search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
find_elements(): don't leak information about children.
[pwmd.git] / src / xml.c
blob4d37651174546b02ccd362f2c7819abe2cb6e6f4
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
4
5 This file is part of pwmd.
6
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
11
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
19 */
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <err.h>
28 #include <string.h>
29 #include <sys/stat.h>
30 #include <fcntl.h>
31 #include <ctype.h>
32 #include <libxml/xmlwriter.h>
33 #include <wctype.h>
34 #include <sys/types.h>
35 #include <pwd.h>
36
37 #ifndef _
38 #include "gettext.h"
39 #define _(msgid) gettext(msgid)
40 #endif
41
42 #include "pwmd-error.h"
43 #include "util-misc.h"
44 #include "xml.h"
45 #include "mem.h"
46 #include "rcfile.h"
47 #include "commands.h"
48
49 extern void log_write (const char *fmt, ...);
50
51 /*
52 * 'element' must be allocated.
53 */
54 int
55 is_literal_element (char **element)
56 {
57 char *p;
58
59 if (!element || !*element)
60 return 0;
61
62 if (*(*element) == '!')
63 {
64 char *c;
65
66 for (p = *element, c = p + 1; *c; c++)
67 *p++ = *c;
68
69 *p = 0;
70 return 1;
71 }
72
73 return 0;
74 }
75
76 int
77 valid_xml_attribute_value (const char *str)
78 {
79 const char *p = str;
80
81 if (!p || !*p)
82 return 1;
83
84 while (*p)
85 {
86 if (*p++ == '\n')
87 return 0;
88 }
89
90 return 1;
91 }
92
93 int
94 valid_xml_attribute (const char *str)
95 {
96 wchar_t *wc;
97 size_t len, c;
98 int ret = valid_xml_element ((xmlChar *)str);
99
100 if (!ret)
101 return ret;
102
103 wc = str_to_wchar ((const char *)str);
104 if (!wc)
105 return 0;
106
107 len = wcslen (wc);
108 for (c = 0; c < len; c++)
109 {
110 switch (wc[c])
111 {
112 case '-':
113 case '.':
114 case '0' ... '9':
115 case 0xB7:
116 case 0x0300 ... 0x036F:
117 case 0x203F ... 0x2040:
118 if (!c)
119 {
120 xfree (wc);
121 return 0;
122 }
123 case ':': break;
124 case '_': break;
125 case 'A' ... 'Z': break;
126 case 'a' ... 'z': break;
127 case 0xC0 ... 0xD6: break;
128 case 0xD8 ... 0xF6: break;
129 case 0xF8 ... 0x2FF: break;
130 case 0x370 ... 0x37D: break;
131 case 0x37F ... 0x1FFF: break;
132 case 0x200C ... 0x200D: break;
133 case 0x2070 ... 0x218F: break;
134 case 0x2C00 ... 0x2FEF: break;
135 case 0x3001 ... 0xD7FF: break;
136 case 0xF900 ... 0xFDCF: break;
137 case 0xFDF0 ... 0xFFFD: break;
138 case 0x10000 ... 0xEFFFF: break;
139 default:
140 xfree (wc);
141 return 0;
142 }
143 }
144
145 xfree (wc);
146 return 1;
147 }
148
149 int
150 valid_xml_element (xmlChar *str)
151 {
152 wchar_t *wc;
153 size_t len, c;
154
155 if (!str || !*str || *str == '!')
156 return 0;
157
158 wc = str_to_wchar ((const char *)str);
159 if (!wc)
160 return 0;
161
162 len = wcslen (wc);
163 for (c = 0; c < len; c++)
164 {
165 if (iswspace(wc[c]))
166 {
167 xfree (wc);
168 return 0;
169 }
170 }
171
172 xfree (wc);
173 return 1;
174 }
175
176 int
177 valid_element_path (char **path, int with_content)
178 {
179 char **dup = NULL, **p;
180
181 if (!path || !*path)
182 return 0;
183
184 /* Save some memory by not duplicating the element content. */
185 if (with_content)
186 {
187 int i, t = strv_length (path);
188
189 for (i = 0; i < t - 1; i++)
190 {
191 char **tmp = xrealloc (dup, (i + 2) * sizeof (char *));
192
193 if (!tmp)
194 {
195 strv_free (dup);
196 return 0;
197 }
198
199 dup = tmp;
200 dup[i] = str_dup (path[i]);
201 dup[i + 1] = NULL;
202 }
203 }
204 else
205 dup = strv_dup (path);
206
207 if (!dup)
208 return 0;
209
210 for (p = dup; *p && *(*p); p++)
211 {
212 is_literal_element (&(*p));
213 if (!valid_xml_element ((xmlChar *) * p))
214 {
215 strv_free (dup);
216 return 0;
217 }
218 }
219
220 strv_free (dup);
221 return 1;
222 }
223
224 gpg_error_t
225 attr_ctime (struct client_s *client, xmlNodePtr n)
226 {
227 char *buf = str_asprintf ("%li", time (NULL));
228 gpg_error_t rc;
229
230 if (!buf)
231 return GPG_ERR_ENOMEM;
232
233 rc = add_attribute (client, n, "_ctime", buf);
234 xfree (buf);
235 return rc;
236 }
237
238 static gpg_error_t
239 acl_check (struct client_s *client, xmlNodePtr n)
240 {
241 gpg_error_t rc = GPG_ERR_EACCES;
242 xmlChar *acl = node_has_attribute (n, (xmlChar *) "_acl");
243 char **users = acl ? str_split((char *)acl, ",", 0) : NULL;
244 char **p;
245 int allowed = 0;
246
247 if (!acl || !*acl || !users || !*users)
248 {
249 xmlFree (acl);
250 strv_free(users);
251 return peer_is_invoker(client);
252 }
253
254 if (!peer_is_invoker(client))
255 {
256 xmlFree (acl);
257 strv_free(users);
258 return 0;
259 }
260
261 for (p = users; *p; p++)
262 {
263 #ifdef WITH_GNUTLS
264 rc = acl_check_common (client, *p,
265 client->thd->remote ? 0 : client->thd->peer->uid,
266 client->thd->remote ? 0 : client->thd->peer->gid,
267 &allowed);
268 #else
269 rc = acl_check_common (client, *p, client->thd->peer->uid,
270 client->thd->peer->gid, &allowed);
271 #endif
272 }
273
274 xmlFree(acl);
275 strv_free(users);
276
277 // ATTR LIST makes use of FLAG_ACL_IGNORE to allow listing of element
278 // attributes that the client is not normally allowed access to.
279 if ((rc == GPG_ERR_EACCES || !allowed) && client->flags & FLAG_ACL_IGNORE)
280 {
281 rc = 0;
282 client->flags &= ~FLAG_ACL_IGNORE;
283
284 // This flag is used in ATTR LIST to prevent listing attributes of
285 // children whose parent ACL does not allow access to the client.
286 client->flags |= FLAG_ACL_ERROR;
287 allowed = 1;
288 }
289
290 if (rc)
291 return rc;
292
293 return allowed ? 0 : GPG_ERR_EACCES;
294 }
295
296 static char *
297 create_acl_user (struct client_s *client)
298 {
299 #ifdef WITH_GNUTLS
300 if (client->thd->remote)
301 return str_asprintf ("#%s", client->thd->tls->fp);
302 #endif
303
304 return get_username (client->thd->peer->uid);
305 }
306
307 static gpg_error_t
308 create_new_element (struct client_s *client, int verify, xmlNodePtr parent,
309 const char *name, xmlNodePtr * result)
310 {
311 xmlNodePtr n;
312 gpg_error_t rc;
313
314 // Allow any client to create a non-existing root element.
315 if (parent->parent->type != XML_DOCUMENT_NODE)
316 {
317 rc = acl_check(client, parent);
318 if (rc)
319 return rc;
320 }
321
322 n = xmlNewNode (NULL, (xmlChar *) "element");
323 if (!n)
324 return GPG_ERR_ENOMEM;
325
326 rc = add_attribute (client, n, "_name", name);
327 if (!rc)
328 rc = attr_ctime (client, n);
329
330 if (!rc && verify && parent->parent->type != XML_DOCUMENT_NODE)
331 rc = is_element_owner (client, parent);
332
333 if (!rc)
334 {
335 xmlNodePtr p = xmlAddChild (parent, n);
336 char *user = create_acl_user (client);
337
338 if (result)
339 *result = p;
340
341 rc = add_attribute(client, p, "_acl", user);
342 xfree (user);
343 }
344 else
345 xmlFreeNode (n);
346
347 return rc;
348 }
349
350 gpg_error_t
351 new_root_element (struct client_s *client, xmlDocPtr doc, char *name)
352 {
353 xmlNodePtr root = xmlDocGetRootElement (doc);
354 char *p = name;
355
356 if (!p || !root)
357 return GPG_ERR_BAD_DATA;
358
359 if (*p == '!')
