]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - plugins/proxy.py
Reference CVE-2016-4561 in 3.20141016.3 changelog
[git.ikiwiki.info.git] / plugins / proxy.py
index b2db79b0ebeca6bce694c66c627bd87f32f46f97..b61eb466c8d47ef839fc24e5d0ba54be3a9b23fa 100755 (executable)
@@ -1,37 +1,90 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 #
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 #
-# xmlrpc — helper for Python-based external (xml-rpc) ikiwiki plugins
+# proxy.py — helper for Python-based external (xml-rpc) ikiwiki plugins
 #
 #
-# Copyright © martin f. krafft <madduck@madduck.net>
-# Released under the terms of the GNU GPL version 2
+# Copyright © 2008      martin f. krafft <madduck@madduck.net>
+#             2008-2011 Joey Hess <joey@kitenet.net>
+#             2012      W. Trevor King <wking@tremily.us>
 #
 #
-__name__ = 'xmlrpc'
-__description__ = 'xml-rpc-based ikiwiki plugin to process RST files'
-__version__ = '0.1'
+#  Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# .
+# THIS SOFTWARE IS PROVIDED BY IKIWIKI AND CONTRIBUTORS ``AS IS''
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION
+# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+__name__ = 'proxy.py'
+__description__ = 'helper for Python-based external (xml-rpc) ikiwiki plugins'
+__version__ = '0.2'
 __author__ = 'martin f. krafft <madduck@madduck.net>'
 __copyright__ = 'Copyright © ' + __author__
 __author__ = 'martin f. krafft <madduck@madduck.net>'
 __copyright__ = 'Copyright © ' + __author__
-__licence__ = 'GPLv2'
-
-LOOP_DELAY = 0.1
+__licence__ = 'BSD-2-clause'
 
 import sys
 import time
 
 import sys
 import time
-import xmlrpclib
 import xml.parsers.expat
 import xml.parsers.expat
-from SimpleXMLRPCServer import SimpleXMLRPCDispatcher
+try:  # Python 3
+    import xmlrpc.client as _xmlrpc_client
+except ImportError:  # Python 2
+    import xmlrpclib as _xmlrpc_client
+try:  # Python 3
+    import xmlrpc.server as _xmlrpc_server
+except ImportError:  # Python 2
+    import SimpleXMLRPCServer as _xmlrpc_server
+
+
+class ParseError (Exception):
+    pass
+
+
+class PipeliningDetected (Exception):
+    pass
+
+
+class GoingDown (Exception):
+    pass
 
 
-class _IkiWikiExtPluginXMLRPCDispatcher(SimpleXMLRPCDispatcher):
+
+class InvalidReturnValue (Exception):
+    pass
+
+
+class AlreadyImported (Exception):
+    pass
+
+
+class _IkiWikiExtPluginXMLRPCDispatcher(_xmlrpc_server.SimpleXMLRPCDispatcher):
 
     def __init__(self, allow_none=False, encoding=None):
         try:
 
     def __init__(self, allow_none=False, encoding=None):
         try:
-            SimpleXMLRPCDispatcher.__init__(self, allow_none, encoding)
+            _xmlrpc_server.SimpleXMLRPCDispatcher.__init__(
+                self, allow_none, encoding)
         except TypeError:
             # see http://bugs.debian.org/470645
             # python2.4 and before only took one argument
         except TypeError:
             # see http://bugs.debian.org/470645
             # python2.4 and before only took one argument
-            SimpleXMLRPCDispatcher.__init__(self)
+            _xmlrpc_server.SimpleXMLRPCDispatcher.__init__(self)
+
+    def dispatch(self, method, params):
+        return self._dispatch(method, params)
+
 
