This source file includes following definitions.
- AcquirePolicyCache
- GetPolicyInfo
- GetPolicyInfoList
- GetPolicyList
- GetPolicyValue
- IsPolicyCacheInstantiated
- IsRightsAuthorized
- ListPolicyInfo
- LoadPolicyCache
- PolicyComponentGenesis
- DestroyPolicyElement
- PolicyComponentTerminus
#include "magick/studio.h"
#include "magick/client.h"
#include "magick/configure.h"
#include "magick/exception.h"
#include "magick/exception-private.h"
#include "magick/memory_.h"
#include "magick/monitor.h"
#include "magick/monitor-private.h"
#include "magick/option.h"
#include "magick/policy.h"
#include "magick/semaphore.h"
#include "magick/string_.h"
#include "magick/token.h"
#include "magick/utility.h"
#include "magick/xml-tree.h"
#include "magick/xml-tree-private.h"
#define PolicyFilename "policy.xml"
struct _PolicyInfo
{
char
*path;
PolicyDomain
domain;
PolicyRights
rights;
char
*name,
*pattern,
*value;
MagickBooleanType
exempt,
stealth,
debug;
SemaphoreInfo
*semaphore;
size_t
signature;
};
typedef struct _PolicyMapInfo
{
const PolicyDomain
domain;
const PolicyRights
rights;
const char
*name,
*pattern,
*value;
} PolicyMapInfo;
static const PolicyMapInfo
PolicyMap[] =
{
{ UndefinedPolicyDomain, UndefinedPolicyRights, (const char *) NULL,
(const char *) NULL, (const char *) NULL }
};
static LinkedListInfo
*policy_cache = (LinkedListInfo *) NULL;
static SemaphoreInfo
*policy_semaphore = (SemaphoreInfo *) NULL;
static MagickBooleanType
IsPolicyCacheInstantiated(ExceptionInfo *),
LoadPolicyCache(LinkedListInfo *,const char *,const char *,const size_t,
ExceptionInfo *);
static LinkedListInfo *AcquirePolicyCache(const char *filename,
ExceptionInfo *exception)
{
const StringInfo
*option;
LinkedListInfo
*options,
*policy_cache;
MagickStatusType
status;
register ssize_t
i;
policy_cache=NewLinkedList(0);
if (policy_cache == (LinkedListInfo *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
status=MagickTrue;
options=GetConfigureOptions(filename,exception);
option=(const StringInfo *) GetNextValueInLinkedList(options);
while (option != (const StringInfo *) NULL)
{
status&=LoadPolicyCache(policy_cache,(const char *)
GetStringInfoDatum(option),GetStringInfoPath(option),0,exception);
option=(const StringInfo *) GetNextValueInLinkedList(options);
}
options=DestroyConfigureOptions(options);
for (i=0; i < (ssize_t) (sizeof(PolicyMap)/sizeof(*PolicyMap)); i++)
{
PolicyInfo
*policy_info;
register const PolicyMapInfo
*p;
p=PolicyMap+i;
policy_info=(PolicyInfo *) AcquireMagickMemory(sizeof(*policy_info));
if (policy_info == (PolicyInfo *) NULL)
{
(void) ThrowMagickException(exception,GetMagickModule(),
ResourceLimitError,"MemoryAllocationFailed","`%s'",p->name);
continue;
}
(void) ResetMagickMemory(policy_info,0,sizeof(*policy_info));
policy_info->path=(char *) "[built-in]";
policy_info->domain=p->domain;
policy_info->rights=p->rights;
policy_info->name=(char *) p->name;
policy_info->pattern=(char *) p->pattern;
policy_info->value=(char *) p->value;
policy_info->exempt=MagickTrue;
policy_info->signature=MagickSignature;
status&=AppendValueToLinkedList(policy_cache,policy_info);
if (status == MagickFalse)
