 else
1069 rc = xml_delete_attribute (client, n, attr);
1070
1071 if (rc)
1072 return rc;
1073 }
1074 }
1075
1076 *result = buf;
1077 return 0;
1078 }
1079
1080 gpg_error_t
1081 xml_delete_attribute (struct client_s *client, xmlNodePtr n,
1082 const xmlChar *name)
1083 {
1084 xmlAttrPtr a;
1085 gpg_error_t rc = 0;
1086
1087 if ((a = xmlHasProp (n, name)) == NULL)
1088 return GPG_ERR_NOT_FOUND;
1089
1090 if (xmlRemoveProp (a) == -1)
1091 return GPG_ERR_BAD_DATA;
1092
1093 if (client && xmlStrEqual (name, (xmlChar *) "_acl"))
1094 {
1095 char *user = create_acl_user (client);
1096
1097 rc = xml_add_attribute (client, n, (char *) "_acl", user);
1098 xfree (user);
1099
1100 if (rc)
1101 return rc;
1102 }
1103
1104 return xml_update_element_mtime (client, n);
1105 }
1106
1107 gpg_error_t
1108 xml_validate_import (struct client_s *client, xmlNodePtr node)
1109 {
1110 gpg_error_t rc = 0;
1111
1112 if (!node)
1113 return 0;
1114
1115 for (xmlNodePtr n = node; n; n = n->next)
1116 {
1117 if (n->type == XML_ELEMENT_NODE)
1118 {
1119 if (xmlStrEqual (n->name, (xmlChar *) "element"))
1120 {
1121 xmlChar *a = xmlGetProp (n, (xmlChar *) "_target");
1122
1123 if (a)
1124 {
1125 xmlFree (a);
1126 rc = xml_remove_user_attributes (client, n);
1127 if (!rc)
1128 rc = xml_unlink_node (client, n->children);
1129 }
1130
1131 if (rc)
1132 break;
1133
1134 a = xmlGetProp (n, (xmlChar *) "_name");
1135 if (!a)
1136 {
1137 xmlChar *t = xmlGetNodePath (n);
1138
1139 log_write (_("Missing attribute '_name' at %s."), t);
1140 xmlFree (t);
1141 return GPG_ERR_INV_VALUE;
1142 }
1143
1144 if (!xml_valid_element (a))
1145 {
1146 xmlChar *t = xmlGetNodePath (n);
1147
1148 log_write (_("'%s' is not a valid element name at %s."), a,
1149 t);
1150 xmlFree (a);
1151 xmlFree (t);
1152 return GPG_ERR_INV_VALUE;
1153 }
1154
1155 xmlFree (a);
1156 a = xmlGetProp (n, (xmlChar *) "_ctime");
1157 if (!a)
1158 attr_ctime (client, n);
1159
1160 xmlFree (a);
1161 a = xmlGetProp (n, (xmlChar *) "_mtime");
1162 if (!a)
1163 xml_update_element_mtime (client, n);
1164 xmlFree (a);
1165 }
1166 else
1167 {
1168 xmlChar *t = xmlGetNodePath (n);
1169 xmlNodePtr tmp = n->next;
1170
1171 log_write (_("Warning: unknown element '%s' at %s. Removing."),
1172 n->name, t);
1173 xmlFree (t);
1174 (void)xml_unlink_node (client, n);
1175 return xml_validate_import (client, tmp);
1176 }
1177 }
1178
1179 if (n->children)
1180 {
1181 rc = xml_validate_import (client, n->children);
1182 if (rc)
1183 return rc;
1184 }
1185 }
1186
1187 return rc;
1188 }
1189
1190 gpg_error_t
1191 xml_update_element_mtime (struct client_s *client, xmlNodePtr n)
1192 {
1193 return xml_add_attribute (client, n, NULL, NULL);
1194 }
1195
1196 gpg_error_t
1197 xml_unlink_node (struct client_s *client, xmlNodePtr n)
1198 {
1199 gpg_error_t rc = 0;
1200
1201 if (!n)
1202 return rc;
1203
1204 if (n->parent)
1205 rc = xml_update_element_mtime (client, n->parent);
1206
1207 xmlUnlinkNode (n);
1208 xmlFreeNodeList (n);
1209 return rc;
1210 }
1211
1212 static gpg_error_t
1213 recurse_rename_attribute (xmlNodePtr root, const char *old, const char *name)
1214 {
1215 xmlNodePtr n;
1216 gpg_error_t rc = 0;
1217
1218 for (n = root; n; n = n->next)
1219 {
1220 xmlAttrPtr attr = xmlHasProp (n, (xmlChar *)old);
1221
1222 if (attr)
1223 {
1224 xmlChar *a = xml_attribute_value (n, (xmlChar *)old);
1225
1226 if (a && !xmlSetProp (n, (xmlChar *) name, a))
1227 rc = GPG_ERR_BAD_DATA;
1228
1229 xmlFree (a);
1230
1231 if (!rc)
1232 {
1233 if (xmlRemoveProp (attr) == -1)
1234 rc = GPG_ERR_BAD_DATA;
1235 }
1236 }
1237
1238 if (rc)
1239 break;
1240
1241 rc = recurse_rename_attribute (n->children, old, name);
1242 if (rc)
1243 break;
1244 }
1245
1246 return rc;
1247 }
1248
1249 static gpg_error_t
1250 update_to_version (xmlDocPtr doc)
1251 {
1252 xmlNodePtr root = xmlDocGetRootElement (doc);
1253 xmlChar *v = xml_attribute_value (root, (xmlChar *)"_version");
1254 gpg_error_t rc;
1255
1256 // Pwmd 3.2.0 or later. No updates needed ATM.
