2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
32 #include <libxml/xmlwriter.h>
34 #include <sys/types.h>
39 #define _(msgid) gettext(msgid)
42 #include "pwmd-error.h"
43 #include "util-misc.h"
48 extern void log_write (const char *fmt
, ...);
51 * 'element' must be allocated.
54 is_literal_element (char **element
)
58 if (!element
|| !*element
)
61 if (*(*element
) == '!')
65 for (p
= *element
, c
= p
+ 1; *c
; c
++)
76 valid_xml_attribute (const char *str
)
78 return valid_xml_element ((xmlChar
*)str
);
82 valid_xml_element (xmlChar
*str
)
87 if (!str
|| !*str
|| *str
== '!')
90 wc
= str_to_wchar ((const char *)str
);
95 for (c
= 0; c
< len
; c
++)
109 valid_element_path (char **path
, int with_content
)
111 char **dup
= NULL
, **p
;
116 /* Save some memory by not duplicating the element content. */
119 int i
, t
= strv_length (path
);
121 for (i
= 0; i
< t
- 1; i
++)
123 char **tmp
= xrealloc (dup
, (i
+ 2) * sizeof (char *));
132 dup
[i
] = str_dup (path
[i
]);
137 dup
= strv_dup (path
);
142 for (p
= dup
; *p
&& *(*p
); p
++)
144 is_literal_element (&(*p
));
145 if (!valid_xml_element ((xmlChar
*) * p
))
157 attr_ctime (struct client_s
*client
, xmlNodePtr n
)
159 char *buf
= str_asprintf ("%li", time (NULL
));
163 return GPG_ERR_ENOMEM
;
165 rc
= add_attribute (client
, n
, "_ctime", buf
);
171 acl_check (struct client_s
*client
, xmlNodePtr n
)
173 gpg_error_t rc
= GPG_ERR_EACCES
;
174 xmlChar
*acl
= node_has_attribute (n
, (xmlChar
*) "_acl");
175 char **users
= acl
? str_split((char *)acl
, ",", 0) : NULL
;
179 if (!acl
|| !*acl
|| !users
|| !*users
)
183 return peer_is_invoker(client
);
186 if (!peer_is_invoker(client
))
189 for (p
= users
; *p
; p
++)
192 rc
= acl_check_common (client
, *p
,
193 client
->thd
->remote
? 0 : client
->thd
->peer
->uid
,
194 client
->thd
->remote
? 0 : client
->thd
->peer
->gid
,
197 rc
= acl_check_common (client
, *p
, client
->thd
->peer
->uid
,
198 client
->thd
->peer
->gid
, &allowed
);
207 return allowed
? 0 : GPG_ERR_EACCES
;
211 create_acl_user (struct client_s
*client
)
214 if (client
->thd
->remote
)
215 return str_asprintf ("#%s", client
->thd
->tls
->fp
);
218 return get_username (client
->thd
->peer
->uid
);
222 create_new_element (struct client_s
*client
, int verify
, xmlNodePtr parent
,
223 const char *name
, xmlNodePtr
* result
)
228 // Allow any client to create a non-existing root element.
229 if (parent
->parent
->type
!= XML_DOCUMENT_NODE
)
231 rc
= acl_check(client
, parent
);
236 n
= xmlNewNode (NULL
, (xmlChar
*) "element");
238 return GPG_ERR_ENOMEM
;
240 rc
= add_attribute (client
, n
, "_name", name
);
242 rc
= attr_ctime (client
, n
);
244 if (!rc
&& verify
&& parent
->parent
->type
!= XML_DOCUMENT_NODE
)
245 rc
= is_element_owner (client
, parent
);
249 xmlNodePtr p
= xmlAddChild (parent
, n
);
250 char *user
= create_acl_user (client
);
255 rc
= add_attribute(client
, p
, "_acl", user
);
265 new_root_element (struct client_s
*client
, xmlDocPtr doc
, char *name
)
267 xmlNodePtr root
= xmlDocGetRootElement (doc
);
271 return GPG_ERR_BAD_DATA
;
276 if (!valid_xml_element ((xmlChar
*) p
))
277 return GPG_ERR_INV_VALUE
;
279 return create_new_element (client
, 0, root
, p
, NULL
);
286 xmlTextWriterPtr wr
= xmlNewTextWriterDoc (&doc
, 0);
291 if (xmlTextWriterStartDocument (wr
, NULL
, "UTF-8", "yes"))
294 if (xmlTextWriterStartDTD (wr
, (xmlChar
*) "pwmd", NULL
, NULL
) == -1)
297 if (xmlTextWriterWriteDTDElement (wr
, (xmlChar
*) "pwmd",
298 (xmlChar
*) "(element)") == -1)
301 xmlTextWriterEndDTDElement (wr
);
303 if (xmlTextWriterWriteDTDAttlist (wr
, (xmlChar
*) "element",
304 (xmlChar
*) "_name CDATA #REQUIRED") ==
308 xmlTextWriterEndDTDAttlist (wr
);
309 xmlTextWriterEndDTD (wr
);
311 if (xmlTextWriterStartElement (wr
, (xmlChar
*) "pwmd"))
314 xmlTextWriterEndElement (wr
);
315 xmlTextWriterEndDocument (wr
);
316 xmlFreeTextWriter (wr
);
320 xmlTextWriterEndDocument (wr
);
321 xmlFreeTextWriter (wr
);
329 return create_dtd ();
333 find_element_node (xmlNodePtr node
)
337 if (n
&& n
->type
== XML_ELEMENT_NODE
)
340 for (n
= node
; n
; n
= n
->next
)
342 if (n
->type
== XML_ELEMENT_NODE