(void) ThrowMagickException(exception,GetMagickModule(),
ResourceLimitError,"MemoryAllocationFailed","`%s'",policy_info->name);
}
return(policy_cache);
}
static PolicyInfo *GetPolicyInfo(const char *name,ExceptionInfo *exception)
{
char
policyname[MaxTextExtent];
register PolicyInfo
*p;
register char
*q;
assert(exception != (ExceptionInfo *) NULL);
if (IsPolicyCacheInstantiated(exception) == MagickFalse)
return((PolicyInfo *) NULL);
*policyname='\0';
if (name != (const char *) NULL)
(void) CopyMagickString(policyname,name,MaxTextExtent);
for (q=policyname; *q != '\0'; q++)
{
if (isspace((int) ((unsigned char) *q)) == 0)
continue;
(void) CopyMagickString(q,q+1,MaxTextExtent);
q--;
}
LockSemaphoreInfo(policy_semaphore);
ResetLinkedListIterator(policy_cache);
p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache);
if ((name == (const char *) NULL) || (LocaleCompare(name,"*") == 0))
{
UnlockSemaphoreInfo(policy_semaphore);
return(p);
}
while (p != (PolicyInfo *) NULL)
{
if (LocaleCompare(policyname,p->name) == 0)
break;
p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache);
}
if (p != (PolicyInfo *) NULL)
(void) InsertValueInLinkedList(policy_cache,0,
RemoveElementByValueFromLinkedList(policy_cache,p));
UnlockSemaphoreInfo(policy_semaphore);
return(p);
}
MagickExport const PolicyInfo **GetPolicyInfoList(const char *pattern,
size_t *number_policies,ExceptionInfo *exception)
{
const PolicyInfo
**policies;
register const PolicyInfo
*p;
register ssize_t
i;
assert(pattern != (char *) NULL);
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",pattern);
assert(number_policies != (size_t *) NULL);
*number_policies=0;
p=GetPolicyInfo("*",exception);
if (p == (const PolicyInfo *) NULL)
return((const PolicyInfo **) NULL);
policies=(const PolicyInfo **) AcquireQuantumMemory((size_t)
GetNumberOfElementsInLinkedList(policy_cache)+1UL,sizeof(*policies));
if (policies == (const PolicyInfo **) NULL)
return((const PolicyInfo **) NULL);
LockSemaphoreInfo(policy_semaphore);
ResetLinkedListIterator(policy_cache);
p=(const PolicyInfo *) GetNextValueInLinkedList(policy_cache);
for (i=0; p != (const PolicyInfo *) NULL; )
{
if ((p->stealth == MagickFalse) &&
(GlobExpression(p->name,pattern,MagickFalse) != MagickFalse))
policies[i++]=p;
p=(const PolicyInfo *) GetNextValueInLinkedList(policy_cache);
}
UnlockSemaphoreInfo(policy_semaphore);
policies[i]=(PolicyInfo *) NULL;
*number_policies=(size_t) i;
return(policies);
}
MagickExport char **GetPolicyList(const char *pattern,
size_t *number_policies,ExceptionInfo *exception)
{
char
**policies;
register const PolicyInfo
*p;
register ssize_t
i;
assert(pattern != (char *) NULL);
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",pattern);
assert(number_policies != (size_t *) NULL);
*number_policies=0;
p=GetPolicyInfo("*",exception);
if (p == (const PolicyInfo *) NULL)
return((char **) NULL);
policies=(char **) AcquireQuantumMemory((size_t)
GetNumberOfElementsInLinkedList(policy_cache)+1UL,sizeof(*policies));
if (policies == (char **) NULL)
return((char **) NULL);
LockSemaphoreInfo(policy_semaphore);
ResetLinkedListIterator(policy_cache);
p=(const PolicyInfo *) GetNextValueInLinkedList(policy_cache);