1257 if (v)
1258 {
1259 xmlFree (v);
1260 return 0;
1261 }
1262
1263 rc = recurse_rename_attribute (root->children, "target", "_target");
1264 if (!rc)
1265 rc = recurse_rename_attribute (root->children, "expire", "_expire");
1266
1267 if (!rc)
1268 rc = recurse_rename_attribute (root->children, "expire_increment", "_age");
1269
1270 return rc;
1271 }
1272
1273 gpg_error_t
1274 xml_parse_doc (const char *xml, size_t len, xmlDocPtr *result)
1275 {
1276 xmlDocPtr doc;
1277 gpg_error_t rc;
1278
1279 xmlResetLastError ();
1280 doc = xmlReadMemory (xml, len, NULL, "UTF-8", XML_PARSE_NOBLANKS);
1281 if (!doc && xmlGetLastError ())
1282 return GPG_ERR_BAD_DATA;
1283
1284 *result = doc;
1285 if (doc)
1286 rc = update_to_version (doc);
1287 else
1288 rc = GPG_ERR_ENOMEM;
1289
1290 return rc;
1291 }
1292
1293 /* Resolves the 'target' attribute found in 'node' and appends 'path' to the
1294 * target. 'path' is any remaining elements in the element path after this
1295 * element 'node' as passed to xml_find_elements() or the initial command. This
1296 * function may be recursive as it calls xml_find_elements().
1297 */
1298 static xmlNodePtr
1299 do_realpath (struct client_s *client, struct xml_request_s *req,
1300 xmlNodePtr node, char **path, const xmlChar *target,
1301 gpg_error_t *rc) {
1302 char *line;
1303 char **result = NULL;
1304 struct xml_request_s *nreq = NULL;
1305
1306 *rc = 0;
1307
1308 result = str_split ((char *)target, "\t", 0);
1309 if (!result)
1310 {
1311 *rc = GPG_ERR_ENOMEM;
1312 return NULL;
1313 }
1314
1315 /* Append the original path to the target path. */
1316 if (path)
1317 {
1318 char **p = strv_catv (result, path);
1319
1320 strv_free (result);
1321 if (!p)
1322 {
1323 *rc = GPG_ERR_ENOMEM;
1324 return NULL;
1325 }
1326
1327 result = p;
1328 }
1329
1330 line = strv_join ("\t", result);
1331 if (!line)
1332 {
1333 strv_free (result);
1334 *rc = GPG_ERR_ENOMEM;
1335 return NULL;
1336 }
1337
1338 /* To prevent overwriting any original client request flags. We are only
1339 * interested in the path here. */
1340 *rc = xml_new_request (client, line, XML_CMD_REALPATH, &nreq);
1341 xfree (line);
1342 if (*rc)
1343 {
1344 strv_free (result);
1345 return NULL;
1346 }
1347
1348 nreq->depth = req->depth;
1349 strv_free (result);
1350 node = xml_find_elements (client, nreq, xmlDocGetRootElement (nreq->doc), rc);
1351
1352 /* Update the original client request path with the resolved one. */
1353 if (!*rc)
1354 {
1355 strv_free (req->args);
1356 req->args = nreq->args;
1357 nreq->args = NULL;
1358 }
1359
1360 xml_free_request (nreq);
1361 return node;