)
350 resolve_path (struct client_s
*client
, xmlDocPtr doc
, xmlChar
* path
,
351 char ***result
, gpg_error_t
* rc
)
356 req
= str_split ((char *) path
, "\t", 0);
359 *rc
= GPG_ERR_ENOMEM
;
363 n
= find_root_element (client
, doc
, &req
, rc
, NULL
, 0, 0);
371 n
= find_elements (client
, doc
, n
->children
, req
+ 1, rc
, NULL
, NULL
, NULL
,
383 * Lists root element names; the value of the attribute "_name" of an element
384 * "element". If there's a target attribute both literal and non-literal
385 * element names will be added. This is the primary reason why XML entities
386 * cannot be used. There wouldn't be a way to get the literal an non-literal
390 list_root_elements (struct client_s
*client
, xmlDocPtr doc
,
391 struct string_s
** result
, int verbose
, int with_target
)
394 struct slist_s
*list
= NULL
;
396 struct string_s
*string
;
399 n
= xmlDocGetRootElement (doc
);
400 if (!n
|| !n
->children
)
401 return GPG_ERR_NO_DATA
;
403 for (n
= n
->children
; n
; n
= n
->next
)
406 xmlChar
*val
, *target
;
407 struct slist_s
*tlist
;
410 if (n
->type
!= XML_ELEMENT_NODE
)
413 a
= xmlHasProp (n
, (xmlChar
*) "_name");
414 if (!a
|| !a
->children
->content
)
417 val
= xmlNodeGetContent (a
->children
);
424 tmp
= str_asprintf ("!%s%s", (char *) val
,
425 verbose
? find_element_node (n
->children
) ? " +"
435 tlist
= slist_append (list
, tmp
);
444 target
= node_has_attribute (n
, (xmlChar
*) "target");
452 xmlNodePtr tnode
= resolve_path (client
, doc
, target
, &req
, &rc
);
454 if (rc
== GPG_ERR_ELEMENT_NOT_FOUND
|| rc
== GPG_ERR_ELOOP
455 || rc
== GPG_ERR_EACCES
)
457 t
= str_asprintf ("%s %s", (char *) val
,
458 rc
== GPG_ERR_ELOOP
? "O" :
459 rc
== GPG_ERR_EACCES
? "P" : "E");
464 struct string_s
*realpath
= NULL
;
468 rc
= build_realpath (client
, doc
, (char *) target
,
478 realpath
= string_prepend (realpath
, "T ");
481 t
= str_asprintf ("%s%s%s%s", (char *) val
,
483 && find_element_node (tnode
->children
))
484 || realpath
? " " : "", tnode
485 && find_element_node (tnode
->children
) ?
486 "+" : "", realpath
? realpath
->str
: "");
489 string_free (realpath
, 1);
496 t
= str_dup ((char *) val
);
502 rc
= rc
? rc
: GPG_ERR_ENOMEM
;
506 tlist
= slist_append (list
, t
);
523 total
= slist_length (list
);
525 return GPG_ERR_NO_DATA
;
527 string
= string_new (NULL
);
534 for (i
= 0; i
< total
; i
++)
536 char *val
= slist_nth_data (list
, i
);
538 string_append_printf (string
, "%s\n", val
);
541 string
= string_truncate (string
, string
->len
- 1);
545 total
= slist_length (list
);
546 for (i
= 0; i
< total
; i
++)
547 xfree (slist_nth_data (list
, i
));
554 * Prevents a sibling element past the current element path with the same
558 find_stop_node (xmlNodePtr node
)
562 for (n
= node
->parent
->children
; n
; n
= n
->next
)
572 create_target_elements_cb (struct client_s
*client
, int verify
,
573 xmlNodePtr node
, char **path
, gpg_error_t
*rc
,
578 xmlNodePtr parent
= data
;
580 for (i
= 0; req
[i
] && *req
[i
]; i
++)
584 if (parent
&& node
== parent
)
586 *rc
= GPG_ERR_CONFLICT
;
590 is_literal_element (&req
[i
]);
592 if ((n
= find_element (client
, node
, req
[i
],
593 find_stop_node (node
), rc
)) == NULL
||
594 (n
&& n
->parent
== node
->parent
))
598 *rc
= create_new_element (client
, verify
, node
, req
[i
], &node
);
611 find_text_node (xmlNodePtr node
)
615 if (n
&& n
->type
== XML_TEXT_NODE
)
618 for (n
= node
; n
; n
= n
->next
)
620 if (n
->type
== XML_TEXT_NODE
)
628 create_elements_cb (struct client_s
*client
, int verify
, xmlNodePtr node
,
629 char **elements
, gpg_error_t
* rc
, void *data
)
632 char **req
= elements
;
634 if (node
->type
== XML_TEXT_NODE
)
637 for (i
= 0; req
[i
] && *req
[i
]; i
++)
642 * Strip the first '!' if needed. If there's another, it's an
643 * rc. The syntax has already been checked before calling this
646 is_literal_element (&req
[i
]);
647 n
= find_element (client
, node
, req
[i
], find_stop_node (node
), rc
);
652 * If the found element has the same parent as the current element,
653 * they are siblings and the new element needs to be created as a
654 * child of the current element (node).
