search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
xslt: Import upstream release 1.1.38.
[wine.git] / libs / xslt / libxslt / security.c
blob1f7187c7f944087481c8e255a3c8ac3c8de98b72
1 /*
2 * security.c: Implementation of the XSLT security framework
3 *
4 * See Copyright for the status of this software.
5 *
6 * daniel@veillard.com
7 */
8
9 #define IN_LIBXSLT
10 #include "libxslt.h"
11
12 #include <string.h>
13
14 #ifdef HAVE_SYS_TYPES_H
15 #include <sys/types.h>
16 #endif
17 #ifdef HAVE_SYS_STAT_H
18 #include <sys/stat.h>
19 #endif
20
21 #if defined(_WIN32)
22 #include <windows.h>
23 #ifndef INVALID_FILE_ATTRIBUTES
24 #define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
25 #endif
26 #endif
27
28 #ifndef HAVE_STAT
29 # ifdef HAVE__STAT
30 /* MS C library seems to define stat and _stat. The definition
31 * is identical. Still, mapping them to each other causes a warning. */
32 # ifndef _MSC_VER
33 # define stat(x,y) _stat(x,y)
34 # endif
35 # define HAVE_STAT
36 # endif
37 #endif
38
39 #include <libxml/xmlmemory.h>
40 #include <libxml/tree.h>
41 #include <libxml/uri.h>
42 #include "xslt.h"
43 #include "xsltInternals.h"
44 #include "xsltutils.h"
45 #include "extensions.h"
46 #include "security.h"
47
48
49 struct _xsltSecurityPrefs {
50 xsltSecurityCheck readFile;
51 xsltSecurityCheck createFile;
52 xsltSecurityCheck createDir;
53 xsltSecurityCheck readNet;
54 xsltSecurityCheck writeNet;
55 };
56
57 static xsltSecurityPrefsPtr xsltDefaultSecurityPrefs = NULL;
58
59 /************************************************************************
60 * *
61 * Module interfaces *
62 * *
63 ************************************************************************/
64
65 /**
66 * xsltNewSecurityPrefs:
67 *
68 * Create a new security preference block
69 *
70 * Returns a pointer to the new block or NULL in case of error
71 */
72 xsltSecurityPrefsPtr
73 xsltNewSecurityPrefs(void) {
74 xsltSecurityPrefsPtr ret;
75
76 xsltInitGlobals();
77
78 ret = (xsltSecurityPrefsPtr) xmlMalloc(sizeof(xsltSecurityPrefs));
79 if (ret == NULL) {
80 xsltTransformError(NULL, NULL, NULL,
81 "xsltNewSecurityPrefs : malloc failed\n");
82 return(NULL);
83 }
84 memset(ret, 0, sizeof(xsltSecurityPrefs));
85 return(ret);
86 }
87
88 /**
89 * xsltFreeSecurityPrefs:
90 * @sec: the security block to free
91 *
92 * Free up a security preference block
93 */
94 void
95 xsltFreeSecurityPrefs(xsltSecurityPrefsPtr sec) {
96 if (sec == NULL)
97 return;
98 xmlFree(sec);
99 }
100
101 /**
102 * xsltSetSecurityPrefs:
103 * @sec: the security block to update
104 * @option: the option to update
105 * @func: the user callback to use for this option
106 *
107 * Update the security option to use the new callback checking function
108 *
109 * Returns -1 in case of error, 0 otherwise
110 */
111 int
112 xsltSetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option,
113 xsltSecurityCheck func) {
114 xsltInitGlobals();
115 if (sec == NULL)
116 return(-1);
117 switch (option) {
118 case XSLT_SECPREF_READ_FILE:
119 sec->readFile = func; return(0);
120 case XSLT_SECPREF_WRITE_FILE:
121 sec->createFile = func; return(0);
122 case XSLT_SECPREF_CREATE_DIRECTORY:
123 sec->createDir = func; return(0);
124 case XSLT_SECPREF_READ_NETWORK:
125 sec->readNet = func; return(0);
126 case XSLT_SECPREF_WRITE_NETWORK:
127 sec->writeNet = func; return(0);
128 }
129 return(-1);
130 }
131
132 /**
133 * xsltGetSecurityPrefs:
134 * @sec: the security block to update
135 * @option: the option to lookup
136 *
137 * Lookup the security option to get the callback checking function
138 *
139 * Returns NULL if not found, the function otherwise
140 */
141 xsltSecurityCheck
142 xsltGetSecurityPrefs(xsltSecurityPrefsPtr sec, xsltSecurityOption option) {
143 if (sec == NULL)
144 return(NULL);
145 switch (option) {
146 case XSLT_SECPREF_READ_FILE:
147 return(sec->readFile);
148 case XSLT_SECPREF_WRITE_FILE:
149 return(sec->createFile);
150 case XSLT_SECPREF_CREATE_DIRECTORY:
151 return(sec->createDir);
152 case XSLT_SECPREF_READ_NETWORK:
153 return(sec->readNet);
154 case XSLT_SECPREF_WRITE_NETWORK:
155 return(sec->writeNet);
156 }
157 return(NULL);
158 }
159
160 /**
161 * xsltSetDefaultSecurityPrefs:
162 * @sec: the security block to use
163 *
164 * Set the default security preference application-wide
165 */
166 void
167 xsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec) {
168
169 xsltDefaultSecurityPrefs = sec;
170 }
