From 2d5eddcc4163ea050cf3a3a1a25452bb5124f780 Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Mon, 14 Mar 2011 13:07:58 -0700 Subject: [PATCH] configure libxslt in secure mode in xmlsec1 tool and all examples --- apps/xmlsec.c | 20 ++++++++++++++++++++ config.h.in | 5 +---- configure.in | 1 + examples/decrypt1.c | 18 ++++++++++++++++++ examples/decrypt2.c | 18 ++++++++++++++++++ examples/decrypt3.c | 19 ++++++++++++++++++- examples/encrypt1.c | 19 ++++++++++++++++++- examples/encrypt2.c | 18 ++++++++++++++++++ examples/encrypt3.c | 19 ++++++++++++++++++- examples/sign1.c | 22 ++++++++++++++++++++-- examples/sign2.c | 18 ++++++++++++++++++ examples/sign3.c | 18 ++++++++++++++++++ examples/verify1.c | 18 ++++++++++++++++++ examples/verify2.c | 18 ++++++++++++++++++ examples/verify3.c | 17 +++++++++++++++++ examples/verify4.c | 17 +++++++++++++++++ examples/xkms-server.c | 17 +++++++++++++++++ examples/xmldsigverify.c | 20 +++++++++++++++++++- 18 files changed, 292 insertions(+), 10 deletions(-) diff --git a/apps/xmlsec.c b/apps/xmlsec.c index 3aa6ebd09..d551b5a6b 100644 --- a/apps/xmlsec.c +++ b/apps/xmlsec.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #endif /* XMLSEC_NO_XSLT */ @@ -2404,6 +2405,11 @@ xmlSecAppLoadKeys(void) { } static int intialized = 0; + +#ifndef XMLSEC_NO_XSLT +static xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + static int xmlSecAppInit(void) { if(intialized != 0) { @@ -2419,6 +2425,19 @@ xmlSecAppInit(void) { xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec */ if(xmlSecInit() < 0) { fprintf(stderr, "Error: xmlsec intialization failed.\n"); @@ -2465,6 +2484,7 @@ xmlSecAppShutdown(void) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/config.h.in b/config.h.in index b67643ff6..655f30da1 100644 --- a/config.h.in +++ b/config.h.in @@ -112,16 +112,13 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME -/* Define to the home page for this package. */ -#undef PACKAGE_URL - /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Define to 1 if the C compiler supports function prototypes. */ #undef PROTOTYPES -/* The size of `size_t', as computed by sizeof. */ +/* The size of a `size_t', as computed by sizeof. */ #undef SIZEOF_SIZE_T /* Define to 1 if you have the ANSI C header files. */ diff --git a/configure.in b/configure.in index 78d3afd7f..afa3aaf78 100644 --- a/configure.in +++ b/configure.in @@ -31,6 +31,7 @@ dnl AC_PROG_CC AC_PROG_INSTALL AC_HEADER_STDC +AC_PROG_LIBTOOL LT_INIT diff --git a/examples/decrypt1.c b/examples/decrypt1.c index 4cd089c9d..39ad10391 100644 --- a/examples/decrypt1.c +++ b/examples/decrypt1.c @@ -25,6 +25,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -36,6 +37,10 @@ int decrypt_file(const char* enc_file, const char* key_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 3) { @@ -52,6 +57,19 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec library */ if(xmlSecInit() < 0) { diff --git a/examples/decrypt2.c b/examples/decrypt2.c index 7727a0377..49513e123 100644 --- a/examples/decrypt2.c +++ b/examples/decrypt2.c @@ -26,6 +26,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -39,6 +40,9 @@ int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file); int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ assert(argv); @@ -56,6 +60,19 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -120,6 +137,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/decrypt3.c b/examples/decrypt3.c index 2c450d209..253920fb6 100644 --- a/examples/decrypt3.c +++ b/examples/decrypt3.c @@ -28,6 +28,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -42,6 +43,9 @@ int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file); int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ assert(argv); @@ -59,7 +63,19 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec library */ if(xmlSecInit() < 0) { fprintf(stderr, "Error: xmlsec initialization failed.\n"); @@ -123,6 +139,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/encrypt1.c b/examples/encrypt1.c index 170ab905f..fb4d103fb 100644 --- a/examples/encrypt1.c +++ b/examples/encrypt1.c @@ -27,6 +27,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -39,7 +40,10 @@ int encrypt_file(const char* tmpl_file, const char* key_file, int main(int argc, char **argv) { static const char secret_data[] = "Big secret"; - +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 3) { @@ -56,6 +60,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -110,6 +126,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/encrypt2.c b/examples/encrypt2.c index 453523626..4f1ad5884 100644 --- a/examples/encrypt2.c +++ b/examples/encrypt2.c @@ -28,6 +28,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -40,6 +41,10 @@ int encrypt_file(const char* xml_file, const char* key_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 3) { @@ -56,6 +61,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -110,6 +127,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/encrypt3.c b/examples/encrypt3.c index 27f4c3da9..aa9465a27 100644 --- a/examples/encrypt3.c +++ b/examples/encrypt3.c @@ -28,6 +28,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -42,6 +43,9 @@ int encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_n int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ assert(argv); @@ -59,7 +63,19 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec library */ if(xmlSecInit() < 0) { fprintf(stderr, "Error: xmlsec initialization failed.