656 if (n
&& n
->parent
== node
->parent
)
661 *rc
= create_new_element (client
, 0, node
, req
[i
], &node
);
672 /* The root element is really req[0]. It is need as a pointer in case there is
673 * a target attribute so it can be updated. */
675 find_root_element (struct client_s
*client
, xmlDocPtr doc
, char ***req
,
676 gpg_error_t
* rc
, int *target
, int recursion_depth
,
679 xmlNodePtr n
= xmlDocGetRootElement (doc
);
681 char *root
= str_dup (*req
[0]);
682 int literal
= is_literal_element (&root
);
686 *rc
= GPG_ERR_ENOMEM
;
693 if (max_recursion_depth
>= 1 && recursion_depth
> max_recursion_depth
)
695 xmlChar
*t
= xmlGetNodePath (n
);
697 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP
), t
);
706 if (n
->type
== XML_ELEMENT_NODE
)
708 if (depth
== 0 && xmlStrEqual (n
->name
, (xmlChar
*) "pwmd"))
715 if (depth
== 1 && xmlStrEqual (n
->name
, (xmlChar
*) "element"))
717 xmlChar
*content
= node_has_attribute (n
, (xmlChar
*) "_name");
722 if (xmlStrEqual (content
, (xmlChar
*) root
))
724 char **nreq
, **tmp
= NULL
;
726 *rc
= acl_check(client
, n
);
742 content
= node_has_attribute (n
, (xmlChar
*) "target");
744 if (content
&& target
)
747 if (!content
|| stop
)
756 if (strchr ((char *) content
, '\t'))
758 nreq
= str_split ((char *) content
, "\t", 0);
767 *rc
= GPG_ERR_ENOMEM
;
773 tmp
= strv_catv (nreq
, tmp
+ 1);
779 *rc
= GPG_ERR_ENOMEM
;
788 if (strv_printf (&tmp
, "%s", content
) == 0)
792 *rc
= GPG_ERR_ENOMEM
;
798 nreq
= strv_catv (tmp
, nreq
+ 1);
803 *rc
= GPG_ERR_ENOMEM
;
813 n
= find_root_element (client
, doc
, req
, rc
, target
,
826 *rc
= GPG_ERR_ELEMENT_NOT_FOUND
;
831 find_element (struct client_s
*client
, xmlNodePtr node
, char *element
,
832 xmlNodePtr stop
, gpg_error_t
*rc
)
838 if (!node
|| !element
)
841 for (n
= node
; n
; n
= n
->next
)
843 if (n
->type
!= XML_ELEMENT_NODE
)
849 xmlChar
*a
= node_has_attribute (n
, (xmlChar
*) "_name");
851 if (a
&& xmlStrEqual (a
, (xmlChar
*) element
))
855 *rc
= acl_check(client
, n
);
869 node_has_attribute (xmlNodePtr n
, xmlChar
* attr
)
871 xmlAttrPtr a
= xmlHasProp (n
, attr
);
876 if (!a
->children
|| !a
->children
->content
)
879 return xmlGetProp (n
, attr
);
883 element_to_literal (char **element
)
885 char *p
= str_asprintf ("!%s", *element
);
895 /* Resolves elements in 'req' one at a time. It's recursive in case of
896 * "target" attributes. */
898 find_elements (struct client_s
*client
, xmlDocPtr doc
, xmlNodePtr node
,
899 char **req
, gpg_error_t
* rc
, int *target
,
900 xmlNodePtr (*found_fn
) (struct client_s
*, xmlNodePtr
, char **,
901 gpg_error_t
*, char **, void *),
902 xmlNodePtr (*not_found_fn
) (struct client_s
*, int, xmlNodePtr
,
903 char **, gpg_error_t
*, void *),
904 int is_list_command
, int recursion_depth
, void *data
, int stop
)
906 xmlNodePtr n
, last
, last_node
;
913 if (max_recursion_depth
>= 1 && recursion_depth
> max_recursion_depth
)
915 xmlChar
*t
= xmlGetNodePath (node
);
917 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP
), t
);
924 for (last_node
= last
= n
= node
, p
= req
; *p
; p
++)
932 *rc
= GPG_ERR_ELEMENT_NOT_FOUND
;
939 *rc
= GPG_ERR_ENOMEM
;
943 literal
= is_literal_element (&t
);
944 n
= find_element (client
, last
, t
, NULL
, rc
);
947 if (*rc
&& *rc
!= GPG_ERR_ELEMENT_NOT_FOUND
)
953 return not_found_fn (client
, 0,
954 found
? last_node
: last_node
->parent
, p
,
958 *rc
= GPG_ERR_ELEMENT_NOT_FOUND
;
969 xmlChar
*content
= node_has_attribute (n
, (xmlChar
*) "target");
970 char **nreq
= NULL
, **nnreq
;
974 if (is_list_command
