mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 987 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73733 Commits
408 Branches
Tree: ec5133b739
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ec5133b739'
${ noResults }
nextcloud/apps/files_external/lib/Lib/Storage/SFTP.php

SFTP.php 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Andreas Fischer <bantu@owncloud.com>

  6.  * @author Bart Visscher <bartv@thisnet.nl>

  7.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  8.  * @author hkjolhede <hkjolhede@gmail.com>

  9.  * @author Joas Schilling <coding@schilljs.com>

  10.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  11.  * @author Lennart Rosam <lennart.rosam@medien-systempartner.de>

  12.  * @author Lukas Reschke <lukas@statuscode.ch>

  13.  * @author Morris Jobke <hey@morrisjobke.de>

  14.  * @author Robin Appelman <robin@icewind.nl>

  15.  * @author Robin McCorkell <robin@mccorkell.me.uk>

  16.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  17.  * @author Ross Nicoll <jrn@jrn.me.uk>

  18.  * @author SA <stephen@mthosting.net>

  19.  * @author Senorsen <senorsen.zhang@gmail.com>

  20.  * @author Vincent Petry <vincent@nextcloud.com>

  21.  *

  22.  * @license AGPL-3.0

  23.  *

  24.  * This code is free software: you can redistribute it and/or modify

  25.  * it under the terms of the GNU Affero General Public License, version 3,

  26.  * as published by the Free Software Foundation.

  27.  *

  28.  * This program is distributed in the hope that it will be useful,

  29.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  30.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  31.  * GNU Affero General Public License for more details.

  32.  *

  33.  * You should have received a copy of the GNU Affero General Public License, version 3,

  34.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  35.  *

  36.  */

  37. namespace OCA\Files_External\Lib\Storage;

  38. 

  39. use Icewind\Streams\CountWrapper;

  40. use Icewind\Streams\IteratorDirectory;

  41. use Icewind\Streams\RetryWrapper;

  42. use OC\Files\Storage\Common;

  43. use OCP\Constants;

  44. use OCP\Files\FileInfo;

  45. use OCP\Files\IMimeTypeDetector;

  46. use phpseclib\Net\SFTP\Stream;

  47. 

  48. /**

  49.  * Uses phpseclib's Net\SFTP class and the Net\SFTP\Stream stream wrapper to

  50.  * provide access to SFTP servers.

  51.  */

  52. class SFTP extends Common {

  53. 	private $host;

  54. 	private $user;

  55. 	private $root;

  56. 	private $port = 22;

  57. 

  58. 	private $auth = [];

  59. 

  60. 	/**

  61. 	 * @var \phpseclib\Net\SFTP

  62. 	 */

  63. 	protected $client;

  64. 	private IMimeTypeDetector $mimeTypeDetector;

  65. 

  66. 	public const COPY_CHUNK_SIZE = 8 * 1024 * 1024;

  67. 

  68. 	/**

  69. 	 * @param string $host protocol://server:port

  70. 	 * @return array [$server, $port]

  71. 	 */

  72. 	private function splitHost($host) {

  73. 		$input = $host;

  74. 		if (!str_contains($host, '://')) {

  75. 			// add a protocol to fix parse_url behavior with ipv6

  76. 			$host = 'http://' . $host;

  77. 		}

  78. 

  79. 		$parsed = parse_url($host);

  80. 		if (is_array($parsed) && isset($parsed['port'])) {

  81. 			return [$parsed['host'], $parsed['port']];

  82. 		} elseif (is_array($parsed)) {

  83. 			return [$parsed['host'], 22];

  84. 		} else {

  85. 			return [$input, 22];

  86. 		}

  87. 	}

  88. 

  89. 	/**

  90. 	 * {@inheritdoc}

  91. 	 */

  92. 	public function __construct($params) {

  93. 		// Register sftp://

  94. 		Stream::register();

  95. 

  96. 		$parsedHost = $this->splitHost($params['host']);

  97. 

  98. 		$this->host = $parsedHost[0];

  99. 		$this->port = $parsedHost[1];

  100. 

  101. 		if (!isset($params['user'])) {

  102. 			throw new \UnexpectedValueException('no authentication parameters specified');

  103. 		}

  104. 		$this->user = $params['user'];

  105. 

  106. 		if (isset($params['public_key_auth'])) {

  107. 			$this->auth[] = $params['public_key_auth'];

  108. 		}

  109. 		if (isset($params['password']) && $params['password'] !== '') {

  110. 			$this->auth[] = $params['password'];

  111. 		}

  112. 

  113. 		if ($this->auth === []) {

  114. 			throw new \UnexpectedValueException('no authentication parameters specified');

  115. 		}

  116. 

  117. 		$this->root

  118. 			= isset($params['root']) ? $this->cleanPath($params['root']) : '/';

  119. 

  120. 		$this->root = '/' . ltrim($this->root, '/');

  121. 		$this->root = rtrim($this->root, '/') . '/';

  122. 		$this->mimeTypeDetector = \OC::$server->get(IMimeTypeDetector::class);

  123. 	}

  124. 

