diff options
| author | Sumit Bose <sbose@nb.localdomain> | 2008-11-17 12:59:32 +0100 |
|---|---|---|
| committer | Sumit Bose <sbose@nb.localdomain> | 2008-11-17 12:59:32 +0100 |
| commit | d3cec427f2227846a38d9c471842fe39eb356481 (patch) | |
| tree | 6852826102d703873585c880b10082d1267cf1bf | |
| parent | 8972c51811e39f35bbce70fdd07bb7dbd3e51bf9 (diff) | |
| download | ipa_policy-d3cec427f2227846a38d9c471842fe39eb356481.tar.gz ipa_policy-d3cec427f2227846a38d9c471842fe39eb356481.tar.xz ipa_policy-d3cec427f2227846a38d9c471842fe39eb356481.zip | |
cleanup main
| -rw-r--r-- | worker/Doxyfile | 1417 | ||||
| -rw-r--r-- | worker/Makefile | 8 | ||||
| -rw-r--r-- | worker/helpers.c | 182 | ||||
| -rw-r--r-- | worker/helpers.h | 3 | ||||
| -rw-r--r-- | worker/ipaaction.c | 272 | ||||
| -rw-r--r-- | worker/ipaaction.h | 4 | ||||
| -rw-r--r-- | worker/output_handler.c | 261 | ||||
| -rw-r--r-- | worker/output_handler.h | 4 | ||||
| -rw-r--r-- | worker/worker.c | 909 | ||||
| -rw-r--r-- | worker/xml_helper.c | 220 | ||||
| -rw-r--r-- | worker/xml_helper.h | 21 |
11 files changed, 2421 insertions, 880 deletions
diff --git a/worker/Doxyfile b/worker/Doxyfile new file mode 100644 index 0000000..61fef29 --- /dev/null +++ b/worker/Doxyfile @@ -0,0 +1,1417 @@ +# Doxyfile 1.5.6 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# http://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = worker + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = 0.1 + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = doc + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = NO + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command <command> <input-file>, where <command> is the value of +# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = YES + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = NO + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command <filter> <input-file>, where <filter> +# is the value of the INPUT_FILTER tag, and <input-file> is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = NO + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 4 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to FRAME, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values +# for this tag are: HIERARCHIES, which will generate the Groups, Directories, +# and Class Hiererachy pages using a tree view instead of an ordered list; +# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which +# disables this behavior completely. For backwards compatibility with previous +# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE +# respectively. + +GENERATE_TREEVIEW = NONE + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = YES + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# become hard to read). + +DOT_TRANSPARENT = YES + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/worker/Makefile b/worker/Makefile index f1d6808..53fa9f7 100644 --- a/worker/Makefile +++ b/worker/Makefile @@ -3,14 +3,14 @@ CFLAGS=-Wall -Werror `xml2-config --cflags` `xslt-config --cflags` `curl-config LDFLAGS=`xml2-config --libs` `xslt-config --libs` `curl-config --libs` -g INDENTFLAGS=-kr -nut -l80 -SRCS = worker.c debug.c -OBJS = worker.o debug.o +SRCS = worker.c debug.c helpers.c ipaaction.c xml_helper.c output_handler.c +OBJS = worker.o debug.o helpers.o ipaaction.o xml_helper.o output_handler.o all: worker -$(OBJS): util.h +$(OBJS): util.h helpers.h ipaaction.h output_handler.h xml_helper.h -worker: worker.o debug.o +worker: $(OBJS) $(CC) $(LDFLAGS) -o $@ $+ diff --git a/worker/helpers.c b/worker/helpers.c new file mode 100644 index 0000000..e4b503d --- /dev/null +++ b/worker/helpers.c @@ -0,0 +1,182 @@ +#define _GNU_SOURCE + +#include <stdlib.h> +#include <unistd.h> +#include <pwd.h> +#include <grp.h> +#include <string.h> +#include <sys/stat.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/wait.h> + + +#include <selinux/selinux.h> + +#include "util.h" + +/** + * \brief Open a temporary file in a safe way + * + * Use this function to create a temporary file in a safe way with the help of + * mkstemp and set file properties. + * + * \param name name of the temporary file in the format mkstemp expects, i.e. + * ending with XXXXXX; mkstemp will modify name to contain the name of the + * temporary file + * \param permission string wit hthe octal repesentation of the file access + * permissions + * \param user name of the file owner + * \param group name of the owning group + * \param selinux_context_string string containing the SELinux file context + * + * \return file descriptor or -1 in case of an error + * + */ +int open_temporary_file(char *name, const char *permission, const char *user, const char *group, const char *selinux_context_string) { + int fd; + int ret; + struct passwd *pwd_info; + struct group *grp_info; + + pwd_info=getpwnam(user); + CHECK(pwd_info, NULL, ("Cannot find user %s.\n", user), return -1); + grp_info=getgrnam(group); + CHECK(grp_info, NULL, ("Cannot find group %s.\n", group), return -1); + + + fd=mkstemp(name); + if (fd==-1) { + DEBUG(0,("mkstemp failed with template %s: %s\n",name, strerror(errno))); + return -1; + } + + ret=fchmod(fd, (mode_t) strtol(permission, NULL, 8)); + CHECK(ret, -1, ("Cannot chmod temporary file to %s: %s\n", permission, strerror(errno)), return -1); + + ret=fchown(fd, pwd_info->pw_uid, grp_info->gr_gid); + CHECK(ret, -1, ("Cannot chown temporary file to %s:%s: %s\n", user, group, strerror(errno)), return -1); + + if (selinux_context_string != NULL ) { + + ret=fsetfilecon(fd, (security_context_t ) selinux_context_string); + CHECK(ret, -1, ("fsetfilecon failed: %s\n",strerror(errno)), return -1); + + } + + return fd; +} + + +/** + * \brief run an external command + * + * This is a helper function to run an external command in a different user + * context. + * + * \param command command to run + * \param user name of the user to run the command + * \param group name of the group to run the command + * \param arguments space separated list of arguments, may be NULL + * \param extra_args another space separated list of arguments, useful if you + * have some static and some generated/extracted arguments, may be NULL + * + * \return return code of the external command or -1 in an error occurred + * + */ +int exec_command(const char *command, const char *user, const char *group, char *arguments, char *extra_args) { + char *argv[10]; /* FIXME */ + int c=0; + int i; + char *cur; + char *next_arg; + pid_t pid; + int ret; + int status; + int stdout_pipe[2]; + int stderr_pipe[2]; + char buffer[255]; + struct passwd *pwd_info; + struct group *grp_info; + + pwd_info=getpwnam(user); + CHECK(pwd_info, NULL, ("Cannot find user %s.\n", user), return -1); + grp_info=getgrnam(group); + CHECK(grp_info, NULL, ("Cannot find group %s.\n", group), return -1); + + argv[c++]=strdup(command); + if (arguments!=NULL) { + cur=arguments; + while( (next_arg=strchr(cur, ' '))!=NULL) { + argv[c++]=strndup(cur, next_arg-cur); + cur=next_arg+1; + } + argv[c++]=strdup(cur); + } + if (extra_args!=NULL) { + cur=extra_args; + while( (next_arg=strchr(cur, ' '))!