== 1)
976 if (element_to_literal (&(*p
)) == 0)
978 *rc
= GPG_ERR_ENOMEM
;
989 if (!*(p
+ 1) && stop
)
995 if (strchr ((char *) content
, '\t') != NULL
)
997 if ((nreq
= str_split ((char *) content
, "\t", 0)) == NULL
)
1000 *rc
= GPG_ERR_INV_VALUE
;
1006 if ((nreq
= str_split ((char *) content
, " ", 0)) == NULL
)
1009 *rc
= GPG_ERR_INV_VALUE
;
1015 tmp
= find_root_element (client
, doc
, &nreq
, rc
, target
, 0, 0);
1025 found_fn (client
, tmp
, nreq
, rc
, p
+ 1, data
);
1034 if (!*(nreq
+ 1) && !*(p
+ 1))
1040 nnreq
= strv_catv (nreq
+ 1, p
+ 1);
1044 if (!nnreq
|| !*nnreq
)
1053 n
= find_elements (client
, doc
, tmp
->children
, nnreq
, rc
, NULL
,
1054 found_fn
, not_found_fn
, is_list_command
,
1055 recursion_depth
, data
, stop
);
1061 return not_found_fn (client
, 0, tmp
, p
+ 1, rc
, data
);
1063 *rc
= GPG_ERR_ELEMENT_NOT_FOUND
;
1069 char **zz
= p
+ 1, **qq
= nnreq
;
1071 if (strv_length (nnreq
) > strv_length (p
+ 1))
1074 for (; *qq
&& *zz
; zz
++)
1077 *zz
= str_dup (*qq
++);
1081 *rc
= GPG_ERR_ENOMEM
;
1097 update_element_list (struct element_list_s
*elements
)
1102 if (!elements
|| !elements
->elements
)
1105 line
= strv_join ("\t", elements
->elements
);
1110 strv_free (elements
->elements
);
1111 elements
->elements
= NULL
;
1112 l
= slist_append (elements
->list
, line
);
1122 path_list_recurse (struct client_s
*client
, xmlDocPtr doc
, xmlNodePtr node
,
1123 struct element_list_s
*elements
)
1127 gpg_error_t error_flag
= 0;
1129 for (n
= node
; n
; n
= n
->next
)
1131 xmlChar
*target
= NULL
;
1132 xmlChar
*a
= node_has_attribute (n
, (xmlChar
*) "_name");
1133 gpg_error_t err
= 0;
1140 if (n
->type
!= XML_ELEMENT_NODE
)
1143 rc
= acl_check(client
, n
);
1145 if (elements
->verbose
)
1148 (&elements
->elements
, "%s\t!%s%s%s", elements
->prefix
, a
,
1149 !rc
&& find_element_node (n
->children
) ? " +" : "",
1150 rc
== GPG_ERR_EACCES
? " P" : "") == 0)
1153 return GPG_ERR_ENOMEM
;
1157 if (strv_printf (&elements
->elements
, "%s\t!%s", elements
->prefix
, a
)
1161 return GPG_ERR_ENOMEM
;
1164 if (update_element_list (elements
) == 0)
1167 return GPG_ERR_ENOMEM
;
1171 if (rc
== GPG_ERR_EACCES
)
1183 target
= node_has_attribute (n
, (xmlChar
*) "target");
1187 char *save
= elements
->prefix
;
1188 int r
= elements
->resolving
;
1191 struct string_s
*realpath
= NULL
;
1193 tnode
= resolve_path (client
, doc
, target
, &req
, &rc
);
1194 if (rc
== GPG_ERR_ELOOP
|| rc
== GPG_ERR_ELEMENT_NOT_FOUND
1195 || rc
== GPG_ERR_EACCES
)
1197 if (rc
== GPG_ERR_ELOOP
)
1199 xmlChar
*t
= xmlGetNodePath (n
);
1201 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP
), t
);
1205 if (elements
->verbose
)
1207 error_flag
= err
= rc
;
1211 else if (!elements
->verbose
&& rc
)
1218 path
= str_asprintf("%s\t%s", elements
->prefix
, a
);
1219 rc
= validate_target_attribute (client
, client
->doc
, path
, tnode
);
1221 if (rc
== GPG_ERR_ELOOP
|| rc
== GPG_ERR_EACCES
1222 || rc
== GPG_ERR_ELEMENT_NOT_FOUND
)
1224 if (rc
!= GPG_ERR_ELEMENT_NOT_FOUND
)
1225 error_flag
= err
= rc
;
1238 strv_printf (&elements
->elements
, "%s\t%s %s", elements
->prefix
,
1240 err
== GPG_ERR_ELOOP
? "O" :
1241 err
== GPG_ERR_EACCES
? "P" : "E");
1244 if (!err
&& elements
->with_target
)
1246 rc
= build_realpath (client
, doc
, (char *) target
, &realpath
);
1254 realpath
= string_prepend (realpath
, "T ");
1257 if (!err
&& elements
->verbose
)
1259 if (!strv_printf (&elements
->elements
, "%s\t%s%s%s%s",
1260 elements
->prefix
, a
,
1261 (tnode
&& find_element_node (tnode
->children
))