1362 }
1363
1364 #if 0
1365 static char *
1366 node_to_element_path (xmlNodePtr node)
1367 {
1368 xmlNodePtr n;
1369 struct string_s *str = string_new ("");
1370 char *result;
1371
1372 for (n = node; n; n = n->parent)
1373 {
1374 xmlNodePtr child;
1375
1376 for (child = n; child; child = child->next)
1377 {
1378 if (child->type != XML_ELEMENT_NODE)
1379 continue;
1380
1381 xmlChar *name = xml_attribute_value (n, (xmlChar *) "_name");
1382 if (name)
1383 {
1384 str = string_prepend (str, (char *) name);
1385 xmlFree (name);
1386 name = xml_attribute_value (n, (xmlChar *) "_target");
1387 if (name)
1388 str = string_prepend (str, "\t");
1389 else
1390 str = string_prepend (str, "\t!");
1391 xmlFree (name);
1392 }
1393 break;
1394 }
1395 }
1396
1397 str = string_erase (str, 0, 1);
1398 result = str->str;
1399 string_free (str, 0);
1400 return result;
1401 }
1402 #endif
1403
1404 /* Tests if 'path' references 'node' somewhere. */
1405 static gpg_error_t
1406 element_related (struct client_s *client, xmlDocPtr doc, const char *path,
1407 xmlNodePtr node, unsigned depth)
1408 {
1409 gpg_error_t rc = GPG_ERR_NO_DATA;
1410 char **p, **orig;
1411 xmlNodePtr n = xmlDocGetRootElement (doc);
1412
1413 if (max_recursion_depth >= 1 && depth > max_recursion_depth)
1414 return GPG_ERR_ELOOP;
1415
1416 orig = p = str_split (path, "\t", 0);
1417 if (!p)
1418 return GPG_ERR_ENOMEM;
1419
1420 for (n = n->children; n && *p; p++, n = n->next)
1421 {
1422 xmlNodePtr t;
1423 xmlChar *target;
1424 struct string_s *str = NULL;
1425
1426 t = xml_find_element (client, n, *p, &rc);
1427 if (rc)
1428 {
1429 rc = GPG_ERR_NO_DATA;
1430 break;
1431 }
1432
1433 if (t == node)
1434 {
1435 rc = 0;
1436 break;
1437 }
1438
1439 target = xml_attribute_value (t, (xmlChar *)"_target");
1440 if (!target)
1441 continue;
1442
1443 str = string_new ((char *)target);
1444 xmlFree (target);
1445 if (!str)
1446 {
1447 rc = GPG_ERR_ENOMEM;
1448 break;
1449 }
1450
1451 if (*(p+1))
1452 {
1453 while (*(++p))
1454 {
1455 struct string_s *tmp;
1456
1457 tmp = string_append_printf (str, "\t%s", *p);
1458 if (!tmp)
1459 {
1460 string_free (str, 1);
1461 strv_free (p);
1462 return GPG_ERR_ENOMEM;
1463 }
1464
1465 str = tmp;
1466 }
1467 }
1468
1469 rc = element_related (client, doc, str->str, n->children, ++depth);
1470 if (rc == GPG_ERR_ELOOP)
1471 rc = GPG_ERR_NO_DATA;
1472
1473 string_free(str, 1);
1474 break;
1475 }
1476
1477 strv_free (orig);
1478 return rc;
1479 }
1480
1481 /*
1482 * Recurse the element tree beginning at 'node' and find elements who point
1483 * back to 'dst'. Also follows target attributes.
