search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
LIST command recursion loop fixes.
[pwmd.git] / src / xml.c
bloba82a86994017e712f9e48eed5ccb34dd8edcefc1
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014
3 Ben Kibbey <bjk@luxsci.net>
4
5 This file is part of pwmd.
6
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
11
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
19 */
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <err.h>
28 #include <string.h>
29 #include <sys/stat.h>
30 #include <fcntl.h>
31 #include <ctype.h>
32 #include <libxml/xmlwriter.h>
33 #include <wctype.h>
34 #include <sys/types.h>
35 #include <pwd.h>
36
37 #ifndef _
38 #include "gettext.h"
39 #define _(msgid) gettext(msgid)
40 #endif
41
42 #include "pwmd-error.h"
43 #include "util-misc.h"
44 #include "xml.h"
45 #include "mem.h"
46 #include "rcfile.h"
47
48 extern void log_write (const char *fmt, ...);
49
50 /*
51 * 'element' must be allocated.
52 */
53 int
54 is_literal_element (char **element)
55 {
56 char *p;
57
58 if (!element || !*element)
59 return 0;
60
61 if (*(*element) == '!')
62 {
63 char *c;
64
65 for (p = *element, c = p + 1; *c; c++)
66 *p++ = *c;
67
68 *p = 0;
69 return 1;
70 }
71
72 return 0;
73 }
74
75 int
76 valid_xml_attribute (const char *str)
77 {
78 return valid_xml_element ((xmlChar *)str);
79 }
80
81 int
82 valid_xml_element (xmlChar *str)
83 {
84 wchar_t *wc;
85 size_t len, c;
86
87 if (!str || !*str || *str == '!')
88 return 0;
89
90 wc = str_to_wchar ((const char *)str);
91 len = wcslen (wc);
92
93 for (c = 0; c < len; c++)
94 {
95 if (iswspace(wc[c]))
96 {
97 xfree (wc);
98 return 0;
99 }
100 }
101
102 xfree (wc);
103 return 1;
104 }
105
106 int
107 valid_element_path (char **path, int with_content)
108 {
109 char **dup = NULL, **p;
110
111 if (!path || !*path)
112 return 0;
113
114 /* Save some memory by not duplicating the element content. */
115 if (with_content)
116 {
117 int i, t = strv_length (path);
118
119 for (i = 0; i < t - 1; i++)
120 {
121 char **tmp = xrealloc (dup, (i + 2) * sizeof (char *));
122
123 if (!tmp)
124 {
125 strv_free (dup);
126 return 0;
127 }
128
129 dup = tmp;
130 dup[i] = str_dup (path[i]);
131 dup[i + 1] = NULL;
132 }
133 }
134 else
135 dup = strv_dup (path);
136
137 if (!dup)
138 return 0;
139
140 for (p = dup; *p && *(*p); p++)
141 {
142 is_literal_element (&(*p));
143 if (!valid_xml_element ((xmlChar *) * p))
144 {
145 strv_free (dup);
146 return 0;
147 }
148 }
149
150 strv_free (dup);
151 return 1;
152 }
153
154 gpg_error_t
155 attr_ctime (xmlNodePtr n)
156 {
157 char *buf = str_asprintf ("%li", time (NULL));
158 gpg_error_t rc;
159
160 if (!buf)
161 return GPG_ERR_ENOMEM;
162
163 rc = add_attribute (n, "_ctime", buf);
164 xfree (buf);
165 return rc;
166 }
167
168 // FIXME add parameter to want RW or RO access to the XML node.
169 static gpg_error_t
170 acl_check (struct client_s *client, xmlNodePtr n)
171 {
172 gpg_error_t rc = GPG_ERR_EPERM;
173 xmlChar *acl = node_has_attribute (n, (xmlChar *) "_acl");
174 char **users = acl ? str_split((char *)acl, ",", 0) : NULL;
175 char **p;
176 int allowed = 0;
177
178 if (!acl || !users || !*users)
179 {
180 strv_free(users);
181 return peer_is_invoker(client);
182 }
183
184 if (!peer_is_invoker(client))
185 return 0;
186
187 for (p = users; *p; p++)
188 {
189 #ifdef WITH_GNUTLS
190 rc = acl_check_common (client, *p,
191 client->thd->remote ? 0 : client->thd->peer->uid,
192 client->thd->remote ? 0 : client->thd->peer->gid,
193 &allowed);
194 #else
195 rc = acl_check_common (client, *p, client->thd->peer->uid,
196 client->thd->peer->gid, &allowed);
197 #endif
198 }
199
200 xmlFree(acl);
201 strv_free(users);
202 if (rc)
203 return rc;
204
205 return allowed ? 0 : GPG_ERR_EPERM;
206 }
207
208 static char *
209 create_acl_user (struct client_s *client)
210 {
211 #ifdef WITH_GNUTLS
212 if (client->thd->remote)
213 return str_asprintf ("#%s", client->thd->tls->fp);
214 #endif
215
216 return get_username (client->thd->peer->uid);
217 }
218
219 static gpg_error_t
220 create_new_element (struct client_s *client, int verify, xmlNodePtr parent,
221 const char *name, xmlNodePtr * result)
222 {
223 xmlNodePtr n;
224 gpg_error_t rc;
225
226 // Allow any client to create a non-existing root element.
227 if (parent->parent->type != XML_DOCUMENT_NODE)
228 {
229 rc = acl_check(client, parent);
230 if (rc)
231 return rc;
232 }
233
234 n = xmlNewNode (NULL, (xmlChar *) "element");
235 if (!n)
236 return GPG_ERR_ENOMEM;
237
238 rc = add_attribute (n, "_name", name);
239 if (!rc)
240 rc = attr_ctime (n);
241
242 if (!rc && verify && parent->parent->type != XML_DOCUMENT_NODE)
243 {
244 rc = peer_is_invoker (client);
245 if (rc == GPG_ERR_EPERM)
246 rc = is_element_owner (client, parent);
247 }
248
249 if (!rc)
250 {
251 xmlNodePtr p = xmlAddChild (parent, n);
252 char *user = create_acl_user (client);
253
254 if (result)
255 *result = p;
256
257 rc = add_attribute(p, "_acl", user);
258 xfree (user);
259 }
260 else
261 xmlFreeNode (n);
262
263 return rc;
264 }
265
266 gpg_error_t
267 new_root_element (struct client_s *client, xmlDocPtr doc, char *name)
268 {
269 xmlNodePtr root = xmlDocGetRootElement (doc);
270 char *p = name;
271
272 if (!p || !root)
273 return GPG_ERR_BAD_DATA;
274
275 if (*p == '!')