1262 || realpath
? " " : "", tnode
1263 && find_element_node (tnode
->children
) ? "+" :
1264 "", realpath
? realpath
->str
: ""))
1268 return GPG_ERR_ENOMEM
;
1273 (&elements
->elements
, "%s\t%s", elements
->prefix
, a
))
1277 return GPG_ERR_ENOMEM
;
1281 string_free (realpath
, 1);
1283 tmp
= strv_join ("\t", elements
->elements
);
1288 return GPG_ERR_ENOMEM
;
1291 if (update_element_list (elements
) == 0)
1296 return GPG_ERR_ENOMEM
;
1299 if (!err
&& elements
->recurse
)
1301 /* Prune element flags. */
1302 if (elements
->verbose
&& strchr (tmp
, ' '))
1306 for (p
= tmp
; *p
; p
++)
1316 elements
->prefix
= tmp
;
1317 elements
->resolving
= 1;
1318 rc
= create_path_list (client
, doc
, elements
, (char *) target
);
1319 elements
->resolving
= r
;
1320 elements
->prefix
= save
;
1322 if (rc
&& gpg_err_code (rc
) != GPG_ERR_ELOOP
1323 && gpg_err_code(rc
) != GPG_ERR_EACCES
)
1331 error_flag
= err
= rc
;
1340 if (n
->children
&& elements
->recurse
&& err
!= GPG_ERR_EACCES
)
1342 char *tmp
= str_asprintf ("%s\t!%s", elements
->prefix
, a
);
1343 char *save
= elements
->prefix
;
1348 return GPG_ERR_ENOMEM
;
1351 elements
->prefix
= tmp
;
1352 rc
= path_list_recurse (client
, doc
, n
->children
, elements
);
1353 xfree (elements
->prefix
);
1354 elements
->prefix
= save
;
1358 if (gpg_err_code(rc
) == GPG_ERR_ELOOP
1359 || gpg_err_code (rc
) == GPG_ERR_EACCES
1360 || gpg_err_code (rc
) == GPG_ERR_ELEMENT_NOT_FOUND
)
1362 error_flag
= err
= rc
;
1376 return error_flag
== GPG_ERR_ELOOP
|| error_flag
== GPG_ERR_EACCES
1381 add_attribute (struct client_s
*client
, xmlNodePtr node
, const char *name
,
1387 if (client
&& name
&& !strcmp (name
, "target"))
1389 rc
= is_element_owner (client
, node
);
1394 if (name
&& !xmlSetProp (node
, (xmlChar
*) name
, (xmlChar
*) value
))
1395 return GPG_ERR_BAD_DATA
;
1397 if (client
&& name
&& !xmlStrEqual ((xmlChar
*) name
, (xmlChar
*) "_acl"))
1399 xmlChar
*acl
= node_has_attribute (node
, (xmlChar
*) "_acl");
1403 char *user
= create_acl_user (client
);
1407 rc
= add_attribute (client
, node
, (char *) "_acl", user
);
1417 if (name
&& xmlStrEqual ((xmlChar
*) name
, (xmlChar
*) "_mtime"))
1420 buf
= str_asprintf ("%li", time (NULL
));
1421 rc
= add_attribute (client
, node
, "_mtime", buf
);
1427 * From the element path 'path', find sub-nodes and append them to the list.
1430 create_path_list (struct client_s
*client
, xmlDocPtr doc
,
1431 struct element_list_s
* elements
, char *path
)
1434 char **req
, **req_orig
;
1438 req
= str_split (path
, "\t", 0);
1441 req
= str_split (path
, " ", 0);
1443 return GPG_ERR_SYNTAX
;
1446 req_orig
= strv_dup (req
);
1449 rc
= GPG_ERR_ENOMEM
;
1453 n
= find_root_element (client
, doc
, &req
, &rc
, &a_target
, 0, 0);
1454 if ((rc
== GPG_ERR_ELEMENT_NOT_FOUND
|| rc
== GPG_ERR_ELOOP
1455 || rc
== GPG_ERR_EACCES
)
1456 && elements
->verbose
&& a_target
)
1458 if (rc
!= GPG_ERR_EACCES
)
1464 if (rc
== GPG_ERR_EACCES
)
1467 if (!n
&& rc
== GPG_ERR_ELEMENT_NOT_FOUND
&& elements
->resolving
== 1)
1478 *req
= str_dup (*req_orig
);
1486 find_elements (client
, doc
, n
->children
, req
+ 1, &rc
, &e_target
,
1487 NULL
, NULL
, 1, 0, NULL
, 0);
1489 if (!n
&& rc
== GPG_ERR_ELEMENT_NOT_FOUND
&& elements
->resolving
== 1)
1499 if (!elements
->prefix
)
1504 * If any req_orig element contains no target the element should be
1505 * prefixed with the literal character. Not really crucial if the
1506 * client isn't human because child elements are prefixed for the
1507 * current path. But may be confusing if editing by hand.