 
-class _XMLStreamParser(object):
+class XMLStreamParser(object):
 
     def __init__(self):
         self._parser = xml.parsers.expat.ParserCreate()
 
     def __init__(self):
         self._parser = xml.parsers.expat.ParserCreate()
@@ -52,14 +105,15 @@ class _XMLStreamParser(object):
     def _pop_tag(self, tag):
         top = self._stack.pop()
         if top != tag:
     def _pop_tag(self, tag):
         top = self._stack.pop()
         if top != tag:
-            raise ParseError, 'expected %s closing tag, got %s' % (top, tag)
+            raise ParseError(
+                'expected {0} closing tag, got {1}'.format(top, tag))
 
     def _request_complete(self):
         return self._first_tag_received and len(self._stack) == 0
 
     def _check_pipelining(self, *args):
         if self._first_tag_received:
 
     def _request_complete(self):
         return self._first_tag_received and len(self._stack) == 0
 
     def _check_pipelining(self, *args):
         if self._first_tag_received:
-            raise PipeliningDetected, 'need a new line between XML documents'
+            raise PipeliningDetected('need a new line between XML documents')
 
     def parse(self, data):
         self._parser.Parse(data, False)
 
     def parse(self, data):
         self._parser.Parse(data, False)
@@ -69,16 +123,11 @@ class _XMLStreamParser(object):
             self._reset()
             return ret
 
             self._reset()
             return ret
 
-    class ParseError(Exception):
-        pass
-
-    class PipeliningDetected(Exception):
-        pass
 
 class _IkiWikiExtPluginXMLRPCHandler(object):
 
 
 class _IkiWikiExtPluginXMLRPCHandler(object):
 
-    def __init__(self, debug_fn, allow_none=False, encoding=None):
-        self._dispatcher = _IkiWikiExtPluginXMLRPCDispatcher(allow_none, encoding)
+    def __init__(self, debug_fn):
+        self._dispatcher = _IkiWikiExtPluginXMLRPCDispatcher()
         self.register_function = self._dispatcher.register_function
         self._debug_fn = debug_fn
 
         self.register_function = self._dispatcher.register_function
         self._debug_fn = debug_fn
 
@@ -88,13 +137,13 @@ class _IkiWikiExtPluginXMLRPCHandler(object):
 
     @staticmethod
     def _write(out_fd, data):
 
     @staticmethod
     def _write(out_fd, data):
-        out_fd.write(data)
+        out_fd.write(str(data))
         out_fd.flush()
 
     @staticmethod
     def _read(in_fd):
         ret = None
         out_fd.flush()
 
     @staticmethod
     def _read(in_fd):
         ret = None
-        parser = _XMLStreamParser()
+        parser = XMLStreamParser()
         while True:
             line = in_fd.readline()
             if len(line) == 0:
         while True:
             line = in_fd.readline()
             if len(line) == 0:
@@ -106,44 +155,72 @@ class _IkiWikiExtPluginXMLRPCHandler(object):
             if ret is not None:
                 return ret
 
             if ret is not None:
                 return ret
 
-    def send_rpc(self, cmd, in_fd, out_fd, **kwargs):
-        xml = xmlrpclib.dumps(sum(kwargs.iteritems(), ()), cmd)
-        self._debug_fn('sending xml to ikiwiki to call procedure %s: [%s]' % (cmd, xml))
-        _IkiWikiExtPluginXMLRPCHandler._write(out_fd, xml)
+    def send_rpc(self, cmd, in_fd, out_fd, *args, **kwargs):
+        xml = _xmlrpc_client.dumps(sum(kwargs.items(), args), cmd)
+        self._debug_fn(
+            "calling ikiwiki procedure `{0}': [{1}]".format(cmd, repr(xml)))
+        # ensure that encoded is a str (bytestring in Python 2, Unicode in 3)
+        if str is bytes and not isinstance(xml, str):
+            encoded = xml.encode('utf8')
+        else:
+            encoded = xml
+        _IkiWikiExtPluginXMLRPCHandler._write(out_fd, encoded)
 
         self._debug_fn('reading response from ikiwiki...')
 
 
         self._debug_fn('reading response from ikiwiki...')
 