276 p++;
277
278 if (!valid_xml_element ((xmlChar *) p))
279 return GPG_ERR_INV_VALUE;
280
281 return create_new_element (client, 0, root, p, NULL);
282 }
283
284 static xmlDocPtr
285 create_dtd ()
286 {
287 xmlDocPtr doc;
288 xmlTextWriterPtr wr = xmlNewTextWriterDoc (&doc, 0);
289
290 if (!wr)
291 return NULL;
292
293 if (xmlTextWriterStartDocument (wr, NULL, "UTF-8", "yes"))
294 goto fail;
295
296 if (xmlTextWriterStartDTD (wr, (xmlChar *) "pwmd", NULL, NULL) == -1)
297 goto fail;
298
299 if (xmlTextWriterWriteDTDElement (wr, (xmlChar *) "pwmd",
300 (xmlChar *) "(element)") == -1)
301 goto fail;
302
303 xmlTextWriterEndDTDElement (wr);
304
305 if (xmlTextWriterWriteDTDAttlist (wr, (xmlChar *) "element",
306 (xmlChar *) "_name CDATA #REQUIRED") ==
307 -1)
308 goto fail;
309
310 xmlTextWriterEndDTDAttlist (wr);
311 xmlTextWriterEndDTD (wr);
312
313 if (xmlTextWriterStartElement (wr, (xmlChar *) "pwmd"))
314 goto fail;
315
316 xmlTextWriterEndElement (wr);
317 xmlTextWriterEndDocument (wr);
318 xmlFreeTextWriter (wr);
319 return doc;
320
321 fail:
322 xmlTextWriterEndDocument (wr);
323 xmlFreeTextWriter (wr);
324 xmlFreeDoc (doc);
325 return NULL;
326 }
327
328 xmlDocPtr
329 new_document ()
330 {
331 return create_dtd ();
332 }
333
334 xmlNodePtr
335 find_element_node (xmlNodePtr node)
336 {
337 xmlNodePtr n = node;
338
339 if (n && n->type == XML_ELEMENT_NODE)
340 return n;
341
342 for (n = node; n; n = n->next)
343 {
344 if (n->type == XML_ELEMENT_NODE)
345 return n;
346 }
347
348 return NULL;
349 }
350
351 static xmlNodePtr
352 resolve_path (struct client_s *client, xmlDocPtr doc, xmlChar * path,
353 char ***result, gpg_error_t * rc)
354 {
355 xmlNodePtr n;
356 char **req;
357
358 req = str_split ((char *) path, "\t", 0);
359 if (!req)
360 {
361 *rc = GPG_ERR_ENOMEM;
362 return NULL;
363 }
364
365 n = find_root_element (client, doc, &req, rc, NULL, 0, 0);
366 if (!n)
367 {
368 strv_free (req);
369 return NULL;
370 }
371
372 if (req[1])
373 n = find_elements (client, doc, n->children, req + 1, rc, NULL, NULL, NULL,
374 0, 0, NULL, 0);
375
376 if (*rc)
377 strv_free (req);
378 else
379 *result = req;
380
381 return n;
382 }
383
384 /*
385 * Lists root element names; the value of the attribute "_name" of an element
386 * "element". If there's a target attribute both literal and non-literal
387 * element names will be added. This is the primary reason why XML entities
388 * cannot be used. There wouldn't be a way to get the literal an non-literal
389 * element paths.
390 */
391 gpg_error_t
392 list_root_elements (struct client_s *client, xmlDocPtr doc,
393 struct string_s ** result, int verbose, int with_target)
394 {
395 xmlNodePtr n = NULL;
396 struct slist_s *list = NULL;
397 int total, i;
398 struct string_s *string;
399 gpg_error_t rc = 0;
400
401 n = xmlDocGetRootElement (doc);
402 if (!n || !n->children)
403 return GPG_ERR_NO_DATA;
404
405 for (n = n->children; n; n = n->next)
406 {
407 xmlAttrPtr a;
408 xmlChar *val, *target;
409 struct slist_s *tlist;
410 char *tmp;
411
412 if (n->type != XML_ELEMENT_NODE)
413 continue;
414
415 a = xmlHasProp (n, (xmlChar *) "_name");
416 if (!a || !a->children->content)
417 continue;
418
419 val = xmlNodeGetContent (a->children);
420 if (!val)
421 {
422 rc = GPG_ERR_ENOMEM;
423 goto fail;
424 }
425
426 tmp = str_asprintf ("!%s%s", (char *) val,
427 verbose ? find_element_node (n->children) ? " +"
428 : "" : "");
429
430 if (!tmp)
431 {
432 xmlFree (val);
433 rc = GPG_ERR_ENOMEM;
434 goto fail;
435 }
436
437 tlist = slist_append (list, tmp);
438 if (!tlist)
439 {
440 xmlFree (val);
441 rc = GPG_ERR_ENOMEM;
442 goto fail;
443 }
444
445 list = tlist;
446 target = node_has_attribute (n, (xmlChar *) "target");
447 if (target)
448 {
449 char *t = NULL;
450
451 if (verbose)
452 {
453 char **req = NULL;
454 xmlNodePtr tnode = resolve_path (client, doc, target, &req, &rc);
455
456 if (rc == GPG_ERR_ELEMENT_NOT_FOUND || rc == GPG_ERR_ELOOP
457 || rc == GPG_ERR_EPERM)
458 {
459 t = str_asprintf ("%s %s", (char *) val,
460 rc == GPG_ERR_ELOOP ? "O" :
461 rc == GPG_ERR_EPERM ? "P" : "E");
462 rc = 0;
463 }
464 else if (!rc)
465 {
466 struct string_s *realpath = NULL;
467
468 if (with_target)
469 {
470 rc = build_realpath (client, doc, (char *) target,
471 &realpath);
472 if (rc)
473 {
474 strv_free (req);
475 xmlFree (val);
476 xmlFree (target);
477 goto fail;
478 }
479
480 realpath = string_prepend (realpath, "T ");
481 }
482
483 t = str_asprintf ("%s%s%s%s", (char *) val,
484 (tnode
485 && find_element_node (tnode->children))
486 || realpath ? " " : "", tnode
487 && find_element_node (tnode->children) ?
488 "+" : "", realpath ? realpath->str : "");
489
490 if (realpath)
491 string_free (realpath, 1);
492 }
493
494 if (req)
495 strv_free (req);
496 }
497 else
498 t = str_dup ((char *) val);
499
500 if (!t || rc)
501 {
502 xmlFree (val);
503 xmlFree (target);
504 rc = rc ? rc : GPG_ERR_ENOMEM;
505 goto fail;
506 }
507
508 tlist = slist_append (list, t);
509 if (!tlist)
510 {
511 xmlFree (val);
512 xfree (t);
513 xmlFree (target);
514 rc = GPG_ERR_ENOMEM;
515 goto fail;
516 }
517
518 list = tlist;
519 }
520
521 xmlFree (val);
522 xmlFree (target);
523 }
524
525 total = slist_length (list);
526 if (!total)
527 return GPG_ERR_NO_DATA;
528
529 string = string_new (NULL);
530 if (!string)
531 {
532 rc = GPG_ERR_ENOMEM;
533 goto fail;
534 }
535
536 for (i = 0; i < total; i++)
537 {
538 char *val = slist_nth_data (list, i);
539
540 string_append_printf (string, "%s\n", val);
541 }
542
543 string = string_truncate (string, string->len - 1);
544 *result = string;
545
546 fail:
547 total = slist_length (list);
548 for (i = 0; i < total; i++)
549 xfree (slist_nth_data (list, i));
550
551 slist_free (list);
552 return rc;
553 }
554
555 /*
556 * Prevents a sibling element past the current element path with the same
557 * element name.