for (i=0; p != (const PolicyInfo *) NULL; )
{
if ((p->stealth == MagickFalse) &&
(GlobExpression(p->name,pattern,MagickFalse) != MagickFalse))
policies[i++]=ConstantString(p->name);
p=(const PolicyInfo *) GetNextValueInLinkedList(policy_cache);
}
UnlockSemaphoreInfo(policy_semaphore);
policies[i]=(char *) NULL;
*number_policies=(size_t) i;
return(policies);
}
MagickExport char *GetPolicyValue(const char *name)
{
const char
*value;
const PolicyInfo
*policy_info;
ExceptionInfo
*exception;
assert(name != (const char *) NULL);
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",name);
exception=AcquireExceptionInfo();
policy_info=GetPolicyInfo(name,exception);
exception=DestroyExceptionInfo(exception);
if (policy_info == (PolicyInfo *) NULL)
return((char *) NULL);
value=policy_info->value;
if ((value == (const char *) NULL) || (*value == '\0'))
return((char *) NULL);
return(ConstantString(value));
}
static MagickBooleanType IsPolicyCacheInstantiated(ExceptionInfo *exception)
{
if (policy_cache == (LinkedListInfo *) NULL)
{
if (policy_semaphore == (SemaphoreInfo *) NULL)
ActivateSemaphoreInfo(&policy_semaphore);
LockSemaphoreInfo(policy_semaphore);
if (policy_cache == (LinkedListInfo *) NULL)
policy_cache=AcquirePolicyCache(PolicyFilename,exception);
UnlockSemaphoreInfo(policy_semaphore);
}
return(policy_cache != (LinkedListInfo *) NULL ? MagickTrue : MagickFalse);
}
MagickExport MagickBooleanType IsRightsAuthorized(const PolicyDomain domain,
const PolicyRights rights,const char *pattern)
{
const PolicyInfo
*policy_info;
ExceptionInfo
*exception;
MagickBooleanType
authorized;
register PolicyInfo
*p;
(void) LogMagickEvent(PolicyEvent,GetMagickModule(),
"Domain: %s; rights=%s; pattern=\"%s\" ...",
CommandOptionToMnemonic(MagickPolicyDomainOptions,domain),
CommandOptionToMnemonic(MagickPolicyRightsOptions,rights),pattern);
exception=AcquireExceptionInfo();
policy_info=GetPolicyInfo("*",exception);
exception=DestroyExceptionInfo(exception);
if (policy_info == (PolicyInfo *) NULL)
return(MagickTrue);
authorized=MagickTrue;
LockSemaphoreInfo(policy_semaphore);
ResetLinkedListIterator(policy_cache);
p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache);
while ((p != (PolicyInfo *) NULL) && (authorized != MagickFalse))
{
if ((p->domain == domain) &&
(GlobExpression(pattern,p->pattern,MagickFalse) != MagickFalse))
{
if (((rights & ReadPolicyRights) != 0) &&
((p->rights & ReadPolicyRights) == 0))
authorized=MagickFalse;
if (((rights & WritePolicyRights) != 0) &&
((p->rights & WritePolicyRights) == 0))
authorized=MagickFalse;
if (((rights & ExecutePolicyRights) != 0) &&
((p->rights & ExecutePolicyRights) == 0))
authorized=MagickFalse;
}
p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache);
}
UnlockSemaphoreInfo(policy_semaphore);
return(authorized);
}
MagickExport MagickBooleanType ListPolicyInfo(FILE *file,
ExceptionInfo *exception)
{
const char
*path,
*domain;
const PolicyInfo
**policy_info;
register ssize_t
i;
size_t
number_policies;
if (file == (const FILE *) NULL)
file=stdout;
policy_info=GetPolicyInfoList("*",&number_policies,exception);
if (policy_info == (const PolicyInfo **) NULL)
return(MagickFalse);
