|
2070.5.1
by Andrew Bennetts
Add ChrootTransportDecorator. |
1 |
# Copyright (C) 2006 Canonical Ltd
|
2 |
#
|
|
3 |
# This program is free software; you can redistribute it and/or modify
|
|
4 |
# it under the terms of the GNU General Public License as published by
|
|
5 |
# the Free Software Foundation; either version 2 of the License, or
|
|
6 |
# (at your option) any later version.
|
|
7 |
#
|
|
8 |
# This program is distributed in the hope that it will be useful,
|
|
9 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
10 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
11 |
# GNU General Public License for more details.
|
|
12 |
#
|
|
13 |
# You should have received a copy of the GNU General Public License
|
|
14 |
# along with this program; if not, write to the Free Software
|
|
15 |
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
16 |
||
17 |
"""Implementation of Transport that prevents access to locations above a set
|
|
18 |
root.
|
|
19 |
"""
|
|
20 |
||
21 |
from bzrlib import errors, urlutils |
|
22 |
from bzrlib.transport.decorator import TransportDecorator, DecoratorServer |
|
23 |
||
24 |
||
25 |
class ChrootTransportDecorator(TransportDecorator): |
|
26 |
"""A decorator that can convert any transport to be chrooted.
|
|
27 |
||
28 |
This is requested via the 'chrooted+' prefix to get_transport().
|
|
29 |
"""
|
|
30 |
||
31 |
def __init__(self, url, _decorated=None, chroot=None): |
|
32 |
super(ChrootTransportDecorator, self).__init__(url, |
|
33 |
_decorated=_decorated) |
|
34 |
if chroot is None: |
|
35 |
self.chroot_url = self._decorated.base |
|
36 |
else: |
|
37 |
self.chroot_url = chroot |
|
38 |
||
39 |
@classmethod
|
|
40 |
def _get_url_prefix(self): |
|
41 |
"""Chroot transport decorators are invoked via 'chroot+'"""
|
|
42 |
return 'chroot+' |
|
43 |
||
44 |
def _ensure_relpath_is_child(self, relpath): |
|
45 |
abspath = self.abspath(relpath) |
|
46 |
chroot_base = self._get_url_prefix() + self.chroot_url |
|
47 |
real_relpath = urlutils.relative_url(chroot_base, abspath) |
|
48 |
if real_relpath == '..' or real_relpath.startswith('../'): |
|
49 |
raise errors.PathNotChild(relpath, self.chroot_url) |
|
50 |
||
51 |
# decorated methods
|
|
52 |
def append_file(self, relpath, f, mode=None): |
|
53 |
self._ensure_relpath_is_child(relpath) |
|
54 |
return TransportDecorator.append_file(self, relpath, f, mode=mode) |
|
55 |
||
56 |
def append_bytes(self, relpath, bytes, mode=None): |
|
57 |
self._ensure_relpath_is_child(relpath) |
|
58 |
return TransportDecorator.append_bytes(self, relpath, bytes, mode=mode) |
|
59 |
||
60 |
def clone(self, offset=None): |
|
61 |
self._ensure_relpath_is_child(offset) |
|
62 |
return TransportDecorator.clone(self, offset) |
|
63 |
||
64 |
def delete(self, relpath): |
|
65 |
self._ensure_relpath_is_child(relpath) |
|
66 |
return TransportDecorator.delete(self, relpath) |
|
67 |
||
68 |
def delete_tree(self, relpath): |
|
69 |
self._ensure_relpath_is_child(relpath) |
|
70 |
return TransportDecorator.delete_tree(self, relpath) |
|
71 |
||
72 |
def get(self, relpath): |
|
73 |
self._ensure_relpath_is_child(relpath) |
|
74 |
return TransportDecorator.get(self, relpath) |
|
75 |
||
76 |
def get_bytes(self, relpath): |
|
77 |
self._ensure_relpath_is_child(relpath) |
|
78 |
return TransportDecorator.get_bytes(self, relpath) |
|
79 |
||
80 |
def has(self, relpath): |
|
81 |
self._ensure_relpath_is_child(relpath) |
|
82 |
return TransportDecorator.has(self, relpath) |
|
83 |
||
84 |
def list_dir(self, relpath): |
|
85 |
self._ensure_relpath_is_child(relpath) |
|
86 |
return TransportDecorator.list_dir(self, relpath) |
|
87 |
||
88 |
def lock_read(self, relpath): |
|
89 |
self._ensure_relpath_is_child(relpath) |
|
90 |
return TransportDecorator.lock_read(self, relpath) |
|
91 |
||
92 |
def lock_write(self, relpath): |
|
93 |
self._ensure_relpath_is_child(relpath) |
|
94 |
return TransportDecorator.lock_write(self, relpath) |
|
95 |
||
96 |
def mkdir(self, relpath, mode=None): |
|
97 |
self._ensure_relpath_is_child(relpath) |
|
98 |
return TransportDecorator.mkdir(self, relpath, mode=mode) |
|
99 |
||
100 |
def put_bytes(self, relpath, bytes, mode=None): |
|
101 |
self._ensure_relpath_is_child(relpath) |
|
102 |
return TransportDecorator.put_bytes(self, relpath, bytes, mode=mode) |
|
103 |
||
104 |
def put_file(self, relpath, f, mode=None): |
|
105 |
self._ensure_relpath_is_child(relpath) |
|
106 |
return TransportDecorator.put_file(self, relpath, f, mode=mode) |
|
107 |
||
108 |
def rename(self, rel_from, rel_to): |
|
109 |
self._ensure_relpath_is_child(rel_from) |
|
110 |
self._ensure_relpath_is_child(rel_to) |
|
111 |
return TransportDecorator.rename(self, rel_from, rel_to) |
|
112 |
||
113 |
def rmdir(self, relpath): |
|
114 |
self._ensure_relpath_is_child(relpath) |
|
115 |
return TransportDecorator.rmdir(self, relpath) |
|
116 |
||
117 |
def stat(self, relpath): |
|
118 |
self._ensure_relpath_is_child(relpath) |
|
119 |
return TransportDecorator.stat(self, relpath) |
|
120 |
||
121 |
||
122 |
class ChrootServer(DecoratorServer): |
|
123 |
"""Server for the ReadonlyTransportDecorator for testing with."""
|
|
124 |
||
125 |
def get_decorator_class(self): |
|
126 |
return ChrootTransportDecorator |
|
127 |
||
128 |
||
129 |
def get_test_permutations(): |
|
130 |
"""Return the permutations to be used in testing."""
|
|
131 |
return [(ChrootTransportDecorator, ChrootServer), |
|
132 |
]
|