1509 elements
->prefix
= strv_join ("\t", req_orig
);
1511 if (!elements
->prefix
)
1513 rc
= GPG_ERR_ENOMEM
;
1517 if (elements
->verbose
)
1520 struct string_s
*realpath
= NULL
;
1521 gpg_error_t allowed
= rc
;
1525 if (!allowed
&& a_target
&& elements
->with_target
)
1527 rc
= build_realpath (client
, doc
, path
, &realpath
);
1531 realpath
= string_prepend (realpath
, "T ");
1534 ret
= strv_printf (&elements
->elements
, "%s%s%s%s%s",
1536 (!allowed
&& n
&& find_element_node (n
->children
))
1537 || realpath
? " " : "",
1538 (!allowed
&& n
&& find_element_node (n
->children
)) ? "+" : "",
1539 !allowed
&& realpath
? realpath
->str
: "",
1540 allowed
? " P" : "");
1541 string_free (realpath
, 1);
1544 rc
= GPG_ERR_ENOMEM
;
1548 else if (strv_printf (&elements
->elements
, "%s", elements
->prefix
) == 0)
1550 rc
= GPG_ERR_ENOMEM
;
1554 if (update_element_list (elements
) == 0)
1556 rc
= GPG_ERR_ENOMEM
;
1561 rc
= path_list_recurse (client
, doc
, n
? n
->children
: n
, elements
);
1565 strv_free (req_orig
);
1572 recurse_xpath_nodeset (struct client_s
*client
, xmlDocPtr doc
,
1573 xmlNodeSetPtr nodes
, xmlChar
* value
,
1574 xmlBufferPtr
* result
, int cmd
, const xmlChar
* attr
)
1576 int i
= value
? nodes
->nodeNr
- 1 : 0;
1579 buf
= xmlBufferCreate ();
1582 return GPG_ERR_ENOMEM
;
1584 for (; value
? i
>= 0 : i
< nodes
->nodeNr
; value
? i
-- : i
++)
1586 xmlNodePtr n
= nodes
->nodeTab
[i
];
1592 if (!value
&& !attr
)
1594 if (xmlNodeDump (buf
, doc
, n
, 0, 0) == -1)
1597 return GPG_ERR_BAD_DATA
;
1605 xmlNodeSetContent (n
, value
);
1606 rc
= update_element_mtime (client
, n
);
1614 rc
= add_attribute (client
, n
, (char *) attr
, (char *) value
);
1616 rc
= delete_attribute (client
, n
, attr
);
1628 convert_root_element (struct client_s
*client
, xmlNodePtr n
)
1630 xmlChar
*a
= xmlGetProp (n
, (xmlChar
*) "_name");
1636 xmlChar
*t
= xmlGetNodePath (n
);
1639 ("An existing \"_name\" attribute already exists. Please rename this attribute before converting. Path is: %s"),
1642 return GPG_ERR_AMBIGUOUS_NAME
;
1645 a
= xmlGetProp (n
, (xmlChar
*) "name");
1649 rc
= add_attribute (client
, n
, "_name", (char *) a
);
1655 rc
= delete_attribute (client
, n
, (xmlChar
*) "name");
1660 xmlNodeSetName (n
, (xmlChar
*) "element");
1667 delete_attribute (struct client_s
*client
, xmlNodePtr n
, const xmlChar
* name
)
1672 if ((a
= xmlHasProp (n
, name
)) == NULL
)
1673 return GPG_ERR_NOT_FOUND
;
1675 if (xmlRemoveProp (a
) == -1)
1676 return GPG_ERR_BAD_DATA
;
1678 if (client
&& xmlStrEqual (name
, (xmlChar
*) "_acl"))
1680 char *user
= create_acl_user (client
);
1682 rc
= add_attribute (client
, n
, (char *) "_acl", user
);
1689 return update_element_mtime (client
, n
);
1693 convert_elements_recurse (struct client_s
*client
, xmlDocPtr doc
,
1694 xmlNodePtr n
, unsigned depth
)
1700 for (n
= n
->children
; n
; n
= n
->next
)
1702 if (n
->type
== XML_ELEMENT_NODE
)
1708 if (xmlStrEqual (n
->name
, (xmlChar
*) "element"))
1710 xmlChar
*t
= xmlGetNodePath (n
);
1713 ("An existing \"element\" already exists. Please rename this element before converting. Path is: %s"),
1716 return GPG_ERR_AMBIGUOUS_NAME
;
1719 a
= xmlGetProp (n
, (xmlChar
*) "_name");
1723 xmlChar
*t
= xmlGetNodePath (n
);
1726 ("An existing \"_name\" attribute already exists. Please rename this attribute before converting. Path is: %s"),
1729 return GPG_ERR_AMBIGUOUS_NAME
;
1732 xmlChar
*tmp
= xmlStrdup (n
->name
);
1735 return GPG_ERR_ENOMEM