558 */
559 static xmlNodePtr
560 find_stop_node (xmlNodePtr node)
561 {
562 xmlNodePtr n;
563
564 for (n = node->parent->children; n; n = n->next)
565 {
566 if (n == node)
567 return n->next;
568 }
569
570 return NULL;
571 }
572
573 xmlNodePtr
574 create_target_elements_cb (struct client_s *client, int verify,
575 xmlNodePtr node, char **path, gpg_error_t *rc,
576 void *data)
577 {
578 int i;
579 char **req = path;
580 xmlNodePtr parent = data;
581
582 for (i = 0; req[i] && *req[i]; i++)
583 {
584 xmlNodePtr n;
585
586 if (parent && node == parent)
587 {
588 *rc = GPG_ERR_CONFLICT;
589 return NULL;
590 }
591
592 is_literal_element (&req[i]);
593
594 if ((n = find_element (client, node, req[i],
595 find_stop_node (node), rc)) == NULL ||
596 (n && n->parent == node->parent))
597 {
598
599 if (!*rc)
600 *rc = create_new_element (client, verify, node, req[i], &node);
601
602 if (*rc)
603 return NULL;
604 }
605 else
606 node = n;
607 }
608
609 return node;
610 }
611
612 xmlNodePtr
613 find_text_node (xmlNodePtr node)
614 {
615 xmlNodePtr n = node;
616
617 if (n && n->type == XML_TEXT_NODE)
618 return n;
619
620 for (n = node; n; n = n->next)
621 {
622 if (n->type == XML_TEXT_NODE)
623 return n;
624 }
625
626 return NULL;
627 }
628
629 xmlNodePtr
630 create_elements_cb (struct client_s *client, int verify, xmlNodePtr node,
631 char **elements, gpg_error_t * rc, void *data)
632 {
633 int i;
634 char **req = elements;
635
636 if (node->type == XML_TEXT_NODE)
637 node = node->parent;
638
639 for (i = 0; req[i] && *req[i]; i++)
640 {
641 xmlNodePtr n;
642
643 /*
644 * Strip the first '!' if needed. If there's another, it's an
645 * rc. The syntax has already been checked before calling this
646 * function.
647 */
648 is_literal_element (&req[i]);
649 n = find_element (client, node, req[i], find_stop_node (node), rc);
650 if (*rc)
651 return NULL;
652
653 /*
654 * If the found element has the same parent as the current element,
655 * they are siblings and the new element needs to be created as a
656 * child of the current element (node).
657 */
658 if (n && n->parent == node->parent)
659 n = NULL;
660
661 if (!n)
662 {
663 *rc = create_new_element (client, 0, node, req[i], &node);
664 if (*rc)
665 return NULL;
666 }
667 else
668 node = n;
669 }
670
671 return node;
672 }
673
674 /* The root element is really req[0]. It is need as a pointer in case there is
675 * a target attribute so it can be updated. */
676 xmlNodePtr
677 find_root_element (struct client_s *client, xmlDocPtr doc, char ***req,
678 gpg_error_t * rc, int *target, int recursion_depth,
679 int stop)
680 {
681 xmlNodePtr n = xmlDocGetRootElement (doc);
682 int depth = 0;
683 char *root = str_dup (*req[0]);
684 int literal = is_literal_element (&root);
685
686 if (!root)
687 {
688 *rc = GPG_ERR_ENOMEM;
689 return NULL;
690 }
691
692 *rc = 0;
693 recursion_depth++;
694
695 if (max_recursion_depth >= 1 && recursion_depth > max_recursion_depth)
696 {
697 xmlChar *t = xmlGetNodePath (n);
698
699 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP), t);
700 xmlFree (t);
701 xfree (root);
702 *rc = GPG_ERR_ELOOP;
703 return NULL;
704 }
705
706 while (n)
707 {
708 if (n->type == XML_ELEMENT_NODE)
709 {
710 if (depth == 0 && xmlStrEqual (n->name, (xmlChar *) "pwmd"))
711 {
712 n = n->children;
713 depth++;
714 continue;
715 }
716
717 if (depth == 1 && xmlStrEqual (n->name, (xmlChar *) "element"))
718 {
719 xmlChar *content = node_has_attribute (n, (xmlChar *) "_name");
720
721 if (!content)
722 continue;
723
724 if (xmlStrEqual (content, (xmlChar *) root))
725 {
726 char **nreq, **tmp = NULL;
727
728 *rc = acl_check(client, n);
729 if (*rc)
730 {
731 xmlFree (content);
732 xfree (root);
733 return NULL;
734 }
735
736 if (literal == 1)
737 {
738 xmlFree (content);
739 xfree (root);
740 return n;
741 }
742
743 xmlFree (content);
744 content = node_has_attribute (n, (xmlChar *) "target");
745
746 if (target)
747 *target = 1;
748
749 if (!content || stop)
750 {
751 if (content)
752 xmlFree (content);
753
754 xfree (root);
755 return n;
756 }
757
758 if (strchr ((char *) content, '\t'))
759 {
760 nreq = str_split ((char *) content, "\t", 0);
761 xmlFree (content);
762
763 #if 0
764 /*
765 * FIXME ENOMEM
766 */
767 if (!nreq)
768 {
769 *rc = GPG_ERR_ENOMEM;
770 return NULL;
771 }
772 #endif
773
774 tmp = *req;
775 tmp = strv_catv (nreq, tmp + 1);
776 strv_free (nreq);
777
778 if (!tmp)
779 {
780 xfree (root);
781 *rc = GPG_ERR_ENOMEM;
782 return NULL;
783 }
784
785 strv_free (*req);
786 *req = tmp;
787 }
788 else
789 {
790 if (strv_printf (&tmp, "%s", content) == 0)
791 {
792 xmlFree (content);
793 xfree (root);
794 *rc = GPG_ERR_ENOMEM;
795 return NULL;
796 }
797
798 xmlFree (content);
799 nreq = *req;
800 nreq = strv_catv (tmp, nreq + 1);
801 strv_free (tmp);
802
803 if (!nreq)
804 {
805 *rc = GPG_ERR_ENOMEM;
806 xfree (root);
807 return NULL;
808 }
809
810 strv_free (*req);
811 *req = nreq;
812 }
813
814 xfree (root);
815 n = find_root_element (client, doc, req, rc, target,
816 recursion_depth, 0);
817 return n;
818 }
819
820 xmlFree (content);
821 }
822 }
823
824 n = n->next;
825 }
826
827 xfree (root);
828 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
829 return NULL;
830 }
831
832 xmlNodePtr
833 find_element (struct client_s *client, xmlNodePtr node, char *element,
834 xmlNodePtr stop, gpg_error_t *rc)
835 {
836 xmlNodePtr n;
837
838 *rc = 0;
839
840 if (!node || !element)
841 return NULL;
842
843 for (n = node; n; n = n->next)
844 {
845 if (n->type != XML_ELEMENT_NODE)
846 continue;
847
848 if (n == stop)
849 break;
850
851 xmlChar *a = node_has_attribute (n, (xmlChar *) "_name");
852
