/** * Initialize the stream from the given path. * Concretely, transform ajxp.smb:// into smb:// * * @param string $path * @return mixed Real path or -1 if currentListing contains the listing : original path converted to real path */ protected static function initPath($path, $streamType, $storeOpenContext = false, $skipZip = false) { $url = parse_url($path); $repoId = $url["host"]; $repoObject = ConfService::getRepositoryById($repoId); if (!isset($repoObject)) { throw new Exception("Cannot find repository with id " . $repoId); } $path = $url["path"]; // Fix if the host is defined as //MY_HOST/path/to/folder $host = str_replace("//", "", $repoObject->getOption("HOST")); $credentials = ""; $safeCreds = AJXP_Safe::tryLoadingCredentialsFromSources($url, $repoObject); if ($safeCreds["user"] != "" && $safeCreds["password"] != "") { $login = $safeCreds["user"]; $pass = $safeCreds["password"]; $_SESSION["AJXP_SESSION_REMOTE_PASS"] = $pass; $credentials = "{$login}:{$pass}@"; $domain = $repoObject->getOption("DOMAIN"); if ($domain != "") { $credentials = $domain . "/" . $credentials; } } $basePath = $repoObject->getOption("PATH"); $fullPath = "smb://" . $credentials . $host . "/"; //.$basePath."/".$path; if ($basePath != "") { $fullPath .= trim($basePath, "/\\"); } if ($path != "") { $fullPath .= ($path[0] == "/" ? "" : "/") . $path; } return $fullPath; }
/** * Initialize the stream from the given path. * Concretely, transform ajxp.webdav:// into webdav:// * * @param string $path * @return mixed Real path or -1 if currentListing contains the listing : original path converted to real path */ protected static function initPath($path, $streamType, $storeOpenContext = false, $skipZip = false) { $url = AJXP_Utils::safeParseUrl($path); $repoId = $url["host"]; $repoObject = ConfService::getRepositoryById($repoId); if (!isset($repoObject)) { $e = new Exception("Cannot find repository with id " . $repoId); self::$lastException = $e; throw $e; } $path = $url["path"]; $host = $repoObject->getOption("HOST"); $hostParts = parse_url($host); if ($hostParts["scheme"] == "https" && !extension_loaded("openssl")) { $e = new Exception("Warning you must have the openssl PHP extension loaded to connect an https server!"); self::$lastException = $e; throw $e; } $credentials = AJXP_Safe::tryLoadingCredentialsFromSources($hostParts, $repoObject); $user = $credentials["user"]; $password = $credentials["password"]; if ($user != null && $password != null) { $host = ($hostParts["scheme"] == "https" ? "webdavs" : "webdav") . "://{$user}:{$password}@" . $hostParts["host"]; if (isset($hostParts["port"])) { $host .= ":" . $hostParts["port"]; } } else { $host = str_replace(array("http", "https"), array("webdav", "webdavs"), $host); } // MAKE SURE THERE ARE NO // OR PROBLEMS LIKE THAT... $basePath = $repoObject->getOption("PATH"); if ($basePath[strlen($basePath) - 1] == "/") { $basePath = substr($basePath, 0, -1); } if ($basePath[0] != "/") { $basePath = "/{$basePath}"; } $path = AJXP_Utils::securePath($path); if ($path[0] == "/") { $path = substr($path, 1); } // SHOULD RETURN webdav://host_server/uri/to/webdav/folder AJXP_Logger::debug(__CLASS__, __FUNCTION__, $host . $basePath . "/" . $path); return $host . $basePath . "/" . $path; }
/** * @param array $data * @param AbstractAccessDriver $accessDriver * @param Repository $repository */ public function storeSafeCredentialsIfNeeded(&$data, $accessDriver, $repository) { $storeCreds = false; if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $metaSource) { if (isset($metaSource["USE_SESSION_CREDENTIALS"]) && $metaSource["USE_SESSION_CREDENTIALS"] === true) { $storeCreds = true; break; } } } if ($storeCreds || $accessDriver->hasMixin("credentials_consumer")) { $cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository); if (isset($cred["user"]) && isset($cred["password"])) { $data["SAFE_USER"] = $cred["user"]; $data["SAFE_PASS"] = $cred["password"]; } } }