;
1737 xmlNodeSetName (n
, (xmlChar
*) "element");
1738 rc
= add_attribute (client
, n
, "_name", (char *) tmp
);
1746 rc
= convert_root_element (client
, n
);
1755 rc
= convert_elements_recurse (client
, doc
, n
, depth
);
1765 /* Renames ALL elements to the new "element" name. Existing element names are
1766 * stored as an attribute "_name". This was introduced in pwmd 2.12 so
1767 * elements can contain common characters that the XML parser barfs on (an
1768 * email address for example. */
1770 convert_pre_212_elements (xmlDocPtr doc
)
1772 xmlNodePtr n
= xmlDocGetRootElement (doc
);
1774 log_write (_("Converting pre 2.12 data file..."));
1775 return convert_elements_recurse (NULL
, doc
, n
, 0);
1779 validate_import (struct client_s
*client
, xmlNodePtr node
)
1786 for (xmlNodePtr n
= node
; n
; n
= n
->next
)
1788 if (n
->type
== XML_ELEMENT_NODE
)
1790 if (xmlStrEqual (n
->name
, (xmlChar
*) "element"))
1792 xmlChar
*a
= xmlGetProp (n
, (xmlChar
*) "_name");
1796 xmlChar
*t
= xmlGetNodePath (n
);
1798 log_write (_("Missing attribute '_name' at %s."), t
);
1800 return GPG_ERR_INV_VALUE
;
1803 if (!valid_xml_element (a
))
1805 xmlChar
*t
= xmlGetNodePath (n
);
1807 log_write (_("'%s' is not a valid element name at %s."), a
,
1811 return GPG_ERR_INV_VALUE
;
1815 a
= xmlGetProp (n
, (xmlChar
*) "_ctime");
1817 attr_ctime (client
, n
);
1820 a
= xmlGetProp (n
, (xmlChar
*) "_mtime");
1822 update_element_mtime (client
, n
);
1827 xmlChar
*t
= xmlGetNodePath (n
);
1829 log_write (_("Warning: unknown element '%s' at %s. Ignoring."),
1838 rc
= validate_import (client
, n
->children
);
1849 update_element_mtime (struct client_s
*client
, xmlNodePtr n
)
1851 return add_attribute (client
, n
, NULL
, NULL
);
1855 unlink_node (struct client_s
*client
, xmlNodePtr n
)
1863 rc
= update_element_mtime (client
, n
->parent
);
1870 parse_doc (const char *xml
, size_t len
, xmlDocPtr
*result
)
1874 xmlResetLastError ();
1875 doc
= xmlReadMemory (xml
, len
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
);
1876 if (!doc
&& xmlGetLastError ())
1877 return GPG_ERR_BAD_DATA
;
1880 return !doc
? GPG_ERR_ENOMEM
: 0;
1884 realpath_elements_cb (struct client_s
*client
, xmlNodePtr node
, char **target
,
1885 gpg_error_t
* rc
, char **req_orig
, void *data
)
1887 char *path
= *(char **) data
;
1888 char *tmp
= NULL
, *result
;
1893 *(char **) data
= NULL
;
1896 path
= strv_join ("\t", target
);
1900 *rc
= GPG_ERR_ENOMEM
;
1906 tmp
= strv_join ("\t", req_orig
);
1911 *rc
= GPG_ERR_ENOMEM
;
1917 result
= str_asprintf ("%s\t%s", path
, tmp
);
1919 result
= str_dup (path
);
1923 *rc
= GPG_ERR_ENOMEM
;
1931 *(char **) data
= result
;
1936 build_realpath (struct client_s
*client
, xmlDocPtr doc
, char *line
,
1937 struct string_s
** result
)
1944 struct string_s
*string
;
1947 if (strchr (line
, '\t') != NULL
)
1949 if ((req
= str_split (line
, "\t", 0)) == NULL
)
1950 return GPG_ERR_SYNTAX
;
1954 if ((req
= str_split (line
, " ", 0)) == NULL
)
1955 return GPG_ERR_SYNTAX
;
1958 n
= find_root_element (client
, doc
, &req
, &rc
, NULL
, 0, 0);
1965 rp
= strv_join ("\t", req
);
1969 return GPG_ERR_ENOMEM
;
1974 n
= find_elements (client
, doc
, n
->children
, req
+ 1, &rc
, NULL
,
1975 realpath_elements_cb
, NULL
, 0, 0, &rp
, 0);
1984 string
= string_new (rp
);
1988 return GPG_ERR_ENOMEM
;
1991 for (i
= 0, t
= string
->str
+ i
; *t
; t
++, i
++)
1993 if ((!i
&& *t
!= '!') || (*t
== '\t' && *(t
+ 1) && *(t
+ 1) != '!'))