1484 */
1485 static gpg_error_t
1486 find_child_to_target (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
1487 xmlNodePtr dst, unsigned depth, int is_target)
1488 {
1489 xmlNodePtr n;
1490 gpg_error_t rc = 0;
1491
1492 if (max_recursion_depth >= 1 && depth > max_recursion_depth)
1493 return node == dst ? GPG_ERR_ELOOP : 0;
1494
1495 for (n = node; n; n = n->next)
1496 {
1497 xmlChar *target;
1498
1499 if (n->type != XML_ELEMENT_NODE)
1500 continue;
1501
1502 if (n == dst && depth)
1503 return GPG_ERR_ELOOP;
1504
1505 target = xml_attribute_value (n, (xmlChar *) "_target");
1506 if (target)
1507 {
1508 xmlNodePtr tmp;
1509 char **result = NULL;
1510
1511 tmp = xml_resolve_path (client, doc, target, &result, &rc);
1512 strv_free (result);
1513 if (!rc)
1514 {
1515 rc = find_child_to_target (client, doc, tmp, dst, ++depth, 1);
1516 depth--;
1517 }
1518 else if (rc == GPG_ERR_ELOOP)
1519 {
1520 gpg_error_t trc = element_related (client, doc, (char *)target,
1521 dst, 0);
1522
1523 if (trc && trc != GPG_ERR_NO_DATA)
1524 rc = trc;
1525 else if (trc == GPG_ERR_NO_DATA)
1526 rc = 0;
1527 }
1528
1529 xmlFree (target);
1530
1531 if (rc && rc != GPG_ERR_ELEMENT_NOT_FOUND)
1532 return rc;
1533
1534 rc = 0;
1535 if (is_target)
1536 break;
1537
1538 continue;
1539 }
1540
1541 if (n->children)
1542 {
1543 rc = find_child_to_target (client, doc, n->children, dst, ++depth, 0);
1544 depth--;
1545 if (rc)
1546 return rc;
1547 }
1548
1549 if (is_target)
1550 break;
1551 }
1552
1553 return rc;
1554 }
1555
1556 static gpg_error_t
1557 find_child_of_parent (xmlDocPtr doc, xmlNodePtr src, xmlNodePtr dst)
1558 {
1559 xmlNodePtr n;
1560 gpg_error_t rc = 0;
1561
1562 for (n = src; n; n = n->next)
1563 {
1564 if (n->type != XML_ELEMENT_NODE)
1565 continue;
1566
1567 if (n == dst)
1568 {
1569 rc = GPG_ERR_ELOOP;
1570 break;
1571 }
1572
1573 rc = find_child_of_parent (doc, n->children, dst);
1574 }
1575
1576 return rc;
1577 }
1578
1579 static gpg_error_t
1580 find_parent_of_child (xmlDocPtr doc, xmlNodePtr node, xmlNodePtr dst)
1581 {
1582 xmlNodePtr n;
1583 gpg_error_t rc = 0;
1584
1585 (void)doc;
1586 for (n = node; n; n = n->parent)
1587 {
1588 if (n->type != XML_ELEMENT_NODE)
1589 {
1590 xmlNodePtr tmp;
1591
1592 for (tmp = n->next; tmp; n = n->next)
1593 {
1594 if (n->type != XML_ELEMENT_NODE)
1595 continue;
1596
1597 if (tmp == dst)
1598 return GPG_ERR_ELOOP;
1599 }
1600 }
1601
1602 if (n == dst)
1603 return GPG_ERR_ELOOP;
1604 }
1605
1606 return rc;
1607 }
1608
1609 void
1610 xml_free_element_list (struct element_list_s *elements)
1611 {
1612 if (elements)
1613 {
1614 if (elements->list)
1615 {
1616 int total = slist_length (elements->list);
1617 int i;
1618
1619 for (i = 0; i < total; i++)
1620 {
1621 char *tmp = slist_nth_data (elements->list, i);
1622 xfree (tmp);
1623 }
1624
1625 slist_free (elements->list);
1626 }
1627
1628 string_free (elements->prefix, 1);
1629 xfree (elements->target);
1630 xfree (elements);
1631 }
1632 }
1633
1634 /* This behaves like the LIST command with a specified path except it returns
1635 * an error.
