blob: 543c687beb0f9b721cb48145fb990c90ad4c4a83 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?xml version="1.0" encoding="UTF-8"?>
<!--
Author: Sumit Bose <sbose@redhat.com>
Copyright (C) 2008 Red Hat
see file 'COPYING' for use and warranty information
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the Free
Software Foundation; version 2 only
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
details.
You should have received a copy of the GNU Lesser General Public License
along with this program; see the file COPYING.LGPL. If not, write to the
Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111-1307, USA.
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:md="http://freeipa.org/xsl/metadata/1.0"
xmlns:xd="http://www.pnp-software.com/XSLTdoc"
xmlns:ipaaction="http://freeipa.org/xml/rng/ipaaction/1.0">
<md:output_handler>
<xd:doc>Here we have two different kind of handlers 'download' and 'exec'.</xd:doc>
<download param_name="output_selector" param_value="file"/>
<xd:doc>TODO: we have to decide what the client application should do. It would be possible to call an external program like 'curl' or 'wget' or the call libcurl to download a file. I would vote for using 'curl' or 'libcurl' because it seem that curl supports more methods than wget. Download should be done by user nobody into a teporary file and then moved and chowned to the destination.</xd:doc>
<exec param_name="output_selector" param_value="run"/>
<xd:doc>TODO: we have to decide how the client application should call the applied program or script. If no 'user' is specifed the default user should be 'nobody'.</xd:doc>
</md:output_handler>
<xsl:param name="output_selector"/>
<xsl:output method="text" indent="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="/">
<xsl:text># IPA generated script for ipaaction policy. DO NOT EDIT

</xsl:text>
<xsl:apply-templates select="ipaaction:ipa"/>
</xsl:template>
<xsl:template match="ipaaction:ipa">
<xsl:apply-templates>
<xsl:with-param name="ipaaction:ipaaction"/>
</xsl:apply-templates>
</xsl:template>
<xsl:template match="ipaaction:metadata">
</xsl:template>
<xsl:template match="ipaaction:ipaaction">
<xsl:choose>
<xsl:when test="$output_selector='file'">
<xsl:apply-templates select="ipaaction:file"/>
</xsl:when>
<xsl:when test="$output_selector='run'">
<xsl:apply-templates select="ipaaction:run"/>
</xsl:when>
<xsl:otherwise>
<xsl:text># unknown output_selector
</xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="ipaaction:file">
<xsl:choose>
<xsl:when test="name(./*[1])='url'">
<xsl:text>su - nobody 'curl -o /tmp/SAFE_TEMP_FILE </xsl:text>
<xsl:value-of select="ipaaction:url"/>
<xsl:text>'
</xsl:text>
</xsl:when>
<xsl:when test="name(./*[1])='data'">
<xsl:text>cat << EOF | base64 -d > /tmp/SAFE_TEMP_FILE
</xsl:text>
<xsl:value-of select="ipaaction:data"/>
<xsl:text>
EOF
</xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text># unknown element: </xsl:text>
<xsl:value-of select="name(./*[1])"/>
<xsl:text>
</xsl:text>
</xsl:otherwise>
</xsl:choose>
<xsl:text>mv /tmp/SAFE_TEMP_FILE </xsl:text>
<xsl:value-of select="ipaaction:path"/>
<xsl:text>
</xsl:text>
<xsl:text>chown </xsl:text>
<xsl:value-of select="ipaaction:owner"/>
<xsl:text>:</xsl:text>
<xsl:value-of select="ipaaction:group"/>
<xsl:text> </xsl:text>
<xsl:value-of select="ipaaction:path"/>
<xsl:text>
</xsl:text>
</xsl:template>
<xsl:template match="ipaaction:run">
<xsl:variable name="user">
<xsl:choose>
<xsl:when test="ipaaction:user != ''">
<xsl:value-of select="ipaaction:user"/>
</xsl:when>
<xsl:otherwise>
<xsl:text>nobody</xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:text>su - </xsl:text>
<xsl:value-of select="$user"/>
<xsl:text> '</xsl:text>
<xsl:value-of select="ipaaction:command"/>
<xsl:text>'
</xsl:text>
</xsl:template>
</xsl:stylesheet>
|