853 if (a && xmlStrEqual (a, (xmlChar *) element))
854 {
855 xmlFree (a);
856
857 *rc = acl_check(client, n);
858 if (*rc)
859 n = NULL;
860
861 return n;
862 }
863
864 xmlFree (a);
865 }
866
867 return NULL;
868 }
869
870 xmlChar *
871 node_has_attribute (xmlNodePtr n, xmlChar * attr)
872 {
873 xmlAttrPtr a = xmlHasProp (n, attr);
874
875 if (!a)
876 return NULL;
877
878 if (!a->children || !a->children->content)
879 return NULL;
880
881 return xmlGetProp (n, attr);
882 }
883
884 static int
885 element_to_literal (char **element)
886 {
887 char *p = str_asprintf ("!%s", *element);
888
889 if (!p)
890 return 0;
891
892 xfree (*element);
893 *element = p;
894 return 1;
895 }
896
897 /* Resolves elements in 'req' one at a time. It's recursive in case of
898 * "target" attributes. */
899 xmlNodePtr
900 find_elements (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
901 char **req, gpg_error_t * rc, int *target,
902 xmlNodePtr (*found_fn) (struct client_s *, xmlNodePtr, char **,
903 gpg_error_t *, char **, void *),
904 xmlNodePtr (*not_found_fn) (struct client_s *, int, xmlNodePtr,
905 char **, gpg_error_t *, void *),
906 int is_list_command, int recursion_depth, void *data, int stop)
907 {
908 xmlNodePtr n, last, last_node;
909 char **p;
910 int found = 0;
911
912 *rc = 0;
913 recursion_depth++;
914
915 if (max_recursion_depth >= 1 && recursion_depth > max_recursion_depth)
916 {
917 xmlChar *t = xmlGetNodePath (node);
918
919 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP), t);
920 xmlFree (t);
921 recursion_depth--;
922 *rc = GPG_ERR_ELOOP;
923 return NULL;
924 }
925
926 for (last_node = last = n = node, p = req; *p; p++)
927 {
928 xmlNodePtr tmp;
929 char *t;
930 int literal;
931
932 if (!*(*p))
933 {
934 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
935 return NULL;
936 }
937
938 t = str_dup (*p);
939 if (!t)
940 {
941 *rc = GPG_ERR_ENOMEM;
942 return NULL;
943 }
944
945 literal = is_literal_element (&t);
946 n = find_element (client, last, t, NULL, rc);
947 xfree (t);
948
949 if (*rc && *rc != GPG_ERR_ELEMENT_NOT_FOUND)
950 return NULL;
951
952 if (!n)
953 {
954 if (not_found_fn)
955 return not_found_fn (client, 0,
956 found ? last_node : last_node->parent, p,
957 rc, data);
958
959 if (!*rc)
960 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
961
962 return NULL;
963 }
964
965 last = n->children;
966 last_node = n;
967 found = 1;
968
969 if (literal == 0)
970 {
971 xmlChar *content = node_has_attribute (n, (xmlChar *) "target");
972 char **nreq = NULL, **nnreq;
973
974 if (!content)
975 {
976 if (is_list_command == 1)
977 {
978 if (element_to_literal (&(*p)) == 0)
979 {
980 *rc = GPG_ERR_ENOMEM;
981 return NULL;
982 }
983 }
984
985 continue;
986 }
987
988 if (target)
989 *target = 1;
990
991 if (!*(p + 1) && stop)
992 {
993 xmlFree (content);
994 return n;
995 }
996
997 if (strchr ((char *) content, '\t') != NULL)
998 {
999 if ((nreq = str_split ((char *) content, "\t", 0)) == NULL)
1000 {
1001 xmlFree (content);
1002 *rc = GPG_ERR_INV_VALUE;
1003 return NULL;
1004 }
1005 }
1006 else
1007 {
1008 if ((nreq = str_split ((char *) content, " ", 0)) == NULL)
1009 {
1010 xmlFree (content);
1011 *rc = GPG_ERR_INV_VALUE;
1012 return NULL;
1013 }
1014 }
1015
1016 xmlFree (content);
1017 tmp = find_root_element (client, doc, &nreq, rc, target, 0, 0);
1018
1019 if (!tmp)
1020 {
1021 strv_free (nreq);
1022 return NULL;
1023 }
1024
1025 if (found_fn)
1026 {
1027 found_fn (client, tmp, nreq, rc, p + 1, data);
1028
1029 if (*rc)
1030 {
1031 strv_free (nreq);
1032 return NULL;
1033 }
1034 }
1035
1036 if (!*(nreq + 1) && !*(p + 1))
1037 {
1038 strv_free (nreq);
1039 return tmp;
1040 }
1041
1042 nnreq = strv_catv (nreq + 1, p + 1);
1043 strv_free (nreq);
1044
1045 // FIXME ENOMEM
1046 if (!nnreq || !*nnreq)
1047 {
1048 if (nnreq)
1049 strv_free (nnreq);
1050
1051 return tmp;
1052 }
1053
1054 if (tmp->children)
1055 n = find_elements (client, doc, tmp->children, nnreq, rc, NULL,
1056 found_fn, not_found_fn, is_list_command,
1057 recursion_depth, data, stop);
1058 else
1059 {
1060 strv_free (nnreq);
1061
1062 if (not_found_fn)
1063 return not_found_fn (client, 0, tmp, p + 1, rc, data);
1064
1065 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
1066 return NULL;
1067 }
1068
1069 if (*(p + 1))
1070 {
1071 char **zz = p + 1, **qq = nnreq;
1072
1073 if (strv_length (nnreq) > strv_length (p + 1))
1074 qq = nnreq + 1;
1075
1076 for (; *qq && *zz; zz++)
1077 {
1078 xfree (*zz);
1079 *zz = str_dup (*qq++);
1080
1081 if (!*zz)
1082 {
1083 *rc = GPG_ERR_ENOMEM;
1084 n = NULL;
1085 break;
1086 }
1087 }
1088 }
1089
1090 strv_free (nnreq);
1091 return n;
1092 }
1093 }
1094
1095 return n;
1096 }
1097
1098 static int
1099 update_element_list (struct element_list_s *elements)
1100 {
1101 char *line;
1102 struct slist_s *l;
1103
1104 if (!elements || !elements->elements)
1105 return 1;
1106
1107 line = strv_join ("\t", elements->elements);
1108
1109 if (!line)
1110 return 0;
1111
1112 strv_free (elements->elements);
1113 elements->elements = NULL;
1114 l = slist_append (elements->list, line);
1115
1116 if (!l)
1117 return 0;
1118
1119 elements->list = l;
1120 return 1;
1121 }
1122
1123 static gpg_error_t
1124 path_list_recurse (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
1125 struct element_list_s *elements)
1126 {
1127 gpg_error_t rc = 0;
1128 xmlNodePtr n;
1129 gpg_error_t error_flag = 0;
1130
1131 for (n = node; n; n = n->next)
1132 {
1133 xmlChar *target = NULL;
1134 xmlChar *a = node_has_attribute (n, (xmlChar *) "_name");
1135 gpg_error_t err = 0;
1136 char *path = NULL;
1137
1138 rc = 0;
1139 if (!a)
1140 continue;
1141