-        xml = _IkiWikiExtPluginXMLRPCHandler._read(in_fd)
-        self._debug_fn('read response to procedure %s from ikiwiki: [%s]' % (cmd, xml))
+        response = _IkiWikiExtPluginXMLRPCHandler._read(in_fd)
+        if str is bytes and not isinstance(response, str):
+            xml = response.encode('utf8')
+        else:
+            xml = response
+        self._debug_fn(
+            'read response to procedure {0} from ikiwiki: [{1}]'.format(
+                cmd, repr(xml)))
         if xml is None:
             # ikiwiki is going down
         if xml is None:
             # ikiwiki is going down
-            return None
+            self._debug_fn('ikiwiki is going down, and so are we...')
+            raise GoingDown()
 
 
-        data = xmlrpclib.loads(xml)[0]
-        self._debug_fn('parsed data from response to procedure %s: [%s]' % (cmd, data))
+        data = _xmlrpc_client.loads(xml)[0][0]
+        self._debug_fn(
+            'parsed data from response to procedure {0}: [{1}]'.format(
+                cmd, repr(data)))
         return data
 
     def handle_rpc(self, in_fd, out_fd):
         self._debug_fn('waiting for procedure calls from ikiwiki...')
         return data
 
     def handle_rpc(self, in_fd, out_fd):
         self._debug_fn('waiting for procedure calls from ikiwiki...')
-        ret = _IkiWikiExtPluginXMLRPCHandler._read(in_fd)
-        if ret is None:
+        xml = _IkiWikiExtPluginXMLRPCHandler._read(in_fd)
+        if xml is None:
             # ikiwiki is going down
             self._debug_fn('ikiwiki is going down, and so are we...')
             # ikiwiki is going down
             self._debug_fn('ikiwiki is going down, and so are we...')
-            return
+            raise GoingDown()
 
 
-        self._debug_fn('received procedure call from ikiwiki: [%s]' % ret)
-        ret = self._dispatcher._marshaled_dispatch(ret)
-        self._debug_fn('sending procedure response to ikiwiki: [%s]' % ret)
-        _IkiWikiExtPluginXMLRPCHandler._write(out_fd, ret)
+        self._debug_fn(
+            'received procedure call from ikiwiki: [{0}]'.format(xml))
+        params, method = _xmlrpc_client.loads(xml)
+        ret = self._dispatcher.dispatch(method, params)
+        xml = _xmlrpc_client.dumps((ret,), methodresponse=True)
+        self._debug_fn(
+                'sending procedure response to ikiwiki: [{0}]'.format(xml))
+        _IkiWikiExtPluginXMLRPCHandler._write(out_fd, xml)
         return ret
 
         return ret
 
+
 class IkiWikiProcedureProxy(object):
 
 class IkiWikiProcedureProxy(object):
 
+    # how to communicate None to ikiwiki
+    _IKIWIKI_NIL_SENTINEL = {'null':''}
+
+    # sleep during each iteration
+    _LOOP_DELAY = 0.1
+
     def __init__(self, id, in_fd=sys.stdin, out_fd=sys.stdout, debug_fn=None):
         self._id = id
         self._in_fd = in_fd
         self._out_fd = out_fd
         self._hooks = list()
     def __init__(self, id, in_fd=sys.stdin, out_fd=sys.stdout, debug_fn=None):
         self._id = id
         self._in_fd = in_fd
         self._out_fd = out_fd
         self._hooks = list()
+        self._functions = list()
+        self._imported = False
         if debug_fn is not None:
             self._debug_fn = debug_fn
         else:
         if debug_fn is not None:
             self._debug_fn = debug_fn
         else:
@@ -151,25 +228,112 @@ class IkiWikiProcedureProxy(object):
         self._xmlrpc_handler = _IkiWikiExtPluginXMLRPCHandler(self._debug_fn)
         self._xmlrpc_handler.register_function(self._importme, name='import')
 
         self._xmlrpc_handler = _IkiWikiExtPluginXMLRPCHandler(self._debug_fn)
         self._xmlrpc_handler.register_function(self._importme, name='import')
 
-    def register_hook(self, type, function):
-        self._hooks.append((type, function.__name__))
-        self._xmlrpc_handler.register_function(function)
+    def rpc(self, cmd, *args, **kwargs):
+        def subst_none(seq):
+            for i in seq:
+                if i is None:
+                    yield IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL
+                else:
+                    yield i
 
