From 41b9fc904340970f1b84c374fb8eb760e6282c8c Mon Sep 17 00:00:00 2001 From: cantor Date: Wed, 30 Jan 2008 03:17:32 +0000 Subject: [PATCH] Treat . and .. as absolute path signals. Support path resolution in config and cred files. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@460 de75baf8-a10c-0410-a50a-987c0e22f00f --- .../security/impl/FilesystemCredentialResolver.cpp | 46 +++++++++++++--------- xmltooling/util/PathResolver.cpp | 21 ++++------ xmltooling/util/PathResolver.h | 11 +++++- xmltooling/util/ReloadableXMLFile.cpp | 4 ++ 4 files changed, 48 insertions(+), 34 deletions(-) diff --git a/xmltooling/security/impl/FilesystemCredentialResolver.cpp b/xmltooling/security/impl/FilesystemCredentialResolver.cpp index 9ccf160..b555291 100644 --- a/xmltooling/security/impl/FilesystemCredentialResolver.cpp +++ b/xmltooling/security/impl/FilesystemCredentialResolver.cpp @@ -29,6 +29,7 @@ #include "security/OpenSSLCredential.h" #include "security/OpenSSLCryptoX509CRL.h" #include "util/NDC.h" +#include "util/PathResolver.h" #include "util/XMLHelper.h" #include @@ -146,8 +147,8 @@ namespace xmltooling { string formatToString(format_t format) const; format_t xmlFormatToFormat(const XMLCh* format_xml) const; - format_t m_keyformat,m_certformat,m_crlformat; - string m_keypath,m_keypass,m_certpath,m_certpass,m_crlpath; + format_t m_keyformat,m_crlformat; + string m_keypath,m_keypass,m_crlpath; vector m_certs; FilesystemCredential* m_credential; }; @@ -230,6 +231,8 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) if (e && e->hasChildNodes()) { const XMLCh* s=e->getFirstChild()->getNodeValue(); auto_ptr_char kpath(s); + m_keypath = kpath.get(); + XMLToolingConfig::getConfig().getPathResolver()->resolve(m_keypath, PathResolver::XMLTOOLING_CFG_FILE); #ifdef WIN32 struct _stat stat_buf; if (_stat(kpath.get(), &stat_buf) != 0) @@ -241,7 +244,6 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) log.error("key file (%s) can't be opened", kpath.get()); throw XMLSecurityException("FilesystemCredentialResolver can't access key file ($1)",params(1,kpath.get())); } - m_keypath=kpath.get(); } else { log.error("Path element missing inside Key element"); @@ -290,6 +292,8 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) if (e && e->hasChildNodes()) { const XMLCh* s=e->getFirstChild()->getNodeValue(); auto_ptr_char kpath(s); + m_crlpath=kpath.get(); + XMLToolingConfig::getConfig().getPathResolver()->resolve(m_crlpath, PathResolver::XMLTOOLING_CFG_FILE); #ifdef WIN32 struct _stat stat_buf; if (_stat(kpath.get(), &stat_buf) != 0) @@ -301,7 +305,6 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) log.error("CRL file (%s) can't be opened", kpath.get()); throw XMLSecurityException("FilesystemCredentialResolver can't access CRL file ($1)",params(1,kpath.get())); } - m_crlpath=kpath.get(); } else { log.error("Path element missing inside CRL element"); @@ -357,7 +360,10 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) throw XMLSecurityException("FilesystemCredentialResolver can't access certificate file, missing or empty Path element."); } - auto_ptr_char certpath(ep->getFirstChild()->getNodeValue()); + auto_ptr_char certpath2(ep->getFirstChild()->getNodeValue()); + string certpath(certpath2.get()); + XMLToolingConfig::getConfig().getPathResolver()->resolve(certpath, PathResolver::XMLTOOLING_CFG_FILE); + format_xml=e->getAttributeNS(NULL,format); if (format_xml && *format_xml) { fformat = xmlFormatToFormat(format_xml); @@ -374,11 +380,11 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) X509* x=NULL; PKCS12* p12=NULL; in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,certpath.get())>0) { + if (in && BIO_read_filename(in,certpath.c_str())>0) { if (!format_xml || !