1636 */
1637 gpg_error_t
1638 xml_check_recursion (struct client_s *client, struct xml_request_s *req)
1639 {
1640 gpg_error_t rc;
1641 struct element_list_s *elements;
1642 char *path = NULL;
1643 char **dup = strv_dup (req->args);
1644
1645 if (!dup)
1646 return GPG_ERR_ENOMEM;
1647
1648
1649 elements = xcalloc (1, sizeof (struct element_list_s));
1650 if (!elements)
1651 {
1652 rc = GPG_ERR_ENOMEM;
1653 goto fail;
1654 }
1655
1656 path = strv_join ("\t", dup);
1657 if (!path)
1658 {
1659 rc = GPG_ERR_ENOMEM;
1660 goto fail;
1661 }
1662
1663 elements->flags |= XML_LIST_CHECK;
1664 elements->prefix = string_new (NULL);
1665 if (!elements->prefix)
1666 {
1667 rc = GPG_ERR_ENOMEM;
1668 goto fail;
1669 }
1670
1671 rc = xml_create_path_list (client, req->doc, xmlDocGetRootElement (req->doc),
1672 elements, path, 0);
1673
1674 fail:
1675 xml_free_element_list (elements);
1676 strv_free (dup);
1677 xfree (path);
1678 return rc;
1679 }
1680
1681 gpg_error_t
1682 xml_validate_target (struct client_s *client, xmlDocPtr doc, const char *src,
1683 xmlNodePtr dst)
1684 {
1685 gpg_error_t rc;
1686 xmlNodePtr src_node;
1687 char **src_req = NULL;
1688
1689 src_node = xml_resolve_path (client, doc, (xmlChar *) src, &src_req, &rc);
1690 if (rc)
1691 goto fail;
1692
1693 client->flags |= FLAG_ACL_IGNORE;
1694 /* A destination element is a child of the source element. */
1695 rc = find_child_of_parent (doc, src_node->children, dst);
1696 if (rc)
1697 goto fail;
1698
1699 /* The destination element is a parent of the source element. */
1700 rc = find_parent_of_child (doc, src_node->parent, dst);
1701 if (rc)
1702 goto fail;
1703
1704 /* A destination child element contains a target to the source element. */
1705 if (dst)
1706 rc = find_child_to_target (client, doc,
1707 dst->children ? dst->children : dst, dst, 0, 0);
1708 if (rc)
1709 goto fail;
1710
1711 fail:
1712 strv_free (src_req);
1713 client->flags &= ~(FLAG_ACL_IGNORE | FLAG_ACL_ERROR);
1714 return rc;
1715 }
1716
1717 /* The owner of the element is the first user listed in the _acl attribute
1718 * list. xml_acl_check() should be called before calling this function. An
1719 * empty ACL is an error if the client is not an invoking_user. The 'strict'
1720 * parameter will not check if the current user is an invoking one.
1721 */
1722 gpg_error_t
1723 xml_is_element_owner (struct client_s *client, xmlNodePtr n, int strict)
1724 {
1725 xmlChar *acl = xml_attribute_value (n, (xmlChar *) "_acl");
1726 char **users;
1727 gpg_error_t rc = GPG_ERR_EACCES;
1728
1729 if (!acl || !*acl)
1730 {
1731 xmlFree (acl);
1732 return peer_is_invoker (client);
1733 }
1734
1735 users = str_split((char *)acl, ",", 0);
1736 if (users && *users)
1737 {
1738 char *user;
1739
1740 #ifdef WITH_GNUTLS
1741 if (client->thd->remote)
1742 user = str_asprintf ("#%s", client->thd->tls->fp);
1743 else
1744 user = get_username (client->thd->peer->uid);
1745 #else
1746 user = get_username (client->thd->peer->uid);
1747 #endif
1748
1749 if (*user == '#')
1750 rc = !strcasecmp (*users, user) ? 0 : GPG_ERR_EACCES;
1751 else
1752 rc = !strcmp (*users, user) ? 0 : GPG_ERR_EACCES;
1753
1754 if (rc && !strict)
1755 rc = peer_is_invoker (client);
1756
1757 xfree (user);
1758 }
1759
1760 xmlFree (acl);
1761 strv_free (users);
1762 return rc;
1763 }
1764
1765 /* Find elements by matching element names in req->args starting at 'node'.
1766 * Returns the node of the final element in req->args on success or NULL on
1767 * failure and sets 'rc' to the error code. Some commands may need special
1768 * handling and will return the node of the previous found element.
1769 */
1770 xmlNodePtr
1771 xml_find_elements (struct client_s *client, struct xml_request_s *req,
1772 xmlNodePtr node, gpg_error_t *rc)
1773 {
1774 xmlNodePtr n, last;
1775 char **p;
1776
1777 *rc = 0;
1778 req->depth++;
1779
1780 if (max_recursion_depth >= 1 && req->depth > max_recursion_depth)
1781 {
1782 req->depth--;
1783 *rc = GPG_ERR_ELOOP;
1784 return NULL;
1785 }
1786
1787 /* Beginning of a command/root element (<pwmd>). */
1788 if (node == xmlDocGetRootElement (req->doc))
1789 {
1790 if (!node->children) // Empty tree
1791 {
1792 if (req->cmd == XML_CMD_STORE)
1793 return xml_create_element_path (client, req, node, req->args, rc);
1794
1795 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
1796 req->depth--;
1797 return NULL;
1798 }
1799
1800 node = node->children; // Start searching at the first child of the root
1801 }
1802
1803 for (last = n = node, p = req->args; *p; p++)
1804 {
1805 xmlNodePtr tmp = NULL;
1806 struct element_list_s *elements = NULL;
1807
1808 // FIXME should not be reached in this function?
