/brz/remove-bazaar : contents of bzrlib/transport/chroot.py at revision 2018.5.93

: (revision 2018.5.93)

To get this branch, use:

bzr branch
http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

# Copyright (C) 2006 Canonical Ltd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

"""Implementation of Transport that prevents access to locations above a set
root.
"""
from urlparse import urlparse

from bzrlib import errors, urlutils
from bzrlib.transport.decorator import TransportDecorator, DecoratorServer


class ChrootTransportDecorator(TransportDecorator):
    """A decorator that can convert any transport to be chrooted.

    This is requested via the 'chroot+' prefix to get_transport().

    :ivar chroot_url: the root of this chroot
    :ivar chroot_relative: this transport's location relative to the chroot
        root.  e.g. A chroot_relative of '/' means this location is the same as
        chroot_url.
    """

    def __init__(self, url, _decorated=None, chroot=None):
        super(ChrootTransportDecorator, self).__init__(url,
                _decorated=_decorated)
        if chroot is None:
            self.chroot_url = self._decorated.base
        else:
            self.chroot_url = chroot
        self.chroot_relative = '/' + self._decorated.base[len(self.chroot_url):]

    @classmethod
    def _get_url_prefix(self):
        """Chroot transport decorators are invoked via 'chroot+'"""
        return 'chroot+'

    def _ensure_relpath_is_child(self, relpath):
        abspath = self.abspath(relpath)
        chroot_base = self._get_url_prefix() + self.chroot_url
        real_relpath = urlutils.relative_url(chroot_base, abspath)
        if real_relpath == '..' or real_relpath.startswith('../'):
            raise errors.PathNotChild(relpath, self.chroot_url)

    # decorated methods
    def abspath(self, relpath):
        try:
            url = urlutils.join('fake:///', relpath)
        except errors.InvalidURLJoin:
            raise errors.PathNotChild(relpath, self.chroot_url)
        normalised_abspath = url[len('fake:///'):]
        return self._get_url_prefix() + self.chroot_url + normalised_abspath[1:]

    def append_file(self, relpath, f, mode=None):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.append_file(self, relpath, f, mode=mode)

    def append_bytes(self, relpath, bytes, mode=None):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.append_bytes(self, relpath, bytes, mode=mode)

    def clone(self, offset=None):
        if offset is None: return self
        # the new URL we want to clone to is
        # self.chroot_url + an adjusted self.chroot_relative, with the leading
        # / removed.
        new_relpath = urlutils.joinpath(self.chroot_relative, offset)
        assert new_relpath.startswith('/')
        new_url = self.chroot_url + new_relpath[1:]
        # Clone the decorated transport according to this new path.
        assert new_url.startswith(self.chroot_url), (
            'new_url (%r) does not start with %r'
            % (new_url, self._decorated.base))
        path = urlutils.relative_url(self._decorated.base, new_url)
        decorated_clone = self._decorated.clone(path)
        return ChrootTransportDecorator(self._get_url_prefix() + new_url,
            decorated_clone, self.chroot_url)

    def delete(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.delete(self, relpath)

    def delete_tree(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.delete_tree(self, relpath)

    def get(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.get(self, relpath)

    def get_bytes(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.get_bytes(self, relpath)

    def has(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.has(self, relpath)

    def list_dir(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.list_dir(self, relpath)

    def lock_read(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.lock_read(self, relpath)

    def lock_write(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.lock_write(self, relpath)

    def mkdir(self, relpath, mode=None):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.mkdir(self, relpath, mode=mode)

    def put_bytes(self, relpath, bytes, mode=None):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.put_bytes(self, relpath, bytes, mode=mode)

    def put_file(self, relpath, f, mode=None):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.put_file(self, relpath, f, mode=mode)

    def rename(self, rel_from, rel_to):
        self._ensure_relpath_is_child(rel_from)
        self._ensure_relpath_is_child(rel_to)
        return TransportDecorator.rename(self, rel_from, rel_to)

    def rmdir(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.rmdir(self, relpath)

    def stat(self, relpath):
        self._ensure_relpath_is_child(relpath)
        return TransportDecorator.stat(self, relpath)


class ChrootServer(DecoratorServer):
    """Server for the ReadonlyTransportDecorator for testing with."""

