//
// $Id$
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
#include <simgear/compiler.h>
-#include <math.h>
+#include <cmath>
#include <cstdlib>
#include <vector>
-SG_USING_STD(vector);
#include <simgear/debug/logstream.hxx>
+#include <simgear/math/SGLimits.hxx>
+#include <simgear/math/SGMisc.hxx>
+#include <GUI/MessageBox.hxx>
#include "fg_io.hxx"
#include "fg_props.hxx"
#include "globals.hxx"
#include "osgDB/Registry"
#endif
-void
-fgDefaultWeatherValue (const char * propname, double value)
-{
- unsigned int i;
-
- SGPropertyNode * branch = fgGetNode("/environment/config/boundary", true);
- vector<SGPropertyNode_ptr> entries = branch->getChildren("entry");
- for (i = 0; i < entries.size(); i++) {
- entries[i]->setDoubleValue(propname, value);
- }
-
- branch = fgGetNode("/environment/config/aloft", true);
- entries = branch->getChildren("entry");
- for (i = 0; i < entries.size(); i++) {
- entries[i]->setDoubleValue(propname, value);
- }
-}
-
-
-void
-fgSetupWind (double min_hdg, double max_hdg, double speed, double gust)
-{
- // Initialize to a reasonable state
- fgDefaultWeatherValue("wind-from-heading-deg", min_hdg);
- fgDefaultWeatherValue("wind-speed-kt", speed);
-
- SG_LOG(SG_GENERAL, SG_INFO, "WIND: " << min_hdg << '@' <<
- speed << " knots" << endl);
-
- // Now, add some variety to the layers
- min_hdg += 10;
- if (min_hdg > 360)
- min_hdg -= 360;
- speed *= 1.1;
- fgSetDouble("/environment/config/boundary/entry[1]/wind-from-heading-deg",
- min_hdg);
- fgSetDouble("/environment/config/boundary/entry[1]/wind-speed-kt",
- speed);
-
- min_hdg += 20;
- if (min_hdg > 360)
- min_hdg -= 360;
- speed *= 1.1;
- fgSetDouble("/environment/config/aloft/entry[0]/wind-from-heading-deg",
- min_hdg);
- fgSetDouble("/environment/config/aloft/entry[0]/wind-speed-kt",
- speed);
-
- min_hdg += 10;
- if (min_hdg > 360)
- min_hdg -= 360;
- speed *= 1.1;
- fgSetDouble("/environment/config/aloft/entry[1]/wind-from-heading-deg",
- min_hdg);
- fgSetDouble("/environment/config/aloft/entry[1]/wind-speed-kt",
- speed);
-
- min_hdg += 10;
- if (min_hdg > 360)
- min_hdg -= 360;
- speed *= 1.1;
- fgSetDouble("/environment/config/aloft/entry[2]/wind-from-heading-deg",
- min_hdg);
- fgSetDouble("/environment/config/aloft/entry[2]/wind-speed-kt",
- speed);
-}
-
-
-void
-fgExit (int status)
-{
-#ifdef OSG_LIBRARY_STATIC
- osgDB::Registry::instance( true);
-#endif
-
- SG_LOG(SG_GENERAL, SG_INFO, "Exiting FlightGear with status " << status);
- std::exit(status);
-}
-
+using std::vector;
// Originally written by Alex Perry.
double
return current;
}
+static string_list read_allowed_paths;
+static string_list write_allowed_paths;
-string
-fgUnescape (const char *s)
+/**
+ * Allowed paths here are absolute, and may contain _one_ *,
+ * which matches any string
+ */
+void fgInitAllowedPaths()
{
- string r;
- while (*s) {
- if (*s != '\\') {
- r += *s++;
- continue;
+ if(SGPath("ygjmyfvhhnvdoesnotexist").realpath() == "ygjmyfvhhnvdoesnotexist"){
+ // Forbid using this version of fgValidatePath() with older
+ // (not normalizing non-existent files) versions of realpath(),
+ // as that would be a security hole
+ flightgear::fatalMessageBox("Nasal initialization error",
+ "Version mismatch - please update simgear",
+ "");
+ exit(-1);
+ }
+ read_allowed_paths.clear();
+ write_allowed_paths.clear();
+ std::string fg_root = SGPath(globals->get_fg_root()).realpath();
+ std::string fg_home = SGPath(globals->get_fg_home()).realpath();
+#if defined(_MSC_VER) /*for MS compilers */ || defined(_WIN32) /*needed for non MS windows compilers like MingW*/
+ std::string sep = "\\";
+#else
+ std::string sep = "/";
+#endif
+ read_allowed_paths.push_back(fg_root + sep + "*");
+ read_allowed_paths.push_back(fg_home + sep + "*");
+ string_list const aircraft_paths = globals->get_aircraft_paths();
+ string_list const scenery_paths = globals->get_secure_fg_scenery();
+ // not plain fg_scenery, to avoid making
+ // /sim/terrasync/scenery-dir a security hole
+
+ for( string_list::const_iterator it = aircraft_paths.begin();;++it )
+ {
+ if (it == aircraft_paths.end()) {
+ it = scenery_paths.begin();
+ }
+ if (it == scenery_paths.end()) {
+ break; // here rather than in the loop condition because
+ // scenery_paths may be empty
+ }
+ // if we get the initialization order wrong, better to have an
+ // obvious error than a can-read-everything security hole...