1809 if (!*(*p))
1810 {
1811 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
1812 req->depth--;
1813 return NULL;
1814 }
1815
1816 n = xml_find_element (client, n, *p, rc);
1817 if (*rc)
1818 {
1819 if (*rc != GPG_ERR_ELEMENT_NOT_FOUND && *rc != GPG_ERR_EACCES)
1820 {
1821 req->depth--;
1822 return NULL;
1823 }
1824
1825 if (*rc == GPG_ERR_EACCES
1826 && (req->cmd == XML_CMD_ATTR_LIST || req->cmd == XML_CMD_ATTR
1827 || req->cmd == XML_CMD_ATTR_EXPIRE))
1828 {
1829 req->depth--;
1830 if (*(p+1))
1831 return NULL;
1832
1833 *rc = 0;
1834 return n;
1835 }
1836
1837 /* Fixes ATTR LIST when an element does not exist and the parent
1838 * denies access to children. Fixes leaking information about the
1839 * current elements children. */
1840 if (*rc == GPG_ERR_ELEMENT_NOT_FOUND && last != n && last != node)
1841 {
1842 gpg_error_t trc = xml_acl_check (client, last);
1843 if (trc)
1844 *rc = trc;
1845 }
1846
1847 if (*rc == GPG_ERR_ELEMENT_NOT_FOUND)
1848 {
1849 if (req->cmd == XML_CMD_STORE || req->cmd == XML_CMD_ATTR_TARGET)
1850 {
1851 *rc = 0;
1852 n = xml_create_element_path (client, req,
1853 *p == *req->args
1854 && node->parent == xmlDocGetRootElement (req->doc)
1855 ? node->parent : last, p, rc);
1856 if (!*rc)
1857 req->flags |= XML_REQUEST_FLAG_CREATED;
1858
1859 req->depth--;
1860 return n;
1861 }
1862 }
1863
1864 if (req->cmd != XML_CMD_LIST && req->cmd != XML_CMD_REALPATH)
1865 {
1866 req->depth--;
1867 return NULL;
1868 }
1869
1870 // Fall through to let LIST flags be appended.
1871 }
1872
1873 last = n;
1874
1875 /* Follow a "_target" attribute for each one found in each element. */
1876 xmlChar *target = xml_attribute_value (n, (xmlChar *) "_target");
1877 if (!target || !*target)
1878 {
1879 xmlFree (target);
1880
1881 if (*rc)
1882 {
1883 req->depth--;
1884 return NULL;
1885 }
1886
1887 /* This is the final element in req->args. Done. */
1888 if (!*(p+1))
1889 {
1890 req->depth--;
1891 return n;
1892 }
1893
1894 n = n->children;
1895 continue;
1896 }
1897
1898 if (req->cmd == XML_CMD_REALPATH)
1899 {
1900 n = do_realpath (client, req, n, p+1, target, rc);
1901 xmlFree (target);
1902 req->depth--;
1903 return n;
1904 }
1905 else if (req->cmd == XML_CMD_DELETE || req->cmd == XML_CMD_RENAME
1906 || req->cmd == XML_CMD_MOVE || req->cmd == XML_CMD_ATTR
1907 || req->cmd == XML_CMD_ATTR_TARGET
1908 || req->cmd == XML_CMD_ATTR_LIST)
1909 {
1910 /* No more elements to resolve. Return the node with the target. */
1911 if (!*(p+1))
1912 {
1913 xmlFree (target);
1914 req->depth--;
1915 return n;
1916 }
1917 }
1918 else if (req->cmd == XML_CMD_LIST)
1919 {
1920 elements = req->data;
1921 if (elements && !(elements->flags & XML_LIST_CHILD_TARGET))
1922 {
1923 /* No further elements. Use this target in the list flags. */
1924 if (!*(p+1))
1925 elements->flags |= XML_LIST_HAS_TARGET;
1926 else
1927 {
1928 /* Prevent replacing any following target value with the
1929 * current target value. */
1930 req->data = NULL;
1931 }
1932 }
1933 else if (!elements)
1934 {
1935 struct element_list_s *e = xcalloc (1, sizeof (struct element_list_s));
1936
1937 e->target = str_dup ((char *)target);
1938 e->flags |= XML_LIST_CHILD_TARGET;
