diff options
| author | Sumit Bose <sbose@nb.localdomain> | 2008-11-05 14:53:04 +0100 |
|---|---|---|
| committer | Sumit Bose <sbose@nb.localdomain> | 2008-11-05 14:53:04 +0100 |
| commit | c011cbba76a4454a56b5f97c22b505fff2050513 (patch) | |
| tree | 7a98caaf2507cadfecff6ecf30aeed309e22354e | |
| parent | 7337fc891d0b38e35f9b0db5bf2989b819f7412b (diff) | |
| download | ipa_policy-c011cbba76a4454a56b5f97c22b505fff2050513.tar.gz ipa_policy-c011cbba76a4454a56b5f97c22b505fff2050513.tar.xz ipa_policy-c011cbba76a4454a56b5f97c22b505fff2050513.zip | |
added metadata evaluation to worker.c
| -rw-r--r-- | selinux_booleans/selinux_booleans.rng | 2 | ||||
| -rw-r--r-- | selinux_booleans/selinux_booleans.xsl | 1 | ||||
| -rw-r--r-- | selinux_booleans/selinux_booleans_example_policy.xml | 2 | ||||
| -rw-r--r-- | worker/Makefile | 5 | ||||
| -rw-r--r-- | worker/debug.c | 2 | ||||
| -rw-r--r-- | worker/util.h | 6 | ||||
| -rw-r--r-- | worker/worker.c | 164 |
7 files changed, 134 insertions, 48 deletions
diff --git a/selinux_booleans/selinux_booleans.rng b/selinux_booleans/selinux_booleans.rng index eea4cb3..ba4b4d9 100644 --- a/selinux_booleans/selinux_booleans.rng +++ b/selinux_booleans/selinux_booleans.rng @@ -35,7 +35,7 @@ xmlns:pa="http://freeipa.org/xml/rng/ns/plugable_architecture/1.0"> <a:version>0.1</a:version> <define name="rng_filename"><value>selinux_booleans.rng</value></define> - <define name="xslt_filename"><value>selinux_booleans.xslt</value></define> + <define name="xslt_filename"><value>selinux_booleans.xsl</value></define> <define name="application_name"><value>selinux_booleans</value></define> <include href="policy_metadata.rng"/> diff --git a/selinux_booleans/selinux_booleans.xsl b/selinux_booleans/selinux_booleans.xsl index 3963490..5da169e 100644 --- a/selinux_booleans/selinux_booleans.xsl +++ b/selinux_booleans/selinux_booleans.xsl @@ -27,6 +27,7 @@ MA 02111-1307, USA. <md:output_handler> <exec_with_args command_name="/usr/sbin/setsebool" user="root"/> + <file name="/tmp/dummy"/> </md:output_handler> <xsl:param name="output_selector"/> diff --git a/selinux_booleans/selinux_booleans_example_policy.xml b/selinux_booleans/selinux_booleans_example_policy.xml index 9e79ee0..3eaa0b7 100644 --- a/selinux_booleans/selinux_booleans_example_policy.xml +++ b/selinux_booleans/selinux_booleans_example_policy.xml @@ -5,7 +5,7 @@ <author>sbose@redhat.com</author> <version>0.7071</version> <RNGfile>selinux_booleans.rng</RNGfile> - <XSLTfile>selinux_booleans.xslt</XSLTfile> + <XSLTfile>selinux_booleans.xsl</XSLTfile> <app>selinux_booleans</app> </metadata> diff --git a/worker/Makefile b/worker/Makefile index 36fbde7..c4a2341 100644 --- a/worker/Makefile +++ b/worker/Makefile @@ -1,6 +1,7 @@ CFLAGS=-Wall -Werror `xml2-config --cflags` `xslt-config --cflags` LDFLAGS=`xml2-config --libs` `xslt-config --libs` +INDENTFLAGS=-kr -nut -l80 SRCS = worker.c debug.c OBJS = worker.o debug.o @@ -11,3 +12,7 @@ $(OBJS): util.h worker: worker.o debug.o $(CC) $(LDFLAGS) -o $@ $+ + + +indent: + indent $(INDENTFLAGS) $(SRCS) diff --git a/worker/debug.c b/worker/debug.c index 27a6a5c..6c65342 100644 --- a/worker/debug.c +++ b/worker/debug.c @@ -15,7 +15,7 @@ void debug_fn(const char *format, ...) vasprintf(&s, format, ap); va_end(ap); - /*write(state.fd, s, strlen(s));*/ + /*write(state.fd, s, strlen(s)); */ fprintf(stderr, s); free(s); } diff --git a/worker/util.h b/worker/util.h index 503702a..618f68a 100644 --- a/worker/util.h +++ b/worker/util.h @@ -9,15 +9,15 @@ void debug_fn(const char *format, ...); debug_fn("DEBUG-%d (%s,%d): %s: ", level, __FILE__, __LINE__ , __FUNCTION__); \ debug_fn body; \ } \ -} while(0); +} while(0) #define CHECK_NULL_FATAL(pointer, message) do { \ if (pointer == NULL) { \ - DEBUG(0, message) \ + DEBUG(0, message); \ exit(1); \ } \ -} while(0); +} while(0) #endif /* __WORKER_UTIL_H__ */ diff --git a/worker/worker.c b/worker/worker.c index d7b24b5..602b339 100644 --- a/worker/worker.c +++ b/worker/worker.c @@ -28,8 +28,85 @@ */ xmlChar *default_namespace_prefix = (xmlChar *) "def"; -char *find_value_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, - xmlChar * prefix, xmlChar * namespace) +#define XSLT_METADATA_NAMESPACE (xmlChar *) "http://freeipa.org/xsl/metadata/1.0" +#define XSLT_METADATA_NAMESPACE_PREFIX (xmlChar *) "md" +#define XPATH_OUTPUT_HANDLER (xmlChar *) "//md:output_handler/*" + +int output_handler_file(xmlNode *node) { + DEBUG(3,("Found file name '%s'.\n",xmlGetProp(node, (xmlChar *) "name"))); + return(0); +} + +int output_handler_exec_with_args(xmlNode *node) { + return(0); +} + +int print_all_attributes(xmlNode *node) { + xmlAttr *cur; + + cur=node->properties; + while(cur!=NULL) { + DEBUG(3, ("found attribute '%s' with value '%s'.\n", cur->name, XML_GET_CONTENT(cur->children))); + cur=cur->next; + } + return(0); +} + +int find_output_handler(xmlDocPtr doc) { + int i; + xmlXPathContextPtr xpath_context; + xmlXPathObjectPtr xpath_obj; + + xpath_context = xmlXPathNewContext(doc); + CHECK_NULL_FATAL(xpath_context, ("Error: unable to create new XPath context\n")); + + if (xmlXPathRegisterNs(xpath_context, XSLT_METADATA_NAMESPACE_PREFIX, XSLT_METADATA_NAMESPACE) != 0) { + DEBUG(0, + ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", + XSLT_METADATA_NAMESPACE_PREFIX, XSLT_METADATA_NAMESPACE)); + xmlXPathFreeContext(xpath_context); + return (0); + } + + xpath_obj = xmlXPathEvalExpression(XPATH_OUTPUT_HANDLER, xpath_context); + if (xpath_obj == NULL) { + DEBUG(0, + ("Error: unable to evaluate xpath expression \"%s\"\n", + XPATH_OUTPUT_HANDLER)); + xmlXPathFreeContext(xpath_context); + return (0); + } + + if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { + DEBUG(0, ("Nothing found for %s\n", XPATH_OUTPUT_HANDLER)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return (0); + } + + for (i=0; i<xmlXPathNodeSetGetLength(xpath_obj->nodesetval); i++) { + DEBUG(3, ("found output_handler: %s\n",(char *) xpath_obj->nodesetval->nodeTab[i]->name)); + print_all_attributes(xpath_obj->nodesetval->nodeTab[i]); + if ( xmlStrEqual(xpath_obj->nodesetval->nodeTab[i]->name, (xmlChar *) "file" )) { + output_handler_file(xpath_obj->nodesetval->nodeTab[i]); + } else if ( xmlStrEqual(xpath_obj->nodesetval->nodeTab[i]->name, (xmlChar *) "exec_with_args" )) { + output_handler_exec_with_args(xpath_obj->nodesetval->nodeTab[i]); + } else { + DEBUG(0, ("Unknow outout handler '%s'.