Roxen.git / server / modules / filesystems / filesystem.pike

version» Context lines:

Roxen.git/server/modules/filesystems/filesystem.pike:1:   // This is a roxen module. Copyright © 1996 - 2001, Roxen IS.      // This is a virtual "file-system".   // It will be located somewhere in the name-space of the server.   // Also inherited by some of the other filesystems.      inherit "module";   inherit "socket";    - constant cvs_version= "$Id: filesystem.pike,v 1.110 2001/09/11 12:12:52 grubba Exp $"; + constant cvs_version= "$Id: filesystem.pike,v 1.111 2001/09/11 15:17:19 per Exp $";   constant thread_safe=1;      #include <module.h>   #include <roxen.h>   #include <stat.h>   #include <request_trace.h>         //<locale-token project="mod_filesystem">LOCALE</locale-token>   #define LOCALE(X,Y) _DEF_LOCALE("mod_filesystem",X,Y)
Roxen.git/server/modules/filesystems/filesystem.pike:219:      string query_location()   {    return mountpoint;   }         #define FILTER_INTERNAL_FILE(f, id) \    (!id->misc->internal_get && sizeof (filter (internal_files, glob, (f/"/")[-1])))    + #define SETUID(X) \ +  if( access_as_user ) \ +  { \ +  User uid = id->conf->authenticate( id ); \ +  if( uid && uid->uid() ) \ +  privs=Privs(X, uid->uid(), uid->gid() ); \ +  } +    mixed stat_file( string f, RequestID id )   {    Stat fs;       FILESYSTEM_WERR("stat_file for \""+f+"\"" +    (id->misc->internal_get ? " (internal)" : ""));       f = path+f;       if (FILTER_INTERNAL_FILE (f, id))    return 0;       if(stat_cache && !id->pragma["no-cache"] &&    (fs=cache_lookup("stat_cache",f)))    return fs[0];    object privs; -  if (access_as_user && ((int)id->misc->uid) && ((int)id->misc->gid)) -  // NB: Root-access is prevented. -  privs=Privs("Statting file", (int)id->misc->uid, (int)id->misc->gid ); +  SETUID("Statting file");       /* No security currently in this function */    fs = file_stat(decode_path(f));    privs = 0;    if(!stat_cache) return fs;    cache_set("stat_cache", f, ({fs}));    return fs;   }      string real_file( string f, RequestID id )
Roxen.git/server/modules/filesystems/filesystem.pike:275:   }      array find_dir( string f, RequestID id )   {    array dir;       FILESYSTEM_WERR("find_dir for \""+f+"\"" +    (id->misc->internal_get ? " (internal)" : ""));       object privs; +  SETUID("Read dir");    -  if (((int)id->misc->uid) && ((int)id->misc->gid) && access_as_user ) -  // NB: Root-access is prevented. -  privs=Privs("Getting dir", (int)id->misc->uid, (int)id->misc->gid ); -  +     if (catch {    f = NORMALIZE_PATH(decode_path(path + f));    } || !(dir = get_dir(f))) {    privs = 0;    return 0;    }    privs = 0;       if(!query("dir"))    // Access to this dir is allowed.
Roxen.git/server/modules/filesystems/filesystem.pike:558:    if (FILTER_INTERNAL_FILE (f, id))    {    TRACE_LEAVE ("Is internal file");    return 0;    }    }       TRACE_ENTER("Opening file \"" + f + "\"", 0);       object privs; -  if (access_as_user && -  ((int)id->misc->uid) && ((int)id->misc->gid)) -  // NB: Root-access is prevented. -  privs=Privs("Getting file", (int)id->misc->uid, (int)id->misc->gid ); +  SETUID("Open file");       o = Stdio.File( );    if(!o->open(norm_f, "r" )) o = 0;    privs = 0;       if(!o || (no_symlinks && (contains_symlinks(path, oldf))))    {    errors++;    report_error(LOCALE(45,"Open of %s failed. Permission denied.\n"),f);   
Roxen.git/server/modules/filesystems/filesystem.pike:618:    return 0;    }       if(query("check_auth") && (!id->conf->authenticate( id ) ) ) {    TRACE_LEAVE("MKDIR: Permission denied");    return Roxen.http_auth_required("foo",    "<h1>Permission to 'MKDIR' denied</h1>");    }    mkdirs++;    object privs; +  SETUID("Creating file");    -  if (((int)id->misc->uid) && ((int)id->misc->gid)) { -  // NB: Root-access is prevented. -  privs=Privs("Creating directory", -  (int)id->misc->uid, (int)id->misc->gid ); -  } -  +     if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    privs = 0;    errors++;    report_error(LOCALE(46,"Creation of %s failed. Permission denied.\n"),    oldf);    TRACE_LEAVE("MKDIR: Contains symlinks. Permission denied");    return http_low_answer(403, "<h2>Permission denied.</h2>");    }       int code = mkdir(f);