171
172 /**
173 * xsltGetDefaultSecurityPrefs:
174 *
175 * Get the default security preference application-wide
176 *
177 * Returns the current xsltSecurityPrefsPtr in use or NULL if none
178 */
179 xsltSecurityPrefsPtr
180 xsltGetDefaultSecurityPrefs(void) {
181 return(xsltDefaultSecurityPrefs);
182 }
183
184 /**
185 * xsltSetCtxtSecurityPrefs:
186 * @sec: the security block to use
187 * @ctxt: an XSLT transformation context
188 *
189 * Set the security preference for a specific transformation
190 *
191 * Returns -1 in case of error, 0 otherwise
192 */
193 int
194 xsltSetCtxtSecurityPrefs(xsltSecurityPrefsPtr sec,
195 xsltTransformContextPtr ctxt) {
196 if (ctxt == NULL)
197 return(-1);
198 ctxt->sec = (void *) sec;
199 return(0);
200 }
201
202
203 /**
204 * xsltSecurityAllow:
205 * @sec: the security block to use
206 * @ctxt: an XSLT transformation context
207 * @value: unused
208 *
209 * Function used to always allow an operation
210 *
211 * Returns 1 always
212 */
213 int
214 xsltSecurityAllow(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED,
215 xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED,
216 const char *value ATTRIBUTE_UNUSED) {
217 return(1);
218 }
219
220 /**
221 * xsltSecurityForbid:
222 * @sec: the security block to use
223 * @ctxt: an XSLT transformation context
224 * @value: unused
225 *
226 * Function used to always forbid an operation
227 *
228 * Returns 0 always
229 */
230 int
231 xsltSecurityForbid(xsltSecurityPrefsPtr sec ATTRIBUTE_UNUSED,
232 xsltTransformContextPtr ctxt ATTRIBUTE_UNUSED,
233 const char *value ATTRIBUTE_UNUSED) {
234 return(0);
235 }
236
237 /************************************************************************
238 * *
239 * Internal interfaces *
240 * *
241 ************************************************************************/
242
243 /**
244 * xsltCheckFilename
245 * @path: the path to check
246 *
247 * function checks to see if @path is a valid source
248 * (file, socket...) for XML.
249 *
250 * TODO: remove at some point !!!
251 * Local copy of xmlCheckFilename to avoid a hard dependency on
252 * a new version of libxml2
253 *
254 * if stat is not available on the target machine,
255 * returns 1. if stat fails, returns 0 (if calling
256 * stat on the filename fails, it can't be right).
257 * if stat succeeds and the file is a directory,
258 * returns 2. otherwise returns 1.
259 */
260
261 static int
262 xsltCheckFilename (const char *path)
263 {
264 #ifdef HAVE_STAT
265 struct stat stat_buffer;
266 #if defined(_WIN32)
267 DWORD dwAttrs;
268
269 dwAttrs = GetFileAttributesA(path);
270 if (dwAttrs != INVALID_FILE_ATTRIBUTES) {
271 if (dwAttrs & FILE_ATTRIBUTE_DIRECTORY) {
272 return 2;
273 }
274 }
275 #endif
276
277 if (stat(path, &stat_buffer) == -1)
278 return 0;
279
280 #ifdef S_ISDIR
281 if (S_ISDIR(stat_buffer.st_mode)) {
282 return 2;
283 }
284 #endif
285 #endif
286 return 1;
287 }
288
289 static int
290 xsltCheckWritePath(xsltSecurityPrefsPtr sec,
291 xsltTransformContextPtr ctxt,
292 const char *path)
293 {
294 int ret;
295 xsltSecurityCheck check;
296 char *directory;
297
298 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_FILE);
299 if (check != NULL) {
300 ret = check(sec, ctxt, path);
301 if (ret == 0) {
302 xsltTransformError(ctxt, NULL, NULL,
303 "File write for %s refused\n", path);
304 return(0);
305 }
306 }
307
308 directory = xmlParserGetDirectory (path);
309
310 if (directory != NULL) {
311 ret = xsltCheckFilename(directory);
312 if (ret == 0) {
313 /*
314 * The directory doesn't exist check for creation
315 */
316 check = xsltGetSecurityPrefs(sec,
317 XSLT_SECPREF_CREATE_DIRECTORY);
318 if (check != NULL) {
319 ret = check(sec, ctxt, directory);
320 if (ret == 0) {
321 xsltTransformError(ctxt, NULL, NULL,
322 "Directory creation for %s refused\n",
323 path);
324 xmlFree(directory);
325 return(0);
326 }
327 }
328 ret = xsltCheckWritePath(sec, ctxt, directory);
329 if (ret == 1)
330 ret = mkdir(directory, 0755);
331 }
332 xmlFree(directory);
333 if (ret < 0)
334 return(ret);
335 }
336
337 return(1);
338 }
339
340 /**
341 * xsltCheckWrite:
342 * @sec: the security options
343 * @ctxt: an XSLT transformation context
344 * @URL: the resource to be written
345 *
346 * Check if the resource is allowed to be written, if necessary makes
347 * some preliminary work like creating directories
348 *
349 * Return 1 if write is allowed, 0 if not and -1 in case or error.