\n", xpath_obj->nodesetval->nodeTab[i]->name)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return (-1); + } + } + + + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return 0; +} + +char *find_value_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, xmlChar * prefix, + xmlChar * namespace) { xmlXPathContextPtr xpath_context; @@ -38,14 +115,13 @@ char *find_value_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, /* Create xpath evaluation context */ xpath_context = xmlXPathNewContext(doc); - CHECK_NULL_FATAL(xpath_context, ("Error: unable to create new XPath context\n")) - - + CHECK_NULL_FATAL(xpath_context, + ("Error: unable to create new XPath context\n")); /* Register a namespace */ if (xmlXPathRegisterNs(xpath_context, prefix, namespace) != 0) { DEBUG(0, - ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", - "my", namespace)); + ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", + prefix , namespace)); xmlXPathFreeContext(xpath_context); return (NULL); } @@ -53,8 +129,8 @@ char *find_value_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, xpath_obj = xmlXPathEvalExpression(xpath_expr, xpath_context); if (xpath_obj == NULL) { DEBUG(0, - ("Error: unable to evaluate xpath expression \"%s\"\n", - xpath_expr)); + ("Error: unable to evaluate xpath expression \"%s\"\n", + xpath_expr)); xmlXPathFreeContext(xpath_context); return (NULL); } @@ -72,8 +148,8 @@ char *find_value_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, } else { result = (char *) xmlNodeListGetString(doc, - xpath_obj->nodesetval-> - nodeTab[0]->xmlChildrenNode, 1); + xpath_obj->nodesetval->nodeTab[0]-> + xmlChildrenNode, 1); } @@ -104,27 +180,28 @@ int main(int argc, char **argv) if (argc != 2) { DEBUG(0, - ("missing or to many arguments, I expect a single filename!\n")); + ("missing or to many arguments, I expect a single filename!\n")); exit(1); } doc = xmlParseFile(argv[1]); - CHECK_NULL_FATAL(doc, ("Cannot parse document %s!\n", argv[1])) + CHECK_NULL_FATAL(doc, ("Cannot parse document %s!\n", argv[1])); /* find the default namespace */ root_node = xmlDocGetRootElement(doc); - CHECK_NULL_FATAL(root_node, ("Cannot find root node of document %s!\n", argv[1])) - + CHECK_NULL_FATAL(root_node, + ("Cannot find root node of document %s!\n", argv[1])); if (xmlStrncasecmp(root_node->name, (xmlChar *) "IPA", XMLCHARLEN) != 0) { DEBUG(0, - ("Name of root node of document %s has to be 'ipa'!\n", - argv[1])); + ("Name of root node of document %s has to be 'ipa'!\n", argv[1])); exit(1); } - CHECK_NULL_FATAL(root_node->ns->href, ("Root node of document %s must define a namespace!\n", argv[1])) - + CHECK_NULL_FATAL(root_node->ns->href, + ("Root node of document %s must define a namespace!\n", + argv[1])); default_namespace = xmlStrndup(root_node->ns->href, XMLCHARLEN); - CHECK_NULL_FATAL(default_namespace, ("Cannot copy namespace!\n")) + CHECK_NULL_FATAL(default_namespace, ("Cannot copy namespace!\n")); + DEBUG(3, ("Default namespace of %s is %s\n", argv[1], default_namespace)); /* extract XSTLfile and RNGfile from document using XPath */ xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:XSLTfile", @@ -132,7 +209,7 @@ int main(int argc, char **argv) xslt_file_name = find_value_by_xpath(doc, xpath_expr, default_namespace_prefix, default_namespace); - CHECK_NULL_FATAL(rng_file_name, ("Name of XSLT file not found.\n")) + CHECK_NULL_FATAL(xslt_file_name, ("Name of XSLT file not found.