360 p++;
361
362 if (!valid_xml_element ((xmlChar *) p))
363 return GPG_ERR_INV_VALUE;
364
365 return create_new_element (client, 0, root, p, NULL);
366 }
367
368 static xmlDocPtr
369 create_dtd ()
370 {
371 xmlDocPtr doc;
372 xmlTextWriterPtr wr = xmlNewTextWriterDoc (&doc, 0);
373
374 if (!wr)
375 return NULL;
376
377 if (xmlTextWriterStartDocument (wr, NULL, "UTF-8", "yes"))
378 goto fail;
379
380 if (xmlTextWriterStartDTD (wr, (xmlChar *) "pwmd", NULL, NULL) == -1)
381 goto fail;
382
383 if (xmlTextWriterWriteDTDElement (wr, (xmlChar *) "pwmd",
384 (xmlChar *) "(element)") == -1)
385 goto fail;
386
387 xmlTextWriterEndDTDElement (wr);
388
389 if (xmlTextWriterWriteDTDAttlist (wr, (xmlChar *) "element",
390 (xmlChar *) "_name CDATA #REQUIRED") ==
391 -1)
392 goto fail;
393
394 xmlTextWriterEndDTDAttlist (wr);
395 xmlTextWriterEndDTD (wr);
396
397 if (xmlTextWriterStartElement (wr, (xmlChar *) "pwmd"))
398 goto fail;
399
400 xmlTextWriterEndElement (wr);
401 xmlTextWriterEndDocument (wr);
402 xmlFreeTextWriter (wr);
403 return doc;
404
405 fail:
406 xmlTextWriterEndDocument (wr);
407 xmlFreeTextWriter (wr);
408 xmlFreeDoc (doc);
409 return NULL;
410 }
411
412 xmlDocPtr
413 new_document ()
414 {
415 return create_dtd ();
416 }
417
418 xmlNodePtr
419 find_element_node (xmlNodePtr node)
420 {
421 xmlNodePtr n = node;
422
423 if (n && n->type == XML_ELEMENT_NODE)
424 return n;
425
426 for (n = node; n; n = n->next)
427 {
428 if (n->type == XML_ELEMENT_NODE)
429 return n;
430 }
431
432 return NULL;
433 }
434
435 static xmlNodePtr
436 resolve_path (struct client_s *client, xmlDocPtr doc, xmlChar * path,
437 char ***result, gpg_error_t * rc)
438 {
439 xmlNodePtr n;
440 char **req;
441
442 req = str_split ((char *) path, "\t", 0);
443 if (!req)
444 {
445 *rc = GPG_ERR_ENOMEM;
446 return NULL;
447 }
448
449 n = find_root_element (client, doc, &req, rc, NULL, 0, 0);
450 if (*rc)
451 {
452 strv_free (req);
453 return n;
454 }
455
456 if (req[1])
457 n = find_elements (client, doc, n->children, req + 1, rc, NULL, NULL, NULL,
458 0, 0, NULL, 0);
459
460 if (*rc)
461 strv_free (req);
462 else
463 *result = req;
464
465 return n;
466 }
467
468 /*
469 * Lists root element names; the value of the attribute "_name" of an element
470 * "element". If there's a target attribute both literal and non-literal
471 * element names will be added. This is the primary reason why XML entities
472 * cannot be used. There wouldn't be a way to get the literal an non-literal
473 * element paths.
474 */
475 gpg_error_t
476 list_root_elements (struct client_s *client, xmlDocPtr doc,
477 struct string_s ** result, int verbose, int with_target)
478 {
479 xmlNodePtr n = NULL;
480 struct slist_s *list = NULL;
481 int total, i;
482 struct string_s *string;
483 gpg_error_t rc = 0;
484
485 n = xmlDocGetRootElement (doc);
486 if (!n || !n->children)
487 return GPG_ERR_NO_DATA;
488
489 for (n = n->children; n; n = n->next)
490 {
491 xmlAttrPtr a;
492 xmlChar *val, *target;
493 struct slist_s *tlist;
494 char *tmp;
495
496 if (n->type != XML_ELEMENT_NODE)
497 continue;
498
499 a = xmlHasProp (n, (xmlChar *) "_name");
500 if (!a || !a->children->content)
501 continue;
502
503 val = xmlNodeGetContent (a->children);
504 if (!val)
505 {
506 rc = GPG_ERR_ENOMEM;
507 goto fail;
508 }
509
510 tmp = str_asprintf ("!%s%s", (char *) val,
511 verbose ? find_element_node (n->children) ? " +"
512 : "" : "");
513
514 if (!tmp)
515 {
516 xmlFree (val);
517 rc = GPG_ERR_ENOMEM;
518 goto fail;
519 }
520
521 tlist = slist_append (list, tmp);
522 if (!tlist)
523 {
524 xmlFree (val);
525 rc = GPG_ERR_ENOMEM;
526 goto fail;
527 }
528
529 list = tlist;
530 target = node_has_attribute (n, (xmlChar *) "target");
531 if (target)
532 {
533 char *t = NULL;
534
535 if (verbose)
536 {
537 char **req = NULL;
538 xmlNodePtr tnode = resolve_path (client, doc, target, &req, &rc);
539
540 if (rc == GPG_ERR_ELEMENT_NOT_FOUND || rc == GPG_ERR_ELOOP
541 || rc == GPG_ERR_EACCES)
542 {
543 t = str_asprintf ("%s %s%s%s", (char *) val,
544 rc == GPG_ERR_ELOOP ? "O" :
545 rc == GPG_ERR_EACCES ? "P" : "E",
546 with_target ? "T " : "",
547 with_target ? (char *)target : "");
548 rc = 0;
549 }
550 else if (!rc)
551 {
552 struct string_s *realpath = NULL;
553
554 if (with_target)
555 {
556 rc = build_realpath (client, doc, (char *) target,
557 &realpath);
558 if (rc)
559 {
560 strv_free (req);
561 xmlFree (val);
562 xmlFree (target);
563 goto fail;
564 }
565
566 realpath = string_prepend (realpath, "T ");
567 }
568
569 t = str_asprintf ("%s%s%s%s", (char *) val,
570 (tnode
571 && find_element_node (tnode->children))
572 || realpath ? " " : "", tnode
573 && find_element_node (tnode->children) ?
574 "+" : "", realpath ? realpath->str : "");
575
576 if (realpath)
577 string_free (realpath, 1);
578 }
579
580 if (req)
581 strv_free (req);
582 }
583 else
584 t = str_dup ((char *) val);
585
586 if (!t || rc)
587 {
588 xmlFree (val);
589 xmlFree (target);
590 rc = rc ? rc : GPG_ERR_ENOMEM;
591 goto fail;
592 }
593
594 tlist = slist_append (list, t);
595 if (!tlist)
596 {
597 xmlFree (val);
598 xfree (t);
599 xmlFree (target);
600 rc = GPG_ERR_ENOMEM;
601 goto fail;
602 }
603
604 list = tlist;
605 }
606
607 xmlFree (val);
608 xmlFree (target);
609 }
610
611 total = slist_length (list);
612 if (!total)
613 return GPG_ERR_NO_DATA;
614
615 string = string_new (NULL);
616 if (!string)
617 {
618 rc = GPG_ERR_ENOMEM;
619 goto fail;
620 }
621
622 for (i = 0; i < total; i++)
623 {
624 char *val = slist_nth_data (list, i);
625
626 string_append_printf (string, "%s\n", val);
627 }
628
629 string = string_truncate (string, string->len - 1);
630 *result = string;
631
632 fail:
633 total = slist_length (list);
634 for (i = 0; i < total; i++)
635 xfree (slist_nth_data (list, i));
636
637 slist_free (list);
638 return rc;
639 }
640
641 /*
642 * Prevents a sibling element past the current element path with the same
643 * element name.
644 */
645 static xmlNodePtr
646 find_stop_node (xmlNodePtr node)
647 {
648 xmlNodePtr n;
649
650 for (n = node->parent->children; n; n = n->next)
651 {
652 if (n == node)
653 return n->next;
654 }
655
656 return NULL;
657 }
658
659 xmlNodePtr
660 create_target_elements_cb (struct client_s *client, int verify,
661 xmlNodePtr node, char **path, gpg_error_t *rc,
662 void *data)
663 {
664 int i;
665 char **req = path;
666 xmlNodePtr parent = data;
667
668 for (i = 0; req[i] && *req[i]; i++)
669 {
670 xmlNodePtr n;
671
672 if (parent && node == parent)
673 {
674 *rc = GPG_ERR_CONFLICT;
675 return NULL;
676 }
677
678 is_literal_element (&req[i]);
679
680 if ((n = find_element (client, node, req[i],
681 find_stop_node (node), rc)) == NULL ||
682 (n && n->parent == node->parent))
683 {
684
685 if (!*rc)
686 *rc = create_new_element (client, verify, node, req[i], &node);
687
688 if (*rc)
689 return NULL;
690 }
691 else
692 node = n;
693 }
694
695 return node;
696 }
697
698 xmlNodePtr
699 find_text_node (xmlNodePtr node)
700 {
701 xmlNodePtr n = node;
702
703 if (n && n->type == XML_TEXT_NODE)
704 return n;
705
706 for (n = node; n; n = n->next)
707 {
708 if (n->type == XML_TEXT_NODE)
709 return n;
710 }
711
712 return NULL;
713 }
714
715 xmlNodePtr
716 create_elements_cb (struct client_s *client, int verify, xmlNodePtr node,
717 char **elements, gpg_error_t * rc, void *data)
718 {
719 int i;
720 char **req = elements;
721
722 if (*rc && *rc != GPG_ERR_ELEMENT_NOT_FOUND)
723 return NULL;
724
725 if (node->type == XML_TEXT_NODE)
726 node = node->parent;
727
728 for (i = 0; req[i] && *req[i]; i++)
729 {
730 xmlNodePtr n;
731
732 /*
733 * Strip the first '!' if needed. If there's another, it's an
734 * rc. The syntax has already been checked before calling this
735 * function.
736 */
737 is_literal_element (&req[i]);
738 n = find_element (client, node, req[i], find_stop_node (node), rc);
739 if (*rc)
740 return NULL;
741
742 /*
743 * If the found element has the same parent as the current element,
744 * they are siblings and the new element needs to be created as a
745 * child of the current element (node).
746 */
747 if (n && n->parent == node->parent)
748 n = NULL;
749
750 if (!n)
751 {
752 *rc = create_new_element (client, 0, node, req[i], &node);
753 if (*rc)
754 return NULL;
755 }
756 else
757 node = n;
758 }
759
760 return node;
761 }
762
763 /* The root element is really req[0]. It is need as a pointer in case there is
764 * a target attribute so it can be updated. */
765 xmlNodePtr
766 find_root_element (struct client_s *client, xmlDocPtr doc, char ***req,
767 gpg_error_t * rc, int *target, int recursion_depth,
768 int stop)
769 {
770 xmlNodePtr n = xmlDocGetRootElement (doc);
771 int depth = 0;
772 char *root = str_dup (*req[0]);
773 int literal = is_literal_element (&root);
774
775 if (!root)
776 {
777 *rc = GPG_ERR_ENOMEM;
778 return NULL;
779 }
780
781 *rc = 0;
782 recursion_depth++;
783
784 if (max_recursion_depth >= 1 && recursion_depth > max_recursion_depth)
785 {
786 xmlChar *t = xmlGetNodePath (n);
787
788 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP), t);
789 xmlFree (t);
790 xfree (root);
791 *rc = GPG_ERR_ELOOP;
792 return NULL;
793 }
794
795 while (n)
796 {
797 if (n->type == XML_ELEMENT_NODE)
798 {
799 if (depth == 0 && xmlStrEqual (n->name, (xmlChar *) "pwmd"))
800 {
801 n = n->children;
802 depth++;
803 continue;
804 }
805
806 if (depth == 1 && xmlStrEqual (n->name, (xmlChar *) "element"))
807 {
808 xmlChar *content = node_has_attribute (n, (xmlChar *) "_name");
809
810 if (!content)
811 continue;
812
813 if (xmlStrEqual (content, (xmlChar *) root))
814 {
815 char **nreq, **tmp = NULL;
816 int acl = client->flags & FLAG_ACL_IGNORE;
817
818 *rc = acl_check(client, n);
819 if ((*rc && *rc != GPG_ERR_EACCES)
820 || (*rc == GPG_ERR_EACCES && !acl))
821 {
822 xmlFree (content);
823 xfree (root);
824 return n;
825 }
826
827 if (acl)
828 {
829 *rc = 0;
830 // This flag is cleared in acl_check() but we always
831 // allow ATTR LIST of root elements.
832 client->flags |= FLAG_ACL_IGNORE;
833 }
834
835 if (literal == 1)
836 {
837 xmlFree (content);
838 xfree (root);
839 return n;
840 }
841
842 xmlFree (content);
843 content = node_has_attribute (n, (xmlChar *) "target");
844
845 if (content && target)
846 *target = 1;
847
848 if (!content || stop)
849 {
850 if (content)
851 xmlFree (content);
852
853 xfree (root);
854 return n;
855 }
856
857 if (strchr ((char *) content, '\t'))
858 {
859 nreq = str_split ((char *) content, "\t", 0);
860 xmlFree (content);
861
862 #if 0
863 /*
864 * FIXME ENOMEM
865 */
866 if (!nreq)
867 {
868 *rc = GPG_ERR_ENOMEM;
869 return NULL;
870 }
871 #endif
872
873 tmp = *req;
874 tmp = strv_catv (nreq, tmp + 1);
875 strv_free (nreq);
876
877 if (!tmp)
878 {
879 xfree (root);
880 *rc = GPG_ERR_ENOMEM;
881 return NULL;
882 }
883
884 strv_free (*req);
885 *req = tmp;
886 }
887 else
888 {
889 if (strv_printf (&tmp, "%s", content) == 0)
890 {
891 xmlFree (content);
892 xfree (root);
893 *rc = GPG_ERR_ENOMEM;
894 return NULL;
895 }
896
897 xmlFree (content);
898 nreq = *req;
899 nreq = strv_catv (tmp, nreq + 1);
900 strv_free (tmp);
901
902 if (!nreq)
903 {
904 *rc = GPG_ERR_ENOMEM;
905 xfree (root);
906 return NULL;
907 }
908
909 strv_free (*req);
910 *req = nreq;
911 }
912
913 xfree (root);
914 return find_root_element (client, doc, req, rc, target,
915 recursion_depth, 0);
916 }
917
918 xmlFree (content);
919 }
920 }
921
922 n = n->next;
923 }
924
925 xfree (root);
926 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
927 return NULL;
928 }
929
930 xmlNodePtr
931 find_element (struct client_s *client, xmlNodePtr node, char *element,
932 xmlNodePtr stop, gpg_error_t *rc)
933 {
934 xmlNodePtr n;
935
936 *rc = 0;
937
938 if (!node || !element)
939 return NULL;
940
941 for (n = node; n; n = n->next)
942 {
943 if (n->type != XML_ELEMENT_NODE)
944 continue;
945
946 if (n == stop)
947 break;
948
949 xmlChar *a = node_has_attribute (n, (xmlChar *) "_name");
950
951 if (a && xmlStrEqual (a, (xmlChar *) element))
952 {
953 xmlFree (a);
954
955 // Prevent ATTR LIST showing child element attributes for a parent
956 // whos ACL denies the client.