350 */
351 int
352 xsltCheckWrite(xsltSecurityPrefsPtr sec,
353 xsltTransformContextPtr ctxt, const xmlChar *URL) {
354 int ret;
355 xmlURIPtr uri;
356 xsltSecurityCheck check;
357
358 uri = xmlParseURI((const char *)URL);
359 if (uri == NULL) {
360 uri = xmlCreateURI();
361 if (uri == NULL) {
362 xsltTransformError(ctxt, NULL, NULL,
363 "xsltCheckWrite: out of memory for %s\n", URL);
364 return(-1);
365 }
366 uri->path = (char *)xmlStrdup(URL);
367 }
368 if ((uri->scheme == NULL) ||
369 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
370
371 #if defined(_WIN32)
372 if ((uri->path)&&(uri->path[0]=='/')&&
373 (uri->path[1]!='\0')&&(uri->path[2]==':'))
374 ret = xsltCheckWritePath(sec, ctxt, uri->path+1);
375 else
376 #endif
377 {
378 /*
379 * Check if we are allowed to write this file
380 */
381 ret = xsltCheckWritePath(sec, ctxt, uri->path);
382 }
383
384 if (ret <= 0) {
385 xmlFreeURI(uri);
386 return(ret);
387 }
388 } else {
389 /*
390 * Check if we are allowed to write this network resource
391 */
392 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_WRITE_NETWORK);
393 if (check != NULL) {
394 ret = check(sec, ctxt, (const char *)URL);
395 if (ret == 0) {
396 xsltTransformError(ctxt, NULL, NULL,
397 "File write for %s refused\n", URL);
398 xmlFreeURI(uri);
399 return(0);
400 }
401 }
402 }
403 xmlFreeURI(uri);
404 return(1);
405 }
406
407
408 /**
409 * xsltCheckRead:
410 * @sec: the security options
411 * @ctxt: an XSLT transformation context
412 * @URL: the resource to be read
413 *
414 * Check if the resource is allowed to be read
415 *
416 * Return 1 if read is allowed, 0 if not and -1 in case or error.
417 */
418 int
419 xsltCheckRead(xsltSecurityPrefsPtr sec,
420 xsltTransformContextPtr ctxt, const xmlChar *URL) {
421 int ret;
422 xmlURIPtr uri;
423 xsltSecurityCheck check;
424
425 uri = xmlParseURI((const char *)URL);
426 if (uri == NULL) {
427 xsltTransformError(ctxt, NULL, NULL,
428 "xsltCheckRead: URL parsing failed for %s\n",
429 URL);
430 return(-1);
431 }
432 if ((uri->scheme == NULL) ||
433 (xmlStrEqual(BAD_CAST uri->scheme, BAD_CAST "file"))) {
434
435 /*
436 * Check if we are allowed to read this file
437 */
438 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_FILE);
439 if (check != NULL) {
440 ret = check(sec, ctxt, uri->path);
441 if (ret == 0) {
442 xsltTransformError(ctxt, NULL, NULL,
443 "Local file read for %s refused\n", URL);
444 xmlFreeURI(uri);
445 return(0);
446 }
447 }
448 } else {
449 /*
450 * Check if we are allowed to write this network resource
451 */
452 check = xsltGetSecurityPrefs(sec, XSLT_SECPREF_READ_NETWORK);
453 if (check != NULL) {
454 ret = check(sec, ctxt, (const char *)URL);
455 if (ret == 0) {
456 xsltTransformError(ctxt, NULL, NULL,
457 "Network file read for %s refused\n", URL);
458 xmlFreeURI(uri);
459 return(0);
460 }
461 }
462 }
463 xmlFreeURI(uri);
464 return(1);
465 }
466
Windows API implementation