protected function parseUrl($url, $forceLogin = false) { // URL MAY BE ajxp.ftp://username:password@host/path $urlParts = AJXP_Utils::safeParseUrl($url); $this->repositoryId = $urlParts["host"]; $repository = ConfService::getRepositoryById($this->repositoryId); if ($repository == null) { throw new Exception("Cannot find repository for dynamic ftp authentification."); } $credentials = AJXP_Safe::tryLoadingCredentialsFromSources($urlParts, $repository); $this->user = $credentials["user"]; $this->password = $credentials["password"]; if ($this->user == "") { throw new AJXP_Exception("Cannot find user/pass for FTP access!"); } if ($repository->getOption("DYNAMIC_FTP") == "TRUE" && isset($_SESSION["AJXP_DYNAMIC_FTP_DATA"])) { $data = $_SESSION["AJXP_DYNAMIC_FTP_DATA"]; $this->host = $data["FTP_HOST"]; $this->path = $data["PATH"]; $this->secure = $data["FTP_SECURE"] == "TRUE" ? true : false; $this->port = $data["FTP_PORT"] != "" ? intval($data["FTP_PORT"]) : ($this->secure ? 22 : 21); $this->ftpActive = $data["FTP_DIRECT"] == "TRUE" ? true : false; $this->repoCharset = $data["CHARSET"]; } else { $this->host = $repository->getOption("FTP_HOST"); $this->path = $repository->getOption("PATH"); $this->secure = $repository->getOption("FTP_SECURE") == "TRUE" ? true : false; $this->port = $repository->getOption("FTP_PORT") != "" ? intval($repository->getOption("FTP_PORT")) : ($this->secure ? 22 : 21); $this->ftpActive = $repository->getOption("FTP_DIRECT") == "TRUE" ? true : false; $this->repoCharset = $repository->getOption("CHARSET"); } // Test Connexion and server features global $_SESSION; $cacheKey = $repository->getId() . "_ftpCharset"; if (!isset($_SESSION[$cacheKey]) || !strlen($_SESSION[$cacheKey]) || $forceLogin) { $features = $this->getServerFeatures(); $ctxCharset = ConfService::getContextCharset(); if (empty($ctxCharset)) { ConfService::setContextCharset($features["charset"]); $_SESSION[$cacheKey] = $features["charset"]; } else { $_SESSION[$cacheKey] = $ctxCharset; } } return $urlParts; }
public function detectRemoteUserId($repoObject) { $host = $repoObject->getOption("SFTP_HOST"); $port = $repoObject->getOption("SFTP_PORT"); $credentials = AJXP_Safe::tryLoadingCredentialsFromSources(NULL, $repoObject); $user = $credentials["user"]; $pass = $credentials["password"]; $ssh2 = new Net_SSH2($host, $port); if ($ssh2->login($user, $pass)) { $output = $ssh2->exec('id'); $ssh2->disconnect(); if (trim($output != "")) { $res = sscanf($output, "uid=%i(%s) gid=%i(%s) groups=%i(%s)"); preg_match_all("/(\\w*)=(\\w*)\\((\\w*)\\)/", $output, $matches); if (count($matches[0]) == 3) { $uid = $matches[2][0]; $gid = $matches[2][1]; return array($uid, $gid); } } } unset($ssh2); return array(null, null); }
/** Cypher the publiclet object data and write to disk. * @param Array $data The publiclet data array to write The data array must have the following keys: - DRIVER The driver used to get the file's content - OPTIONS The driver options to be successfully constructed (usually, the user and password) - FILE_PATH The path to the file's content - PASSWORD If set, the written publiclet will ask for this password before sending the content - ACTION If set, action to perform - USER If set, the AJXP user - EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct. * - AUTHOR_WATCH If set, will post notifications for the publiclet author each time the file is loaded * @param AbstractAccessDriver $accessDriver * @param Repository $repository * @return array An array containing the hash (0) and the generated url (1) */ public function writePubliclet(&$data, $accessDriver, $repository) { $downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"); if (!is_dir($downloadFolder)) { return "ERROR : Public URL folder does not exist!"; } if (!function_exists("mcrypt_create_iv")) { return "ERROR : MCrypt must be installed to use publiclets!"; } $this->initPublicFolder($downloadFolder); $data["PLUGIN_ID"] = $accessDriver->getId(); $data["BASE_DIR"] = $accessDriver->getBaseDir(); //$data["REPOSITORY"] = $repository; if (AuthService::usersEnabled()) { $data["OWNER_ID"] = AuthService::getLoggedUser()->getId(); } $storeCreds = false; if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $metaSource) { if (isset($metaSource["USE_SESSION_CREDENTIALS"]) && $metaSource["USE_SESSION_CREDENTIALS"] === true) { $storeCreds = true; break; } } } if ($storeCreds || $accessDriver->hasMixin("credentials_consumer")) { $cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository); if (isset($cred["user"]) && isset($cred["password"])) { $data["SAFE_USER"] = $cred["user"]; $data["SAFE_PASS"] = $cred["password"]; } } // Force expanded path in publiclet $copy = clone $repository; $copy->addOption("PATH", $repository->getOption("PATH")); $data["REPOSITORY"] = $copy; if ($data["ACTION"] == "") { $data["ACTION"] = "download"; } // Create a random key $data["FINAL_KEY"] = md5(mt_rand() . time()); // Cypher the data with a random key $outputData = serialize($data); // Hash the data to make sure it wasn't modified $hash = $this->computeHash($outputData, $downloadFolder); // md5($outputData); $outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB)); $fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB), "\\0"); ' . "\n" . ' if (!ShareCenter::checkHash($inputData, $id)) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); '; if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) { return "Can't write to PUBLIC URL"; } @chmod($downloadFolder . "/" . $hash . ".php", 0755); PublicletCounter::reset($hash); $url = $this->buildPublicletLink($hash); $this->logInfo("New Share", array("file" => "'" . $copy->display . ":/" . $data['FILE_PATH'] . "'", "url" => $url, "expiration" => $data['EXPIRE_TIME'], "limit" => $data['DOWNLOAD_LIMIT'], "repo_uuid" => $copy->uuid)); AJXP_Controller::applyHook("node.share.create", array('type' => 'file', 'repository' => &$copy, 'accessDriver' => &$accessDriver, 'data' => &$data, 'url' => $url)); return array($hash, $url); }
public static function getSshConnection($path, $repoObject = null) { if ($repoObject != null) { $url = array(); } else { $url = AJXP_Utils::safeParseUrl($path); $repoId = $url["host"]; $repoObject = ConfService::getRepositoryById($repoId); } $remote_serv = $repoObject->getOption("SERV"); $remote_port = $repoObject->getOption("PORT"); $credentials = AJXP_Safe::tryLoadingCredentialsFromSources($url, $repoObject); $remote_user = $credentials["user"]; $remote_pass = $credentials["password"]; $remote_base_path = $repoObject->getOption("PATH"); $callbacks = array('disconnect' => "disconnectedSftp", 'ignore' => "ignoreSftp", 'debug' => "debugSftp", 'macerror' => "macerrorSftp"); $connection = ssh2_connect($remote_serv, intval($remote_port), array(), $callbacks); ssh2_auth_password($connection, $remote_user, $remote_pass); return array($connection, $remote_base_path); }
/** Cypher the publiclet object data and write to disk. * @param Array $data The publiclet data array to write The data array must have the following keys: - DRIVER The driver used to get the file's content - OPTIONS The driver options to be successfully constructed (usually, the user and password) - FILE_PATH The path to the file's content - PASSWORD If set, the written publiclet will ask for this password before sending the content - ACTION If set, action to perform - USER If set, the AJXP user - EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct. * @param AbstractAccessDriver $accessDriver * @param Repository $repository * @return the URL to the downloaded file */ function writePubliclet($data, $accessDriver, $repository) { $downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"); if (!is_dir($downloadFolder)) { return "ERROR : Public URL folder does not exist!"; } if (!function_exists("mcrypt_create_iv")) { return "ERROR : MCrypt must be installed to use publiclets!"; } $this->initPublicFolder($downloadFolder); $data["PLUGIN_ID"] = $accessDriver->getId(); $data["BASE_DIR"] = $accessDriver->getBaseDir(); $data["REPOSITORY"] = $repository; if (AuthService::usersEnabled()) { $data["OWNER_ID"] = AuthService::getLoggedUser()->getId(); } if ($accessDriver->hasMixin("credentials_consumer")) { $cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository); if (isset($cred["user"]) && isset($cred["password"])) { $data["SAFE_USER"] = $cred["user"]; $data["SAFE_PASS"] = $cred["password"]; } } // Force expanded path in publiclet $data["REPOSITORY"]->addOption("PATH", $repository->getOption("PATH")); if ($data["ACTION"] == "") { $data["ACTION"] = "download"; } // Create a random key $data["FINAL_KEY"] = md5(mt_rand() . time()); // Cypher the data with a random key $outputData = serialize($data); // Hash the data to make sure it wasn't modified $hash = md5($outputData); // The initialisation vector is only required to avoid a warning, as ECB ignore IV $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); // We have encoded as base64 so if we need to store the result in a database, it can be stored in text column $outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB, $iv)); // Okay, write the file: $fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB, $iv), "\\0"); ' . "\n" . ' if (md5($inputData) != $id) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); ?' . '>'; if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) { return "Can't write to PUBLIC URL"; } @chmod($downloadFolder . "/" . $hash . ".php", 0755); PublicletCounter::reset($hash); return $this->buildPublicletLink($hash); }