=NULL) { + argv[c++]=strndup(cur, next_arg-cur); + cur=next_arg+1; + } + argv[c++]=strdup(cur); + } + argv[c++]=NULL; + + for(i=0;i<c;i++){ + DEBUG(3,("argument array element %d: |%s|\n",i, argv[i])); + } + + ret=pipe(stdout_pipe); + CHECK(ret, -1, ("pipe failed: %s\n",strerror(errno)), return -1); + ret=pipe(stderr_pipe); + CHECK(ret, -1, ("pipe failed: %s\n",strerror(errno)), return -1); + + pid=fork(); + CHECK(pid, -1, ("fork failed: %s",strerror(errno)), return -1); + if (!pid) { /* FIXME: missing error checking */ + + close(stdout_pipe[0]); + close(stderr_pipe[0]); + + ret=dup2(stdout_pipe[1], STDOUT_FILENO); + CHECK(ret, -1, ("dup2 failed: %s\n",strerror(errno)), exit(1)); + ret=dup2(stderr_pipe[1], STDERR_FILENO); + CHECK(ret, -1, ("dup2 failed: %s\n",strerror(errno)), exit(1)); + close(STDIN_FILENO); + + ret=chdir("/"); + CHECK(ret, -1, ("chdir to / failed: %s\n",strerror(errno)), exit(1)); + ret=setgid(grp_info->gr_gid); + CHECK(ret, -1, ("setgid failed: %s\n",strerror(errno)), exit(1)); + ret=setuid(pwd_info->pw_uid); + CHECK(ret, -1, ("setuid failed: %s\n",strerror(errno)), exit(1)); + + execv(command, argv); + } + + close(stdout_pipe[1]); + close(stderr_pipe[1]); + + *buffer='\0'; + ret=read(stdout_pipe[0], &buffer, 255); + buffer[ret]='\0'; + DEBUG(3,("stdout from child: >>%s<<\n",buffer)); + *buffer='\0'; + ret=read(stderr_pipe[0], &buffer, 255); + buffer[ret]='\0'; + DEBUG(3,("stderr from child: >>%s<<\n",buffer)); + + ret = waitpid(pid, & status, 0); + if (WIFEXITED(status)) { + DEBUG(3,("Child terminated normally with exit status %d\n",WEXITSTATUS(status))); + } else { + DEBUG(1,("Child terminated not normally.\n")); + } + + + for(i=0;i<c;i++){ + free(argv[i]); + } + return WEXITSTATUS(status); +} diff --git a/worker/helpers.h b/worker/helpers.h new file mode 100644 index 0000000..3e761c0 --- /dev/null +++ b/worker/helpers.h @@ -0,0 +1,3 @@ +int open_temporary_file(char *name, const char *permission, const char *user, const char *group, const char *selinux_context_string); + +int exec_command(const char *command, const char *user, const char *group, char *arguments, char *extra_args); diff --git a/worker/ipaaction.c b/worker/ipaaction.c new file mode 100644 index 0000000..b7ef871 --- /dev/null +++ b/worker/ipaaction.c @@ -0,0 +1,272 @@ +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <errno.h> + + +#include <libxml/tree.h> +#include <libxml/parser.h> +#include <libxml/xpath.h> +#include <libxml/xpathInternals.h> +#include <libxml/relaxng.h> + +#include <libxslt/xslt.h> +#include <libxslt/xsltInternals.h> +#include <libxslt/transform.h> +#include <libxslt/xsltutils.h> + +#include <curl/curl.h> + +#include "util.h" +#include "helpers.h" +#include "xml_helper.h" + + +int check_ipaaction_condition(const xmlDocPtr doc, const xmlChar *default_namespace) { + int ret; + char *condition; + char *user; + char *group; + char *arguments; + + condition = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:condition/def:command", + default_namespace_prefix, default_namespace); + if ( condition==NULL ) { + DEBUG(3, ("No condition found for current ipaaction.\n")); + return 0; + } + DEBUG(3, ("Found condition for current ipaaction: |%s|\n", condition)); + + user = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:condition/def:user", + default_namespace_prefix, default_namespace); + if (user==NULL) { + DEBUG(3, ("User for condition not found, using default")); + user=strdup("nobody"); + } + DEBUG(3, ("Found user for condition: %s\n", user)); + + group = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:condition/def:group", + default_namespace_prefix, default_namespace); + if (group==NULL) { + DEBUG(3, ("Group for condition not found, using default\n")); + group=strdup("nobody"); + } + DEBUG(3, ("Found group for condition: %s\n", group)); + + arguments=strchr(condition,' '); + if (arguments!=NULL) { + *arguments++='\0'; + } + + ret=exec_command(condition, user, group, arguments, NULL); + + free(arguments); + free(group); + free(user); + free(condition); + + return ret; +} + +int ipaaction_file(const xmlDocPtr doc, const xmlChar *default_namespace) { + char *url; + char *data; + char *path; + char *owner; + char *group; + char *access; + char *selinux_context; + //char **acl; + char *cleanup; + CURL *curl_context; + CURLcode curl_result; + char *tmp_file_name; + FILE *output_file; + int fd; + int ret; + struct stat stat_buffer; + + url = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:url", + default_namespace_prefix, default_namespace); + DEBUG(3, ("Found the following ipaaction file url: |%s|\n", url)); + data = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:data", + default_namespace_prefix, default_namespace); + DEBUG(3, ("Found the following ipaaction file data: |%s|\n", data)); + if (url==NULL && data==NULL) { + DEBUG(0,("Found no url or data element for ipaaction file. This should never happen.\n")); + return -1; + } + if (url!=NULL && data!=NULL) { + DEBUG(0,("Only url or data element are allowed for ipaaction file, not both. This should never happen.\n")); + return -1; + } + + path = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:path", + default_namespace_prefix, default_namespace); + CHECK(path, NULL, ("Path for ipaaction file not found.\n"), return -1); + DEBUG(3, ("Found path for ipaaction file: %s\n", path)); + ret=stat(path, &stat_buffer); + CHECK(ret, 0, ("Destination file %s alread exists.\n", path), return -1); + + owner = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:owner", + default_namespace_prefix, default_namespace); + if (owner==NULL) { + DEBUG(3, ("Owner for ipaaction file not found, using default\n")); + owner=strdup("root"); + } + DEBUG(3, ("Found owner for ipaaction file: %s\n", owner)); + + group = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:group", + default_namespace_prefix, default_namespace); + if (group==NULL) { + DEBUG(3, ("Group for ipaaction file not found, using default\n")); + group=strdup("root"); + } + DEBUG(3, ("Found group for ipaaction file: %s\n", group)); + + access = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:access", + default_namespace_prefix, default_namespace); + if (access==NULL) { + DEBUG(3, ("Access permissions for ipaaction file not found, using default\n")); + group=strdup("0400"); + } + DEBUG(3, ("Found access permissions for ipaaction file: %s\n", access)); + + selinux_context = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:selinux_context", + default_namespace_prefix, default_namespace); + if (selinux_context==NULL) { + DEBUG(3, ("SELinux file context for ipaaction file not found, using none\n")); + selinux_context=NULL; + } + DEBUG(3, ("Found SELinux file context for ipaaction file: %s\n", selinux_context)); + + cleanup = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:cleanup", + default_namespace_prefix, default_namespace); + if (cleanup==NULL) { + DEBUG(3, ("No cleanup information for ipaaction file not found, assuming no\n")); + cleanup=strdup("no"); + } + DEBUG(3, ("Found cleanup information for ipaaction file: %s\n", cleanup)); + + + tmp_file_name=(char *) malloc(strlen(path)+7); + CHECK(tmp_file_name,NULL, ("malloc failed."), return -1); + strcpy(tmp_file_name, path); + strcat(tmp_file_name, ".XXXXXX"); + fd=open_temporary_file(tmp_file_name, access, owner, group, selinux_context); + CHECK(fd, -1, ("Failed to open temporary file.\n"), return -1); + output_file=fdopen(fd,"w"); + CHECK(output_file, NULL, ("fdopen failed: %s\n", strerror(errno)), return -1); + if (url!=NULL) { + curl_context=curl_easy_init(); + CHECK(curl_context, NULL, ("curl_easy_init failed.\n"), return -1); + curl_result=curl_easy_setopt(curl_context, CURLOPT_URL, url); + DEBUG(3,("curl result: %d\n",curl_result)); + curl_result=curl_easy_setopt(curl_context, CURLOPT_WRITEDATA, output_file); + DEBUG(3,("curl result: %d\n",curl_result)); + + curl_result=curl_easy_perform(curl_context); + DEBUG(3,("curl result: %d\n",curl_result)); + + curl_easy_cleanup(curl_context); + } + + fclose(output_file); /* this should close fd, too */ + ret=rename(tmp_file_name, path); + CHECK_MINUS_ONE_RETURN(ret, ("Cannot rename %s to %s: %s\n", tmp_file_name, path, strerror(errno) )); + free(tmp_file_name); + + return 0; +} + +int ipaaction_run(const xmlDocPtr doc, const xmlChar *default_namespace) { + int ret; + char *command; + char *user; + char *group; + char *arguments; + + command = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:run/def:command", + default_namespace_prefix, default_namespace); + CHECK(command, NULL, + ("No command in ipaaction run section found, this should neven happen.