*format_xml) { // Determine the cert encoding format dynamically, if not explicitly specified fformat = getEncodingFormat(in); - log.debug("certificate encoding format for (%s) dynamically resolved as (%s)", certpath.get(), formatToString(fformat).c_str()); + log.debug("certificate encoding format for (%s) dynamically resolved as (%s)", certpath.c_str(), formatToString(fformat).c_str()); } switch(fformat) { @@ -394,7 +400,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) else { log_openssl(); BIO_free(in); - throw XMLSecurityException("FilesystemCredentialResolver unable to load DER certificate from file ($1)",params(1,certpath.get())); + throw XMLSecurityException("FilesystemCredentialResolver unable to load DER certificate from file ($1)",params(1,certpath.c_str())); } break; @@ -410,7 +416,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) } else { log_openssl(); BIO_free(in); - throw XMLSecurityException("FilesystemCredentialResolver unable to load PKCS12 certificate from file ($1)",params(1,certpath.get())); + throw XMLSecurityException("FilesystemCredentialResolver unable to load PKCS12 certificate from file ($1)",params(1,certpath.c_str())); } break; } // end switch @@ -421,7 +427,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) BIO_free(in); in=NULL; } - throw XMLSecurityException("FilesystemCredentialResolver unable to load certificate(s) from file ($1)",params(1,certpath.get())); + throw XMLSecurityException("FilesystemCredentialResolver unable to load certificate(s) from file ($1)",params(1,certpath.c_str())); } if (in) { BIO_free(in); @@ -439,20 +445,22 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) extra = XMLHelper::getNextSiblingElement(extra,CAPath); continue; } - auto_ptr_char capath(extra->getFirstChild()->getNodeValue()); + auto_ptr_char capath2(extra->getFirstChild()->getNodeValue()); + string capath(capath2.get()); + XMLToolingConfig::getConfig().getPathResolver()->resolve(capath, PathResolver::XMLTOOLING_CFG_FILE); x=NULL; p12=NULL; in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,capath.get())>0) { + if (in && BIO_read_filename(in,capath.c_str())>0) { if (!format_xml || !*format_xml) { // Determine the cert encoding format dynamically, if not explicitly specified fformat = getEncodingFormat(in); - log.debug("CA certificate encoding format for (%s) dynamically resolved as (%s)", certpath.get(), formatToString(fformat).c_str()); + log.debug("CA certificate encoding format for (%s) dynamically resolved as (%s)", capath.c_str(), formatToString(fformat).c_str()); } switch (fformat) { case PEM: - while (x=PEM_read_bio_X509(in,NULL,passwd_callback,const_cast(certpass.get()))) + while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) m_certs.push_back(x); break; @@ -463,14 +471,14 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) else { log_openssl(); BIO_free(in); - throw XMLSecurityException("FilesystemCredentialResolver unable to load DER CA certificate from file ($1)",params(1,capath.get())); + throw XMLSecurityException("FilesystemCredentialResolver unable to load DER CA certificate from file ($1)",params(1,capath.c_str())); } break; case _PKCS12: p12 = d2i_PKCS12_bio(in, NULL); if (p12) { - PKCS12_parse(p12, certpass.get(), NULL, &x, NULL); + PKCS12_parse(p12, NULL, NULL, &x, NULL); PKCS12_free(p12); } if (x) { @@ -480,7 +488,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) else { log_openssl(); BIO_free(in); - throw XMLSecurityException("FilesystemCredentialResolver unable to load PKCS12 CA certificate from file ($1)",params(1,capath.get())); + throw XMLSecurityException("FilesystemCredentialResolver unable to load PKCS12 CA certificate from file ($1)",params(1,capath.c_str())); } break; } //end switch @@ -491,8 +499,8 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) if (in) BIO_free(in); log_openssl(); - log.error("CA file (%s) can't be opened", capath.get()); - throw XMLSecurityException("FilesystemCredentialResolver can't open CA file ($1)",params(1,capath.get())); + log.error("CA file (%s) can't be opened", capath.c_str()); + throw XMLSecurityException("FilesystemCredentialResolver can't open CA file ($1)",params(1,capath.c_str())); } extra = XMLHelper::getNextSiblingElement(extra,CAPath); diff --git a/xmltooling/util/PathResolver.cpp b/xmltooling/util/PathResolver.cpp index 2d521bb..f894d2f 100644 --- a/xmltooling/util/PathResolver.cpp +++ b/xmltooling/util/PathResolver.cpp @@ -29,40 +29,35 @@ using namespace