957 if (client->flags & FLAG_ACL_ERROR)
958 {
959 *rc = GPG_ERR_EACCES;
960 return NULL;
961 }
962
963 *rc = acl_check(client, n);
964 if (*rc)
965 n = NULL;
966
967 return n;
968 }
969
970 xmlFree (a);
971 }
972
973 return NULL;
974 }
975
976 xmlChar *
977 node_has_attribute (xmlNodePtr n, xmlChar * attr)
978 {
979 xmlAttrPtr a = xmlHasProp (n, attr);
980
981 if (!a)
982 return NULL;
983
984 if (!a->children || !a->children->content)
985 return NULL;
986
987 return xmlGetProp (n, attr);
988 }
989
990 static int
991 element_to_literal (char **element)
992 {
993 char *p = str_asprintf ("!%s", *element);
994
995 if (!p)
996 return 0;
997
998 xfree (*element);
999 *element = p;
1000 return 1;
1001 }
1002
1003 /* Resolves elements in 'req' one at a time. It's recursive in case of
1004 * "target" attributes. */
1005 xmlNodePtr
1006 find_elements (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
1007 char **req, gpg_error_t * rc, int *target,
1008 xmlNodePtr (*found_fn) (struct client_s *, xmlNodePtr, char **,
1009 gpg_error_t *, char **, void *),
1010 xmlNodePtr (*not_found_fn) (struct client_s *, int, xmlNodePtr,
1011 char **, gpg_error_t *, void *),
1012 int is_list_command, int recursion_depth, void *data, int stop)
1013 {
1014 xmlNodePtr n, last, last_node;
1015 char **p;
1016 int found = 0;
1017
1018 *rc = 0;
1019 recursion_depth++;
1020
1021 if (max_recursion_depth >= 1 && recursion_depth > max_recursion_depth)
1022 {
1023 xmlChar *t = xmlGetNodePath (node);
1024
1025 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP), t);
1026 xmlFree (t);
1027 recursion_depth--;
1028 *rc = GPG_ERR_ELOOP;
1029 return NULL;
1030 }
1031
1032 for (last_node = last = n = node, p = req; *p; p++)
1033 {
1034 xmlNodePtr tmp;
1035 char *t;
1036 int literal;
1037
1038 if (!*(*p))
1039 {
1040 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
1041 return NULL;
1042 }
1043
1044 t = str_dup (*p);
1045 if (!t)
1046 {
1047 *rc = GPG_ERR_ENOMEM;
1048 return NULL;
1049 }
1050
1051 literal = is_literal_element (&t);
1052 n = find_element (client, last, t, NULL, rc);
1053 xfree (t);
1054 if (!n)
1055 {
1056 if (!*rc)
1057 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
1058
1059 /* Fixes ATTR LIST when an element does not exist and the parent
1060 * denies access to children. Fixes leaking information about the
1061 * current elements children. */
1062 if (*rc == GPG_ERR_ELEMENT_NOT_FOUND && last_node != n)
1063 {
1064 gpg_error_t trc = acl_check (client, last_node);
1065 if (trc)
1066 *rc = trc;
1067 }
1068
1069 if (not_found_fn)
1070 return not_found_fn (client, 0,
1071 found ? last_node : last_node->parent, p,
1072 rc, data);
1073 return NULL;
1074 }
1075
1076 last = n->children;
1077 last_node = n;
1078 found = 1;
1079
1080 if (literal == 0)
1081 {
1082 xmlChar *content = node_has_attribute (n, (xmlChar *) "target");
1083 char **nreq = NULL, **nnreq;
1084
1085 if (!content)
1086 {
1087 if (is_list_command == 1)
1088 {
1089 if (element_to_literal (&(*p)) == 0)
1090 {
1091 *rc = GPG_ERR_ENOMEM;
1092 return NULL;
1093 }
1094 }
1095
1096 continue;
1097 }
1098
1099 if (target)
1100 *target = 1;
1101
1102 if (!*(p + 1) && stop)
1103 {
1104 xmlFree (content);
1105 return n;
1106 }
1107
1108 if (strchr ((char *) content, '\t') != NULL)
1109 {
1110 if ((nreq = str_split ((char *) content, "\t", 0)) == NULL)
1111 {
1112 xmlFree (content);
1113 *rc = GPG_ERR_INV_VALUE;
1114 return NULL;
1115 }
1116 }
1117 else
1118 {
1119 if ((nreq = str_split ((char *) content, " ", 0)) == NULL)
1120 {
1121 xmlFree (content);
1122 *rc = GPG_ERR_INV_VALUE;
1123 return NULL;
1124 }
1125 }
1126
1127 xmlFree (content);
1128 tmp = find_root_element (client, doc, &nreq, rc, target, 0, 0);
1129 if (*rc)
1130 {
1131 strv_free (nreq);
1132 if (not_found_fn && *rc == GPG_ERR_EACCES)
1133 return not_found_fn (client, 0, NULL, p, rc, data);
1134 return tmp;
1135 }
1136
1137 if (found_fn)
1138 {
1139 found_fn (client, tmp, nreq, rc, p + 1, data);
1140
1141 if (*rc)
1142 {
1143 strv_free (nreq);
1144 return NULL;
1145 }
1146 }
1147
1148 if (!*(nreq + 1) && !*(p + 1))
1149 {
1150 strv_free (nreq);
1151 return tmp;
1152 }
1153
1154 nnreq = strv_catv (nreq + 1, p + 1);
1155 strv_free (nreq);
1156
1157 // FIXME ENOMEM
1158 if (!nnreq || !*nnreq)
1159 {
1160 strv_free (nnreq);
1161 return tmp;
1162 }
1163
1164 if (tmp->children)
1165 {
1166 n = find_elements (client, doc, tmp->children, nnreq, rc, NULL,
1167 found_fn, not_found_fn, is_list_command,
1168 recursion_depth, data, stop);
1169 if (!n)
1170 {
1171 strv_free (nnreq);
1172 return NULL;
1173 }
1174 }
1175 else
1176 {
1177 strv_free (nnreq);
1178 if (not_found_fn)
1179 return not_found_fn (client, 0, tmp, p, rc, data);
1180
1181 *rc = GPG_ERR_ELEMENT_NOT_FOUND;
1182 return NULL;
1183 }
1184
1185 if (*(p + 1))
1186 {
1187 char **zz = p + 1, **qq = nnreq;
1188
1189 if (strv_length (nnreq) > strv_length (p + 1))
1190 qq = nnreq + 1;
1191
1192 for (; *qq && *zz; zz++)
1193 {
1194 xfree (*zz);
1195 *zz = str_dup (*qq++);
1196
1197 if (!*zz)
1198 {
1199 *rc = GPG_ERR_ENOMEM;
1200 n = NULL;
1201 break;
1202 }
1203 }
1204 }
1205
1206 strv_free (nnreq);
1207 return n;
1208 }
1209 }
1210
1211 return n;
1212 }
1213
1214 static int
1215 update_element_list (struct element_list_s *elements)
1216 {
1217 char *line;
1218 struct slist_s *l;
1219
1220 if (!elements || !elements->elements)
1221 return 1;
1222
1223 line = strv_join ("\t", elements->elements);
1224
1225 if (!line)
1226 return 0;
1227
1228 strv_free (elements->elements);
1229 elements->elements = NULL;
1230 l = slist_append (elements->list, line);
1231
1232 if (!l)
1233 return 0;
1234
1235 elements->list = l;
1236 return 1;
1237 }
1238
1239 static gpg_error_t
1240 path_list_recurse (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
1241 struct element_list_s *elements)
1242 {
1243 gpg_error_t rc = 0;
1244 xmlNodePtr n;
1245 gpg_error_t error_flag = 0;
1246
1247 for (n = node; n; n = n->next)
1248 {
1249 xmlChar *target = NULL;
1250 xmlChar *a = node_has_attribute (n, (xmlChar *) "_name");
1251 gpg_error_t err = 0;
1252 char *path = NULL;
1253
1254 rc = 0;
1255 if (!a)
1256 continue;
1257
1258 if (n->type != XML_ELEMENT_NODE)
1259 goto children;
1260
1261 rc = acl_check(client, n);
1262
1263 if (elements->verbose)
1264 {
1265 if (strv_printf
1266 (&elements->elements, "%s\t!%s%s%s", elements->prefix, a,