\n"); @@ -124,6 +140,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/sign1.c b/examples/sign1.c index 2e772d8c6..e545843f7 100644 --- a/examples/sign1.c +++ b/examples/sign1.c @@ -27,6 +27,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -38,6 +39,10 @@ int sign_file(const char* tmpl_file, const char* key_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 3) { @@ -54,7 +59,19 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec library */ if(xmlSecInit() < 0) { fprintf(stderr, "Error: xmlsec initialization failed.\n"); @@ -108,7 +125,8 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltCleanupGlobals(); + xsltFreeSecurityPrefs(xsltSecPrefs); + xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/sign2.c b/examples/sign2.c index 25e093789..146bbbaa4 100644 --- a/examples/sign2.c +++ b/examples/sign2.c @@ -29,6 +29,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -41,6 +42,10 @@ int sign_file(const char* xml_file, const char* key_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 3) { @@ -57,6 +62,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -111,6 +128,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/sign3.c b/examples/sign3.c index a9436ef0f..9d16cf720 100644 --- a/examples/sign3.c +++ b/examples/sign3.c @@ -33,6 +33,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -45,6 +46,10 @@ int sign_file(const char* xml_file, const char* key_file, const char* cert_file) int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 4) { @@ -61,6 +66,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -115,6 +132,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/verify1.c b/examples/verify1.c index 25d128fd8..04917e5a1 100644 --- a/examples/verify1.c +++ b/examples/verify1.c @@ -25,6 +25,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -36,6 +37,10 @@ int verify_file(const char* xml_file, const char* key_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + assert(argv); if(argc != 3) { @@ -52,6 +57,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -106,6 +123,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/verify2.c b/examples/verify2.c index 399f8f667..36fde2d33 100644 --- a/examples/verify2.c +++ b/examples/verify2.c @@ -25,6 +25,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -37,6 +38,10 @@ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + xmlSecKeysMngrPtr mngr; assert(argv); @@ -55,6 +60,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -120,6 +137,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/verify3.c b/examples/verify3.c index 68baa7694..5f0666bb8 100644 --- a/examples/verify3.c +++ b/examples/verify3.c @@ -27,6 +27,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -39,6 +40,9 @@ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ xmlSecKeysMngrPtr mngr; assert(argv); @@ -57,6 +61,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -122,6 +138,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/verify4.c b/examples/verify4.c index e6d653f9e..1445e9972 100644 --- a/examples/verify4.c +++ b/examples/verify4.c @@ -35,6 +35,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -47,6 +48,9 @@ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file); int main(int argc, char **argv) { +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ xmlSecKeysMngrPtr mngr; assert(argv); @@ -65,6 +69,18 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -130,6 +146,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/xkms-server.c b/examples/xkms-server.c index 9471081ec..188d5c73c 100644 --- a/examples/xkms-server.c +++ b/examples/xkms-server.c @@ -35,6 +35,7 @@ int main(int argc, char** argv) { #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -105,6 +106,9 @@ static char http_503[] = int main(int argc, char** argv) { int argpos; unsigned short port = DEFAULT_PORT; +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ xmlSecKeysMngrPtr mngr = NULL; xmlSecXkmsServerCtxPtr xkmsCtx = NULL; xmlSecXkmsServerFormat format = xmlSecXkmsServerFormatPlain; @@ -120,6 +124,18 @@ int main(int argc, char** argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -277,6 +293,7 @@ int main(int argc, char** argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c index 02839d279..f4c376ea2 100644 --- a/examples/xmldsigverify.c +++ b/examples/xmldsigverify.c @@ -17,6 +17,7 @@ #ifndef XMLSEC_NO_XSLT #include +#include #endif /* XMLSEC_NO_XSLT */ #include @@ -37,7 +38,10 @@ int url_decode(char *buf, size_t size); int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; - +#ifndef XMLSEC_NO_XSLT + xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + /* start response */ fprintf(stdout, "Content-type: text/plain\n"); fprintf(stdout, "\n"); @@ -53,6 +57,18 @@ main(int argc, char **argv) { /* make sure that we print out everything to stdout */ xmlGenericErrorContext = stdout; + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ /* Init xmlsec library */ if(xmlSecInit() < 0) { @@ -132,8 +148,10 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ + xmlCleanupParser(); return(0);