Roxen.git/server/modules/filesystems/filesystem.pike:685:    if (id->misc->quota_obj && (id->misc->len > 0) &&    !id->misc->quota_obj->check_quota(URI, id->misc->len)) {    errors++;    report_warning(LOCALE(47,"Creation of %s failed. Out of quota.\n"),f);    TRACE_LEAVE("PUT: Out of quota.");    return http_low_answer(413, "<h2>Out of disk quota.</h2>",    "413 Out of disk quota");    }       -  if (((int)id->misc->uid) && ((int)id->misc->gid)) { -  // NB: Root-access is prevented. -  privs=Privs("Saving file", (int)id->misc->uid, (int)id->misc->gid ); -  } +  SETUID("Saving file");       if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    privs = 0;    errors++;    report_error(LOCALE(46,"Creation of %s failed. Permission denied.\n"),f);    TRACE_LEAVE("PUT: Contains symlinks. Permission denied");    return http_low_answer(403, "<h2>Permission denied.</h2>");    }       rm(f);
Roxen.git/server/modules/filesystems/filesystem.pike:788:    return 0;    }       if(query("check_auth") && (!id->conf->authenticate( id ) ) ) {    TRACE_LEAVE("CHMOD: Permission denied");    return Roxen.http_auth_required("foo",    "<h1>Permission to 'CHMOD' files denied</h1>");    }       -  if (((int)id->misc->uid) && ((int)id->misc->gid)) { -  // NB: Root-access is prevented. -  privs=Privs("CHMODing file", (int)id->misc->uid, (int)id->misc->gid ); -  } +  SETUID("CHMODing file");       if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    privs = 0;    errors++;    TRACE_LEAVE("CHMOD: Contains symlinks. Permission denied");    return http_low_answer(403, "<h2>Permission denied.</h2>");    }       array err = catch(chmod(f, id->misc->mode & 0777));    privs = 0;
Roxen.git/server/modules/filesystems/filesystem.pike:868:    return 0;    }       if (FILTER_INTERNAL_FILE (movefrom, id) ||    FILTER_INTERNAL_FILE (f, id)) {    id->misc->error_code = 405;    TRACE_LEAVE("MV to or from internal file is disallowed");    return 0;    }    -  if (((int)id->misc->uid) && ((int)id->misc->gid)) { -  // NB: Root-access is prevented. -  privs=Privs("Moving file", (int)id->misc->uid, (int)id->misc->gid ); -  } +  SETUID("Moving file");       if (query("no_symlinks") &&    ((contains_symlinks(path, oldf)) ||    (contains_symlinks(path, id->misc->move_from)))) {    privs = 0;    errors++;    TRACE_LEAVE("MV: Contains symlinks. Permission denied");    return http_low_answer(403, "<h2>Permission denied.</h2>");    }   
Roxen.git/server/modules/filesystems/filesystem.pike:970:    return 0;    }       if(size < -1)    {    id->misc->error_code = 405;    TRACE_LEAVE("MOVE: Cannot overwrite directory");    return 0;    }    -  if (((int)id->misc->uid) && ((int)id->misc->gid)) { -  // NB: Root-access is prevented. -  privs=Privs("Moving file", (int)id->misc->uid, (int)id->misc->gid ); -  } +  SETUID("Moving file");       if (query("no_symlinks") &&    ((contains_symlinks(path, f)) ||    (contains_symlinks(path, moveto)))) {    privs = 0;    errors++;    TRACE_LEAVE("MOVE: Contains symlinks. Permission denied");    return http_low_answer(403, "<h2>Permission denied.</h2>");    }   
Roxen.git/server/modules/filesystems/filesystem.pike:1038:    if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    errors++;    report_error(LOCALE(48,"Deletion of %s failed. Permission denied.\n"),f);    TRACE_LEAVE("DELETE: Contains symlinks");    return http_low_answer(403, "<h2>Permission denied.</h2>");    }       report_notice(LOCALE(49,"DELETING the file %s.\n"),f);    accesses++;    -  if (((int)id->misc->uid) && ((int)id->misc->gid)) { -  // NB: Root-access is prevented. -  privs=Privs("Deleting file", id->misc->uid, id->misc->gid ); -  } +  SETUID("Deleting file");       /* Clear the stat-cache for this file */    if (stat_cache) {    cache_set("stat_cache", f, 0);    }       if(!rm(f))    {    privs = 0;    id->misc->error_code = 405;