path=(const char *) NULL;
for (i=0; i < (ssize_t) number_policies; i++)
{
if (policy_info[i]->stealth != MagickFalse)
continue;
if (((path == (const char *) NULL) ||
(LocaleCompare(path,policy_info[i]->path) != 0)) &&
(policy_info[i]->path != (char *) NULL))
(void) FormatLocaleFile(file,"\nPath: %s\n",policy_info[i]->path);
path=policy_info[i]->path;
domain=CommandOptionToMnemonic(MagickPolicyDomainOptions,
policy_info[i]->domain);
(void) FormatLocaleFile(file," Policy: %s\n",domain);
if ((policy_info[i]->domain == ResourcePolicyDomain) ||
(policy_info[i]->domain == SystemPolicyDomain))
{
if (policy_info[i]->name != (char *) NULL)
(void) FormatLocaleFile(file," name: %s\n",policy_info[i]->name);
if (policy_info[i]->value != (char *) NULL)
(void) FormatLocaleFile(file," value: %s\n",policy_info[i]->value);
}
else
{
(void) FormatLocaleFile(file," rights: ");
if (policy_info[i]->rights == NoPolicyRights)
(void) FormatLocaleFile(file,"None ");
if ((policy_info[i]->rights & ReadPolicyRights) != 0)
(void) FormatLocaleFile(file,"Read ");
if ((policy_info[i]->rights & WritePolicyRights) != 0)
(void) FormatLocaleFile(file,"Write ");
if ((policy_info[i]->rights & ExecutePolicyRights) != 0)
(void) FormatLocaleFile(file,"Execute ");
(void) FormatLocaleFile(file,"\n");
if (policy_info[i]->pattern != (char *) NULL)
(void) FormatLocaleFile(file," pattern: %s\n",
policy_info[i]->pattern);
}
}
policy_info=(const PolicyInfo **) RelinquishMagickMemory((void *)
policy_info);
(void) fflush(file);
return(MagickTrue);
}
static MagickBooleanType LoadPolicyCache(LinkedListInfo *policy_cache,
const char *xml,const char *filename,const size_t depth,
ExceptionInfo *exception)
{
char
keyword[MaxTextExtent],
*token;
const char
*q;
MagickStatusType
status;
PolicyInfo
*policy_info;
(void) LogMagickEvent(ConfigureEvent,GetMagickModule(),
"Loading policy file \"%s\" ...",filename);
if (xml == (char *) NULL)
return(MagickFalse);
status=MagickTrue;
policy_info=(PolicyInfo *) NULL;
token=AcquireString(xml);
for (q=(const char *) xml; *q != '\0'; )
{
GetMagickToken(q,&q,token);
if (*token == '\0')
break;
(void) CopyMagickString(keyword,token,MaxTextExtent);
if (LocaleNCompare(keyword,"<!DOCTYPE",9) == 0)
{
while ((LocaleNCompare(q,"]>",2) != 0) && (*q != '\0'))
GetMagickToken(q,&q,token);
continue;
}
if (LocaleNCompare(keyword,"<!--",4) == 0)
{
while ((LocaleNCompare(q,"->",2) != 0) && (*q != '\0'))
GetMagickToken(q,&q,token);
continue;
}
if (LocaleCompare(keyword,"<include") == 0)
{
while (((*token != '/') && (*(token+1) != '>')) && (*q != '\0'))
{
(void) CopyMagickString(keyword,token,MaxTextExtent);
GetMagickToken(q,&q,token);
if (*token != '=')
continue;
GetMagickToken(q,&q,token);
if (LocaleCompare(keyword,"file") == 0)
{
if (depth > 200)
(void) ThrowMagickException(exception,GetMagickModule(),
ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
else
{
char
path[MaxTextExtent],
*xml;
GetPathComponent(filename,HeadPath,path);
if (*path != '\0')
(void) ConcatenateMagickString(path,DirectorySeparator,
MaxTextExtent);
if (*token == *DirectorySeparator)
(void) CopyMagickString(path,token,MaxTextExtent);
else