\n"), + return -1); + DEBUG(3, ("Found command for current ipaaction: |%s|\n", command)); + + user = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:run/def:user", + default_namespace_prefix, default_namespace); + if (user==NULL) { + DEBUG(3, ("User for ipaaction run command not found, using default")); + user=strdup("nobody"); + } + DEBUG(3, ("Found user for ipaaction run command: %s\n", user)); + + group = find_value_by_xpath(doc, + (xmlChar *) "//def:ipa/def:ipaaction/def:run/def:group", + default_namespace_prefix, default_namespace); + if (group==NULL) { + DEBUG(3, ("Group for ipaaction run command not found, using default\n")); + group=strdup("nobody"); + } + DEBUG(3, ("Found group for ipaaction run command: %s\n", group)); + + arguments=strchr(command,' '); + if (arguments!=NULL) { + *arguments++='\0'; + } + + ret=exec_command(command, user, group, arguments, NULL); + + free(arguments); + free(group); + free(user); + free(command); + + return ret; + + return 0; +} + +int handle_ipaaction(const char *policy_name, const xmlChar *default_namespace) { + int ret; + xmlDocPtr doc; + + doc = xmlParseFile(policy_name); + CHECK(doc, NULL, ("Cannot parse document %s!\n", policy_name), exit(1)); + + ret=check_ipaaction_condition(doc, default_namespace); + if (ret!=0) { + DEBUG(0,("IPA action condition failed\n")); + return -1; + } + + ret=ipaaction_file(doc, default_namespace); + if (ret!=0) { + DEBUG(0,("IPA action file failed\n")); + return -1; + } + + ret=ipaaction_run(doc, default_namespace); + if (ret!=0) { + DEBUG(0,("IPA action run failed\n")); + return -1; + } + + xmlFreeDoc(doc); + + return 0; +} diff --git a/worker/ipaaction.h b/worker/ipaaction.h new file mode 100644 index 0000000..25664d8 --- /dev/null +++ b/worker/ipaaction.h @@ -0,0 +1,4 @@ +int check_ipaaction_condition(const xmlDocPtr doc, const xmlChar *default_namespace); +int ipaaction_file(const xmlDocPtr doc, const xmlChar *default_namespace); +int ipaaction_run(const xmlDocPtr doc, const xmlChar *default_namespace); +int handle_ipaaction(const char *policy_file_name, const xmlChar *default_namespace); diff --git a/worker/output_handler.c b/worker/output_handler.c new file mode 100644 index 0000000..728f53b --- /dev/null +++ b/worker/output_handler.c @@ -0,0 +1,261 @@ +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <errno.h> +#include <libgen.h> + + +#include <libxml/tree.h> +#include <libxml/parser.h> +#include <libxml/xpath.h> +#include <libxml/xpathInternals.h> +#include <libxml/relaxng.h> + +#include <libxslt/xslt.h> +#include <libxslt/xsltInternals.h> +#include <libxslt/transform.h> +#include <libxslt/xsltutils.h> + +#include "util.h" +#include "xml_helper.h" +#include "helpers.h" + +char *get_output_handler_parameter(xmlNode *node, const char *name, const char *default_value, const int required) { + char *value; + + DEBUG(3,("Search for attribute '%s'.\n",name)); + value = (char *) xmlGetProp(node, (xmlChar *) name); + if (required == 1) { + CHECK_NULL_FATAL(value, ("Cannot find required attribute '%s' for output handler.\n", name)); + DEBUG(3,("Found required attribute '%s' with value '%s'.\n",name, value)); + } else if (required == 0 ) { + if (value == NULL) { + DEBUG(3,("Optional attribute '%s' not found, using default '%s'.\n",name, default_value)); + if (default_value != NULL ) value=strdup(default_value); + } else { + DEBUG(3,("Found optional attribute '%s' with value '%s'.\n",name, value)); + } + } else { + DEBUG(0,("I am not allowed to be here, aborting ...\n")); + exit(-1); + } + + return value; +} + +int output_handler_file(xmlNode *node, const xmlDocPtr doc, const char *xslt_file_name) { + char *name; + char *owner; + char *group; + char *permission; + char *param_name; + char *param_value; + struct stat stat_buffer; + char *dir_name; + char *tmp_file_name; + char *buffer; + int ret; + int fd; + xsltStylesheetPtr parsed_stylesheet = NULL; + xmlDocPtr res; + + name=get_output_handler_parameter(node, "name", NULL, 1); + + buffer=strdup(name); + CHECK_NULL_RETURN(buffer ,("strdup failed\n")); + dir_name=dirname(buffer); + if( (ret=stat(dir_name, &stat_buffer)) == -1) { + DEBUG(0,("stat on %s failed: %s\n",dir_name, strerror(errno))); + free(name); + return -1; + } + if(!S_ISDIR(stat_buffer.st_mode)) { + DEBUG(0,("%s is not a directory!\n",dir_name)); + free(name); + return -1; + } + free(buffer); + + if( (ret=lstat(name, &stat_buffer)) == -1) { + DEBUG(0,("stat on %s failed: %s\n",name, strerror(errno))); + free(name); + return -1; + } + if(!S_ISREG(stat_buffer.st_mode)) { + DEBUG(0,("%s is not a regular file!\n",name)); + free(name); + return -1; + } + + owner=get_output_handler_parameter(node, "owner", "root", 0); + group=get_output_handler_parameter(node, "group", "root", 0); + + permission=get_output_handler_parameter(node, "permission", "0400", 0); + param_name=get_output_handler_parameter(node, "param_name", NULL, 0); + param_value=get_output_handler_parameter(node, "param_value", NULL, 0); + + /* TODO: create backup copy */ + + tmp_file_name=(char *) malloc(strlen(name)+7); + CHECK_NULL_RETURN(tmp_file_name,("malloc failed.")); + strcpy(tmp_file_name, name); + strcat(tmp_file_name, ".XXXXXX"); + open_temporary_file(tmp_file_name, permission, owner, group, NULL); + + parsed_stylesheet = xsltParseStylesheetFile((xmlChar *) xslt_file_name); + CHECK_NULL_FATAL(parsed_stylesheet, ("Cannot parse stylesheet!\n")); + + res = xsltApplyStylesheet(parsed_stylesheet, doc, NULL); + CHECK_NULL_FATAL(res, ("Cannot apply stylesheet!\n")); + ret = xsltSaveResultToFd(fd, res, parsed_stylesheet); + if (ret == -1) { + DEBUG(0, ("Cannot save result!\n")); + exit(1); + } + xmlFreeDoc(res); + xsltFreeStylesheet(parsed_stylesheet); + + close(fd); + ret=rename(tmp_file_name, name); + CHECK_MINUS_ONE_RETURN(ret, ("Cannot rename %s to %s: %s\n", tmp_file_name, name, strerror(errno) )); + + free(tmp_file_name); + + free(name); + free(owner); + free(group); + free(permission); + free(param_name); + free(param_value); + return 0; +} + +int output_handler_exec_with_args(xmlNode *node, const xmlDocPtr doc, const char *xslt_file_name) { + char *command; + char *arguments; + char *user; + char *group; + char *param_name; + char *param_value; + int ret; + struct stat stat_buffer; + xsltStylesheetPtr parsed_stylesheet = NULL; + xmlDocPtr res; + xmlChar *result_string; + int result_length; + char *cur; + char *end_of_line; + + command=get_output_handler_parameter(node, "command", NULL, 1); + + if( (ret=stat(command, &stat_buffer)) == -1) { + DEBUG(0,("stat on %s failed: %s\n",command, strerror(errno))); + free(command); + return -1; + } + + + arguments=get_output_handler_parameter(node, "arguments", NULL, 0); + + user=get_output_handler_parameter(node, "user", "nobody", 0); + group=get_output_handler_parameter(node, "group", "nobody", 0); + + param_name=get_output_handler_parameter(node, "param_name", NULL, 0); + param_value=get_output_handler_parameter(node, "param_value", NULL, 0); + + parsed_stylesheet = xsltParseStylesheetFile((xmlChar *) xslt_file_name); + CHECK_NULL_FATAL(parsed_stylesheet, ("Cannot parse stylesheet!\n")); + + res = xsltApplyStylesheet(parsed_stylesheet, doc, NULL); + CHECK_NULL_FATAL(res, ("Cannot apply stylesheet!\n")); + ret = xsltSaveResultToString(&result_string, &result_length, res, parsed_stylesheet); + if (ret == -1) { + DEBUG(0, ("Cannot save result!\n")); + exit(1); + } + xmlFreeDoc(res); + xsltFreeStylesheet(parsed_stylesheet); + + cur=(char *)result_string; + while ( (end_of_line = strchr(cur, '\n'))!