1267 !rc && find_element_node (n->children) ? " +" : "",
1268 rc == GPG_ERR_EACCES ? " P" : rc ? " E" : "") == 0)
1269 {
1270 xmlFree (a);
1271 return GPG_ERR_ENOMEM;
1272 }
1273 }
1274 else
1275 if (strv_printf (&elements->elements, "%s\t!%s", elements->prefix, a)
1276 == 0)
1277 {
1278 xmlFree (a);
1279 return GPG_ERR_ENOMEM;
1280 }
1281
1282 if (update_element_list (elements) == 0)
1283 {
1284 xmlFree (a);
1285 return GPG_ERR_ENOMEM;
1286 }
1287
1288 if (rc == GPG_ERR_EACCES)
1289 {
1290 xmlFree(a);
1291 error_flag = rc;
1292 continue;
1293 }
1294 else if (rc)
1295 {
1296 xmlFree (a);
1297 return rc;
1298 }
1299
1300 target = node_has_attribute (n, (xmlChar *) "target");
1301 if (target)
1302 {
1303 char *tmp;
1304 char *save = elements->prefix;
1305 int r = elements->resolving;
1306 char **req = NULL;
1307 xmlNodePtr tnode;
1308 struct string_s *realpath = NULL;
1309
1310 tnode = resolve_path (client, doc, target, &req, &rc);
1311 if (rc == GPG_ERR_ELOOP || rc == GPG_ERR_ELEMENT_NOT_FOUND
1312 || rc == GPG_ERR_EACCES)
1313 {
1314 if (rc == GPG_ERR_ELOOP)
1315 {
1316 xmlChar *t = xmlGetNodePath (n);
1317
1318 log_write ("%s: %s", pwmd_strerror (GPG_ERR_ELOOP), t);
1319 xmlFree (t);
1320 }
1321
1322 if (elements->verbose)
1323 {
1324 error_flag = err = rc;
1325 rc = 0;
1326 }
1327 }
1328 else if (!elements->verbose && rc)
1329 {
1330 xmlFree (a);
1331 xmlFree (target);
1332 return rc;
1333 }
1334
1335 path = str_asprintf("%s\t%s", elements->prefix, a);
1336 rc = validate_target_attribute (client, client->doc, path, tnode);
1337 xfree (path);
1338 if (rc == GPG_ERR_ELOOP || rc == GPG_ERR_EACCES
1339 || rc == GPG_ERR_ELEMENT_NOT_FOUND)
1340 {
1341 if (rc != GPG_ERR_ELEMENT_NOT_FOUND)
1342 error_flag = err = rc;
1343
1344 rc = 0;
1345 }
1346 else if (rc)
1347 {
1348 xmlFree (a);
1349 xmlFree (target);
1350 return rc;
1351 }
1352
1353 if (err)
1354 {
1355 strv_printf (&elements->elements, "%s\t%s %s%s%s",
1356 elements->prefix, a,
1357 err == GPG_ERR_ELOOP ? "O" :
1358 err == GPG_ERR_EACCES ? "P" : "E",
1359 elements->with_target ? "T " : "",
1360 elements->with_target ? (char *)target : "");
1361 }
1362 else if (!err && elements->with_target)
1363 {
1364 rc = build_realpath (client, doc, (char *) target, &realpath);
1365 if (rc)
1366 {
1367 xmlFree (a);
1368 xmlFree (target);
1369 return rc;
1370 }
1371
1372 realpath = string_prepend (realpath, "T ");
1373 }
1374
1375 if (!err && elements->verbose)
1376 {
1377 if (!strv_printf (&elements->elements, "%s\t%s%s%s%s",
1378 elements->prefix, a,
1379 (tnode && find_element_node (tnode->children))
1380 || realpath ? " " : "", tnode
1381 && find_element_node (tnode->children) ? "+" :
1382 "", realpath ? realpath->str : ""))
1383 {
1384 xmlFree (a);
1385 xmlFree (target);
1386 return GPG_ERR_ENOMEM;
1387 }
1388 }
1389 else if (!err)
1390 if (!strv_printf
1391 (&elements->elements, "%s\t%s", elements->prefix, a))
1392 {
1393 xmlFree (a);
1394 xmlFree (target);
1395 return GPG_ERR_ENOMEM;
1396 }
1397
1398 if (realpath)
1399 string_free (realpath, 1);
1400
1401 tmp = strv_join ("\t", elements->elements);
1402 if (!tmp)
1403 {
1404 xmlFree (a);
1405 xmlFree (target);
1406 return GPG_ERR_ENOMEM;
1407 }
1408
1409 if (update_element_list (elements) == 0)
1410 {
1411 xfree (tmp);
1412 xmlFree (a);
1413 xmlFree (target);
1414 return GPG_ERR_ENOMEM;
1415 }
1416
1417 if (!err && elements->recurse)
1418 {
1419 /* Prune element flags. */
1420 if (elements->verbose && strchr (tmp, ' '))
1421 {
1422 char *p;
1423
1424 for (p = tmp; *p; p++)
1425 {
1426 if (*p == ' ')
1427 {
1428 *p = 0;
1429 break;
1430 }
1431 }
1432 }
1433
1434 elements->prefix = tmp;
1435 elements->resolving = 1;
1436 rc = create_path_list (client, doc, elements, (char *) target);
1437 elements->resolving = r;
1438 elements->prefix = save;
1439
1440 if (rc && gpg_err_code (rc) != GPG_ERR_ELOOP
1441 && gpg_err_code(rc) != GPG_ERR_EACCES)
1442 {
1443 xfree (tmp);
1444 xmlFree (target);
1445 xmlFree (a);
1446 return rc;
1447 }
1448
1449 error_flag = err = rc;
1450 rc = 0;
1451 }
1452
1453 xfree (tmp);
1454 xmlFree (target);
1455 }
1456
1457 children:
1458 if (n->children && elements->recurse)
1459 {
1460 char *tmp = str_asprintf ("%s\t!%s", elements->prefix, a);
1461 char *save = elements->prefix;
1462
1463 if (!tmp)
1464 {
1465 xmlFree (a);
1466 return GPG_ERR_ENOMEM;
1467 }
1468
1469 elements->prefix = tmp;
1470 rc = path_list_recurse (client, doc, n->children, elements);
1471 xfree (elements->prefix);
1472 elements->prefix = save;
1473
1474 if (rc)
1475 {
1476 if (gpg_err_code(rc) == GPG_ERR_ELOOP
1477 || gpg_err_code (rc) == GPG_ERR_EACCES
1478 || gpg_err_code (rc) == GPG_ERR_ELEMENT_NOT_FOUND)
1479 {
1480 error_flag = err = rc;
1481 rc = 0;
1482 }
1483 else
1484 {
1485 xmlFree (a);
1486 return rc;
1487 }
1488 }
1489 }
1490
1491 xmlFree (a);
1492 }
1493
1494 return error_flag == GPG_ERR_ELOOP || error_flag == GPG_ERR_EACCES
1495 ? error_flag : rc;
1496 }
1497
1498 gpg_error_t
1499 add_attribute (struct client_s *client, xmlNodePtr node, const char *name,
1500 const char *value)
1501 {
1502 char *buf;
1503 gpg_error_t rc = 0;
1504
1505 if (client && name && !strcmp (name, "target"))
1506 {
1507 rc = is_element_owner (client, node);
1508 if (rc)
1509 return rc;
1510 }
1511
1512 if (name && !xmlSetProp (node, (xmlChar *) name, (xmlChar *) value))
1513 return GPG_ERR_BAD_DATA;
1514
1515 if (client && name && !xmlStrEqual ((xmlChar *) name, (xmlChar *) "_acl"))
1516 {
1517 xmlChar *acl = node_has_attribute (node, (xmlChar *) "_acl");
1518
1519 if (!acl)
1520 {
1521 char *user = create_acl_user (client);
1522
1523 if (user)
1524 {
1525 rc = add_attribute (client, node, (char *) "_acl", user);
1526 xfree (user);
1527 }
1528
1529 return rc;
1530 }
1531
1532 xmlFree (acl);
1533 }
1534
1535 if (name && xmlStrEqual ((xmlChar *) name, (xmlChar *) "_mtime"))
1536 return 0;
1537
1538 buf = str_asprintf ("%li", time (NULL));
1539 rc = add_attribute (client, node, "_mtime", buf);
1540 xfree (buf);
1541 return rc;
1542 }
1543
1544 static xmlNodePtr
1545 list_not_found_cb (struct client_s *client, int i, xmlNodePtr node,
1546 char **req, gpg_error_t *rc, void *data)
1547 {
1548 struct element_list_s *elements = data;
1549
1550 if (*rc != GPG_ERR_EACCES)
1551 return NULL;
1552
1553 elements->data = strv_dup (req);
1554 return NULL;
1555 }
1556
1557 /*
1558 * From the element path 'path', find sub-nodes and append them to the list.