    def get_decorator_class(self):
        return ChrootTransportDecorator


def get_test_permutations():
    """Return the permutations to be used in testing."""
    return [(ChrootTransportDecorator, ChrootServer),
            ]

2070.5.1 by Andrew Bennetts Add ChrootTransportDecorator.	1	# Copyright (C) 2006 Canonical Ltd
	2	#
	3	# This program is free software; you can redistribute it and/or modify
	4	# it under the terms of the GNU General Public License as published by
	5	# the Free Software Foundation; either version 2 of the License, or
	6	# (at your option) any later version.
	7	#
	8	# This program is distributed in the hope that it will be useful,
	9	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	10	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	11	# GNU General Public License for more details.
	12	#
	13	# You should have received a copy of the GNU General Public License
	14	# along with this program; if not, write to the Free Software
	15	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	16
	17	"""Implementation of Transport that prevents access to locations above a set
	18	root.
	19	"""
2018.5.42 by Robert Collins Various hopefully improvements, but wsgi is broken, handing over to spiv :).	20	from urlparse import urlparse
2070.5.1 by Andrew Bennetts Add ChrootTransportDecorator.	21
	22	from bzrlib import errors, urlutils
	23	from bzrlib.transport.decorator import TransportDecorator, DecoratorServer
	24
	25
	26	class ChrootTransportDecorator(TransportDecorator):
	27	"""A decorator that can convert any transport to be chrooted.
	28
2018.5.42 by Robert Collins Various hopefully improvements, but wsgi is broken, handing over to spiv :).	29	This is requested via the 'chroot+' prefix to get_transport().
2018.5.46 by Andrew Bennetts Fix ChrootTransportDecorator's clone to pass less surprising offsets to the decorated transport's clone.	30
	31	:ivar chroot_url: the root of this chroot
	32	:ivar chroot_relative: this transport's location relative to the chroot
	33	root. e.g. A chroot_relative of '/' means this location is the same as
	34	chroot_url.
2070.5.1 by Andrew Bennetts Add ChrootTransportDecorator.	35	"""
	36
	37	def __init__(self, url, _decorated=None, chroot=None):
	38	super(ChrootTransportDecorator, self).__init__(url,
	39	_decorated=_decorated)
	40	if chroot is None:
	41	self.chroot_url = self._decorated.base
	42	else:
	43	self.chroot_url = chroot
2018.5.42 by Robert Collins Various hopefully improvements, but wsgi is broken, handing over to spiv :).	44	self.chroot_relative = '/' + self._decorated.base[len(self.chroot_url):]
2070.5.1 by Andrew Bennetts Add ChrootTransportDecorator.	45
	46	@classmethod
	47	def _get_url_prefix(self):
	48	"""Chroot transport decorators are invoked via 'chroot+'"""
	49	return 'chroot+'
	50
	51	def _ensure_relpath_is_child(self, relpath):
	52	abspath = self.abspath(relpath)
	53	chroot_base = self._get_url_prefix() + self.chroot_url
	54	real_relpath = urlutils.relative_url(chroot_base, abspath)
	55	if real_relpath == '..' or real_relpath.startswith('../'):
	56	raise errors.PathNotChild(relpath, self.chroot_url)
	57
	58	# decorated methods
2018.5.54 by Andrew Bennetts Fix ChrootTransportDecorator's abspath method to be consistent with its clone	59	def abspath(self, relpath):
	60	try:
	61	url = urlutils.join('fake:///', relpath)
	62	except errors.InvalidURLJoin:
	63	raise errors.PathNotChild(relpath, self.chroot_url)
	64	normalised_abspath = url[len('fake:///'):]
	65	return self._get_url_prefix() + self.chroot_url + normalised_abspath[1:]
	66
2070.5.1 by Andrew Bennetts Add ChrootTransportDecorator.	67	def append_file(self, relpath, f, mode=None):
	68	self._ensure_relpath_is_child(relpath)
	69	return TransportDecorator.append_file(self, relpath, f, mode=mode)