=NULL ) { + *end_of_line='\0'; + DEBUG(3,("found argument to %s: |%s|\n",command, cur)); + ret=exec_command(command, user, group, arguments, cur); + DEBUG(3,("exec_command retrun value: %d\n",ret)); + cur=end_of_line+1; + }; + + free(result_string); + + free(command); + free(arguments); + free(user); + free(group); + free(param_name); + free(param_value); + return 0; +} + +int find_output_handler(const char *policy_file_name, const char *xslt_file_name) { + int i; + xmlXPathContextPtr xpath_context; + xmlXPathObjectPtr xpath_obj; + xmlDocPtr xslt_doc; + xmlDocPtr doc; + + doc = xmlParseFile(policy_file_name); + CHECK(doc, NULL, ("Cannot parse file %s!\n", policy_file_name), exit(1)); + + xslt_doc = xmlParseFile(xslt_file_name); + CHECK(xslt_doc, NULL, ("Cannot parse file %s!\n", xslt_file_name), exit(1)); + + xpath_context = xmlXPathNewContext(xslt_doc); + CHECK(xpath_context, NULL, ("Error: unable to create new XPath context\n"), exit(1)); + + if (xmlXPathRegisterNs(xpath_context, XSLT_METADATA_NAMESPACE_PREFIX, XSLT_METADATA_NAMESPACE) != 0) { + DEBUG(0, + ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", + XSLT_METADATA_NAMESPACE_PREFIX, XSLT_METADATA_NAMESPACE)); + xmlXPathFreeContext(xpath_context); + return 0; + } + + xpath_obj = xmlXPathEvalExpression(XPATH_OUTPUT_HANDLER, xpath_context); + if (xpath_obj == NULL) { + DEBUG(0, + ("Error: unable to evaluate xpath expression \"%s\"\n", + XPATH_OUTPUT_HANDLER)); + xmlXPathFreeContext(xpath_context); + return 0; + } + + if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { + DEBUG(0, ("Nothing found for %s\n", XPATH_OUTPUT_HANDLER)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return 0; + } + + for (i=0; i<xmlXPathNodeSetGetLength(xpath_obj->nodesetval); i++) { + DEBUG(3, ("found output_handler: %s\n",(char *) xpath_obj->nodesetval->nodeTab[i]->name)); + print_all_attributes(xpath_obj->nodesetval->nodeTab[i]); + if ( xmlStrEqual(xpath_obj->nodesetval->nodeTab[i]->name, (xmlChar *) "file" )) { + output_handler_file(xpath_obj->nodesetval->nodeTab[i], doc, xslt_file_name); + } else if ( xmlStrEqual(xpath_obj->nodesetval->nodeTab[i]->name, (xmlChar *) "exec_with_args" )) { + output_handler_exec_with_args(xpath_obj->nodesetval->nodeTab[i], doc, xslt_file_name); + } else { + DEBUG(0, ("Unknow outout handler '%s'.\n", xpath_obj->nodesetval->nodeTab[i]->name)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return -1; + } + } + + + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + xmlFreeDoc(xslt_doc); + xmlFreeDoc(doc); + return 0; +} diff --git a/worker/output_handler.h b/worker/output_handler.h new file mode 100644 index 0000000..a4ca498 --- /dev/null +++ b/worker/output_handler.h @@ -0,0 +1,4 @@ +char *get_output_handler_parameter(xmlNode *node, const char *name, const char *default_value, const int required); +int output_handler_file(xmlNode *node, const xmlDocPtr doc, const char *xslt_file_name); +int output_handler_exec_with_args(xmlNode *node, const xmlDocPtr doc, const char *xslt_file_name); +int find_output_handler(const char *policy_file_name, const char *xslt_file_name); diff --git a/worker/worker.c b/worker/worker.c index efd7706..85430bd 100644 --- a/worker/worker.c +++ b/worker/worker.c @@ -1,818 +1,42 @@ +/** + * Author: Sumit Bose <sbose@redhat.com> + * + * Copyright (C) 2008 Red Hat + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; version 2 only + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; see the file COPYING.LGPL. If not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + */ + #define _GNU_SOURCE -#include <stdio.h> #include <string.h> #include <stdlib.h> -#include <assert.h> -#include <string.h> -#include <libgen.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <unistd.h> -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <sys/wait.h> - - - -#include <libxml/tree.h> -#include <libxml/parser.h> -#include <libxml/xpath.h> -#include <libxml/xpathInternals.h> -#include <libxml/relaxng.h> - -#include <libxslt/xslt.h> -#include <libxslt/xsltInternals.h> -#include <libxslt/transform.h> -#include <libxslt/xsltutils.h> - -#include <curl/curl.h> - -#include <selinux/selinux.h> -#include <selinux/context.h> +#include "helpers.h" #include "util.h" +#include "xml_helper.h" +#include "ipaaction.h" +#include "output_handler.h" -#define XMLCHARLEN 255 -#define MAXSTR XMLCHARLEN -/* If a default namespace is defined - * - * IMPORTANT: XPath 1.0 has no concept of a default namespace. Unprefixed - * names in XPath only match names which have no namespace. So, if the - * document uses a default namespace, it is required to associate a non-empty - * prefix with the default namespace via register-namespace and add that - * prefix to names in XPath expressions intended to match nodes in the default - * namespace. - */ -xmlChar *default_namespace_prefix = (xmlChar *) "def"; - -#define XSLT_METADATA_NAMESPACE (xmlChar *) "http://freeipa.org/xsl/metadata/1.0" -#define XSLT_METADATA_NAMESPACE_PREFIX (xmlChar *) "md" -#define XPATH_OUTPUT_HANDLER (xmlChar *) "//md:output_handler/md:*" - -int open_temporary_file(char *name, const char *permission, const uid_t uid, const gid_t gid, const char *selinux_context_string) { - int fd; - int ret; - - fd=mkstemp(name); - if (fd==-1) { - DEBUG(0,("mkstemp failed with template %s: %s\n",name, strerror(errno))); - return -1; - } - - ret=fchmod(fd, (mode_t) strtol(permission, NULL, 8)); - CHECK(ret, -1, ("Cannot chmod temporary file to %s: %s\n", permission, strerror(errno)), return -1); - - ret=fchown(fd, uid, gid); - CHECK(ret, -1, ("Cannot chown temporary file to uid %d and gid %d: %s\n", uid, gid, strerror(errno)), return -1); - - if (selinux_context_string != NULL ) { - - ret=fsetfilecon(fd, (security_context_t ) selinux_context_string); - CHECK(ret, -1, ("fsetfilecon failed: %s\n",strerror(errno)), return -1); - - } - - return fd; -} - -int exec_command(const char *command, const uid_t uid, const gid_t gid, char *arguments, char *extra_args) { - char *argv[10]; /* FIXME */ - int c=0; - int i; - char *cur; - char *next_arg; - pid_t pid; - int ret; - int status; - int stdout_pipe[2]; - int stderr_pipe[2]; - char buffer[255]; - - argv[c++]=strdup(command); - if (arguments!=NULL) { - cur=arguments; - while( (next_arg=strchr(cur, ' '))!=NULL) { - argv[c++]=strndup(cur, next_arg-cur); - cur=next_arg+1; - } - argv[c++]=strdup(cur); - } - if (extra_args!=NULL) { - cur=extra_args; - while( (next_arg=strchr(cur, ' '))!=NULL) { - argv[c++]=strndup(cur, next_arg-cur); - cur=next_arg+1; - } - argv[c++]=strdup(cur); - } - argv[c++]=NULL; - - for(i=0;i<c;i++){ - DEBUG(3,("argument array element %d: |%s|\n",i, argv[i])); - } - - ret=pipe(stdout_pipe); - CHECK(ret, -1, ("pipe failed: %s\n",strerror(errno)), return -1); - ret=pipe(stderr_pipe); - CHECK(ret, -1, ("pipe failed: %s\n",strerror(errno)), return -1); - - pid=fork(); - CHECK(pid, -1, ("fork failed: %s",strerror(errno)), return -1); - if (!pid) { /* FIXME: missing error checking */ - - close(stdout_pipe[0]); - close(stderr_pipe[0]); - - ret=dup2(stdout_pipe[1], STDOUT_FILENO); - CHECK(ret, -1, ("dup2 failed: %s\n",strerror(errno)), exit(1)); - ret=dup2(stderr_pipe[1], STDERR_FILENO); - CHECK(ret, -1, ("dup2 failed: %s\n",strerror(errno)), exit(1)); - close(STDIN_FILENO); - - ret=chdir("/"); - CHECK(ret, -1, ("chdir to / failed: %s\n",strerror(errno)), exit(1)); - ret=setgid(gid); - CHECK(ret, -1, ("setgid failed: %s\n",strerror(errno)), exit(1)); - ret=setuid(uid); - CHECK(ret, -1, ("setuid failed: %s\n",strerror(errno)), exit(1)); - - execv(command, argv); - } - - close(stdout_pipe[1]); - close(stderr_pipe[1]); - - *buffer='\0'; - ret=read(stdout_pipe[0], &buffer, 255); - buffer[ret]='\0'; - DEBUG(3,("stdout from child: >>%s<<\n",buffer)); - *buffer='\0'; - ret=read(stderr_pipe[0], &buffer, 255); - buffer[ret]='\0'; - DEBUG(3,("stderr from child: >>%s<<\n",buffer)); - - ret = waitpid(pid, & status, 0); - if (WIFEXITED(status)) { - DEBUG(3,("Child terminated normally with exit status %d\n",WEXITSTATUS(status))); - } else { - DEBUG(1,("Child terminated not normally.