+ if (it->empty() || fg_root.empty() || fg_home.empty()){
+ flightgear::fatalMessageBox("Nasal initialization error",
+ "Empty string in FG_ROOT, FG_HOME, FG_AIRCRAFT or FG_SCENERY",
+ "or fgInitAllowedPaths() called too early");
+ exit(-1);
}
- if (!*++s)
- break;
- if (*s == '\\') {
- r += '\\';
- } else if (*s == 'n') {
- r += '\n';
- } else if (*s == 'r') {
- r += '\r';
- } else if (*s == 't') {
- r += '\t';
- } else if (*s == 'v') {
- r += '\v';
- } else if (*s == 'f') {
- r += '\f';
- } else if (*s == 'a') {
- r += '\a';
- } else if (*s == 'b') {
- r += '\b';
- } else if (*s == 'x') {
- if (!*++s)
- break;
- int v = 0;
- for (int i = 0; i < 2 && isxdigit(*s); i++, s++)
- v = v * 16 + (isdigit(*s) ? *s - '0' : 10 + tolower(*s) - 'a');
- r += v;
- continue;
-
- } else if (*s >= '0' && *s <= '7') {
- int v = *s++ - '0';
- for (int i = 0; i < 3 && *s >= '0' && *s <= '7'; i++, s++)
- v = v * 8 + *s - '0';
- r += v;
- continue;
+ read_allowed_paths.push_back(SGPath(*it).realpath() + sep + "*");
+ }
- } else {
- r += *s;
- }
- s++;
+ write_allowed_paths.push_back(fg_home + sep + "*.sav");
+ write_allowed_paths.push_back(fg_home + sep + "*.log");
+ write_allowed_paths.push_back(fg_home + sep + "cache" + sep + "*");
+ write_allowed_paths.push_back(fg_home + sep + "Export" + sep + "*");
+ write_allowed_paths.push_back(fg_home + sep + "state" + sep + "*.xml");
+ write_allowed_paths.push_back(fg_home + sep + "aircraft-data" + sep + "*.xml");
+ write_allowed_paths.push_back(fg_home + sep + "Wildfire" + sep + "*.xml");
+ write_allowed_paths.push_back(fg_home + sep + "runtime-jetways" + sep + "*.xml");
+ write_allowed_paths.push_back(fg_home + sep + "Input" + sep + "Joysticks" + sep + "*.xml");
+
+ // Check that it works
+ if(!fgValidatePath(globals->get_fg_home() + "/../no.log",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "/no.logt",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "/nolog",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "no.log",true).empty() ||
+ !fgValidatePath(globals->get_fg_home() + "\\..\\no.log",false).empty() ||
+ fgValidatePath(globals->get_fg_home() + "/aircraft-data/yes..xml",true).empty() ||
+ fgValidatePath(globals->get_fg_root() + "/.\\yes.bmp",false).empty()) {
+ flightgear::fatalMessageBox("Nasal initialization error",
+ "fgInitAllowedPaths() does not work",
+ "");
+ exit(-1);
}
- return r;
}
-
-const char *fgValidatePath (const char *str, bool write)
+/**
+ * Check whether Nasal is allowed to access a path
+ * Warning: because this always (not just on Windows) treats both \ and /
+ * as path separators, and accepts relative paths (check-to-use race if
+ * the current directory changes),
+ * always use the returned path not the original one
+ */
+std::string fgValidatePath (const std::string& path, bool write)
{
- static SGPropertyNode_ptr r, w;
- if (!r) {
- r = fgGetNode("/sim/paths/validate/read", true);
- w = fgGetNode("/sim/paths/validate/write", true);
+ // Normalize the path (prevents ../../.. or symlink trickery)
+ std::string normed_path = SGPath(path).realpath();
+
+ const string_list& allowed_paths(write ? write_allowed_paths : read_allowed_paths);
+ size_t star_pos;
+
+ // Check against each allowed pattern
+ for( string_list::const_iterator it = allowed_paths.begin();
+ it != allowed_paths.end();
+ ++it )
+ {
+ star_pos = it->find('*');
+ if (star_pos == std::string::npos) {
+ if (!(it->compare(normed_path))) {
+ return normed_path;
+ }
+ } else {
+ if ((it->size()-1 <= normed_path.size()) /* long enough to be a potential match */
+ && !(it->substr(0,star_pos)
+ .compare(normed_path.substr(0,star_pos))) /* before-star parts match */
+ && !(it->substr(star_pos+1,it->size()-star_pos-1)
+ .compare(normed_path.substr(star_pos+1+normed_path.size()-it->size(),
+ it->size()-star_pos-1))) /* after-star parts match */) {
+ return normed_path;
+ }
+ }
}
- SGPropertyNode *prop = write ? w : r;
- prop->setStringValue(str);
- const char *result = prop->getStringValue();
- return result[0] ? result : 0;
+ // no match found
+ return "";
}
-
+std::string fgValidatePath(const SGPath& path, bool write) { return fgValidatePath(path.str(),write); }
// end of util.cxx