1142 if (n->type != XML_ELEMENT_NODE)
1143 goto children;
1144
1145 rc = acl_check(client, n);
1146
1147 if (elements->verbose)
1148 {
1149 if (strv_printf
1150 (&elements->elements, "%s\t!%s%s%s", elements->prefix, a,
1151 !rc && find_element_node (n->children) ? " +" : "",
1152 rc == GPG_ERR_EPERM ? " P" : "") == 0)
1153 {
1154 xmlFree (a);
1155 return GPG_ERR_ENOMEM;
1156 }
1157 }
1158 else
1159 if (strv_printf (&elements->elements, "%s\t!%s", elements->prefix, a)
1160 == 0)
1161 {
1162 xmlFree (a);
1163 return GPG_ERR_ENOMEM;
1164 }
1165
1166 if (update_element_list (elements) == 0)
1167 {
1168 xmlFree (a);
1169 return GPG_ERR_ENOMEM;
1170 }
1171
1172
1173 if (rc == GPG_ERR_EPERM)
1174 {
1175 xmlFree(a);
1176 error_flag = rc;
1177 continue;
1178 }
1179 else if (rc)
1180 {
1181 xmlFree (a);
1182 return rc;
1183 }
1184
1185 target = node_has_attribute (n, (xmlChar *) "target");
1186 if (target)
1187 {
1188 char *tmp;
1189 char *save = elements->prefix;
1190 int r = elements->resolving;
1191 char **req = NULL;
1192 xmlNodePtr tnode;
1193 struct string_s *realpath = NULL;
1194
1195 tnode = resolve_path (client, doc, target, &req, &rc);
1196 if (rc == GPG_ERR_ELOOP || rc == GPG_ERR_ELEMENT_NOT_FOUND
1197 || rc == GPG_ERR_EPERM)
1198 {
1199 if (rc == GPG_ERR_ELOOP)
1200 {
1201 xmlChar *t = xmlGetNodePath (n);
1202
1203 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP), t);
1204 xmlFree (t);
1205 }
1206
1207 if (elements->verbose)
1208 {
1209 error_flag = err = rc;
1210 rc = 0;
1211 }
1212 }
1213 else if (!elements->verbose && rc)
1214 {
1215 xmlFree (a);
1216 xmlFree (target);
1217 return rc;
1218 }
1219
1220 path = str_asprintf("%s\t%s", elements->prefix, a);
1221 rc = validate_target_attribute (client, client->doc, path, tnode);
1222 xfree (path);
1223 if (rc == GPG_ERR_ELOOP || rc == GPG_ERR_EPERM
1224 || rc == GPG_ERR_ELEMENT_NOT_FOUND)
1225 {
1226 if (rc != GPG_ERR_ELEMENT_NOT_FOUND)
1227 error_flag = err = rc;
1228
1229 rc = 0;
1230 }
1231 else if (rc)
1232 {
1233 xmlFree (a);
1234 xmlFree (target);
1235 return rc;
1236 }
1237
1238 if (err)
1239 {
1240 strv_printf (&elements->elements, "%s\t%s %s", elements->prefix,
1241 a,
1242 err == GPG_ERR_ELOOP ? "O" :
1243 err == GPG_ERR_EPERM ? "P" : "E");
1244 }
1245
1246 if (!err && elements->with_target)
1247 {
1248 rc = build_realpath (client, doc, (char *) target, &realpath);
1249 if (rc)
1250 {
1251 xmlFree (a);
1252 xmlFree (target);
1253 return rc;
1254 }
1255
1256 realpath = string_prepend (realpath, "T ");
1257 }
1258
1259 if (!err && elements->verbose)
1260 {
1261 if (!strv_printf (&elements->elements, "%s\t%s%s%s%s",
1262 elements->prefix, a,
1263 (tnode && find_element_node (tnode->children))
1264 || realpath ? " " : "", tnode
1265 && find_element_node (tnode->children) ? "+" :
1266 "", realpath ? realpath->str : ""))
1267 {
1268 xmlFree (a);
1269 xmlFree (target);
1270 return GPG_ERR_ENOMEM;
1271 }
1272 }
1273 else if (!err)
1274 if (!strv_printf
1275 (&elements->elements, "%s\t%s", elements->prefix, a))
1276 {
1277 xmlFree (a);
1278 xmlFree (target);
1279 return GPG_ERR_ENOMEM;
1280 }
1281
1282 if (realpath)
1283 string_free (realpath, 1);
1284
1285 tmp = strv_join ("\t", elements->elements);
1286 if (!tmp)
1287 {
1288 xmlFree (a);
1289 xmlFree (target);
1290 return GPG_ERR_ENOMEM;
1291 }
1292
1293 if (update_element_list (elements) == 0)
1294 {
1295 xfree (tmp);
1296 xmlFree (a);
1297 xmlFree (target);
1298 return GPG_ERR_ENOMEM;
1299 }
1300
1301 if (!err && elements->recurse)
1302 {
1303 /* Prune element flags. */
1304 if (elements->verbose && strchr (tmp, ' '))
1305 {
1306 char *p;
1307
1308 for (p = tmp; *p; p++)
1309 {
1310 if (*p == ' ')
1311 {
1312 *p = 0;
1313 break;
1314 }
1315 }
1316 }
1317
1318 elements->prefix = tmp;
1319 elements->resolving = 1;
1320 rc = create_path_list (client, doc, elements, (char *) target);
1321 elements->resolving = r;
1322 elements->prefix = save;
1323
1324 if (rc && gpg_err_code (rc) != GPG_ERR_ELOOP
1325 && gpg_err_code(rc) != GPG_ERR_EPERM)
1326 {
1327 xfree (tmp);
1328 xmlFree (target);
1329 xmlFree (a);
1330 return rc;
1331 }
1332
1333 error_flag = err = rc;
1334 rc = 0;
1335 }
1336
1337 xfree (tmp);
1338 xmlFree (target);
1339 }
1340
1341 children:
1342 if (n->children && elements->recurse && err != GPG_ERR_EPERM)
1343 {
1344 char *tmp = str_asprintf ("%s\t!%s", elements->prefix, a);
1345 char *save = elements->prefix;
1346
1347 if (!tmp)
1348 {
1349 xmlFree (a);
1350 return GPG_ERR_ENOMEM;
1351 }
1352
1353 elements->prefix = tmp;
1354 rc = path_list_recurse (client, doc, n->children, elements);
1355 xfree (elements->prefix);
1356 elements->prefix = save;
1357
1358 if (rc)
1359 {
1360 if (gpg_err_code(rc) == GPG_ERR_ELOOP
1361 || gpg_err_code (rc) == GPG_ERR_EPERM
1362 || gpg_err_code (rc) == GPG_ERR_ELEMENT_NOT_FOUND)
1363 {
1364 error_flag = err = rc;
1365 rc = 0;
1366 }
1367 else
1368 {
1369 xmlFree (a);
1370 return rc;
1371 }
1372 }
1373 }
1374
1375 xmlFree (a);
1376 }
1377
1378 return error_flag == GPG_ERR_ELOOP || error_flag == GPG_ERR_EPERM
1379 ? error_flag : rc;
1380 }
1381
1382 gpg_error_t
1383 add_attribute (xmlNodePtr node, const char *name, const char *value)
1384 {
1385 char *buf;
1386 gpg_error_t rc;
1387
1388 if (name && !xmlSetProp (node, (xmlChar *) name, (xmlChar *) value))
1389 return GPG_ERR_BAD_DATA;
1390
1391 if (name && xmlStrEqual ((xmlChar *) name, (xmlChar *) "_mtime"))
1392 return 0;
1393
1394 buf = str_asprintf ("%li", time (NULL));
1395 rc = add_attribute (node, "_mtime", buf);
1396 xfree (buf);
1397 return rc;
1398 }
1399
1400 /*
1401 * From the element path 'path', find sub-nodes and append them to the list.