\n")); DEBUG(3, ("Found name of XSLT file: %s\n", xslt_file_name)); xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:RNGfile", @@ -140,7 +217,8 @@ int main(int argc, char **argv) rng_file_name = find_value_by_xpath(doc, xpath_expr, default_namespace_prefix, default_namespace); - CHECK_NULL_FATAL(rng_file_name, ("Name of RELANX NG schema file not found.\n")) + CHECK_NULL_FATAL(rng_file_name, + ("Name of RELANX NG schema file not found.\n")); DEBUG(3, ("Found name of RELAX NG schema file: %s\n", rng_file_name)); @@ -149,12 +227,12 @@ int main(int argc, char **argv) rng_context = xmlRelaxNGNewValidCtxt(xmlRelaxNGParse (xmlRelaxNGNewParserCtxt(rng_file_name))); - CHECK_NULL_FATAL(rng_context, ("Failed to create RNG context\n")) - + CHECK_NULL_FATAL(rng_context, ("Failed to create RNG context\n")); if (xmlRelaxNGValidateDoc(rng_context, doc) == 0) { DEBUG(0, ("The document is valid.\n")); } else { DEBUG(0, ("Error during validation.\n")); + exit(1); } xmlRelaxNGFreeValidCtxt(rng_context); @@ -163,36 +241,38 @@ int main(int argc, char **argv) /* read the xslt file */ xslt_doc = xmlParseFile(xslt_file_name); - CHECK_NULL_FATAL(xslt_doc, ("Cannot parse file %s!\n", xslt_file_name)) + CHECK_NULL_FATAL(xslt_doc, ("Cannot parse file %s!\n", xslt_file_name)); + find_output_handler(xslt_doc); output_file_name = - find_value_by_xpath(xslt_doc, (xmlChar *) "//md:output_handler/md:file/@md:name", - (xmlChar *) "md", (xmlChar *) - "http://freeipa.org/xsl/metadata/1.0"); + find_value_by_xpath(xslt_doc, + (xmlChar *) "//md:output_handler/md:file/@md:name", + (xmlChar *) "md", + (xmlChar *) "http://freeipa.org/xsl/metadata/1.0"); output_file_owner = - find_value_by_xpath(xslt_doc, (xmlChar *) "//md:output_handler/md:file/@md:owner", - (xmlChar *) "md", (xmlChar *) - "http://freeipa.org/xsl/metadata/1.0"); + find_value_by_xpath(xslt_doc, + (xmlChar *) "//md:output_handler/md:file/@md:owner", + (xmlChar *) "md", + (xmlChar *) "http://freeipa.org/xsl/metadata/1.0"); output_file_group = - find_value_by_xpath(xslt_doc, (xmlChar *) "//md:output_handler/md:file/@md:group", - (xmlChar *) "md", (xmlChar *) - "http://freeipa.org/xsl/metadata/1.0"); - output_file_permission = find_value_by_xpath(xslt_doc, - (xmlChar *) "//md:output_handler/md:file/@md:permission", - (xmlChar *) "md", (xmlChar *) - "http://freeipa.org/xsl/metadata/1.0"); + (xmlChar *) "//md:output_handler/md:file/@md:group", + (xmlChar *) "md", + (xmlChar *) "http://freeipa.org/xsl/metadata/1.0"); + output_file_permission = find_value_by_xpath(xslt_doc, (xmlChar *) + "//md:output_handler/md:file/@md:permission", + (xmlChar *) "md", (xmlChar *) + "http://freeipa.org/xsl/metadata/1.0"); DEBUG(0, ("-%s-\n", output_file_name)); DEBUG(0, ("-%s-\n", output_file_owner)); DEBUG(0, ("-%s-\n", output_file_group)); DEBUG(0, ("-%s-\n", output_file_permission)); cur = xsltParseStylesheetDoc(xslt_doc); - CHECK_NULL_FATAL(cur, ("Cannot parse stylesheet %s!\n", xslt_file_name)) - + CHECK_NULL_FATAL(cur, ("Cannot parse stylesheet %s!\n", xslt_file_name)); res = xsltApplyStylesheet(cur, doc, NULL); - CHECK_NULL_FATAL(xslt_doc, ("Cannot apply stylesheet %s!\n", xslt_file_name)) - + CHECK_NULL_FATAL(xslt_doc, + ("Cannot apply stylesheet %s!\n", xslt_file_name)); ret = xsltSaveResultToFile(stdout, res, cur); if (ret == -1) { DEBUG(0, ("Cannot save result!\n")); |