+ /* process the file */
+ iter = strstr(content, key_afm_prefix);
+ while (iter) {
+ iter += sizeof key_afm_prefix - 1;
+ if (*iter == '-')
+ iter++;
+ if (!strncmp(iter, key_afid, sizeof key_afid - 1)) {
+ iter += sizeof key_afid - 1;
+ while(*iter && *iter != '=' && *iter != '\n')
+ iter++;
+ if (*iter == '=') {
+ while(*++iter == ' ');
+ p = atoi(iter);
+ if (AFID_IS_VALID(p))
+ AFID_SET((uint32_t*)closure, p);
+ }
+ }
+ iter = strstr(iter, key_afm_prefix);
+ }
+ free(content);
+ return 0;
+}
+
+static int update_afids(uint32_t *afids)
+{
+ int rc;
+
+ memset(afids, 0, AFID_ACNT * sizeof(uint32_t));
+ rc = systemd_unit_list(0, get_afid_cb, afids);
+ if (rc >= 0)
+ rc = systemd_unit_list(1, get_afid_cb, afids);
+ if (rc < 0)
+ ERROR("troubles while updating afids");
+ return rc;
+}
+
+static int first_free_afid(uint32_t *afids)
+{
+ int afid;
+
+ afid = AFID_MIN;
+ while (afid <= AFID_MAX && !~afids[AFID_AIDX(afid)])
+ afid += 32;
+ while (afid <= AFID_MAX && AFID_TEST(afids, afid))
+ afid++;
+ if (afid > AFID_MAX) {
+ ERROR("Can't compute a valid afid");
+ errno = EADDRNOTAVAIL;
+ afid = -1;
+ }
+ return afid;
+}
+
+static int get_new_afid()
+{
+ int afid;
+
+ /* ensure existing afid bitmap */
+ if (afids_array == NULL) {
+ afids_array = malloc(AFID_ACNT * sizeof(uint32_t));
+ if (afids_array == NULL || update_afids(afids_array) < 0)
+ return -1;
+ }
+
+ /* allocates the afid */
+ afid = first_free_afid(afids_array);
+ if (afid < 0 && errno == EADDRNOTAVAIL) {
+ /* no more ids, try to rescan */
+ memset(afids_array, 0, AFID_ACNT * sizeof(uint32_t));
+ if (update_afids(afids_array) >= 0)
+ afid = first_free_afid(afids_array);
+ }
+ if (afid >= 0)
+ AFID_SET(afids_array, afid);
+
+ return afid;
+}
+
+static int check_defined(const void *data, const char *name)
+{
+ if (data)
+ return 0;
+ ERROR("widget has no defined '%s' (temporary constraints)", name);
+ errno = EINVAL;
+ return -1;
+}
+
+static int check_valid_string(const char *value, const char *name)
+{
+ int pos;
+ char c;
+
+ if (check_defined(value, name))
+ return -1;
+ pos = 0;
+ c = value[pos];
+ if (c == 0) {
+ ERROR("empty string forbidden in '%s' (temporary constraints)", name);
+ errno = EINVAL;
+ return -1;
+ }
+ do {
+ if (!isalnum(c) && !strchr(".-_", c)) {
+ ERROR("forbidden char %c in '%s' -> '%s' (temporary constraints)", c, name, value);
+ errno = EINVAL;
+ return -1;
+ }
+ c = value[++pos];
+ } while(c);
+ return 0;
+}
+
+static int check_temporary_constraints(const struct wgt_desc *desc)
+{
+ int result;
+
+ result = check_valid_string(desc->id, "id");
+ result |= check_valid_string(desc->version, "version");
+ result |= check_valid_string(desc->ver, "ver");
+ result |= check_defined(desc->content_src, "content");
+ if (desc->icons)
+ result |= check_defined(desc->icons->src, "icon.src");
+ if (result)
+ return result;
+
+ if (desc->icons && desc->icons->next) {
+ ERROR("widget has more than one icon defined (temporary constraints)");
+ errno = EINVAL;
+ result = -1;
+ }
+ return 0;
+}
+
+static int set_required_permissions(struct wgt_desc_param *params, int required)
+{
+ int optional;
+
+ while (params) {
+ /* check if target */
+ if (!strcmp(params->name, string_sharp_target)) {
+ /* do nothing when #target */
+ } else {
+ /* check the value */
+ if (!strcmp(params->value, string_required))
+ optional = !required;
+ else if (!strcmp(params->value, string_optional))
+ optional = 1;
+ else {
+ ERROR("unexpected parameter value: %s found for %s", params->value, params->name);
+ errno = EPERM;
+ return -1;
+ }
+ /* set the permission */
+ if (request_permission(params->name)) {
+ DEBUG("granted permission: %s", params->name);
+ } else if (optional) {
+ INFO("optional permission ungranted: %s", params->name);
+ } else {
+ ERROR("ungranted permission required: %s", params->name);
+ errno = EPERM;
+ return -1;
+ }
+ }
+ params = params->next;
+ }
+ return 0;
+}
+
+static int check_permissions(const struct wgt_desc *desc)
+{
+ int result;
+ const struct wgt_desc_feature *feature;
+
+ result = 0;
+ feature = desc->features;
+ while(result >= 0 && feature) {
+ if (!strcmp(feature->name, feature_required_permission))
+ result = set_required_permissions(feature->params, feature->required);
+ feature = feature->next;
+ }
+ return result;
+}
+
+static int for_all_content(const struct wgt_desc *desc, int (*action)(const char *src, const char *type))
+{
+ int rc, rc2;
+ struct wgt_desc_feature *feat;
+ const char *src, *type;
+
+ rc = action(desc->content_src, desc->content_type);
+ feat = desc->features;
+ while (feat) {
+ if (!strcmp(feat->name, FWK_PREFIX"widget:provided-unit")) {
+ src = wgt_info_param(feat, "content.src");
+ type = wgt_info_param(feat, "content.type");
+ rc2 = action(src, type);
+ if (rc >= 0 && rc2 < 0)
+ rc = rc2;
+ }
+ feat = feat->next;
+ }
+ return rc;
+}
+
+static int set_exec_flag(const char *src, const char *type)
+{
+ int i, rc;
+
+ if (src && type) {
+ i = sizeof exec_type_strings / sizeof *exec_type_strings;
+ while (i) {
+ if (!strcasecmp(type, exec_type_strings[--i])) {
+ rc = fchmodat(workdirfd, src, 0755, 0);
+ if (rc < 0)
+ ERROR("can't make executable the file %s", src);
+ return rc;
+ }
+ }
+ }
+ return 0;
+}
+
+static int check_one_content(const char *src, const char *type)
+{
+ int rc;
+ struct stat s;
+ int fhtdocs, serr;
+
+ if (!src) {
+ ERROR("a content src is missing");
+ errno = EINVAL;
+ rc = -1;
+ } else {
+ /* TODO: when dealing with HTML and languages, the check should
+ * include i18n path search of widgets */
+ rc = fstatat(workdirfd, src, &s, AT_NO_AUTOMOUNT|AT_SYMLINK_NOFOLLOW);
+ if (rc < 0) {
+ serr = errno;
+ fhtdocs = openat(workdirfd, "htdocs", O_DIRECTORY|O_PATH);
+ if (fhtdocs >= 0) {
+ rc = fstatat(fhtdocs, src, &s, AT_NO_AUTOMOUNT|AT_SYMLINK_NOFOLLOW);
+ serr = errno;
+ close(fhtdocs);
+ }
+ errno = serr;
+ }
+ if (rc < 0)
+ ERROR("can't get info on content %s: %m", src);
+ else if (!S_ISREG(s.st_mode)) {
+ ERROR("content %s isn't a regular file", src);
+ errno = EINVAL;
+ rc = -1;
+ }
+ }
+ return rc;
+}
+
+static int check_content(const struct wgt_desc *desc)
+{
+ return for_all_content(desc, check_one_content);
+}
+
+static int check_widget(const struct wgt_desc *desc)
+{
+ int result;
+
+ result = check_temporary_constraints(desc);
+ if (result >= 0)
+ result = check_permissions(desc);
+ if (result >= 0)
+ result = check_content(desc);
+ return result;
+}
+
+static int get_target_directory(char target[PATH_MAX], const char *root, const struct wgt_desc *desc)
+{
+ int rc;
+
+#if DISTINCT_VERSIONS
+ rc = snprintf(target, PATH_MAX, "%s/%s/%s", root, desc->id, desc->ver);
+#else
+ rc = snprintf(target, PATH_MAX, "%s/%s", root, desc->id);
+#endif
+ if (rc < PATH_MAX)
+ rc = 0;
+ else {
+ ERROR("path too long");
+ errno = EINVAL;
+ rc = -1;
+ }
+ return rc;
+}
+
+static int move_widget_to(const char *destdir, int force)
+{
+ return move_workdir(destdir, 1, force);
+}
+
+static int install_icon(const struct wgt_desc *desc)
+{
+ char link[PATH_MAX];
+ char target[PATH_MAX];
+ int rc;
+
+ if (!desc->icons)
+ return 0;
+
+ create_directory(FWK_ICON_DIR, 0755, 1);
+ rc = snprintf(link, sizeof link, "%s/%s", FWK_ICON_DIR, desc->idaver);
+ if (rc >= (int)sizeof link) {
+ ERROR("link too long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ rc = snprintf(target, sizeof target, "%s/%s", workdir, desc->icons->src);
+ if (rc >= (int)sizeof target) {
+ ERROR("target too long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ unlink(link);
+ rc = symlink(target, link);
+ if (rc)
+ ERROR("can't create link %s -> %s", link, target);
+ return rc;