	70
	71	def append_bytes(self, relpath, bytes, mode=None):
	72	self._ensure_relpath_is_child(relpath)
	73	return TransportDecorator.append_bytes(self, relpath, bytes, mode=mode)
	74
	75	def clone(self, offset=None):
2018.5.42 by Robert Collins Various hopefully improvements, but wsgi is broken, handing over to spiv :).	76	if offset is None: return self
	77	# the new URL we want to clone to is
	78	# self.chroot_url + an adjusted self.chroot_relative, with the leading
	79	# / removed.
2018.5.46 by Andrew Bennetts Fix ChrootTransportDecorator's clone to pass less surprising offsets to the decorated transport's clone.	80	new_relpath = urlutils.joinpath(self.chroot_relative, offset)
	81	assert new_relpath.startswith('/')
	82	new_url = self.chroot_url + new_relpath[1:]
	83	# Clone the decorated transport according to this new path.
	84	assert new_url.startswith(self.chroot_url), (
	85	'new_url (%r) does not start with %r'
	86	% (new_url, self._decorated.base))
	87	path = urlutils.relative_url(self._decorated.base, new_url)
	88	decorated_clone = self._decorated.clone(path)
	89	return ChrootTransportDecorator(self._get_url_prefix() + new_url,
2018.5.42 by Robert Collins Various hopefully improvements, but wsgi is broken, handing over to spiv :).	90	decorated_clone, self.chroot_url)
2070.5.1 by Andrew Bennetts Add ChrootTransportDecorator.	91
	92	def delete(self, relpath):
	93	self._ensure_relpath_is_child(relpath)
	94	return TransportDecorator.delete(self, relpath)
	95
	96	def delete_tree(self, relpath):
	97	self._ensure_relpath_is_child(relpath)
	98	return TransportDecorator.delete_tree(self, relpath)
	99
	100	def get(self, relpath):
	101	self._ensure_relpath_is_child(relpath)
	102	return TransportDecorator.get(self, relpath)
	103
	104	def get_bytes(self, relpath):
	105	self._ensure_relpath_is_child(relpath)
	106	return TransportDecorator.get_bytes(self, relpath)
	107
	108	def has(self, relpath):
	109	self._ensure_relpath_is_child(relpath)
	110	return TransportDecorator.has(self, relpath)
	111
	112	def list_dir(self, relpath):
	113	self._ensure_relpath_is_child(relpath)
	114	return TransportDecorator.list_dir(self, relpath)
	115
	116	def lock_read(self, relpath):
	117	self._ensure_relpath_is_child(relpath)
	118	return TransportDecorator.lock_read(self, relpath)
	119
	120	def lock_write(self, relpath):
	121	self._ensure_relpath_is_child(relpath)
	122	return TransportDecorator.lock_write(self, relpath)
	123
	124	def mkdir(self, relpath, mode=None):
	125	self._ensure_relpath_is_child(relpath)
	126	return TransportDecorator.mkdir(self, relpath, mode=mode)
	127
	128	def put_bytes(self, relpath, bytes, mode=None):
	129	self._ensure_relpath_is_child(relpath)
	130	return TransportDecorator.put_bytes(self, relpath, bytes, mode=mode)
	131
	132	def put_file(self, relpath, f, mode=None):
	133	self._ensure_relpath_is_child(relpath)
	134	return TransportDecorator.put_file(self, relpath, f, mode=mode)
	135
	136	def rename(self, rel_from, rel_to):
	137	self._ensure_relpath_is_child(rel_from)
	138	self._ensure_relpath_is_child(rel_to)
	139	return TransportDecorator.rename(self, rel_from, rel_to)
	140
	141	def rmdir(self, relpath):
	142	self._ensure_relpath_is_child(relpath)
	143	return TransportDecorator.rmdir(self, relpath)
	144
	145	def stat(self, relpath):
	146	self._ensure_relpath_is_child(relpath)
	147	return TransportDecorator.stat(self, relpath)
	148
	149
	150	class ChrootServer(DecoratorServer):
	151	"""Server for the ReadonlyTransportDecorator for testing with."""
	152
	153	def get_decorator_class(self):
	154	return ChrootTransportDecorator
155
156
157	def get_test_permutations():
158	"""Return the permutations to be used in testing."""
159	return [(ChrootTransportDecorator, ChrootServer),
160	]