\n")); - } - - - for(i=0;i<c;i++){ - free(argv[i]); - } - return WEXITSTATUS(status); -} - -char *get_output_handler_parameter(xmlNode *node, const char *name, const char *default_value, const int required) { - char *value; - - DEBUG(3,("Search for attribute '%s'.\n",name)); - value = (char *) xmlGetProp(node, (xmlChar *) name); - if (required == 1) { - CHECK_NULL_FATAL(value, ("Cannot find required attribute '%s' for output handler.\n", name)); - DEBUG(3,("Found required attribute '%s' with value '%s'.\n",name, value)); - } else if (required == 0 ) { - if (value == NULL) { - DEBUG(3,("Optional attribute '%s' not found, using default '%s'.\n",name, default_value)); - if (default_value != NULL ) value=strdup(default_value); - } else { - DEBUG(3,("Found optional attribute '%s' with value '%s'.\n",name, value)); - } - } else { - DEBUG(0,("I am not allowed to be here, aborting ...\n")); - exit(-1); - } - - return value; -} - -int output_handler_file(xmlNode *node, const xmlDocPtr doc, const char *xslt_file_name) { - char *name; - char *owner; - char *group; - char *permission; - char *param_name; - char *param_value; - struct stat stat_buffer; - char *dir_name; - char *tmp_file_name; - char *buffer; - int ret; - int fd; - struct passwd *pwd_info; - struct group *grp_info; - xsltStylesheetPtr parsed_stylesheet = NULL; - xmlDocPtr res; - - name=get_output_handler_parameter(node, "name", NULL, 1); - - buffer=strdup(name); - CHECK_NULL_RETURN(buffer ,("strdup failed\n")); - dir_name=dirname(buffer); - if( (ret=stat(dir_name, &stat_buffer)) == -1) { - DEBUG(0,("stat on %s failed: %s\n",dir_name, strerror(errno))); - free(name); - return -1; - } - if(!S_ISDIR(stat_buffer.st_mode)) { - DEBUG(0,("%s is not a directory!\n",dir_name)); - free(name); - return -1; - } - free(buffer); - - if( (ret=lstat(name, &stat_buffer)) == -1) { - DEBUG(0,("stat on %s failed: %s\n",name, strerror(errno))); - free(name); - return -1; - } - if(!S_ISREG(stat_buffer.st_mode)) { - DEBUG(0,("%s is not a regular file!\n",name)); - free(name); - return -1; - } - - owner=get_output_handler_parameter(node, "owner", "root", 0); - pwd_info=getpwnam(owner); - CHECK_NULL_RETURN(pwd_info, ("Cannot find user %s.\n", owner)); - group=get_output_handler_parameter(node, "group", "root", 0); - grp_info=getgrnam(group); - CHECK_NULL_RETURN(grp_info, ("Cannot find group %s.\n", group)); - - permission=get_output_handler_parameter(node, "permission", "0400", 0); - param_name=get_output_handler_parameter(node, "param_name", NULL, 0); - param_value=get_output_handler_parameter(node, "param_value", NULL, 0); - - /* TODO: create backup copy */ - - tmp_file_name=(char *) malloc(strlen(name)+7); - CHECK_NULL_RETURN(tmp_file_name,("malloc failed.")); - strcpy(tmp_file_name, name); - strcat(tmp_file_name, ".XXXXXX"); - open_temporary_file(tmp_file_name, permission, pwd_info->pw_uid, grp_info->gr_gid, NULL); - /* - fd=mkstemp(tmp_file_name); - if (fd==-1) { - DEBUG(0,("mkstemp failed with template %s: %s\n",tmp_file_name, strerror(errno))); - free(name); - return -1; - } - - ret=fchmod(fd, (mode_t) strtol(permission, NULL, 8)); - CHECK_MINUS_ONE_RETURN(ret, ("Cannot chmod temporary file to %s: %s\n", permission, strerror(errno))); - - ret=fchown(fd, pwd_info->pw_uid, grp_info->gr_gid); - CHECK_MINUS_ONE_RETURN(ret, ("Cannot chown temporary file to %s:%s: %s\n", owner, group, strerror(errno))); - */ - - parsed_stylesheet = xsltParseStylesheetFile((xmlChar *) xslt_file_name); - CHECK_NULL_FATAL(parsed_stylesheet, ("Cannot parse stylesheet!\n")); - - res = xsltApplyStylesheet(parsed_stylesheet, doc, NULL); - CHECK_NULL_FATAL(res, ("Cannot apply stylesheet!\n")); - ret = xsltSaveResultToFd(fd, res, parsed_stylesheet); - if (ret == -1) { - DEBUG(0, ("Cannot save result!\n")); - exit(1); - } - xmlFreeDoc(res); - xsltFreeStylesheet(parsed_stylesheet); - - close(fd); - ret=rename(tmp_file_name, name); - CHECK_MINUS_ONE_RETURN(ret, ("Cannot rename %s to %s: %s\n", tmp_file_name, name, strerror(errno) )); - - free(tmp_file_name); - - free(name); - free(owner); - free(group); - free(permission); - free(param_name); - free(param_value); - return 0; -} - -int output_handler_exec_with_args(xmlNode *node, const xmlDocPtr doc, const char *xslt_file_name) { - char *command; - char *arguments; - char *user; - char *group; - char *param_name; - char *param_value; - int ret; - struct stat stat_buffer; - struct passwd *pwd_info; - struct group *grp_info; - xsltStylesheetPtr parsed_stylesheet = NULL; - xmlDocPtr res; - xmlChar *result_string; - int result_length; - char *cur; - char *end_of_line; - - command=get_output_handler_parameter(node, "command", NULL, 1); - - if( (ret=stat(command, &stat_buffer)) == -1) { - DEBUG(0,("stat on %s failed: %s\n",command, strerror(errno))); - free(command); - return -1; - } - - - arguments=get_output_handler_parameter(node, "arguments", NULL, 0); - - user=get_output_handler_parameter(node, "user", "nobody", 0); - pwd_info=getpwnam(user); - CHECK_NULL_RETURN(pwd_info, ("Cannot find user %s.\n", user)); - - group=get_output_handler_parameter(node, "group", "nobody", 0); - grp_info=getgrnam(group); - CHECK_NULL_RETURN(grp_info, ("Cannot find group %s.\n", group)); - - param_name=get_output_handler_parameter(node, "param_name", NULL, 0); - param_value=get_output_handler_parameter(node, "param_value", NULL, 0); - - parsed_stylesheet = xsltParseStylesheetFile((xmlChar *) xslt_file_name); - CHECK_NULL_FATAL(parsed_stylesheet, ("Cannot parse stylesheet!\n")); - - res = xsltApplyStylesheet(parsed_stylesheet, doc, NULL); - CHECK_NULL_FATAL(res, ("Cannot apply stylesheet!\n")); - ret = xsltSaveResultToString(&result_string, &result_length, res, parsed_stylesheet); - if (ret == -1) { - DEBUG(0, ("Cannot save result!\n")); - exit(1); - } - xmlFreeDoc(res); - xsltFreeStylesheet(parsed_stylesheet); - - cur=(char *)result_string; - while ( (end_of_line = strchr(cur, '\n'))!=NULL ) { - *end_of_line='\0'; - DEBUG(3,("found argument to %s: |%s|\n",command, cur)); - ret=exec_command(command, pwd_info->pw_uid, grp_info->gr_gid, arguments, cur); - DEBUG(3,("exec_command retrun value: %d\n",ret)); - cur=end_of_line+1; - }; - - free(result_string); - - free(command); - free(arguments); - free(user); - free(group); - free(param_name); - free(param_value); - return 0; -} - -int print_all_attributes(xmlNode *node) { - xmlAttr *cur; - - cur=node->properties; - while(cur!=NULL) { - DEBUG(3, ("found attribute '%s' with value '%s'.\n", cur->name, XML_GET_CONTENT(cur->children))); - cur=cur->next; - } - return 0; -} - -int find_output_handler(const xmlDocPtr doc, const char *xslt_file_name) { - int i; - xmlXPathContextPtr xpath_context; - xmlXPathObjectPtr xpath_obj; - xmlDocPtr xslt_doc; - - xslt_doc = xmlParseFile(xslt_file_name); - CHECK_NULL_FATAL(xslt_doc, ("Cannot parse file %s!\n", xslt_file_name)); - - xpath_context = xmlXPathNewContext(xslt_doc); - CHECK_NULL_FATAL(xpath_context, ("Error: unable to create new XPath context\n")); - - if (xmlXPathRegisterNs(xpath_context, XSLT_METADATA_NAMESPACE_PREFIX, XSLT_METADATA_NAMESPACE) != 0) { - DEBUG(0, - ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", - XSLT_METADATA_NAMESPACE_PREFIX, XSLT_METADATA_NAMESPACE)); - xmlXPathFreeContext(xpath_context); - return (0); - } - - xpath_obj = xmlXPathEvalExpression(XPATH_OUTPUT_HANDLER, xpath_context); - if (xpath_obj == NULL) { - DEBUG(0, - ("Error: unable to evaluate xpath expression \"%s\"\n", - XPATH_OUTPUT_HANDLER)); - xmlXPathFreeContext(xpath_context); - return (0); - } - - if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { - DEBUG(0, ("Nothing found for %s\n", XPATH_OUTPUT_HANDLER)); - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return (0); - } - - for (i=0; i<xmlXPathNodeSetGetLength(xpath_obj->nodesetval); i++) { - DEBUG(3, ("found output_handler: %s\n",(char *) xpath_obj->nodesetval->nodeTab[i]->name)); - print_all_attributes(xpath_obj->nodesetval->nodeTab[i]); - if ( xmlStrEqual(xpath_obj->nodesetval->nodeTab[i]->name, (xmlChar *) "file" )) { - output_handler_file(xpath_obj->nodesetval->nodeTab[i], doc, xslt_file_name); - } else if ( xmlStrEqual(xpath_obj->nodesetval->nodeTab[i]->name, (xmlChar *) "exec_with_args" )) { - output_handler_exec_with_args(xpath_obj->nodesetval->nodeTab[i], doc, xslt_file_name); - } else { - DEBUG(0, ("Unknow outout handler '%s'.