1559 */
1560 gpg_error_t
1561 create_path_list (struct client_s *client, xmlDocPtr doc,
1562 struct element_list_s * elements, char *path)
1563 {
1564 gpg_error_t rc;
1565 char **req, **req_orig;
1566 xmlNodePtr n;
1567 int a_target = 0;
1568 int root_only = 0;
1569 int allowed = 1;
1570
1571 req = str_split (path, "\t", 0);
1572 if (!req)
1573 {
1574 req = str_split (path, " ", 0);
1575 if (!req)
1576 return GPG_ERR_SYNTAX;
1577 }
1578
1579 req_orig = strv_dup (req);
1580 if (!req_orig)
1581 {
1582 rc = GPG_ERR_ENOMEM;
1583 goto fail;
1584 }
1585
1586 n = find_root_element (client, doc, &req, &rc, &a_target, 0, 0);
1587 if ((rc == GPG_ERR_ELEMENT_NOT_FOUND || rc == GPG_ERR_ELOOP
1588 || rc == GPG_ERR_EACCES) && elements->verbose && a_target)
1589 {
1590 if (rc == GPG_ERR_EACCES)
1591 allowed = 0;
1592
1593 root_only = 1;
1594 goto done;
1595 }
1596
1597 if (rc == GPG_ERR_EACCES)
1598 {
1599 allowed = 0;
1600 root_only = 1;
1601 goto done;
1602 }
1603
1604 if (!n && rc == GPG_ERR_ELEMENT_NOT_FOUND && elements->resolving == 1)
1605 {
1606 rc = 0;
1607 goto fail;
1608 }
1609 else if (!n)
1610 goto fail;
1611
1612 if (a_target == 1)
1613 {
1614 xfree (*req);
1615 *req = str_dup (*req_orig);
1616 }
1617
1618 if (*(req + 1))
1619 {
1620 int e_target = 0;
1621
1622 n = find_elements (client, doc, n->children, req + 1, &rc, &e_target,
1623 NULL, list_not_found_cb, 1, 0, elements, 0);
1624 if (rc == GPG_ERR_ELEMENT_NOT_FOUND && elements->resolving == 1)
1625 {
1626 rc = 0;
1627 goto fail;
1628 }
1629 else if (rc && rc != GPG_ERR_EACCES)
1630 goto fail;
1631 else if (rc)
1632 allowed = 0;
1633 }
1634
1635 done:
1636 if (!elements->prefix)
1637 {
1638 /*
1639 * FIXME
1640 *
1641 * If any req_orig element contains no target the element should be
1642 * prefixed with the literal character. Not really crucial if the
1643 * client isn't human because child elements are prefixed for the
1644 * current path. But may be confusing if editing by hand.
1645 */
1646 if (elements->data)
1647 {
1648 /* This is needed to prune the original requested element path to the
1649 * length of the failed element in the path. */
1650 int x = strv_length (req_orig)-strv_length ((char **)elements->data);
1651 int i;
1652 char **tmp = NULL;
1653
1654 for (i = 0; i <= x; i++)
1655 tmp = strv_cat (tmp, str_dup (req_orig[i]));
1656
1657 elements->prefix = strv_join ("\t", tmp);
1658 strv_free (tmp);
1659 strv_free (elements->data);
1660 elements->data = NULL;
1661 }
1662 else
1663 {
1664 if (root_only)
1665 elements->prefix = str_dup (*req_orig);
1666 else
1667 elements->prefix = strv_join ("\t", req_orig);
1668 }
1669
1670 if (!elements->prefix)
1671 {
1672 rc = GPG_ERR_ENOMEM;
1673 goto fail;
1674 }
1675
1676 if (elements->verbose)
1677 {
1678 int ret;
1679 struct string_s *realpath = NULL;
1680
1681 if (!rc && allowed && a_target && elements->with_target)
1682 {
1683 rc = build_realpath (client, doc, path, &realpath);
1684 if (rc)
1685 goto fail;
1686
1687 realpath = string_prepend (realpath, "T ");
1688 }
1689
1690 ret = strv_printf (&elements->elements, "%s%s%s%s%s%s%s",
1691 elements->prefix,
1692 (allowed && n && find_element_node (n->children))
1693 || realpath ? " " : "",
1694 (allowed && n && find_element_node (n->children)) ? "+" : "",
1695 allowed && realpath ? realpath->str : "",
1696 rc == GPG_ERR_ELOOP ? " O" : "",
1697 rc == GPG_ERR_ELEMENT_NOT_FOUND ? " E" : "",
1698 !allowed ? " P" : "");
1699 string_free (realpath, 1);
1700 if (!ret)
1701 {
1702 rc = GPG_ERR_ENOMEM;
1703 goto fail;
1704 }
1705 }
1706 else
1707 {
1708 if (strv_printf (&elements->elements, "%s", elements->prefix) == 0)
1709 {
1710 rc = GPG_ERR_ENOMEM;
1711 goto fail;
1712 }
1713 }
1714
1715 if (update_element_list (elements) == 0)
1716 {
1717 rc = GPG_ERR_ENOMEM;
1718 goto fail;
1719 }
1720 }
1721
1722 if (allowed)
1723 rc = path_list_recurse (client, doc, n ? n->children : n, elements);
1724
1725 fail:
1726 strv_free (req_orig);
1727 strv_free (req);
1728 return rc;
1729 }
1730
1731 gpg_error_t
1732 recurse_xpath_nodeset (struct client_s *client, xmlDocPtr doc,
1733 xmlNodeSetPtr nodes, xmlChar * value,
1734 xmlBufferPtr * result, int cmd, const xmlChar * attr)
1735 {
1736 int i = value ? nodes->nodeNr - 1 : 0;
1737 xmlBufferPtr buf;
1738
1739 buf = xmlBufferCreate ();
1740
1741 if (!buf)
1742 return GPG_ERR_ENOMEM;
1743
1744 for (; value ? i >= 0 : i < nodes->nodeNr; value ? i-- : i++)
1745 {
1746 xmlNodePtr n = nodes->nodeTab[i];
1747 gpg_error_t rc;
1748
1749 if (!n)
1750 continue;
1751
1752 if (!value && !attr)
1753 {
1754 if (xmlNodeDump (buf, doc, n, 0, 0) == -1)
1755 {
1756 *result = buf;
1757 return GPG_ERR_BAD_DATA;
1758 }
1759
1760 continue;
1761 }
1762
1763 if (!attr)
1764 {
1765 xmlNodeSetContent (n, value);
1766 rc = update_element_mtime (client, n);
1767
1768 if (rc)
1769 return rc;
1770 }
1771 else
1772 {
1773 if (!cmd)
1774 rc = add_attribute (client, n, (char *) attr, (char *) value);
1775 else
1776 rc = delete_attribute (client, n, attr);
1777
1778 if (rc)
1779 return rc;
1780 }
1781 }
1782
1783 *result = buf;
1784 return 0;
1785 }
1786
1787 static gpg_error_t
1788 convert_root_element (struct client_s *client, xmlNodePtr n)
1789 {
1790 xmlChar *a = xmlGetProp (n, (xmlChar *) "_name");
1791 gpg_error_t rc;
1792
1793 if (a)
1794 {
1795 xmlFree (a);
1796 xmlChar *t = xmlGetNodePath (n);
1797
1798 log_write (_
1799 ("An existing \"_name\" attribute already exists. Please rename this attribute before converting. Path is: %s"),
1800 t);
1801 xmlFree (t);
1802 return GPG_ERR_AMBIGUOUS_NAME;
1803 }
1804
1805 a = xmlGetProp (n, (xmlChar *) "name");
1806
1807 if (a)
1808 {
1809 rc = add_attribute (client, n, "_name", (char *) a);
1810 xmlFree (a);
1811
1812 if (rc)
1813 return rc;
1814
1815 rc = delete_attribute (client, n, (xmlChar *) "name");
1816
1817 if (rc)
1818 return rc;
1819
1820 xmlNodeSetName (n, (xmlChar *) "element");
1821 }
1822
1823 return 0;
1824 }
1825
1826 gpg_error_t
1827 delete_attribute (struct client_s *client, xmlNodePtr n, const xmlChar * name)
1828 {
1829 xmlAttrPtr a;
1830 gpg_error_t rc = 0;
1831
1832 if ((a = xmlHasProp (n, name)) == NULL)
1833 return GPG_ERR_NOT_FOUND;
1834
1835 if (xmlRemoveProp (a) == -1)
1836 return GPG_ERR_BAD_DATA;
1837
1838 if (client && xmlStrEqual (name, (xmlChar *) "_acl"))
1839 {
1840 char *user = create_acl_user (client);
1841
1842 rc = add_attribute (client, n, (char *) "_acl", user);
1843 xfree (user);
1844
1845 if (rc)
1846 return rc;
1847 }
1848