(void) ConcatenateMagickString(path,token,MaxTextExtent);
xml=FileToXML(path,~0UL);
if (xml != (char *) NULL)
{
status&=LoadPolicyCache(policy_cache,xml,path,depth+1,
exception);
xml=(char *) RelinquishMagickMemory(xml);
}
}
}
}
continue;
}
if (LocaleCompare(keyword,"<policy") == 0)
{
policy_info=(PolicyInfo *) AcquireMagickMemory(sizeof(*policy_info));
if (policy_info == (PolicyInfo *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
(void) ResetMagickMemory(policy_info,0,sizeof(*policy_info));
policy_info->path=ConstantString(filename);
policy_info->exempt=MagickFalse;
policy_info->signature=MagickSignature;
continue;
}
if (policy_info == (PolicyInfo *) NULL)
continue;
if (LocaleCompare(keyword,"/>") == 0)
{
status=AppendValueToLinkedList(policy_cache,policy_info);
if (status == MagickFalse)
(void) ThrowMagickException(exception,GetMagickModule(),
ResourceLimitError,"MemoryAllocationFailed","`%s'",
policy_info->name);
policy_info=(PolicyInfo *) NULL;
continue;
}
GetMagickToken(q,(const char **) NULL,token);
if (*token != '=')
continue;
GetMagickToken(q,&q,token);
GetMagickToken(q,&q,token);
switch (*keyword)
{
case 'D':
case 'd':
{
if (LocaleCompare((char *) keyword,"domain") == 0)
{
policy_info->domain=(PolicyDomain) ParseCommandOption(
MagickPolicyDomainOptions,MagickTrue,token);
break;
}
break;
}
case 'N':
case 'n':
{
if (LocaleCompare((char *) keyword,"name") == 0)
{
policy_info->name=ConstantString(token);
break;
}
break;
}
case 'P':
case 'p':
{
if (LocaleCompare((char *) keyword,"pattern") == 0)
{
policy_info->pattern=ConstantString(token);
break;
}
break;
}
case 'R':
case 'r':
{
if (LocaleCompare((char *) keyword,"rights") == 0)
{
policy_info->rights=(PolicyRights) ParseCommandOption(
MagickPolicyRightsOptions,MagickTrue,token);
break;
}
break;
}
case 'S':
case 's':
{
if (LocaleCompare((char *) keyword,"stealth") == 0)
{
policy_info->stealth=IsMagickTrue(token);
break;
}
break;
}
case 'V':
case 'v':
{
if (LocaleCompare((char *) keyword,"value") == 0)
{
policy_info->value=ConstantString(token);
break;
}
break;
}
default:
break;
}
}
token=(char *) RelinquishMagickMemory(token);
return(status != 0 ? MagickTrue : MagickFalse);
}
MagickExport MagickBooleanType PolicyComponentGenesis(void)
{
if (policy_semaphore == (SemaphoreInfo *) NULL)
policy_semaphore=AllocateSemaphoreInfo();
return(MagickTrue);
}
static void *DestroyPolicyElement(void *policy_info)
{
register PolicyInfo
*p;
p=(PolicyInfo *) policy_info;
if (p->exempt == MagickFalse)
{
if (p->value != (char *) NULL)
p->value=DestroyString(p->value);
if (p->pattern != (char *) NULL)
p->pattern=DestroyString(p->pattern);
if (p->name != (char *) NULL)
p->name=DestroyString(p->name);
if (p->path != (char *) NULL)
p->path=DestroyString(p->path);
}
p=(PolicyInfo *) RelinquishMagickMemory(p);
return((void *) NULL);
}
MagickExport void PolicyComponentTerminus(void)
{
if (policy_semaphore == (SemaphoreInfo *) NULL)
ActivateSemaphoreInfo(&policy_semaphore);
LockSemaphoreInfo(policy_semaphore);
if (policy_cache != (LinkedListInfo *) NULL)
policy_cache=DestroyLinkedList(policy_cache,DestroyPolicyElement);
UnlockSemaphoreInfo(policy_semaphore);
DestroySemaphoreInfo(&policy_semaphore);
}