1402 */
1403 gpg_error_t
1404 create_path_list (struct client_s *client, xmlDocPtr doc,
1405 struct element_list_s * elements, char *path)
1406 {
1407 gpg_error_t rc;
1408 char **req, **req_orig;
1409 xmlNodePtr n;
1410 int a_target = 0;
1411
1412 req = str_split (path, "\t", 0);
1413 if (!req)
1414 {
1415 req = str_split (path, " ", 0);
1416 if (!req)
1417 return GPG_ERR_SYNTAX;
1418 }
1419
1420 req_orig = strv_dup (req);
1421 if (!req_orig)
1422 {
1423 rc = GPG_ERR_ENOMEM;
1424 goto fail;
1425 }
1426
1427 n = find_root_element (client, doc, &req, &rc, &a_target, 0, 0);
1428 if ((rc == GPG_ERR_ELEMENT_NOT_FOUND || rc == GPG_ERR_ELOOP
1429 || rc == GPG_ERR_EPERM)
1430 && elements->verbose && a_target)
1431 {
1432 if (rc != GPG_ERR_EPERM)
1433 rc = 0;
1434
1435 goto done;
1436 }
1437
1438 if (rc == GPG_ERR_EPERM)
1439 goto done;
1440
1441 if (!n && rc == GPG_ERR_ELEMENT_NOT_FOUND && elements->resolving == 1)
1442 {
1443 rc = 0;
1444 goto fail;
1445 }
1446 else if (!n)
1447 goto fail;
1448
1449 if (a_target == 1)
1450 {
1451 xfree (*req);
1452 *req = str_dup (*req_orig);
1453 }
1454
1455 if (*(req + 1))
1456 {
1457 int e_target = 0;
1458
1459 n =
1460 find_elements (client, doc, n->children, req + 1, &rc, &e_target,
1461 NULL, NULL, 1, 0, NULL, 0);
1462
1463 if (!n && rc == GPG_ERR_ELEMENT_NOT_FOUND && elements->resolving == 1)
1464 {
1465 rc = 0;
1466 goto fail;
1467 }
1468 else if (!n)
1469 goto fail;
1470 }
1471
1472 done:
1473 if (!elements->prefix)
1474 {
1475 /*
1476 * FIXME
1477 *
1478 * If any req_orig element contains no target the element should be
1479 * prefixed with the literal character. Not really crucial if the
1480 * client isn't human because child elements are prefixed for the
1481 * current path. But may be confusing if editing by hand.
1482 */
1483 elements->prefix = strv_join ("\t", req_orig);
1484
1485 if (!elements->prefix)
1486 {
1487 rc = GPG_ERR_ENOMEM;
1488 goto fail;
1489 }
1490
1491 if (elements->verbose)
1492 {
1493 int ret;
1494 struct string_s *realpath = NULL;
1495 gpg_error_t allowed = rc;
1496
1497 rc = 0;
1498
1499 if (!allowed && a_target && elements->with_target)
1500 {
1501 rc = build_realpath (client, doc, path, &realpath);
1502 if (rc)
1503 goto fail;
1504
1505 realpath = string_prepend (realpath, "T ");
1506 }
1507
1508 ret = strv_printf (&elements->elements, "%s%s%s%s%s",
1509 elements->prefix,
1510 (!allowed && n && find_element_node (n->children))
1511 || realpath ? " " : "",
1512 (!allowed && n && find_element_node (n->children)) ? "+" : "",
1513 !allowed && realpath ? realpath->str : "",
1514 allowed ? " P" : "");
1515 string_free (realpath, 1);
1516 if (!ret)
1517 {
1518 rc = GPG_ERR_ENOMEM;
1519 goto fail;
1520 }
1521 }
1522 else if (strv_printf (&elements->elements, "%s", elements->prefix) == 0)
1523 {
1524 rc = GPG_ERR_ENOMEM;
1525 goto fail;
1526 }
1527
1528 if (update_element_list (elements) == 0)
1529 {
1530 rc = GPG_ERR_ENOMEM;
1531 goto fail;
1532 }
1533 }
1534
1535 rc = path_list_recurse (client, doc, n ? n->children : n, elements);
1536
1537 fail:
1538 if (req_orig)
1539 strv_free (req_orig);
1540
1541 strv_free (req);
1542 return rc;
1543 }
1544
1545 gpg_error_t
1546 recurse_xpath_nodeset (struct client_s *client, xmlDocPtr doc,
1547 xmlNodeSetPtr nodes, xmlChar * value,
1548 xmlBufferPtr * result, int cmd, const xmlChar * attr)
1549 {
1550 int i = value ? nodes->nodeNr - 1 : 0;
1551 xmlBufferPtr buf;
1552
1553 buf = xmlBufferCreate ();
1554
1555 if (!buf)
1556 return GPG_ERR_ENOMEM;
1557
1558 for (; value ? i >= 0 : i < nodes->nodeNr; value ? i-- : i++)
1559 {
1560 xmlNodePtr n = nodes->nodeTab[i];
1561 gpg_error_t rc;
1562
1563 if (!n)
1564 continue;
1565
1566 if (!value && !attr)
1567 {
1568 if (xmlNodeDump (buf, doc, n, 0, 0) == -1)
1569 {
1570 *result = buf;
1571 return GPG_ERR_BAD_DATA;
1572 }
1573
1574 continue;
1575 }
1576
1577 if (!attr)
1578 {
1579 xmlNodeSetContent (n, value);
1580 rc = update_element_mtime (n);
1581
1582 if (rc)
1583 return rc;
1584 }
1585 else
1586 {
1587 if (!cmd)
1588 rc = add_attribute (n, (char *) attr, (char *) value);
1589 else
1590 rc = delete_attribute (client, n, attr);
1591
1592 if (rc)
1593 return rc;
1594 }
1595 }
1596
1597 *result = buf;
1598 return 0;
1599 }
1600
1601 static gpg_error_t
1602 convert_root_element (struct client_s *client, xmlNodePtr n)
1603 {
1604 xmlChar *a = xmlGetProp (n, (xmlChar *) "_name");
1605 gpg_error_t rc;
1606
1607 if (a)
1608 {
1609 xmlFree (a);
1610 xmlChar *t = xmlGetNodePath (n);
1611
1612 log_write (_
1613 ("An existing \"_name\" attribute already exists. Please rename this attribute before converting. Path is: %s"),
1614 t);
1615 xmlFree (t);
1616 return GPG_ERR_AMBIGUOUS_NAME;
1617 }
1618
1619 a = xmlGetProp (n, (xmlChar *) "name");
1620
1621 if (a)
1622 {
1623 rc = add_attribute (n, "_name", (char *) a);
1624 xmlFree (a);
1625
1626 if (rc)
1627 return rc;
1628
1629 rc = delete_attribute (client, n, (xmlChar *) "name");
1630
1631 if (rc)
1632 return rc;
1633
1634 xmlNodeSetName (n, (xmlChar *) "element");
1635 }
1636
1637 return 0;
1638 }
1639
1640 gpg_error_t
1641 delete_attribute (struct client_s *client, xmlNodePtr n, const xmlChar * name)
1642 {
1643 xmlAttrPtr a;
1644 gpg_error_t rc = 0;
1645
1646 if ((a = xmlHasProp (n, name)) == NULL)
1647 return GPG_ERR_NOT_FOUND;
1648
1649 if (xmlRemoveProp (a) == -1)
1650 return GPG_ERR_BAD_DATA;
1651
1652 if (client && xmlStrEqual (name, (xmlChar *) "_acl"))
1653 {
1654 char *user = create_acl_user (client);
1655
1656 rc = add_attribute (n, (char *) "_acl", user);
1657 xfree (user);
1658
1659 if (rc)
1660 return rc;
1661 }
1662
1663 return update_element_mtime (n);
1664 }
1665
1666 static gpg_error_t
1667 convert_elements_recurse (struct client_s *client, xmlDocPtr doc,
1668 xmlNodePtr n, unsigned depth)
1669 {
1670 gpg_error_t rc;
1671
1672 depth++;
1673
1674 for (n = n->children; n; n = n->next)
1675 {
1676 if (n->type == XML_ELEMENT_NODE)
1677 {
1678 if (depth > 1)
1679 {
1680 xmlChar *a = NULL;
