4 files changed, 181 insertions, 3 deletions

diff --git a/ipaaction/ipaaction.xsl b/ipaaction/ipaaction.xsl
index 543c687..e8e3c14 100644
--- a/ipaaction/ipaaction.xsl
+++ b/ipaaction/ipaaction.xsl
@@ -28,9 +28,9 @@ MA 02111-1307, USA.
 
   <md:output_handler>
     <xd:doc>Here we have two different kind of handlers 'download' and 'exec'.</xd:doc>
-    <download param_name="output_selector" param_value="file"/>
+    <md:download md:param_name="output_selector" md:param_value="file"/>
     <xd:doc>TODO: we have to decide what the client application should do. It would be possible to call an external program like 'curl' or 'wget' or the call libcurl to download a file. I would vote for using 'curl' or 'libcurl' because it seem that curl supports  more methods than wget. Download should be done by user nobody into a teporary file and then moved and chowned to the destination.</xd:doc>
-    <exec param_name="output_selector" param_value="run"/>
+    <md:exec md:param_name="output_selector" md:param_value="run"/>
     <xd:doc>TODO: we have to decide how the client application should call the applied program or script. If no 'user' is specifed the default user should be 'nobody'.</xd:doc>
   </md:output_handler>
 
diff --git a/policy_metadata/xsl_md.xsl b/policy_metadata/xsl_md.xsl
new file mode 100644
index 0000000..8178615
--- /dev/null
+++ b/policy_metadata/xsl_md.xsl
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Author: Sumit Bose <sbose@redhat.com>
+
+Copyright (C) 2008  Red Hat
+see file 'COPYING' for use and warranty information
+
+This program is free software; you can redistribute it and/or modify it under
+the terms of the GNU Lesser General Public License as published by the Free
+Software Foundation; version 2 only
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with this program; see the file COPYING.LGPL.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+MA 02111-1307, USA.
+-->
+<xsl:stylesheet version="1.0"
+  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:md="http://freeipa.org/xsl/metadata/1.0">
+
+  <xsl:output method="xml" indent="yes"/>
+  <xsl:strip-space elements="*"/>
+
+  <xsl:template match="md:output_handler">
+    <xsl:copy-of select="."/>
+  </xsl:template>
+  <xsl:template match="text()">
+  </xsl:template>
+  
+
+</xsl:stylesheet>
diff --git a/policy_metadata/xsl_metadata.rng b/policy_metadata/xsl_metadata.rng
new file mode 100644
index 0000000..b5445ca
--- /dev/null
+++ b/policy_metadata/xsl_metadata.rng
@@ -0,0 +1,142 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Author: Sumit Bose <sbose@redhat.com>
+
+Copyright (C) 2008  Red Hat
+see file 'COPYING' for use and warranty information
+
+This program is free software; you can redistribute it and/or modify it under
+the terms of the GNU Lesser General Public License as published by the Free
+Software Foundation; version 2 only
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with this program; see the file COPYING.LGPL.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+MA 02111-1307, USA.
+-->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"
+xmlns:a="http://freeipa.org/xml/rng/ns/annotations/1.0"
+xmlns:md="http://freeipa.org/xsl/metadata/1.0"
+xmlns:pa="http://freeipa.org/xml/rng/ns/plugable_architecture/1.0">
+
+
+  <start ns="http://freeipa.org/xsl/metadata/1.0">
+
+    <a:doc>With the md:output_handler element it is possible to define how the
+    policy data is processed after the XSLT transformation is applied. The idea
+    is that a driver program or script can access this metadata information with
+    a suitable XPath and can handle the output of the transformation
+    accordingly.</a:doc>
+    <element name="md:output_handler">
+      <oneOrMore>
+        <choice>
+
+          <a:doc>md:file is the typical output handler for IPA config policies.
+          The driver program will created a file and write the output of the
+          transformation to this this or merge with the content of the local
+          file depending on the information provided by the policy.</a:doc>
+          <element name="md:file">
+            <ref name="selector"/>
+            <ref name="file_properties"/>
+          </element>
+
+          <a:doc>The md:exec_with_args will use a line of the output of the
+          transformation a command line argument of a program.</a:doc>
+          <element name="md:exec_with_args">
+            <ref name="selector"/>
+            <ref name="exec_properties"/>
+          </element>
+
+          <a:doc>The result of the XSLT transformation will be piped by the
+          driver to stdin of another program when using
+          md:exec_with_stdin_pipe.</a:doc>
+          <element name="md:exec_with_stdin_pipe">
+            <ref name="selector"/>
+            <ref name="exec_properties"/>
+          </element>
+
+          <a:doc>Maybe we will have a separate output handler to write to the
+          client's ldb.</a:doc>
+          <element name="md:ldb">
+            <ref name="selector"/>
+          </element>
+
+          <a:doc>The following is a dummy element to catch all elements from
+          different namespaces, e.g. comments and documentation</a:doc>
+          <element>
+            <anyName>
+              <except>
+                <nsName/>
+                <nsName ns=""/>
+              </except>
+            </anyName>
+            <text/>
+          </element>
+
+        </choice>
+      </oneOrMore>
+    </element>
+  </start>
+
+  <a:doc>It is possible to generate more than one type of output for more than
+  one output handler. To switch between different types of output a parameter
+  with different values can be used. The driver program can access the name of
+  the parameter (md:param_name) and the value (md:param_value) of the current
+  output handler with suitable XPath statements.</a:doc>
+  <define name="selector">
+    <optional>
+      <attribute name="md:param_name">
+        <text/>
+      </attribute>
+      <attribute name="md:param_value">
+        <text/>
+      </attribute>
+    </optional>
+  </define>
+
+  <a:doc></a:doc>
+  <define name="file_properties">
+    <attribute name="md:name">
+      <text/>
+    </attribute>
+    <optional>
+      <attribute name="md:owner">
+        <text/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="md:group">
+        <text/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="md:permission">
+        <text/>
+      </attribute>
+    </optional>
+    <optional>
+      <attribute name="md:selinux_context">
+        <text/>
+      </attribute>
+    </optional>
+  </define>
+
+  <a:doc></a:doc>
+  <define name="exec_properties">
+    <attribute name="md:command">
+      </text>
+    </attribute>
+    <optional>
+      <attribute name="md:arguments">
+        </text>
+      </attribute>
+    </optional>
+  </define>
+
+</grammar>
diff --git a/sudoers/sudoers.xsl b/sudoers/sudoers.xsl
index f0744d5..577ccf8 100644
--- a/sudoers/sudoers.xsl
+++ b/sudoers/sudoers.xsl
@@ -27,7 +27,7 @@ MA 02111-1307, USA.
   xmlns:sudoers="http://freeipa.org/xml/rng/sudo/1.0">
 
   <md:output_handler>
-    <file name="/etc/sudoers" owner="root" group="root" permission="440"/>
+    <md:file md:name="/etc/sudoers" md:owner="root" md:group="root" md:permission="440"/>
   </md:output_handler>
 
   <xsl:output method="text" indent="no"/>