1995 struct string_s
*s
= string_insert_c (string
, !i
? i
++ : ++i
, '!');
1999 string_free (string
, 1);
2000 return GPG_ERR_ENOMEM
;
2014 node_to_element_path (xmlNodePtr node
)
2017 struct string_s
*str
= string_new ("");
2020 for (n
= node
; n
; n
= n
->parent
)
2024 for (child
= n
; child
; child
= child
->next
)
2026 if (child
->type
!= XML_ELEMENT_NODE
)
2029 xmlChar
*name
= node_has_attribute (n
, (xmlChar
*) "_name");
2032 str
= string_prepend (str
, (char *) name
);
2034 name
= node_has_attribute (n
, (xmlChar
*) "target");
2036 str
= string_prepend (str
, "\t");
2038 str
= string_prepend (str
, "\t!");
2045 str
= string_erase (str
, 0, 1);
2047 string_free (str
, 0);
2053 * Recurse the element tree beginning at 'node' and find elements who point
2054 * back to 'src' or 'dst'. Also follows target attributes.
2057 find_child_to_target (struct client_s
*client
, xmlDocPtr doc
, xmlNodePtr node
,
2058 xmlNodePtr src
, xmlNodePtr dst
, unsigned depth
,
2064 if (max_recursion_depth
>= 1 && depth
> max_recursion_depth
)
2065 return gpg_error (GPG_ERR_ELOOP
);
2067 for (n
= node
; n
; n
= n
->next
)
2071 if (n
->type
!= XML_ELEMENT_NODE
)
2074 if (n
== src
|| n
== dst
)
2075 return GPG_ERR_ELOOP
;
2077 target
= node_has_attribute (n
, (xmlChar
*) "target");
2081 char **result
= NULL
;
2083 tmp
= resolve_path (client
, doc
, target
, &result
, &rc
);
2088 rc
= find_child_to_target (client
, doc
, tmp
, src
, dst
, ++depth
,
2093 if (rc
&& gpg_err_code (rc
) != GPG_ERR_ELEMENT_NOT_FOUND
)
2104 rc
= find_child_to_target (client
, doc
, n
->children
, src
, dst
,
2119 find_child_of_parent (xmlDocPtr doc
, xmlNodePtr src
, xmlNodePtr dst
)
2124 for (n
= src
; n
; n
= n
->next
)
2126 if (n
->type
!= XML_ELEMENT_NODE
)
2135 rc
= find_child_of_parent (doc
, n
->children
, dst
);
2142 find_parent_of_child (xmlDocPtr doc
, xmlNodePtr node
, xmlNodePtr dst
)
2147 for (n
= node
; n
; n
= n
->parent
)
2149 if (n
->type
!= XML_ELEMENT_NODE
)
2153 for (tmp
= n
->next
; tmp
; n
= n
->next
)
2155 if (n
->type
!= XML_ELEMENT_NODE
)
2159 return GPG_ERR_ELOOP
;
2164 return GPG_ERR_ELOOP
;
2171 validate_target_attribute (struct client_s
*client
, xmlDocPtr doc
,
2172 const char *src
, xmlNodePtr dst_node
)
2175 xmlNodePtr src_node
;
2176 char **src_req
= NULL
;
2178 src_node
= resolve_path (client
, doc
, (xmlChar
*) src
, &src_req
, &rc
);
2182 /* A destination element is a child of the source element. */
2183 rc
= find_child_of_parent (doc
, src_node
->children
, dst_node
);
2187 /* The destination element is a parent of the source element. */
2188 rc
= find_parent_of_child (doc
, src_node
->parent
, dst_node
);
2192 /* A destination child element contains a target to the source element. */
2193 rc
= find_child_to_target (client
, doc
, dst_node
->children
, src_node
,
2199 strv_free (src_req
);
2203 /* The owner of the element is the first user listed in the _acl attribute
2204 * list. acl_check() should be called before calling this function. An empty
2205 * ACL is an error if the client is not invoking_user.
2208 is_element_owner (struct client_s
*client
, xmlNodePtr n
)
2210 xmlChar
*acl
= node_has_attribute (n
, (xmlChar
*) "_acl");
2212 gpg_error_t rc
= GPG_ERR_EACCES
;
2217 return peer_is_invoker (client
);
2220 users
= str_split((char *)acl
, ",", 0);
2221 if (users
&& *users
)
2226 if (client
->thd
->remote
)
2227 user
= str_asprintf ("#%s", client
->thd
->tls
->fp
);
2229 user
= get_username (client
->thd
->peer
->uid
);
2231 user
= get_username (client
->thd
->peer
->uid
);
2235 rc
= !strcasecmp (*users
, user
) ? 0 : GPG_ERR_EACCES
;
2237 rc
= !strcmp (*users
, user
) ? 0 : GPG_ERR_EACCES
;
2240 rc
= peer_is_invoker (client
);