\n", xpath_obj->nodesetval->nodeTab[i]->name)); - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return (-1); - } - } - - - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return 0; -} - -char *find_name_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, xmlChar * prefix, - xmlChar * namespace) -{ - - xmlXPathContextPtr xpath_context; - xmlXPathObjectPtr xpath_obj; - char *result = NULL; - - /* Create xpath evaluation context */ - xpath_context = xmlXPathNewContext(doc); - CHECK_NULL_FATAL(xpath_context, - ("Error: unable to create new XPath context\n")); - /* Register a namespace */ - if (xmlXPathRegisterNs(xpath_context, prefix, namespace) != 0) { - DEBUG(0, - ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", - prefix , namespace)); - xmlXPathFreeContext(xpath_context); - return (NULL); - } - /* Evaluate xpath expression */ - xpath_obj = xmlXPathEvalExpression(xpath_expr, xpath_context); - if (xpath_obj == NULL) { - DEBUG(0, - ("Error: unable to evaluate xpath expression \"%s\"\n", - xpath_expr)); - xmlXPathFreeContext(xpath_context); - return (NULL); - } - - if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { - DEBUG(0, ("Nothing found for %s\n", xpath_expr)); - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return (NULL); - } else if (xmlXPathNodeSetGetLength(xpath_obj->nodesetval) != 1) { - DEBUG(0, ("More than one node found for %s!", xpath_expr)); - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return (NULL); - } else { - result = strdup((char *) xpath_obj->nodesetval->nodeTab[0]->name); - } - - - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return result; - -} - -char *find_value_by_xpath(const xmlDocPtr doc, const xmlChar * xpath_expr, const xmlChar * prefix, - const xmlChar * namespace) -{ - - xmlXPathContextPtr xpath_context; - xmlXPathObjectPtr xpath_obj; - char *result = NULL; - - /* Create xpath evaluation context */ - xpath_context = xmlXPathNewContext(doc); - CHECK_NULL_FATAL(xpath_context, - ("Error: unable to create new XPath context\n")); - /* Register a namespace */ - if (xmlXPathRegisterNs(xpath_context, prefix, namespace) != 0) { - DEBUG(0, - ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", - prefix , namespace)); - xmlXPathFreeContext(xpath_context); - return (NULL); - } - /* Evaluate xpath expression */ - xpath_obj = xmlXPathEvalExpression(xpath_expr, xpath_context); - if (xpath_obj == NULL) { - DEBUG(0, - ("Error: unable to evaluate xpath expression \"%s\"\n", - xpath_expr)); - xmlXPathFreeContext(xpath_context); - return (NULL); - } - - if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { - DEBUG(0, ("Nothing found for %s\n", xpath_expr)); - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return (NULL); - } else if (xmlXPathNodeSetGetLength(xpath_obj->nodesetval) != 1) { - DEBUG(0, ("More than one node found for %s!", xpath_expr)); - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return (NULL); - } else { - result = - (char *) xmlNodeListGetString(doc, - xpath_obj->nodesetval->nodeTab[0]-> - xmlChildrenNode, 1); - } - - - xmlXPathFreeObject(xpath_obj); - xmlXPathFreeContext(xpath_context); - return result; - -} - -int check_ipaaction_condition(const xmlDocPtr doc, const xmlChar *default_namespace) { - char *condition; - char *user; - char *group; - struct passwd *pwd_info; - struct group *grp_info; - int ret; - char *arguments; - - condition = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:condition/def:command", - default_namespace_prefix, default_namespace); - if ( condition==NULL ) { - DEBUG(3, ("No condition found for current ipaaction.\n")); - return 0; - } - DEBUG(3, ("Found condition for current ipaaction: |%s|\n", condition)); - - user = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:condition/def:user", - default_namespace_prefix, default_namespace); - if (user==NULL) { - DEBUG(3, ("User for condition not found, using default")); - user=strdup("nobody"); - } - DEBUG(3, ("Found user for condition: %s\n", user)); - pwd_info=getpwnam(user); - CHECK(pwd_info, NULL, ("Cannot find user %s.\n", user), return -1); - - group = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:condition/def:group", - default_namespace_prefix, default_namespace); - if (group==NULL) { - DEBUG(3, ("Group for condition not found, using default\n")); - group=strdup("nobody"); - } - DEBUG(3, ("Found group for condition: %s\n", group)); - grp_info=getgrnam(group); - CHECK(grp_info, NULL, ("Cannot find group %s.\n", group), return -1); - - arguments=strchr(condition,' '); - if (arguments!=NULL) { - *arguments++='\0'; - } - - ret=exec_command(condition, pwd_info->pw_uid, grp_info->gr_gid, arguments, NULL); - - free(group); - free(user); - free(condition); - - return ret; -} - -int ipaaction_file(const xmlDocPtr doc, const xmlChar *default_namespace) { - char *url; - char *data; - char *path; - char *owner; - char *group; - char *access; - char *selinux_context; - //char **acl; - char *cleanup; - struct passwd *pwd_info; - struct group *grp_info; - CURL *curl_context; - CURLcode curl_result; - char *tmp_file_name; - FILE *output_file; - int fd; - int ret; - struct stat stat_buffer; - - url = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:url", - default_namespace_prefix, default_namespace); - DEBUG(3, ("Found the following ipaaction file url: |%s|\n", url)); - data = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:data", - default_namespace_prefix, default_namespace); - DEBUG(3, ("Found the following ipaaction file data: |%s|\n", data)); - if (url==NULL && data==NULL) { - DEBUG(0,("Found no url or data element for ipaaction file. This should never happen.\n")); - return -1; - } - if (url!=NULL && data!=NULL) { - DEBUG(0,("Only url or data element are allowed for ipaaction file, not both. This should never happen.\n")); - return -1; - } - - path = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:path", - default_namespace_prefix, default_namespace); - CHECK(path, NULL, ("Path for ipaaction file not found.\n"), return -1); - DEBUG(3, ("Found path for ipaaction file: %s\n", path)); - ret=stat(path, &stat_buffer); - CHECK(ret, 0, ("Destination file %s alread exists.\n", path), return -1); - - owner = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:owner", - default_namespace_prefix, default_namespace); - if (owner==NULL) { - DEBUG(3, ("Owner for ipaaction file not found, using default\n")); - owner=strdup("root"); - } - DEBUG(3, ("Found owner for ipaaction file: %s\n", owner)); - pwd_info=getpwnam(owner); - CHECK(pwd_info, NULL, ("Cannot find user %s.\n", owner), return -1); - - group = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:group", - default_namespace_prefix, default_namespace); - if (group==NULL) { - DEBUG(3, ("Group for ipaaction file not found, using default\n")); - group=strdup("root"); - } - DEBUG(3, ("Found group for ipaaction file: %s\n", group)); - grp_info=getgrnam(group); - CHECK(grp_info, NULL, ("Cannot find group %s.