1681
1682 if (xmlStrEqual (n->name, (xmlChar *) "element"))
1683 {
1684 xmlChar *t = xmlGetNodePath (n);
1685
1686 log_write (_
1687 ("An existing \"element\" already exists. Please rename this element before converting. Path is: %s"),
1688 t);
1689 xmlFree (t);
1690 return GPG_ERR_AMBIGUOUS_NAME;
1691 }
1692
1693 a = xmlGetProp (n, (xmlChar *) "_name");
1694 if (a)
1695 {
1696 xmlFree (a);
1697 xmlChar *t = xmlGetNodePath (n);
1698
1699 log_write (_
1700 ("An existing \"_name\" attribute already exists. Please rename this attribute before converting. Path is: %s"),
1701 t);
1702 xmlFree (t);
1703 return GPG_ERR_AMBIGUOUS_NAME;
1704 }
1705
1706 xmlChar *tmp = xmlStrdup (n->name);
1707
1708 if (!tmp)
1709 return GPG_ERR_ENOMEM;
1710
1711 xmlNodeSetName (n, (xmlChar *) "element");
1712 rc = add_attribute (n, "_name", (char *) tmp);
1713 xmlFree (tmp);
1714
1715 if (rc)
1716 return rc;
1717 }
1718 else
1719 {
1720 rc = convert_root_element (client, n);
1721
1722 if (rc)
1723 return rc;
1724 }
1725 }
1726
1727 if (n->children)
1728 {
1729 rc = convert_elements_recurse (client, doc, n, depth);
1730
1731 if (rc)
1732 return rc;
1733 }
1734 }
1735
1736 return 0;
1737 }
1738
1739 /* Renames ALL elements to the new "element" name. Existing element names are
1740 * stored as an attribute "_name". This was introduced in pwmd 2.12 so
1741 * elements can contain common characters that the XML parser barfs on (an
1742 * email address for example. */
1743 gpg_error_t
1744 convert_pre_212_elements (xmlDocPtr doc)
1745 {
1746 xmlNodePtr n = xmlDocGetRootElement (doc);
1747
1748 log_write (_("Converting pre 2.12 data file..."));
1749 return convert_elements_recurse (NULL, doc, n, 0);
1750 }
1751
1752 gpg_error_t
1753 validate_import (xmlNodePtr node)
1754 {
1755 gpg_error_t rc = 0;
1756
1757 if (!node)
1758 return 0;
1759
1760 for (xmlNodePtr n = node; n; n = n->next)
1761 {
1762 if (n->type == XML_ELEMENT_NODE)
1763 {
1764 if (xmlStrEqual (n->name, (xmlChar *) "element"))
1765 {
1766 xmlChar *a = xmlGetProp (n, (xmlChar *) "_name");
1767
1768 if (!a)
1769 {
1770 xmlChar *t = xmlGetNodePath (n);
1771
1772 log_write (_("Missing attribute '_name' at %s."), t);
1773 xmlFree (t);
1774 return GPG_ERR_INV_VALUE;
1775 }
1776
1777 if (!valid_xml_element (a))
1778 {
1779 xmlChar *t = xmlGetNodePath (n);
1780
1781 log_write (_("'%s' is not a valid element name at %s."), a,
1782 t);
1783 xmlFree (a);
1784 xmlFree (t);
1785 return GPG_ERR_INV_VALUE;
1786 }
1787
1788 xmlFree (a);
1789 a = xmlGetProp (n, (xmlChar *) "_ctime");
1790 if (!a)
1791 attr_ctime (n);
1792
1793 xmlFree (a);
1794 a = xmlGetProp (n, (xmlChar *) "_mtime");
1795 if (!a)
1796 update_element_mtime (n);
1797 xmlFree (a);
1798 }
1799 else
1800 {
1801 xmlChar *t = xmlGetNodePath (n);
1802
1803 log_write (_("Warning: unknown element '%s' at %s. Ignoring."),
1804 n->name, t);
1805 xmlFree (t);
1806 continue;
1807 }
1808 }
1809
1810 if (n->children)
1811 {
1812 rc = validate_import (n->children);
1813
1814 if (rc)
1815 return rc;
1816 }
1817 }
1818
1819 return rc;
1820 }
1821
1822 gpg_error_t
1823 update_element_mtime (xmlNodePtr n)
1824 {
1825 return add_attribute (n, NULL, NULL);
1826 }
1827
1828 gpg_error_t
1829 unlink_node (xmlNodePtr n)
1830 {
1831 gpg_error_t rc = 0;
1832
1833 if (!n)
1834 return rc;
1835
1836 if (n->parent)
1837 rc = update_element_mtime (n->parent);
1838
1839 xmlUnlinkNode (n);
1840 return rc;
1841 }
1842
1843 gpg_error_t
1844 parse_doc (const char *xml, size_t len, xmlDocPtr *result)
1845 {
1846 xmlDocPtr doc;
1847
1848 xmlResetLastError ();
1849 doc = xmlReadMemory (xml, len, NULL, "UTF-8", XML_PARSE_NOBLANKS);
1850 if (!doc && xmlGetLastError ())
1851 return GPG_ERR_BAD_DATA;
1852
1853 *result = doc;
1854 return !doc ? GPG_ERR_ENOMEM : 0;
1855 }
1856
1857 static xmlNodePtr
1858 realpath_elements_cb (struct client_s *client, xmlNodePtr node, char **target,
1859 gpg_error_t * rc, char **req_orig, void *data)
1860 {
1861 char *path = *(char **) data;
1862 char *tmp = NULL, *result;
1863
1864 if (path)
1865 {
1866 xfree (path);
1867 *(char **) data = NULL;
1868 }
1869
1870 path = strv_join ("\t", target);
1871
1872 if (!path)
1873 {
1874 *rc = GPG_ERR_ENOMEM;
1875 return NULL;
1876 }
1877
1878 if (req_orig)
1879 {
1880 tmp = strv_join ("\t", req_orig);
1881
1882 if (!tmp)
1883 {
1884 xfree (path);
1885 *rc = GPG_ERR_ENOMEM;
1886 return NULL;
1887 }
1888 }
1889
1890 if (tmp && *tmp)
1891 result = str_asprintf ("%s\t%s", path, tmp);
1892 else
1893 result = str_dup (path);
1894
1895 if (!result)
1896 {
1897 *rc = GPG_ERR_ENOMEM;
1898 xfree (path);
1899 xfree (tmp);
1900 return NULL;
1901 }
1902
1903 xfree (path);
1904 xfree (tmp);
1905 *(char **) data = result;
1906 return node;
1907 }
1908
1909 gpg_error_t
1910 build_realpath (struct client_s *client, xmlDocPtr doc, char *line,
1911 struct string_s ** result)
1912 {
1913 gpg_error_t rc;
1914 char **req;
1915 char *t;
1916 int i;
1917 xmlNodePtr n;
1918 struct string_s *string;
1919 char *rp = NULL;
1920
1921 if (strchr (line, '\t') != NULL)
1922 {
1923 if ((req = str_split (line, "\t", 0)) == NULL)
1924 return GPG_ERR_SYNTAX;
1925 }
1926 else
1927 {
1928 if ((req = str_split (line, " ", 0)) == NULL)
1929 return GPG_ERR_SYNTAX;
1930 }
1931
1932 n = find_root_element (client, doc, &req, &rc, NULL, 0, 0);
1933 if (!n)
1934 {
1935 strv_free (req);
1936 return rc;
1937 }
1938
1939 rp = strv_join ("\t", req);
1940 if (!rp)
1941 {
1942 strv_free (req);
1943 return GPG_ERR_ENOMEM;
1944 }
1945
1946 if (req[1])
1947 {
1948 n = find_elements (client, doc, n->children, req + 1, &rc, NULL,
1949 realpath_elements_cb, NULL, 0, 0, &rp, 0);
1950 if (!n)
1951 {
1952 xfree (rp);
1953 strv_free (req);
1954 return rc;
1955 }
1956 }
1957
1958 string = string_new (rp);
1959 xfree (rp);
1960 strv_free (req);
1961 if (!string)
1962 return GPG_ERR_ENOMEM;
1963
1964 again:
1965 for (i = 0, t = string->str + i; *t; t++, i++)
1966 {
1967 if ((!i && *t != '!') || (*t == '\t' && *(t + 1) && *(t + 1) != '!'))