  125. 	/**

  126. 	 * Returns the connection.

  127. 	 *

  128. 	 * @return \phpseclib\Net\SFTP connected client instance

  129. 	 * @throws \Exception when the connection failed

  130. 	 */

  131. 	public function getConnection() {

  132. 		if (!is_null($this->client)) {

  133. 			return $this->client;

  134. 		}

  135. 

  136. 		$hostKeys = $this->readHostKeys();

  137. 		$this->client = new \phpseclib\Net\SFTP($this->host, $this->port);

  138. 

  139. 		// The SSH Host Key MUST be verified before login().

  140. 		$currentHostKey = $this->client->getServerPublicHostKey();

  141. 		if (array_key_exists($this->host, $hostKeys)) {

  142. 			if ($hostKeys[$this->host] !== $currentHostKey) {

  143. 				throw new \Exception('Host public key does not match known key');

  144. 			}

  145. 		} else {

  146. 			$hostKeys[$this->host] = $currentHostKey;

  147. 			$this->writeHostKeys($hostKeys);

  148. 		}

  149. 

  150. 		$login = false;

  151. 		foreach ($this->auth as $auth) {

  152. 			/** @psalm-suppress TooManyArguments */

  153. 			$login = $this->client->login($this->user, $auth);

  154. 			if ($login === true) {

  155. 				break;

  156. 			}

  157. 		}

  158. 

  159. 		if ($login === false) {

  160. 			throw new \Exception('Login failed');

  161. 		}

  162. 		return $this->client;

  163. 	}

  164. 

  165. 	/**

  166. 	 * {@inheritdoc}

  167. 	 */

  168. 	public function test() {

  169. 		if (

  170. 			!isset($this->host)

  171. 			|| !isset($this->user)

  172. 		) {

  173. 			return false;

  174. 		}

  175. 		return $this->getConnection()->nlist() !== false;

  176. 	}

  177. 

  178. 	/**

  179. 	 * {@inheritdoc}

  180. 	 */

  181. 	public function getId() {

  182. 		$id = 'sftp::' . $this->user . '@' . $this->host;

  183. 		if ($this->port !== 22) {

  184. 			$id .= ':' . $this->port;

  185. 		}

  186. 		// note: this will double the root slash,

  187. 		// we should not change it to keep compatible with

  188. 		// old storage ids

  189. 		$id .= '/' . $this->root;

  190. 		return $id;

  191. 	}

  192. 

  193. 	/**

  194. 	 * @return string

  195. 	 */

  196. 	public function getHost() {

  197. 		return $this->host;

  198. 	}

  199. 

  200. 	/**

  201. 	 * @return string

  202. 	 */

  203. 	public function getRoot() {

  204. 		return $this->root;

  205. 	}

  206. 

  207. 	/**

  208. 	 * @return mixed

  209. 	 */

  210. 	public function getUser() {

  211. 		return $this->user;

  212. 	}

  213. 

  214. 	/**

  215. 	 * @param string $path

  216. 	 * @return string

  217. 	 */

  218. 	private function absPath($path) {

  219. 		return $this->root . $this->cleanPath($path);

  220. 	}

  221. 

  222. 	/**

  223. 	 * @return string|false

  224. 	 */

  225. 	private function hostKeysPath() {

  226. 		try {

  227. 			$storage_view = \OCP\Files::getStorage('files_external');

  228. 			if ($storage_view) {

  229. 				return \OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') .

  230. 					$storage_view->getAbsolutePath('') .

  231. 					'ssh_hostKeys';

  232. 			}

  233. 		} catch (\Exception $e) {

  234. 		}

  235. 		return false;

  236. 	}

  237. 

  238. 	/**

  239. 	 * @param $keys

  240. 	 * @return bool

  241. 	 */

  242. 	protected function writeHostKeys($keys) {

  243. 		try {

  244. 			$keyPath = $this->hostKeysPath();

  245. 			if ($keyPath && file_exists($keyPath)) {

  246. 				$fp = fopen($keyPath, 'w');

  247. 				foreach ($keys as $host => $key) {

  248. 					fwrite($fp, $host . '::' . $key . "\n");

  249. 				}

  250. 				fclose($fp);

  251. 				return true;

  252. 			}

  253. 		} catch (\Exception $e) {

  254. 		}

  255. 		return false;

  256. 	}

  257. 

  258. 	/**

  259. 	 * @return array

  260. 	 */

  261. 	protected function readHostKeys() {

  262. 		try {

  263. 			$keyPath = $this->hostKeysPath();

  264. 			if (file_exists($keyPath)) {

  265. 				$hosts = [];

  266. 				$keys = [];

  267. 				$lines = file($keyPath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);

  268. 				if ($lines) {

  269. 					foreach ($lines as $line) {

  270. 						$hostKeyArray = explode("::", $line, 2);

  271. 						if (count($hostKeyArray) === 2) {

  272. 							$hosts[] = $hostKeyArray[0];

  273. 							$keys[] = $hostKeyArray[1];

  274. 						}

  275. 					}

  276. 					return array_combine($hosts, $keys);

  277. 				}

  278. 			}

  279. 		} catch (\Exception $e) {

  280. 		}

  281. 		return [];

  282. 	}

  283. 