std; const string& PathResolver::resolve(string& s, file_type_t filetype, const char* pkgname, const char* prefix) const { -#ifdef WIN32 - static const char sep = '\\'; -#else - static const char sep = '/'; -#endif if (!isAbsolute(s.c_str())) { switch (filetype) { case XMLTOOLING_LIB_FILE: - s = string(prefix ? prefix : m_defaultPrefix) + sep + "lib" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string(prefix ? prefix : m_defaultPrefix) + "/lib/" + (pkgname ? pkgname : m_defaultPackage) + '/' + s; break; case XMLTOOLING_LOG_FILE: if (prefix || m_defaultPrefix != "/usr") - s = string(prefix ? prefix : m_defaultPrefix) + sep + "var" + sep + "log" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string(prefix ? prefix : m_defaultPrefix) + "/var/log/" + (pkgname ? pkgname : m_defaultPackage) + '/' + s; else - s = string(sep,1) + "var" + sep + "log" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string("/var/log/") + (pkgname ? pkgname : m_defaultPackage) + '/' + s; break; case XMLTOOLING_XML_FILE: - s = string(prefix ? prefix : m_defaultPrefix) + sep + "share" + sep + "xml" + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string(prefix ? prefix : m_defaultPrefix) + "/share/xml/" + (pkgname ? pkgname : m_defaultPackage) + '/' + s; break; case XMLTOOLING_RUN_FILE: if (prefix || m_defaultPrefix != "/usr") - s = string(prefix ? prefix : m_defaultPrefix) + sep + "var" + sep + "run" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string(prefix ? prefix : m_defaultPrefix) + "/var/run/" + (pkgname ? pkgname : m_defaultPackage) + '/' + s; else - s = string(sep,1) + "var" + sep + "run" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string("/var/run/") + (pkgname ? pkgname : m_defaultPackage) + '/' + s; break; case XMLTOOLING_CFG_FILE: if (prefix || m_defaultPrefix != "/usr") - s = string(prefix ? prefix : m_defaultPrefix) + sep + "etc" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string(prefix ? prefix : m_defaultPrefix) + "/etc/" + (pkgname ? pkgname : m_defaultPackage) + '/' + s; else - s = string(sep,1) + "etc" + sep + (pkgname ? pkgname : m_defaultPackage) + sep + s; + s = string("/etc/") + (pkgname ? pkgname : m_defaultPackage) + '/' + s; break; default: diff --git a/xmltooling/util/PathResolver.h b/xmltooling/util/PathResolver.h index c8ec580..23f6d94 100644 --- a/xmltooling/util/PathResolver.h +++ b/xmltooling/util/PathResolver.h @@ -36,7 +36,7 @@ namespace xmltooling { { MAKE_NONCOPYABLE(PathResolver); public: - PathResolver() {} + PathResolver() : m_defaultPackage("xmltooling"), m_defaultPrefix("/usr") {} virtual ~PathResolver() {} @@ -81,7 +81,14 @@ namespace xmltooling { private: bool isAbsolute(const char* s) const { - return (*s == '/' || *s == '\\' || *(s+1) == ':'); + switch (*s) { + case '/': + case '\\': + return true; + case '.': + return (*(s+1) == '.' || *(s+1) == '/' || *(s+1) == '\\'); + } + return *(s+1) == ':'; } std::string m_defaultPackage,m_defaultPrefix; diff --git a/xmltooling/util/ReloadableXMLFile.cpp b/xmltooling/util/ReloadableXMLFile.cpp index 27c6ae5..172b813 100644 --- a/xmltooling/util/ReloadableXMLFile.cpp +++ b/xmltooling/util/ReloadableXMLFile.cpp @@ -22,6 +22,7 @@ #include "internal.h" #include "util/NDC.h" +#include "util/PathResolver.h" #include "util/ReloadableXMLFile.h" #include "util/XMLConstants.h" #include "util/XMLHelper.h" @@ -92,6 +93,8 @@ ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log) } if (m_local) { + XMLToolingConfig::getConfig().getPathResolver()->resolve(m_source, PathResolver::XMLTOOLING_CFG_FILE); + flag=e->getAttributeNS(NULL,reloadChanges); if (!XMLString::equals(flag,xmlconstants::XML_FALSE) && !XMLString::equals(flag,xmlconstants::XML_ZERO)) { #ifdef WIN32 @@ -114,6 +117,7 @@ ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log) if (source && *source) { auto_ptr_char temp2(source); m_backing=temp2.get(); + XMLToolingConfig::getConfig().getPathResolver()->resolve(m_backing, PathResolver::XMLTOOLING_RUN_FILE); log.debug("backup remote resource with (%s)", m_backing.c_str()); } source = e->getAttributeNS(NULL,reloadInterval); -- 2.1.4