\n", group), return -1); - - access = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:access", - default_namespace_prefix, default_namespace); - if (access==NULL) { - DEBUG(3, ("Access permissions for ipaaction file not found, using default\n")); - group=strdup("0400"); - } - DEBUG(3, ("Found access permissions for ipaaction file: %s\n", access)); - - selinux_context = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:selinux_context", - default_namespace_prefix, default_namespace); - if (selinux_context==NULL) { - DEBUG(3, ("SELinux file context for ipaaction file not found, using none\n")); - selinux_context=NULL; - } - DEBUG(3, ("Found SELinux file context for ipaaction file: %s\n", selinux_context)); - - cleanup = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:file/def:cleanup", - default_namespace_prefix, default_namespace); - if (cleanup==NULL) { - DEBUG(3, ("No cleanup information for ipaaction file not found, assuming no\n")); - cleanup=strdup("no"); - } - DEBUG(3, ("Found cleanup information for ipaaction file: %s\n", cleanup)); - - - tmp_file_name=(char *) malloc(strlen(path)+7); - CHECK(tmp_file_name,NULL, ("malloc failed."), return -1); - strcpy(tmp_file_name, path); - strcat(tmp_file_name, ".XXXXXX"); - fd=open_temporary_file(tmp_file_name, access, pwd_info->pw_uid, grp_info->gr_gid, selinux_context); - CHECK(fd, -1, ("Failed to open temporary file.\n"), return -1); - output_file=fdopen(fd,"w"); - CHECK(output_file, NULL, ("fdopen failed: %s\n", strerror(errno)), return -1); - if (url!=NULL) { - curl_context=curl_easy_init(); - CHECK(curl_context, NULL, ("curl_easy_init failed.\n"), return -1); - curl_result=curl_easy_setopt(curl_context, CURLOPT_URL, url); - DEBUG(3,("curl result: %d\n",curl_result)); - curl_result=curl_easy_setopt(curl_context, CURLOPT_WRITEDATA, output_file); - DEBUG(3,("curl result: %d\n",curl_result)); - - curl_result=curl_easy_perform(curl_context); - DEBUG(3,("curl result: %d\n",curl_result)); - - curl_easy_cleanup(curl_context); - } - - fclose(output_file); /* this should close fd, too */ - ret=rename(tmp_file_name, path); - CHECK_MINUS_ONE_RETURN(ret, ("Cannot rename %s to %s: %s\n", tmp_file_name, path, strerror(errno) )); - free(tmp_file_name); - - return 0; -} - -int ipaaction_run(const xmlDocPtr doc, const xmlChar *default_namespace) { - char *command; - char *user; - char *group; - struct passwd *pwd_info; - struct group *grp_info; - int ret; - char *arguments; - - command = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:run/def:command", - default_namespace_prefix, default_namespace); - CHECK(command, NULL, - ("No command in ipaaction run section found, this should neven happen.\n"), - return -1); - DEBUG(3, ("Found command for current ipaaction: |%s|\n", command)); - - user = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:run/def:user", - default_namespace_prefix, default_namespace); - if (user==NULL) { - DEBUG(3, ("User for ipaaction run command not found, using default")); - user=strdup("nobody"); - } - DEBUG(3, ("Found user for ipaaction run command: %s\n", user)); - pwd_info=getpwnam(user); - CHECK(pwd_info, NULL, ("Cannot find user %s.\n", user), return -1); - - group = find_value_by_xpath(doc, - (xmlChar *) "//def:ipa/def:ipaaction/def:run/def:group", - default_namespace_prefix, default_namespace); - if (group==NULL) { - DEBUG(3, ("Group for ipaaction run command not found, using default\n")); - group=strdup("nobody"); - } - DEBUG(3, ("Found group for ipaaction run command: %s\n", group)); - grp_info=getgrnam(group); - CHECK(grp_info, NULL, ("Cannot find group %s.\n", group), return -1); - - arguments=strchr(command,' '); - if (arguments!=NULL) { - *arguments++='\0'; - } - - ret=exec_command(command, pwd_info->pw_uid, grp_info->gr_gid, arguments, NULL); - - free(group); - free(user); - free(command); - - return ret; - - return 0; -} - -int handle_ipaaction(const xmlDocPtr doc, const xmlChar *default_namespace) { - int ret; - - ret=check_ipaaction_condition(doc, default_namespace); - if (ret!=0) { - DEBUG(0,("IPA action condition failed\n")); - return -1; - } - - ret=ipaaction_file(doc, default_namespace); - if (ret!=0) { - DEBUG(0,("IPA action file failed\n")); - return -1; - } - - ret=ipaaction_run(doc, default_namespace); - if (ret!=0) { - DEBUG(0,("IPA action run failed\n")); - return -1; - } - - return 0; -} int main(int argc, char **argv) { - xmlDocPtr doc; - xmlNodePtr root_node; xmlChar *default_namespace; - xmlChar xpath_expr[XMLCHARLEN]; - char *rng_file_name; char *xslt_file_name; - xmlRelaxNGValidCtxtPtr rng_context; - xmlDocPtr xslt_doc; char *ipa_policy_type; + char *policy_file_name; if (argc != 2) { DEBUG(0, @@ -820,89 +44,22 @@ int main(int argc, char **argv) exit(1); } - doc = xmlParseFile(argv[1]); - CHECK_NULL_FATAL(doc, ("Cannot parse document %s!\n", argv[1])); - - /* find the default namespace */ - root_node = xmlDocGetRootElement(doc); - CHECK_NULL_FATAL(root_node, - ("Cannot find root node of document %s!\n", argv[1])); - if (xmlStrncasecmp(root_node->name, (xmlChar *) "IPA", XMLCHARLEN) != 0) { - DEBUG(0, - ("Name of root node of document %s has to be 'ipa'!\n", argv[1])); - exit(1); - } - CHECK_NULL_FATAL(root_node->ns->href, - ("Root node of document %s must define a namespace!\n", - argv[1])); - default_namespace = xmlStrndup(root_node->ns->href, XMLCHARLEN); - CHECK_NULL_FATAL(default_namespace, ("Cannot copy namespace!\n")); - DEBUG(3, ("Default namespace of %s is %s\n", argv[1], default_namespace)); - - - xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:ipa/*[2]", - default_namespace_prefix); - ipa_policy_type = find_name_by_xpath(doc, xpath_expr, default_namespace_prefix, default_namespace); - CHECK_NULL_FATAL(ipa_policy_type, ("Type of IPA policy not found.\n")); - DEBUG(3, ("Found IPA policy type: %s\n", ipa_policy_type)); - if ( strncmp(ipa_policy_type, "ipaconfig",9) != 0 && - strncmp(ipa_policy_type, "iparole",7) != 0 && - strncmp(ipa_policy_type, "ipaaction",9) != 0) { - DEBUG(0,("unknown IPA ploicy type\n")); - exit(1); - } - - xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:RNGfile", - default_namespace_prefix); - rng_file_name = - find_value_by_xpath(doc, xpath_expr, default_namespace_prefix, - default_namespace); - CHECK_NULL_FATAL(rng_file_name, - ("Name of RELANX NG schema file not found.\n")); - DEBUG(3, ("Found name of RELAX NG schema file: %s\n", rng_file_name)); - - - - /* validate the document */ - rng_context = - xmlRelaxNGNewValidCtxt(xmlRelaxNGParse - (xmlRelaxNGNewParserCtxt(rng_file_name))); - CHECK_NULL_FATAL(rng_context, ("Failed to create RNG context\n")); - if (xmlRelaxNGValidateDoc(rng_context, doc) == 0) { - DEBUG(0, ("The document is valid.\n")); - } else { - DEBUG(0, ("Error during validation.\n")); - exit(1); - } - - xmlRelaxNGFreeValidCtxt(rng_context); - free(rng_file_name); + policy_file_name=strdup(argv[1]); + validate_policy(policy_file_name, &default_namespace, &ipa_policy_type, &xslt_file_name); if ( strncmp( ipa_policy_type, "ipaaction", 9)==0) { - handle_ipaaction(doc, default_namespace); + handle_ipaaction(policy_file_name, default_namespace); } else { - xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:XSLTfile", - default_namespace_prefix); - xslt_file_name = - find_value_by_xpath(doc, xpath_expr, default_namespace_prefix, - default_namespace); - CHECK_NULL_FATAL(xslt_file_name, ("Name of XSLT file not found.\n")); - DEBUG(3, ("Found name of XSLT file: %s\n", xslt_file_name)); - - /* read the xslt file */ - xslt_doc = xmlParseFile(xslt_file_name); - CHECK_NULL_FATAL(xslt_doc, ("Cannot parse file %s!