1968 {
1969 struct string_s *s = string_insert_c (string, !i ? i++ : ++i, '!');
1970
1971 if (!s)
1972 {
1973 string_free (string, 1);
1974 return GPG_ERR_ENOMEM;
1975 }
1976
1977 string = s;
1978 goto again;
1979 }
1980 }
1981
1982 *result = string;
1983 return rc;
1984 }
1985
1986 #if 0
1987 static char *
1988 node_to_element_path (xmlNodePtr node)
1989 {
1990 xmlNodePtr n;
1991 struct string_s *str = string_new ("");
1992 char *result;
1993
1994 for (n = node; n; n = n->parent)
1995 {
1996 xmlNodePtr child;
1997
1998 for (child = n; child; child = child->next)
1999 {
2000 if (child->type != XML_ELEMENT_NODE)
2001 continue;
2002
2003 xmlChar *name = node_has_attribute (n, (xmlChar *) "_name");
2004 if (name)
2005 {
2006 str = string_prepend (str, (char *) name);
2007 xmlFree (name);
2008 name = node_has_attribute (n, (xmlChar *) "target");
2009 if (name)
2010 str = string_prepend (str, "\t");
2011 else
2012 str = string_prepend (str, "\t!");
2013 xmlFree (name);
2014 }
2015 break;
2016 }
2017 }
2018
2019 str = string_erase (str, 0, 1);
2020 result = str->str;
2021 string_free (str, 0);
2022 return result;
2023 }
2024 #endif
2025
2026 /*
2027 * Recurse the element tree beginning at 'node' and find elements who point
2028 * back to 'src' or 'dst'. Also follows target attributes.
2029 */
2030 static gpg_error_t
2031 find_child_to_target (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
2032 xmlNodePtr src, xmlNodePtr dst, unsigned depth,
2033 int is_target)
2034 {
2035 xmlNodePtr n;
2036 gpg_error_t rc = 0;
2037
2038 if (max_recursion_depth >= 1 && depth > max_recursion_depth)
2039 return gpg_error (GPG_ERR_ELOOP);
2040
2041 for (n = node; n; n = n->next)
2042 {
2043 xmlChar *target;
2044
2045 if (n->type != XML_ELEMENT_NODE)
2046 continue;
2047
2048 if (n == src || n == dst)
2049 return GPG_ERR_ELOOP;
2050
2051 target = node_has_attribute (n, (xmlChar *) "target");
2052 if (target)
2053 {
2054 xmlNodePtr tmp;
2055 char **result = NULL;
2056
2057 tmp = resolve_path (client, doc, target, &result, &rc);
2058 xmlFree (target);
2059 strv_free (result);
2060 if (!rc)
2061 {
2062 rc = find_child_to_target (client, doc, tmp, src, dst, ++depth,
2063 1);
2064 depth--;
2065 }
2066
2067 if (rc && gpg_err_code (rc) != GPG_ERR_ELEMENT_NOT_FOUND)
2068 return rc;
2069
2070 if (is_target)
2071 break;
2072
2073 continue;
2074 }
2075
2076 if (n->children)
2077 {
2078 rc = find_child_to_target (client, doc, n->children, src, dst,
2079 ++depth,0);
2080 depth--;
2081 if (rc)
2082 return rc;
2083 }
2084
2085 if (is_target)
2086 break;
2087 }
2088
2089 return rc;
2090 }
2091
2092 static gpg_error_t
2093 find_child_of_parent (xmlDocPtr doc, xmlNodePtr src, xmlNodePtr dst)
2094 {
2095 xmlNodePtr n;
2096 gpg_error_t rc = 0;
2097
2098 for (n = src; n; n = n->next)
2099 {
2100 if (n->type != XML_ELEMENT_NODE)
2101 continue;
2102
2103 if (n == dst)
2104 {
2105 rc = GPG_ERR_ELOOP;
2106 break;
2107 }
2108
2109 rc = find_child_of_parent (doc, n->children, dst);
2110 }
2111
2112 return rc;
2113 }
2114
2115 static gpg_error_t
2116 find_parent_of_child (xmlDocPtr doc, xmlNodePtr node, xmlNodePtr dst)
2117 {
2118 xmlNodePtr n;
2119 gpg_error_t rc = 0;
2120
2121 for (n = node; n; n = n->parent)
2122 {
2123 if (n->type != XML_ELEMENT_NODE)
2124 {
2125 xmlNodePtr tmp;
2126
2127 for (tmp = n->next; tmp; n = n->next)
2128 {
2129 if (n->type != XML_ELEMENT_NODE)
2130 continue;
2131
2132 if (tmp == dst)
2133 return GPG_ERR_ELOOP;
2134 }
2135 }
2136
2137 if (n == dst)
2138 return GPG_ERR_ELOOP;
2139 }
2140
2141 return rc;
2142 }
2143
2144 gpg_error_t
2145 validate_target_attribute (struct client_s *client, xmlDocPtr doc,
2146 const char *src, xmlNodePtr dst_node)
2147 {
2148 gpg_error_t rc;
2149 xmlNodePtr src_node;
2150 char **src_req = NULL;
2151
2152 src_node = resolve_path (client, doc, (xmlChar *) src, &src_req, &rc);
2153 if (rc)
2154 goto fail;
2155
2156 /* A destination element is a child of the source element. */
2157 rc = find_child_of_parent (doc, src_node->children, dst_node);
2158 if (rc)
2159 goto fail;
2160
2161 /* The destination element is a parent of the source element. */
2162 rc = find_parent_of_child (doc, src_node->parent, dst_node);
2163 if (rc)
2164 goto fail;
2165
2166 /* A destination child element contains a target to the source element. */
2167 rc = find_child_to_target (client, doc, dst_node->children, src_node,
2168 dst_node, 0, 0);
2169 if (rc)
2170 goto fail;
2171
2172 fail:
2173 strv_free (src_req);
2174 return rc;
2175 }
2176
2177 /* The owner of the element is the first user listed in the _acl attribute
2178 * list. acl_check() should be called before calling this function. An empty
2179 * ACL is an error if the client is not invoking_user.
2180 */
2181 gpg_error_t
2182 is_element_owner (struct client_s *client, xmlNodePtr n)
2183 {
2184 xmlChar *acl = node_has_attribute (n, (xmlChar *) "_acl");
2185 char **users;
2186 gpg_error_t rc = GPG_ERR_EPERM;
2187
2188 if (!acl || !*acl)
2189 {
2190 xmlFree (acl);
2191 return 0;
2192 }
2193
2194 users = str_split((char *)acl, ",", 0);
2195 if (users && *users)
2196 {
2197 char *user;
2198
2199 #ifdef WITH_GNUTLS
2200 if (client->thd->remote)
2201 user = str_asprintf ("#%s", client->thd->tls->fp);
2202 else
2203 user = get_username (client->thd->peer->uid);
2204 #else
2205 user = get_username (client->thd->peer->uid);
2206 #endif
2207
2208 rc = !strcmp (*users, user) ? 0 : GPG_ERR_EPERM;
2209 xfree (user);
2210 }
2211
2212 strv_free (users);
2213 return rc;
2214 }
A server for managing passphrases and anything else.