1849 return update_element_mtime (client, n);
1850 }
1851
1852 static gpg_error_t
1853 convert_elements_recurse (struct client_s *client, xmlDocPtr doc,
1854 xmlNodePtr n, unsigned depth)
1855 {
1856 gpg_error_t rc;
1857
1858 depth++;
1859
1860 for (n = n->children; n; n = n->next)
1861 {
1862 if (n->type == XML_ELEMENT_NODE)
1863 {
1864 if (depth > 1)
1865 {
1866 xmlChar *a = NULL;
1867
1868 if (xmlStrEqual (n->name, (xmlChar *) "element"))
1869 {
1870 xmlChar *t = xmlGetNodePath (n);
1871
1872 log_write (_
1873 ("An existing \"element\" already exists. Please rename this element before converting. Path is: %s"),
1874 t);
1875 xmlFree (t);
1876 return GPG_ERR_AMBIGUOUS_NAME;
1877 }
1878
1879 a = xmlGetProp (n, (xmlChar *) "_name");
1880 if (a)
1881 {
1882 xmlFree (a);
1883 xmlChar *t = xmlGetNodePath (n);
1884
1885 log_write (_
1886 ("An existing \"_name\" attribute already exists. Please rename this attribute before converting. Path is: %s"),
1887 t);
1888 xmlFree (t);
1889 return GPG_ERR_AMBIGUOUS_NAME;
1890 }
1891
1892 xmlChar *tmp = xmlStrdup (n->name);
1893
1894 if (!tmp)
1895 return GPG_ERR_ENOMEM;
1896
1897 xmlNodeSetName (n, (xmlChar *) "element");
1898 rc = add_attribute (client, n, "_name", (char *) tmp);
1899 xmlFree (tmp);
1900
1901 if (rc)
1902 return rc;
1903 }
1904 else
1905 {
1906 rc = convert_root_element (client, n);
1907
1908 if (rc)
1909 return rc;
1910 }
1911 }
1912
1913 if (n->children)
1914 {
1915 rc = convert_elements_recurse (client, doc, n, depth);
1916
1917 if (rc)
1918 return rc;
1919 }
1920 }
1921
1922 return 0;
1923 }
1924
1925 /* Renames ALL elements to the new "element" name. Existing element names are
1926 * stored as an attribute "_name". This was introduced in pwmd 2.12 so
1927 * elements can contain common characters that the XML parser barfs on (an
1928 * email address for example. */
1929 gpg_error_t
1930 convert_pre_212_elements (xmlDocPtr doc)
1931 {
1932 xmlNodePtr n = xmlDocGetRootElement (doc);
1933
1934 log_write (_("Converting pre 2.12 data file..."));
1935 return convert_elements_recurse (NULL, doc, n, 0);
1936 }
1937
1938 gpg_error_t
1939 validate_import (struct client_s *client, xmlNodePtr node)
1940 {
1941 gpg_error_t rc = 0;
1942
1943 if (!node)
1944 return 0;
1945
1946 for (xmlNodePtr n = node; n; n = n->next)
1947 {
1948 if (n->type == XML_ELEMENT_NODE)
1949 {
1950 if (xmlStrEqual (n->name, (xmlChar *) "element"))
1951 {
1952 xmlChar *a = xmlGetProp (n, (xmlChar *) "_name");
1953
1954 if (!a)
1955 {
1956 xmlChar *t = xmlGetNodePath (n);
1957
1958 log_write (_("Missing attribute '_name' at %s."), t);
1959 xmlFree (t);
1960 return GPG_ERR_INV_VALUE;
1961 }
1962
1963 if (!valid_xml_element (a))
1964 {
1965 xmlChar *t = xmlGetNodePath (n);
1966
1967 log_write (_("'%s' is not a valid element name at %s."), a,
1968 t);
1969 xmlFree (a);
1970 xmlFree (t);
1971 return GPG_ERR_INV_VALUE;
1972 }
1973
1974 xmlFree (a);
1975 a = xmlGetProp (n, (xmlChar *) "_ctime");
1976 if (!a)
1977 attr_ctime (client, n);
1978
1979 xmlFree (a);
1980 a = xmlGetProp (n, (xmlChar *) "_mtime");
1981 if (!a)
1982 update_element_mtime (client, n);
1983 xmlFree (a);
1984 }
1985 else
1986 {
1987 xmlChar *t = xmlGetNodePath (n);
1988
1989 log_write (_("Warning: unknown element '%s' at %s. Ignoring."),
1990 n->name, t);
1991 xmlFree (t);
1992 continue;
1993 }
1994 }
1995
1996 if (n->children)
1997 {
1998 rc = validate_import (client, n->children);
1999
2000 if (rc)
2001 return rc;
2002 }
2003 }
2004
2005 return rc;
2006 }
2007
2008 gpg_error_t
2009 update_element_mtime (struct client_s *client, xmlNodePtr n)
2010 {
2011 return add_attribute (client, n, NULL, NULL);
2012 }
2013
2014 gpg_error_t
2015 unlink_node (struct client_s *client, xmlNodePtr n)
2016 {
2017 gpg_error_t rc = 0;
2018
2019 if (!n)
2020 return rc;
2021
2022 if (n->parent)
2023 rc = update_element_mtime (client, n->parent);
2024
2025 xmlUnlinkNode (n);
2026 return rc;
2027 }
2028
2029 gpg_error_t
2030 parse_doc (const char *xml, size_t len, xmlDocPtr *result)
2031 {
2032 xmlDocPtr doc;
2033
2034 xmlResetLastError ();
2035 doc = xmlReadMemory (xml, len, NULL, "UTF-8", XML_PARSE_NOBLANKS);
2036 if (!doc && xmlGetLastError ())
2037 return GPG_ERR_BAD_DATA;
2038
2039 *result = doc;
2040 return !doc ? GPG_ERR_ENOMEM : 0;
2041 }
2042
2043 static xmlNodePtr
2044 realpath_elements_cb (struct client_s *client, xmlNodePtr node, char **target,
2045 gpg_error_t * rc, char **req_orig, void *data)
2046 {
2047 char *path = *(char **) data;
2048 char *tmp = NULL, *result;
2049
2050 if (path)
2051 {
2052 xfree (path);
2053 *(char **) data = NULL;
2054 }
2055
2056 path = strv_join ("\t", target);
2057
2058 if (!path)
2059 {
2060 *rc = GPG_ERR_ENOMEM;
2061 return NULL;
2062 }
2063
2064 if (req_orig)
2065 {
2066 tmp = strv_join ("\t", req_orig);
2067
2068 if (!tmp)
2069 {
2070 xfree (path);
2071 *rc = GPG_ERR_ENOMEM;
2072 return NULL;
2073 }
2074 }
2075
2076 if (tmp && *tmp)
2077 result = str_asprintf ("%s\t%s", path, tmp);
2078 else
2079 result = str_dup (path);
2080
2081 if (!result)
2082 {
2083 *rc = GPG_ERR_ENOMEM;
2084 xfree (path);
2085 xfree (tmp);
2086 return NULL;
2087 }
2088
2089 xfree (path);
2090 xfree (tmp);
2091 *(char **) data = result;
2092 return node;
2093 }
2094
2095 gpg_error_t
2096 build_realpath (struct client_s *client, xmlDocPtr doc, char *line,
2097 struct string_s ** result)
2098 {
2099 gpg_error_t rc;
2100 char **req;
2101 char *t;
2102 int i;
2103 xmlNodePtr n;
2104 struct string_s *string;
2105 char *rp = NULL;
2106
2107 if (strchr (line, '\t') != NULL)
2108 {
2109 if ((req = str_split (line, "\t", 0)) == NULL)
2110 return GPG_ERR_SYNTAX;
2111 }
2112 else
2113 {
2114 if ((req = str_split (line, " ", 0)) == NULL)
2115 return GPG_ERR_SYNTAX;
2116 }
2117
2118 n = find_root_element (client, doc, &req, &rc, NULL, 0, 0);
2119 if (rc)
2120 {
2121 strv_free (req);
2122 return rc;
2123 }
2124
2125 rp = strv_join ("\t", req);
2126 if (!rp)
2127 {
2128 strv_free (req);
2129 return GPG_ERR_ENOMEM;
2130 }
2131
2132 if (req[1])
2133 {
2134 n = find_elements (client, doc, n->children, req + 1, &rc, NULL,
2135 realpath_elements_cb, NULL, 0, 0, &rp, 0);
2136 if (!n)
2137 {
2138 xfree (rp);
2139 strv_free (req);
2140 return rc;
2141 }
2142 }
2143
2144 string = string_new (rp);
2145 xfree (rp);
2146 strv_free (req);
2147 if (!string)
2148 return GPG_ERR_ENOMEM;
2149
2150 again:
2151 for (i = 0, t = string->str + i; *t; t++, i++)
2152 {
2153 if ((!i && *t != '!') || (*t == '\t' && *(t + 1) && *(t + 1) != '!'))