 
-    def _importme(self):
-        self._debug_fn('importing...')
-        for type, function in self._hooks:
-            self._debug_fn('hooking %s into %s chain...' % (function, type))
-            self._xmlrpc_handler.send_rpc('hook', self._in_fd, self._out_fd,
-                                          id=self._id, type=type, call=function)
-        return 0
+        args = list(subst_none(args))
+        kwargs = dict(zip(kwargs.keys(), list(subst_none(kwargs.values()))))
+        ret = self._xmlrpc_handler.send_rpc(cmd, self._in_fd, self._out_fd,
+                                            *args, **kwargs)
+        if ret == IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL:
+            ret = None
+        return ret
+
+    def hook(self, type, function, name=None, id=None, last=False):
+        if self._imported:
+            raise AlreadyImported()
+
+        if name is None:
+            name = function.__name__
+
+        if id is None:
+            id = self._id
+
+        def hook_proxy(*args):
+#            curpage = args[0]
+#            kwargs = dict([args[i:i+2] for i in xrange(1, len(args), 2)])
+            ret = function(self, *args)
+            self._debug_fn(
+                    "{0} hook `{1}' returned: [{2}]".format(type, name, repr(ret)))
+            if ret == IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL:
+                raise InvalidReturnValue(
+                    'hook functions are not allowed to return {0}'.format(
+                        IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL))
+            if ret is None:
+                ret = IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL
+            return ret
+
+        self._hooks.append((id, type, name, last))
+        self._xmlrpc_handler.register_function(hook_proxy, name=name)
+
+    def inject(self, rname, function, name=None, memoize=True):
+        if self._imported:
+            raise AlreadyImported()
+
+        if name is None:
+            name = function.__name__
+
+        self._functions.append((rname, name, memoize))
+        self._xmlrpc_handler.register_function(function, name=name)
+
+    def getargv(self):
+        return self.rpc('getargv')
+
+    def setargv(self, argv):
+        return self.rpc('setargv', argv)
+
+    def getvar(self, hash, key):
+        return self.rpc('getvar', hash, key)
+
+    def setvar(self, hash, key, value):
+        return self.rpc('setvar', hash, key, value)
+
+    def getstate(self, page, id, key):
+        return self.rpc('getstate', page, id, key)
+
+    def setstate(self, page, id, key, value):
+        return self.rpc('setstate', page, id, key, value)
+
+    def pagespec_match(self, spec):
+        return self.rpc('pagespec_match', spec)
+
+    def error(self, msg):
+        try:
+            self.rpc('error', msg)
+        except IOError as e:
+            if e.errno != 32:
+                raise
+        import posix
+        sys.exit(posix.EX_SOFTWARE)
 
     def run(self):
         try:
             while True:
 
     def run(self):
         try:
             while True:
-                ret = self._xmlrpc_handler.handle_rpc(self._in_fd, self._out_fd)
-                if ret is None:
-                    return
-                time.sleep(LOOP_DELAY)
-        except Exception, e:
-            self._debug_fn('uncaught exception: %s' % e)
-            sys.exit(posix.EX_SOFTWARE)
+                ret = self._xmlrpc_handler.handle_rpc(
+                    self._in_fd, self._out_fd)
+                time.sleep(IkiWikiProcedureProxy._LOOP_DELAY)
+        except GoingDown:
+            return
+
+        except Exception as e:
+            import traceback
+            tb = traceback.format_exc()
+            self.error('uncaught exception: {0}\n{1}'.format(e, tb))
+            return
+
+    def _importme(self):
+        self._debug_fn('importing...')
+        for id, type, function, last in self._hooks:
+            self._debug_fn('hooking {0}/{1} into {2} chain...'.format(
+                    id, function, type))
+            self.rpc('hook', id=id, type=type, call=function, last=last)
+        for rname, function, memoize in self._functions:
+            self._debug_fn('injecting {0} as {1}...'.format(function, rname))
+            self.rpc('inject', name=rname, call=function, memoize=memoize)
+        self._imported = True
+        return IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL