egroupware/phpgwapi/inc/class.filesystem_stream_wrapper.inc.php
Ralf Becker aa26af977d New options for filesystme stream-wrapper:
- all:   false (default) =3D ignore files starting with a dot '.',
  true =3D show all files (. and .. are always ignored!)
- exec: false (default) =3D do NOT allow to upload or modify scripts, =

  true =3D allow it (if docroot is mounted, this allows to run scripts!)
--> deny_script method was added to egw_vfs and calls to it from
filemanager
Other fixes:
- missing write rights of the webserver were not removed from perms
  (causing warnings to be displayed in the ui)
- rename was not working due to typos
--> should be backported for obvious reasons to 1.6
2009-03-31 11:35:46 +00:00

720 lines
26 KiB
PHP

<?php
/**
* eGroupWare API: VFS - stream wrapper to access the regular filesystem (setting a given user, group and mode)
*
* @link http://www.egroupware.org
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @package api
* @subpackage vfs
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2008-9 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @version $Id$
*/
/**
* eGroupWare API: VFS - stream wrapper to access the regular filesystem (setting a given user, group and mode)
*
* This stream wrapper allows to mount parts of the regular filesystem, under specified permissions.
* You can eg. mount an directory in the docroot to allow the Admin group to upload files there.
*
* This stream wrapper uses query parameters to pass certain options to it:
* - user: uid or user-name owning the path, default root
* - group: gid or group-name owning the path, default root
* - mode: mode bit for the path, default 0005 (read and execute for nobody)
* - all: false (default) = ignore files starting with a dot '.', true = show all files (. and .. are always ignored!)
* - exec: false (default) = do NOT allow to upload or modify scripts, true = allow it (if docroot is mounted, this allows to run scripts!)
* scripts are considered every file having a script-extension (eg. .php, .pl, .py), defined with SCRIPT_EXTENSION_PREG constant
*
* @link http://www.php.net/manual/en/function.stream-wrapper-register.php
*/
class filesystem_stream_wrapper implements iface_stream_wrapper
{
/**
* Scheme / protocol used for this stream-wrapper
*/
const SCHEME = 'filesystem';
/**
* Mime type of directories, the old vfs used 'Directory', while eg. WebDAV uses 'httpd/unix-directory'
*/
const DIR_MIME_TYPE = egw_vfs::DIR_MIME_TYPE ;
/**
* mode-bits, which have to be set for files
*/
const MODE_FILE = 0100000;
/**
* mode-bits, which have to be set for directories
*/
const MODE_DIR = 040000;
/**
* optional context param when opening the stream, null if no context passed
*
* @var mixed
*/
var $context;
/**
* stream / ressouce this class is opened for by stream_open
*
* @var ressource
*/
private $opened_stream;
/**
* URL of the opened stream, used to build the complete URL of files in the dir
*
* @var string
*/
private $opened_stream_url;
/**
* directory-ressouce this class is opened for by dir_open
*
* @var ressource
*/
private $opened_dir;
/**
* URL of the opened dir, used to build the complete URL of files in the dir
*
* @var string
*/
private $opened_dir_url;
/**
* Should dir show all files, or only the ones NOT starting with a dot (. and .. are never shown)
*
* @var boolean
*/
private $dir_show_all = false;
/**
* How much should be logged to the apache error-log
*
* 0 = Nothing
* 1 = only errors
* 2 = all function calls and errors (contains passwords too!)
*/
const LOG_LEVEL = 1;
/**
* Regular expression identifying scripts, to NOT allow updating them if exec mount option is NOT set
*/
const SCRIPT_EXTENSIONS_PREG = '/\.(php[0-9]*|pl|py)$/';
/**
* This method is called immediately after your stream object is created.
*
* @param string $url URL that was passed to fopen() and that this object is expected to retrieve
* @param string $mode mode used to open the file, as detailed for fopen()
* @param int $options additional flags set by the streams API (or'ed together):
* - STREAM_USE_PATH If path is relative, search for the resource using the include_path.
* - STREAM_REPORT_ERRORS If this flag is set, you are responsible for raising errors using trigger_error() during opening of the stream.
* If this flag is not set, you should not raise any errors.
* @param string $opened_path full path of the file/resource, if the open was successfull and STREAM_USE_PATH was set
* @return boolean true if the ressource was opened successful, otherwise false
*/
function stream_open ( $url, $mode, $options, &$opened_path )
{
$this->opened_stream = $this->opened_stream_url = null;
// check access rights, based on the eGW mount perms
if (!($stat = self::url_stat($url,0)) || $mode[0] == 'x') // file not found or file should NOT exist
{
$dir = egw_vfs::dirname($url);
if ($mode[0] == 'r' || // does $mode require the file to exist (r,r+)
$mode[0] == 'x' || // or file should not exist, but does
!egw_vfs::check_access($dir,egw_vfs::WRITABLE,$dir_stat=self::url_stat($dir,0))) // or we are not allowed to create it
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) file does not exist or can not be created!");
if (!($options & STREAM_URL_STAT_QUIET))
{
trigger_error(__METHOD__."($url,$mode,$options) file does not exist or can not be created!",E_USER_WARNING);
}
return false;
}
}
elseif ($mode != 'r' && !egw_vfs::check_access($url,egw_vfs::WRITABLE,$stat)) // we are not allowed to edit it
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) file can not be edited!");
if (!($options & STREAM_URL_STAT_QUIET))
{
trigger_error(__METHOD__."($url,$mode,$options) file can not be edited!",E_USER_WARNING);
}
return false;
}
if ($mode != 'r' && self::deny_script($url))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) permission denied, file is a script!");
if (!($options & STREAM_URL_STAT_QUIET))
{
trigger_error(__METHOD__."($url,$mode,$options) permission denied, file is a script!",E_USER_WARNING);
}
return false;
}
// open the "real" file
if (!($this->opened_stream = fopen($path=parse_url($url,PHP_URL_PATH),$mode,$options)))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) fopen('$path','$mode',$options) returned false!");
return false;
}
$this->opened_stream_url = $url;
return true;
}
/**
* This method is called when the stream is closed, using fclose().
*
* You must release any resources that were locked or allocated by the stream.
*/
function stream_close ( )
{
$ret = fclose($this->opened_stream);
$this->opened_stream = null;
return $ret;
}
/**
* This method is called in response to fread() and fgets() calls on the stream.
*
* You must return up-to count bytes of data from the current read/write position as a string.
* If there are less than count bytes available, return as many as are available.
* If no more data is available, return either FALSE or an empty string.
* You must also update the read/write position of the stream by the number of bytes that were successfully read.
*
* @param int $count
* @return string/false up to count bytes read or false on EOF
*/
function stream_read ( $count )
{
return fread($this->opened_stream,$count);
}
/**
* This method is called in response to fwrite() calls on the stream.
*
* You should store data into the underlying storage used by your stream.
* If there is not enough room, try to store as many bytes as possible.
* You should return the number of bytes that were successfully stored in the stream, or 0 if none could be stored.
* You must also update the read/write position of the stream by the number of bytes that were successfully written.
*
* @param string $data
* @return integer
*/
function stream_write ( $data )
{
return fwrite($this->opened_stream,$data);
}
/**
* This method is called in response to feof() calls on the stream.
*
* Important: PHP 5.0 introduced a bug that wasn't fixed until 5.1: the return value has to be the oposite!
*
* if(version_compare(PHP_VERSION,'5.0','>=') && version_compare(PHP_VERSION,'5.1','<'))
* {
* $eof = !$eof;
* }
*
* @return boolean true if the read/write position is at the end of the stream and no more data availible, false otherwise
*/
function stream_eof ( )
{
return feof($this->opened_stream);
}
/**
* This method is called in response to ftell() calls on the stream.
*
* @return integer current read/write position of the stream
*/
function stream_tell ( )
{
return ftell($this->opened_stream);
}
/**
* This method is called in response to fseek() calls on the stream.
*
* You should update the read/write position of the stream according to offset and whence.
* See fseek() for more information about these parameters.
*
* @param integer $offset
* @param integer $whence SEEK_SET - Set position equal to offset bytes
* SEEK_CUR - Set position to current location plus offset.
* SEEK_END - Set position to end-of-file plus offset. (To move to a position before the end-of-file, you need to pass a negative value in offset.)
* @return boolean TRUE if the position was updated, FALSE otherwise.
*/
function stream_seek ( $offset, $whence )
{
return fseek($this->opened_stream,$offset,$whence);
}
/**
* This method is called in response to fflush() calls on the stream.
*
* If you have cached data in your stream but not yet stored it into the underlying storage, you should do so now.
*
* @return booelan TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
*/
function stream_flush ( )
{
return fflush($this->opened_stream);
}
/**
* This method is called in response to fstat() calls on the stream.
*
* If you plan to use your wrapper in a require_once you need to define stream_stat().
* If you plan to allow any other tests like is_file()/is_dir(), you have to define url_stat().
* stream_stat() must define the size of the file, or it will never be included.
* url_stat() must define mode, or is_file()/is_dir()/is_executable(), and any of those functions affected by clearstatcache() simply won't work.
* It's not documented, but directories must be a mode like 040777 (octal), and files a mode like 0100666.
* If you wish the file to be executable, use 7s instead of 6s.
* The last 3 digits are exactly the same thing as what you pass to chmod.
* 040000 defines a directory, and 0100000 defines a file.
*
* @return array containing the same values as appropriate for the stream.
*/
function stream_stat ( )
{
return self::url_stat($this->opened_stream_url,0);
}
/**
* This method is called in response to unlink() calls on URL paths associated with the wrapper.
*
* It should attempt to delete the item specified by path.
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support unlinking!
*
* @param string $url
* @return boolean TRUE on success or FALSE on failure
*/
static function unlink ( $url )
{
$path = parse_url($url,PHP_URL_PATH);
// check access rights (file need to exist and directory need to be writable
if (!file_exists($path) || is_dir($path) || !egw_vfs::check_access(egw_vfs::dirname($url),egw_vfs::WRITABLE))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
return false; // no permission or file does not exist
}
return unlink($path);
}
/**
* This method is called in response to rename() calls on URL paths associated with the wrapper.
*
* It should attempt to rename the item specified by path_from to the specification given by path_to.
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support renaming.
*
* The regular filesystem stream-wrapper returns an error, if $url_from and $url_to are not either both files or both dirs!
*
* @param string $url_from
* @param string $url_to
* @return boolean TRUE on success or FALSE on failure
*/
static function rename ( $url_from, $url_to )
{
$from = parse_url($url_from);
$to = parse_url($url_to);
// check access rights
if (!($from_stat = self::url_stat($url_from,0)) || !egw_vfs::check_access(egw_vfs::dirname($url_from),egw_vfs::WRITABLE))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url_from,$url_to): $from[path] permission denied!");
return false; // no permission or file does not exist
}
$to_dir = egw_vfs::dirname($url_to);
if (!egw_vfs::check_access($to_dir,egw_vfs::WRITABLE,$to_dir_stat = self::url_stat($to_dir,0)))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url_from,$url_to): $to_dir permission denied!");
return false; // no permission or parent-dir does not exist
}
if (self::deny_script($url_to))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url_from,$url_to) permission denied, file is a script!");
return false;
}
// the filesystem stream-wrapper does NOT allow to rename files to directories, as this makes problems
// for our vfs too, we abort here with an error, like the filesystem one does
if (($to_stat = self::url_stat($to['path'],0)) &&
($to_stat['mime'] === self::DIR_MIME_TYPE) !== ($from_stat['mime'] === self::DIR_MIME_TYPE))
{
$is_dir = $to_stat['mime'] === self::DIR_MIME_TYPE ? 'a' : 'no';
if (self::LOG_LEVEL) error_log(__METHOD__."($url_to,$url_from) $to[path] is $is_dir directory!");
return false; // no permission or file does not exist
}
// if destination file already exists, delete it
if ($to_stat && !self::unlink($url_to,$operation))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url_to,$url_from) can't unlink existing $url_to!");
return false;
}
return rename($from['path'],$to['path']);
}
/**
* This method is called in response to mkdir() calls on URL paths associated with the wrapper.
*
* It should attempt to create the directory specified by path.
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support creating directories.
*
* @param string $url
* @param int $mode not used, as we dont allow to change mode
* @param int $options Posible values include STREAM_REPORT_ERRORS and STREAM_MKDIR_RECURSIVE
* @return boolean TRUE on success or FALSE on failure
*/
static function mkdir ( $url, $mode, $options )
{
$path = parse_url($url,PHP_URL_PATH);
$recursive = (bool)($options & STREAM_MKDIR_RECURSIVE);
// find the real parent (might be more then one level if $recursive!)
do {
$parent = dirname($parent ? $parent : $path);
$parent_url = egw_vfs::dirname($parent_url ? $parent_url : $url);
}
while ($recursive && $parent != '/' && !file_exists($parent));
//echo __METHOD__."($url,$mode,$options) path=$path, recursive=$recursive, parent=$parent, egw_vfs::check_access(parent_url=$parent_url,egw_vfs::WRITABLE)=".(int)egw_vfs::check_access($parent_url,egw_vfs::WRITABLE)."\n";
// check access rights (in real filesystem AND by mount perms)
if (file_exists($path) || !file_exists($parent) || !is_writable($parent) || !egw_vfs::check_access($parent_url,egw_vfs::WRITABLE))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
return false;
}
return mkdir($path,$mode=0700,$recursive); // setting mode 0700 allows (only) apache to write into the dir
}
/**
* This method is called in response to rmdir() calls on URL paths associated with the wrapper.
*
* It should attempt to remove the directory specified by path.
* In order for the appropriate error message to be returned, do not define this method if your wrapper does not support removing directories.
*
* @param string $url
* @param int $options Possible values include STREAM_REPORT_ERRORS.
* @return boolean TRUE on success or FALSE on failure.
*/
static function rmdir ( $url, $options )
{
$path = parse_url($url,PHP_URL_PATH);
$parent = dirname($path);
// check access rights (in real filesystem AND by mount perms)
if (!file_exists($path) || !is_writable($parent) || !egw_vfs::check_access(egw_vfs::dirname($url),egw_vfs::WRITABLE))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
return false;
}
return rmdir($path);
}
/**
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
*
* @param string $path
* @param int $time=null modification time (unix timestamp), default null = current time
* @param int $atime=null access time (unix timestamp), default null = current time, not implemented in the vfs!
* @return boolean true on success, false otherwise
*/
static function touch($url,$time=null,$atime=null)
{
$path = parse_url($url,PHP_URL_PATH);
$parent = dirname($path);
// check access rights (in real filesystem AND by mount perms)
if (!file_exists($path) || !is_writable($parent) || !egw_vfs::check_access(egw_vfs::dirname($url),egw_vfs::WRITABLE))
{
if (self::LOG_LEVEL) error_log(__METHOD__."($url) permission denied!");
return false;
}
return touch($path,$time,$atime);
}
/**
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
*
* Not supported, as it would require root rights!
*
* @param string $path
* @param string $mode mode string see egw_vfs::mode2int
* @return boolean true on success, false otherwise
*/
static function chmod($path,$mode)
{
return false;
}
/**
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
*
* Not supported, as it would require root rights!
*
* @param string $path
* @param int $owner numeric user id
* @return boolean true on success, false otherwise
*/
static function chown($path,$owner)
{
return false;
}
/**
* This is not (yet) a stream-wrapper function, but it's necessary and can be used static
*
* Not supported, as it would require root rights!
*
* @param string $path
* @param int $group numeric group id
* @return boolean true on success, false otherwise
*/
static function chgrp($path,$group)
{
return false;
}
/**
* This method is called immediately when your stream object is created for examining directory contents with opendir().
*
* @param string $url URL that was passed to opendir() and that this object is expected to explore.
* @param int $options
* @return booelan
*/
function dir_opendir ( $url, $options )
{
if (self::LOG_LEVEL > 1) error_log(__METHOD__."($url,$options)");
$this->opened_dir = null;
$parts = parse_url($this->opened_dir_url = $url);
parse_str($parts['query'],$get);
$this->dir_show_all = (bool)$get['all'];
// ToDo: check access rights
if (!($this->opened_dir = opendir($parts['path'])))
{
if (self::LOG_LEVEL > 0) error_log(__METHOD__."($url,$options) opendir('$parts[path]') failed!");
return false;
}
return true;
}
/**
* This method is called in response to stat() calls on the URL paths associated with the wrapper.
*
* It should return as many elements in common with the system function as possible.
* Unknown or unavailable values should be set to a rational value (usually 0).
*
* If you plan to use your wrapper in a require_once you need to define stream_stat().
* If you plan to allow any other tests like is_file()/is_dir(), you have to define url_stat().
* stream_stat() must define the size of the file, or it will never be included.
* url_stat() must define mode, or is_file()/is_dir()/is_executable(), and any of those functions affected by clearstatcache() simply won't work.
* It's not documented, but directories must be a mode like 040777 (octal), and files a mode like 0100666.
* If you wish the file to be executable, use 7s instead of 6s.
* The last 3 digits are exactly the same thing as what you pass to chmod.
* 040000 defines a directory, and 0100000 defines a file.
*
* @param string $url
* @param int $flags holds additional flags set by the streams API. It can hold one or more of the following values OR'd together:
* - STREAM_URL_STAT_LINK For resources with the ability to link to other resource (such as an HTTP Location: forward,
* or a filesystem symlink). This flag specified that only information about the link itself should be returned,
* not the resource pointed to by the link.
* This flag is set in response to calls to lstat(), is_link(), or filetype().
* - STREAM_URL_STAT_QUIET If this flag is set, your wrapper should not raise any errors. If this flag is not set,
* you are responsible for reporting errors using the trigger_error() function during stating of the path.
* stat triggers it's own warning anyway, so it makes no sense to trigger one by our stream-wrapper!
* @return array
*/
static function url_stat ( $url, $flags )
{
$parts = parse_url($url);
$stat = @stat($parts['path']); // suppressed the stat failed warnings
if ($stat)
{
// set owner, group and mode from mount options
if (!self::parse_query($parts['query'],$uid,$gid,$mode))
{
return false;
if (self::LOG_LEVEL > 0) error_log(__METHOD__."($url,$flags) can NOT self::parse_query('$parts[query]')!");
}
$stat['uid'] = $stat[4] = $uid;
$stat['gid'] = $stat[5] = $gid;
$stat['mode'] = $stat[2] = $stat['mode'] & self::MODE_DIR ? self::MODE_DIR | $mode : self::MODE_FILE | ($mode & ~0111);
// write rights also depend on the write rights of the webserver
if (!is_writable($parts['path']))
{
$stat['mode'] = $stat[2] = $stat['mode'] & ~0222;
}
}
if (self::LOG_LEVEL > 1) error_log(__METHOD__."($url,$flags) path=$parts[path], mount_mode=".sprintf('0%o',$mode).", mode=".sprintf('0%o',$stat['mode']).'='.egw_vfs::int2mode($stat['mode']));
return $stat;
}
/**
* This method is called in response to readdir().
*
* It should return a string representing the next filename in the location opened by dir_opendir().
*
* Unless other filesystem, we only return files readable by the user, if the dir is not writable for him.
* This is done to hide files and dirs not accessible by the user (eg. other peoples home-dirs in /home).
*
* @return string
*/
function dir_readdir ( )
{
do {
$file = readdir($this->opened_dir);
$ignore = !($file === false || // stop if no more dirs or
$file[0] != '.' || // file does NOT start with a dot '.' or
($this->dir_show_all && $file != '.' && $file != '..' )); // file not . or .. or dir_show_all set
if (self::LOG_LEVEL > 1 && $ignore) error_log(__METHOD__.'() ignoring '.array2string($file));
}
while ($ignore);
if (self::LOG_LEVEL > 1) error_log(__METHOD__.'() returning '.array2string($file));
return $file;
}
/**
* This method is called in response to rewinddir().
*
* It should reset the output generated by dir_readdir(). i.e.:
* The next call to dir_readdir() should return the first entry in the location returned by dir_opendir().
*
* @return boolean
*/
function dir_rewinddir ( )
{
return rewinddir($this->opened_dir);
}
/**
* This method is called in response to closedir().
*
* You should release any resources which were locked or allocated during the opening and use of the directory stream.
*
* @return boolean
*/
function dir_closedir ( )
{
closedir($this->opened_dir);
$this->opened_dir = $this->extra_dirs = null;
return true;
}
/**
* parse a query containing mount parameters: user, uid, group, gid or mode
*
* @param string|array $query query string or array returned by parse_url (key 'query' holds the value)
* @param int &$uid default if not set is 0=root
* @param int &$gid default if not set is 0=root
* @param int &$mode default if not set is 05 r-x for others
* @return boolean true on successfull parse, false on error
*/
static function parse_query($query,&$uid,&$gid,&$mode)
{
parse_str(is_array($query) ? $query['query'] : $query,$params);
// setting the default perms root.root r-x for other
$uid = $gid = 0;
$mode = 05;
foreach($params as $name => $value)
{
switch($name)
{
case 'user':
if (!is_numeric($value))
{
if ($name === 'root')
{
$value = 0;
}
elseif (($value = $GLOBALS['egw']->accounts->name2id($value,'account_lid','u')) === false)
{
error_log(__METHOD__."('$query') unknown user-name '$value'!");
return false; // wrong user-name
}
}
// fall-through
case 'uid':
if (!is_numeric($value) || $value < 0 || !is_int($value) && !$GLOBALS['egw']->accounts->id2name($value))
{
error_log(__METHOD__."('$query') wrong numeric user-id '$value'!");
return false;
}
$uid = (int)$value;
break;
case 'group':
if (!is_numeric($value))
{
if ($name === 'root')
{
$value = 0;
}
elseif (($value = $GLOBALS['egw']->accounts->name2id($value,'account_lid','g')) === false)
{
error_log(__METHOD__."('$query') unknown group-name '$value'!");
return false; // wrong group-name
}
$value = -$value; // vfs uses positiv gid's!
}
// fall-through
case 'gid':
if (!is_numeric($value) || $value < 0 || !is_int($value) && !$GLOBALS['egw']->accounts->id2name(-$value))
{
error_log(__METHOD__."('$query') wrong numeric group-id '$value'!");
return false;
}
$gid = (int)$value;
break;
case 'mode':
$mode = egw_vfs::mode2int($value);
break;
default:
error_log(__METHOD__."('$query') unknown option '$name'!");
break;
}
}
//echo __METHOD__.'('.print_r($query,true).") uid=$uid, gid=$gid, mode=".sprintf('0%o',$mode)."\n";
return true;
}
/**
* Check if url is a script (self::$script_extentions) and exec mount option is NOT set
*
* @param string $url
* @return boolean true if $url is a script AND exec is NOT set, false otherwise
*/
static function deny_script($url)
{
$parts = parse_url($url);
parse_str($parts['query'],$get);
$deny = !$get['exec'] && preg_match(self::SCRIPT_EXTENSIONS_PREG,$parts['path']);
if (self::LOG_LEVEL > 1 || self::LOG_LEVEL > 0 && $deny)
{
error_log(__METHOD__."($url) returning ".array2string($deny));
}
return $deny;
}
}
stream_register_wrapper(filesystem_stream_wrapper::SCHEME ,'filesystem_stream_wrapper');