2154 {
2155 struct string_s *s = string_insert_c (string, !i ? i++ : ++i, '!');
2156
2157 if (!s)
2158 {
2159 string_free (string, 1);
2160 return GPG_ERR_ENOMEM;
2161 }
2162
2163 string = s;
2164 goto again;
2165 }
2166 }
2167
2168 *result = string;
2169 return rc;
2170 }
2171
2172 #if 0
2173 static char *
2174 node_to_element_path (xmlNodePtr node)
2175 {
2176 xmlNodePtr n;
2177 struct string_s *str = string_new ("");
2178 char *result;
2179
2180 for (n = node; n; n = n->parent)
2181 {
2182 xmlNodePtr child;
2183
2184 for (child = n; child; child = child->next)
2185 {
2186 if (child->type != XML_ELEMENT_NODE)
2187 continue;
2188
2189 xmlChar *name = node_has_attribute (n, (xmlChar *) "_name");
2190 if (name)
2191 {
2192 str = string_prepend (str, (char *) name);
2193 xmlFree (name);
2194 name = node_has_attribute (n, (xmlChar *) "target");
2195 if (name)
2196 str = string_prepend (str, "\t");
2197 else
2198 str = string_prepend (str, "\t!");
2199 xmlFree (name);
2200 }
2201 break;
2202 }
2203 }
2204
2205 str = string_erase (str, 0, 1);
2206 result = str->str;
2207 string_free (str, 0);
2208 return result;
2209 }
2210 #endif
2211
2212 /*
2213 * Recurse the element tree beginning at 'node' and find elements who point
2214 * back to 'src' or 'dst'. Also follows target attributes.
2215 */
2216 static gpg_error_t
2217 find_child_to_target (struct client_s *client, xmlDocPtr doc, xmlNodePtr node,
2218 xmlNodePtr src, xmlNodePtr dst, unsigned depth,
2219 int is_target)
2220 {
2221 xmlNodePtr n;
2222 gpg_error_t rc = 0;
2223
2224 if (max_recursion_depth >= 1 && depth > max_recursion_depth)
2225 return gpg_error (GPG_ERR_ELOOP);
2226
2227 for (n = node; n; n = n->next)
2228 {
2229 xmlChar *target;
2230
2231 if (n->type != XML_ELEMENT_NODE)
2232 continue;
2233
2234 if (n == src || n == dst)
2235 return GPG_ERR_ELOOP;
2236
2237 target = node_has_attribute (n, (xmlChar *) "target");
2238 if (target)
2239 {
2240 xmlNodePtr tmp;
2241 char **result = NULL;
2242
2243 tmp = resolve_path (client, doc, target, &result, &rc);
2244 xmlFree (target);
2245 strv_free (result);
2246 if (!rc)
2247 {
2248 rc = find_child_to_target (client, doc, tmp, src, dst, ++depth,
2249 1);
2250 depth--;
2251 }
2252
2253 if (rc && gpg_err_code (rc) != GPG_ERR_ELEMENT_NOT_FOUND)
2254 return rc;
2255
2256 if (is_target)
2257 break;
2258
2259 continue;
2260 }
2261
2262 if (n->children)
2263 {
2264 rc = find_child_to_target (client, doc, n->children, src, dst,
2265 ++depth,0);
2266 depth--;
2267 if (rc)
2268 return rc;
2269 }
2270
2271 if (is_target)
2272 break;
2273 }
2274
2275 return rc;
2276 }
2277
2278 static gpg_error_t
2279 find_child_of_parent (xmlDocPtr doc, xmlNodePtr src, xmlNodePtr dst)
2280 {
2281 xmlNodePtr n;
2282 gpg_error_t rc = 0;
2283
2284 for (n = src; n; n = n->next)
2285 {
2286 if (n->type != XML_ELEMENT_NODE)
2287 continue;
2288
2289 if (n == dst)
2290 {
2291 rc = GPG_ERR_ELOOP;
2292 break;
2293 }
2294
2295 rc = find_child_of_parent (doc, n->children, dst);
2296 }
2297
2298 return rc;
2299 }
2300
2301 static gpg_error_t
2302 find_parent_of_child (xmlDocPtr doc, xmlNodePtr node, xmlNodePtr dst)
2303 {
2304 xmlNodePtr n;
2305 gpg_error_t rc = 0;
2306
2307 for (n = node; n; n = n->parent)
2308 {
2309 if (n->type != XML_ELEMENT_NODE)
2310 {
2311 xmlNodePtr tmp;
2312
2313 for (tmp = n->next; tmp; n = n->next)
2314 {
2315 if (n->type != XML_ELEMENT_NODE)
2316 continue;
2317
2318 if (tmp == dst)
2319 return GPG_ERR_ELOOP;
2320 }
2321 }
2322
2323 if (n == dst)
2324 return GPG_ERR_ELOOP;
2325 }
2326
2327 return rc;
2328 }
2329
2330 gpg_error_t
2331 validate_target_attribute (struct client_s *client, xmlDocPtr doc,
2332 const char *src, xmlNodePtr dst_node)
2333 {
2334 gpg_error_t rc;
2335 xmlNodePtr src_node;
2336 char **src_req = NULL;
2337
2338 src_node = resolve_path (client, doc, (xmlChar *) src, &src_req, &rc);
2339 if (rc)
2340 goto fail;
2341
2342 client->flags |= FLAG_ACL_IGNORE;
2343 /* A destination element is a child of the source element. */
2344 rc = find_child_of_parent (doc, src_node->children, dst_node);
2345 if (rc)
2346 goto fail;
2347
2348 /* The destination element is a parent of the source element. */
2349 rc = find_parent_of_child (doc, src_node->parent, dst_node);
2350 if (rc)
2351 goto fail;
2352
2353 /* A destination child element contains a target to the source element. */
2354 if (dst_node)
2355 rc = find_child_to_target (client, doc, dst_node->children, src_node,
2356 dst_node, 0, 0);
2357 if (rc)
2358 goto fail;
2359
2360 fail:
2361 strv_free (src_req);
2362 client->flags &= ~(FLAG_ACL_IGNORE | FLAG_ACL_ERROR);
2363 return rc;
2364 }
2365
2366 /* The owner of the element is the first user listed in the _acl attribute
2367 * list. acl_check() should be called before calling this function. An empty
2368 * ACL is an error if the client is not invoking_user.
2369 */
2370 gpg_error_t
2371 is_element_owner (struct client_s *client, xmlNodePtr n)
2372 {
2373 xmlChar *acl = node_has_attribute (n, (xmlChar *) "_acl");
2374 char **users;
2375 gpg_error_t rc = GPG_ERR_EACCES;
2376
2377 if (!acl || !*acl)
2378 {
2379 xmlFree (acl);
2380 return peer_is_invoker (client);
2381 }
2382
2383 users = str_split((char *)acl, ",", 0);
2384 if (users && *users)
2385 {
2386 char *user;
2387
2388 #ifdef WITH_GNUTLS
2389 if (client->thd->remote)
2390 user = str_asprintf ("#%s", client->thd->tls->fp);
2391 else
2392 user = get_username (client->thd->peer->uid);
2393 #else
2394 user = get_username (client->thd->peer->uid);
2395 #endif
2396
2397 if (*user == '#')
2398 rc = !strcasecmp (*users, user) ? 0 : GPG_ERR_EACCES;
2399 else
2400 rc = !strcmp (*users, user) ? 0 : GPG_ERR_EACCES;
2401
2402 if (rc)
2403 rc = peer_is_invoker (client);
2404
2405 xfree (user);
2406 }
2407
2408 strv_free (users);
2409 return rc;
2410 }
A server for managing passphrases and anything else.