\n", xslt_file_name)); - find_output_handler(doc, xslt_file_name); + find_output_handler(policy_file_name, xslt_file_name); free(xslt_file_name); } - xmlFreeDoc(doc); - + free(ipa_policy_type); + free(default_namespace); + free(policy_file_name); - - - return (0); + return 0; } diff --git a/worker/xml_helper.c b/worker/xml_helper.c new file mode 100644 index 0000000..34a1514 --- /dev/null +++ b/worker/xml_helper.c @@ -0,0 +1,220 @@ +#include <string.h> + +#include <libxml/tree.h> +#include <libxml/parser.h> +#include <libxml/xpath.h> +#include <libxml/xpathInternals.h> +#include <libxml/relaxng.h> + +#include <libxslt/xslt.h> +#include <libxslt/xsltInternals.h> +#include <libxslt/transform.h> +#include <libxslt/xsltutils.h> + +#include "util.h" +#include "xml_helper.h" + +/* If a default namespace is defined + * + * IMPORTANT: XPath 1.0 has no concept of a default namespace. Unprefixed + * names in XPath only match names which have no namespace. So, if the + * document uses a default namespace, it is required to associate a non-empty + * prefix with the default namespace via register-namespace and add that + * prefix to names in XPath expressions intended to match nodes in the default + * namespace. + */ +xmlChar *default_namespace_prefix = (xmlChar *) "def"; + +int validate_policy(const char *policy_file_name, xmlChar **default_namespace, char **ipa_policy_type, char **xslt_file_name) { + xmlDocPtr doc; + xmlNodePtr root_node; + char *rng_file_name; + xmlRelaxNGValidCtxtPtr rng_context; + xmlChar xpath_expr[XMLCHARLEN]; + + + doc = xmlParseFile(policy_file_name); + CHECK(doc, NULL, ("Cannot parse document %s!\n", policy_file_name), exit(1)); + + /* find the default namespace */ + root_node = xmlDocGetRootElement(doc); + CHECK(root_node, NULL, + ("Cannot find root node of document %s!\n", policy_file_name), exit(1)); + if (xmlStrncasecmp(root_node->name, (xmlChar *) "IPA", XMLCHARLEN) != 0) { + DEBUG(0, + ("Name of root node of document %s has to be 'ipa'!\n", policy_file_name)); + exit(1); + } + CHECK(root_node->ns->href, NULL, + ("Root node of document %s must define a namespace!\n", policy_file_name), exit(1)); + *default_namespace = xmlStrndup(root_node->ns->href, XMLCHARLEN); + CHECK(*default_namespace, NULL, ("Cannot copy namespace!\n"), exit(1)); + DEBUG(3, ("Default namespace of %s is %s\n", policy_file_name, *default_namespace)); + + + xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:ipa/*[2]", + default_namespace_prefix); + *ipa_policy_type = find_name_by_xpath(doc, xpath_expr, default_namespace_prefix, *default_namespace); + CHECK(*ipa_policy_type, NULL, ("Type of IPA policy not found.\n"), exit(1)); + DEBUG(3, ("Found IPA policy type: %s\n", *ipa_policy_type)); + if ( strncmp(*ipa_policy_type, "ipaconfig",9) != 0 && + strncmp(*ipa_policy_type, "iparole",7) != 0 && + strncmp(*ipa_policy_type, "ipaaction",9) != 0) { + DEBUG(0,("unknown IPA ploicy type\n")); + exit(1); + } + + xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:RNGfile", + default_namespace_prefix); + rng_file_name = + find_value_by_xpath(doc, xpath_expr, default_namespace_prefix, + *default_namespace); + CHECK(rng_file_name, NULL, ("Name of RELANX NG schema file not found.\n"), exit(1)); + DEBUG(3, ("Found name of RELAX NG schema file: %s\n", rng_file_name)); + + + + /* validate the document */ + rng_context = + xmlRelaxNGNewValidCtxt(xmlRelaxNGParse + (xmlRelaxNGNewParserCtxt(rng_file_name))); + CHECK(rng_context, NULL, ("Failed to create RNG context\n"), exit(1)); + if (xmlRelaxNGValidateDoc(rng_context, doc) == 0) { + DEBUG(0, ("The document is valid.\n")); + } else { + DEBUG(0, ("Error during validation.\n")); + exit(1); + } + + xmlRelaxNGFreeValidCtxt(rng_context); + free(rng_file_name); + + + if (strncmp(*ipa_policy_type, "ipaaction", 9)!=0) { + xmlStrPrintf(xpath_expr, XMLCHARLEN, (xmlChar *) "//%s:XSLTfile", default_namespace_prefix); + *xslt_file_name = + find_value_by_xpath(doc, xpath_expr, default_namespace_prefix, *default_namespace); + CHECK(*xslt_file_name, NULL, ("Name of XSLT file not found.\n"), exit(1)); + DEBUG(3, ("Found name of XSLT file: %s\n", *xslt_file_name)); + } + + xmlFreeDoc(doc); + + return 0; +} + +int print_all_attributes(xmlNode *node) { + xmlAttr *cur; + + cur=node->properties; + while(cur!=NULL) { + DEBUG(3, ("found attribute '%s' with value '%s'.\n", cur->name, XML_GET_CONTENT(cur->children))); + cur=cur->next; + } + return 0; +} + +char *find_name_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, xmlChar * prefix, + xmlChar * namespace) +{ + + xmlXPathContextPtr xpath_context; + xmlXPathObjectPtr xpath_obj; + char *result = NULL; + + /* Create xpath evaluation context */ + xpath_context = xmlXPathNewContext(doc); + CHECK_NULL_FATAL(xpath_context, + ("Error: unable to create new XPath context\n")); + /* Register a namespace */ + if (xmlXPathRegisterNs(xpath_context, prefix, namespace) != 0) { + DEBUG(0, + ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", + prefix , namespace)); + xmlXPathFreeContext(xpath_context); + return NULL; + } + /* Evaluate xpath expression */ + xpath_obj = xmlXPathEvalExpression(xpath_expr, xpath_context); + if (xpath_obj == NULL) { + DEBUG(0, + ("Error: unable to evaluate xpath expression \"%s\"\n", + xpath_expr)); + xmlXPathFreeContext(xpath_context); + return NULL; + } + + if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { + DEBUG(0, ("Nothing found for %s\n", xpath_expr)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return NULL; + } else if (xmlXPathNodeSetGetLength(xpath_obj->nodesetval) != 1) { + DEBUG(0, ("More than one node found for %s!", xpath_expr)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return NULL; + } else { + result = strdup((char *) xpath_obj->nodesetval->nodeTab[0]->name); + } + + + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return result; + +} + +char *find_value_by_xpath(const xmlDocPtr doc, const xmlChar * xpath_expr, const xmlChar * prefix, + const xmlChar * namespace) +{ + + xmlXPathContextPtr xpath_context; + xmlXPathObjectPtr xpath_obj; + char *result = NULL; + + /* Create xpath evaluation context */ + xpath_context = xmlXPathNewContext(doc); + CHECK_NULL_FATAL(xpath_context, + ("Error: unable to create new XPath context\n")); + /* Register a namespace */ + if (xmlXPathRegisterNs(xpath_context, prefix, namespace) != 0) { + DEBUG(0, + ("Error: unable to register NS with prefix=\"%s\" and href=\"%s\"\n", + prefix , namespace)); + xmlXPathFreeContext(xpath_context); + return NULL; + } + /* Evaluate xpath expression */ + xpath_obj = xmlXPathEvalExpression(xpath_expr, xpath_context); + if (xpath_obj == NULL) { + DEBUG(0, + ("Error: unable to evaluate xpath expression \"%s\"\n", + xpath_expr)); + xmlXPathFreeContext(xpath_context); + return NULL; + } + + if (xmlXPathNodeSetIsEmpty(xpath_obj->nodesetval)) { + DEBUG(0, ("Nothing found for %s\n", xpath_expr)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return NULL; + } else if (xmlXPathNodeSetGetLength(xpath_obj->nodesetval) != 1) { + DEBUG(0, ("More than one node found for %s!", xpath_expr)); + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return NULL; + } else { + result = + (char *) xmlNodeListGetString(doc, + xpath_obj->nodesetval->nodeTab[0]-> + xmlChildrenNode, 1); + } + + + xmlXPathFreeObject(xpath_obj); + xmlXPathFreeContext(xpath_context); + return result; + +} diff --git a/worker/xml_helper.h b/worker/xml_helper.h new file mode 100644 index 0000000..7cd7dc3 --- /dev/null +++ b/worker/xml_helper.h @@ -0,0 +1,21 @@ +#include <libxml/tree.h> +#include <libxml/parser.h> +#include <libxml/xpath.h> +#include <libxml/xpathInternals.h> +#include <libxml/relaxng.h> + +#define XMLCHARLEN 255 +#define XSLT_METADATA_NAMESPACE (xmlChar *) "http://freeipa.org/xsl/metadata/1.0" +#define XSLT_METADATA_NAMESPACE_PREFIX (xmlChar *) "md" +#define XPATH_OUTPUT_HANDLER (xmlChar *) "//md:output_handler/md:*" + +extern xmlChar *default_namespace_prefix; + +int validate_policy(const char *policy_file_name, xmlChar **default_namespace, char **ipa_policy_type, char **xslt_file_name); + +int print_all_attributes(xmlNode *node); + +char *find_name_by_xpath(xmlDocPtr doc, xmlChar * xpath_expr, xmlChar * prefix, + xmlChar * namespace); +char *find_value_by_xpath(const xmlDocPtr doc, const xmlChar * xpath_expr, const xmlChar * prefix, + const xmlChar * namespace); |