1939
1940 if (!*(p+1))
1941 e->flags |= XML_LIST_HAS_TARGET;
1942
1943 req->data = elements = e;
1944 }
1945
1946 gpg_error_t rc_orig = *rc;
1947 *rc = xml_validate_target (client, req->doc, (char *)target, n);
1948 /* Ignore errors for elements elsewhere in the document. */
1949 if (*rc == GPG_ERR_EACCES)
1950 *rc = 0;
1951
1952 if (rc_orig != *rc)
1953 *rc = *rc ? *rc : rc_orig;
1954
1955 if (*rc)
1956 goto update_target;
1957 }
1958
1959 /* Create a new path based on the value of the current "_target"
1960 * attribute. */
1961 char **nargs = str_split ((char *)target, "\t", 0);
1962 if (!nargs)
1963 {
1964 xmlFree (target);
1965 *rc = GPG_ERR_INV_VALUE;
1966 req->data = req->cmd == XML_CMD_LIST ? elements : req->data;
1967 req->depth--;
1968 return NULL;
1969 }
1970
1971 /* Append the remaining elements to the target attributes path. */
1972 char **nnargs = strv_catv (nargs, p+1);
1973 strv_free (nargs);
1974 char **orig = req->args;
1975 req->args = nnargs;
1976 tmp = xml_find_elements (client, req, xmlDocGetRootElement (req->doc),
1977 rc);
1978 strv_free (nnargs);
1979 req->args = orig;
1980
1981 update_target:
1982 if (req->cmd == XML_CMD_LIST && elements)
1983 {
1984 /* A child node contained a target. Use this value rather than the
1985 * current target value as the target value for the list flag. */
1986 if (req->data && req->data != elements)
1987 {
1988 struct element_list_s *e = req->data;
1989
1990 xmlFree (target);
1991 target = xmlStrdup ((xmlChar *)e->target);
1992 xfree (e->target);
1993
1994 if ((e->flags & XML_LIST_HAS_TARGET))
1995 elements->flags |= XML_LIST_HAS_TARGET;
1996
1997 xfree (e);
1998 }
1999
2000 req->data = elements;
2001 if (req->data)
2002 {
2003 if (!(elements->flags & XML_LIST_TARGET_ERROR))
2004 {
2005 xfree (elements->target);
2006 elements->target = NULL;
2007
2008 /* Restore the original target flag. */
2009 if (target && (elements->flags & XML_LIST_HAS_TARGET))
2010 elements->target = str_dup ((char *)target);
2011 }
2012 }
2013 }
2014
2015 xmlFree (target);
2016 req->depth--;
2017 return *rc ? NULL : tmp;
2018 }
2019
2020 req->depth--;
2021 return n;
2022 }
2023
2024 gpg_error_t
2025 xml_new_request (struct client_s *client, const char *line, xml_command_t cmd,
2026 struct xml_request_s **result)
2027 {
2028 struct xml_request_s *req;
2029 char **pp = str_split ((char *) line, "\t", 0);
2030
2031 if (!pp || !*pp)
2032 {
2033 strv_free (pp);
2034 return GPG_ERR_SYNTAX;
2035 }
2036
2037 req = xcalloc (1, sizeof (struct xml_request_s));
2038 if (!req)
2039 {
2040 strv_free (pp);
2041 return GPG_ERR_ENOMEM;
2042 }
2043
2044 req->cmd = cmd;
2045 req->args = pp;
2046 req->doc = client ? client->doc : NULL;
2047 *result = req;
2048 return 0;
2049 }
2050
2051 void
2052 xml_free_request (struct xml_request_s *r)
2053 {
2054 if (!r)
2055 return;
2056
2057 strv_free (r->args);
2058 xfree (r);
2059 }
2060
2061 int
2062 xml_reserved_attribute (const char *name)
2063 {
2064 int i;
2065
2066 for (i = 0; reserved_attributes[i]; i++)
2067 {
2068 if (!strcmp (name, reserved_attributes[i]))
2069 return 1;
2070 }
2071
2072 return 0;
2073 }
A server for managing passphrases and anything else.