diff options
Diffstat (limited to 'sudoers/validate.py')
| -rwxr-xr-x | sudoers/validate.py | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/sudoers/validate.py b/sudoers/validate.py deleted file mode 100755 index 9844e92..0000000 --- a/sudoers/validate.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/python - -import os, sys -import re -from lxml import etree - -def decompose(tag): - """ - Separate a tag (element name) into its namespace and unadorned tag. - """ - m = re.match('\{([^}]+)\}(.*)', tag) - try: - return (m.group(1), m.group(2)) - except: - return (None, tag) - -def validate(root, parent_ns=None): - """ - Recursively validate an XML Element object. - """ - # In order to allow "ipa global" patterns to enclose domain- or - # service-specific patterns (whose names are arbitrary and cannot be - # known beforehand since end users can add new ones at will), all of - # the ipa-provided global shemas contain a pattern which allows any - # valid XML (in some other namespace) to be present at the level at which - # the global pattern groups the service-specific elements. The simplest - # example is the top level <ipa> pattern which simply allows anything to - # be enclosed inside of it. - # - # The downside of this is that those "anything" elements will always - # validate as long as they are valid XML. - # - # So we have to walk the element tree and for each child element in - # a different namespace, revalidate it with the correct schema. It - # doesn't seem to really matter if we go breadth-first or depth-first. - - # only operate on elements, not comments or other stuff we don't know about - if type(root) is not etree._Element: - return True - - # Is this a new namespace? - (ns, tag) = decompose(root.tag) - if parent_ns == ns: - # Same ns, therefore this element has already been validated. Just descend. - for e in root: - if validate(e, ns) == False: - return False - return True - - # We found a new namespace; load the schema. - # To keep the example simple, we just use the tag to find the schema. - # IRL we would parse the ns to locate the schema in a local cache. - print "found namespace %s" % tag - parser = etree.RelaxNG(etree.parse(file("%s.rng" % tag))) - - # What we actually came here for; validate this element tree. - # Obviously, on error we would actually do something useful here. - try: - parser.assertValid(root) - except: - return False - - # Descend. - for e in root: - if validate(e, ns) == False: - return False - - return True - -def main(argv=None): - if argv is None: - argv = sys.argv - - try: - xmldoc = argv[1] - except: - xmldoc = "ipa.xml" - - root = etree.parse(file(xmldoc)).getroot() - if validate(root): - print "XML is valid" - sys.exit(0) - else: - print "try again, loser!" - sys.exit(1) - -if __name__ == "__main__": - sys.exit(main()) - |