  284. 	/**

  285. 	 * {@inheritdoc}

  286. 	 */

  287. 	public function mkdir($path) {

  288. 		try {

  289. 			return $this->getConnection()->mkdir($this->absPath($path));

  290. 		} catch (\Exception $e) {

  291. 			return false;

  292. 		}

  293. 	}

  294. 

  295. 	/**

  296. 	 * {@inheritdoc}

  297. 	 */

  298. 	public function rmdir($path) {

  299. 		try {

  300. 			$result = $this->getConnection()->delete($this->absPath($path), true);

  301. 			// workaround: stray stat cache entry when deleting empty folders

  302. 			// see https://github.com/phpseclib/phpseclib/issues/706

  303. 			$this->getConnection()->clearStatCache();

  304. 			return $result;

  305. 		} catch (\Exception $e) {

  306. 			return false;

  307. 		}

  308. 	}

  309. 

  310. 	/**

  311. 	 * {@inheritdoc}

  312. 	 */

  313. 	public function opendir($path) {

  314. 		try {

  315. 			$list = $this->getConnection()->nlist($this->absPath($path));

  316. 			if ($list === false) {

  317. 				return false;

  318. 			}

  319. 

  320. 			$id = md5('sftp:' . $path);

  321. 			$dirStream = [];

  322. 			foreach ($list as $file) {

  323. 				if ($file !== '.' && $file !== '..') {

  324. 					$dirStream[] = $file;

  325. 				}

  326. 			}

  327. 			return IteratorDirectory::wrap($dirStream);

  328. 		} catch (\Exception $e) {

  329. 			return false;

  330. 		}

  331. 	}

  332. 

  333. 	/**

  334. 	 * {@inheritdoc}

  335. 	 */

  336. 	public function filetype($path) {

  337. 		try {

  338. 			$stat = $this->getConnection()->stat($this->absPath($path));

  339. 			if (!is_array($stat) || !array_key_exists('type', $stat)) {

  340. 				return false;

  341. 			}

  342. 			if ((int) $stat['type'] === NET_SFTP_TYPE_REGULAR) {

  343. 				return 'file';

  344. 			}

  345. 

  346. 			if ((int) $stat['type'] === NET_SFTP_TYPE_DIRECTORY) {

  347. 				return 'dir';

  348. 			}

  349. 		} catch (\Exception $e) {

  350. 		}

  351. 		return false;

  352. 	}

  353. 

  354. 	/**

  355. 	 * {@inheritdoc}

  356. 	 */

  357. 	public function file_exists($path) {

  358. 		try {

  359. 			return $this->getConnection()->stat($this->absPath($path)) !== false;

  360. 		} catch (\Exception $e) {

  361. 			return false;

  362. 		}

  363. 	}

  364. 

  365. 	/**

  366. 	 * {@inheritdoc}

  367. 	 */

  368. 	public function unlink($path) {

  369. 		try {

  370. 			return $this->getConnection()->delete($this->absPath($path), true);

  371. 		} catch (\Exception $e) {

  372. 			return false;

  373. 		}

  374. 	}

  375. 

  376. 	/**

  377. 	 * {@inheritdoc}

  378. 	 */

  379. 	public function fopen($path, $mode) {

  380. 		try {

  381. 			$absPath = $this->absPath($path);

  382. 			$connection = $this->getConnection();

  383. 			switch ($mode) {

  384. 				case 'r':

  385. 				case 'rb':

  386. 					$stat = $this->stat($path);

  387. 					if (!$stat) {

  388. 						return false;

  389. 					}

  390. 					SFTPReadStream::register();

  391. 					$context = stream_context_create(['sftp' => ['session' => $connection, 'size' => $stat['size']]]);

  392. 					$handle = fopen('sftpread://' . trim($absPath, '/'), 'r', false, $context);

  393. 					return RetryWrapper::wrap($handle);

  394. 				case 'w':

  395. 				case 'wb':

  396. 					SFTPWriteStream::register();

  397. 					// the SFTPWriteStream doesn't go through the "normal" methods so it doesn't clear the stat cache.

  398. 					$connection->_remove_from_stat_cache($absPath);

  399. 					$context = stream_context_create(['sftp' => ['session' => $connection]]);

  400. 					return fopen('sftpwrite://' . trim($absPath, '/'), 'w', false, $context);

  401. 				case 'a':

  402. 				case 'ab':

  403. 				case 'r+':

  404. 				case 'w+':

  405. 				case 'wb+':

  406. 				case 'a+':

  407. 				case 'x':

  408. 				case 'x+':

  409. 				case 'c':

  410. 				case 'c+':

  411. 					$context = stream_context_create(['sftp' => ['session' => $connection]]);

  412. 					$handle = fopen($this->constructUrl($path), $mode, false, $context);

  413. 					return RetryWrapper::wrap($handle);

  414. 			}

  415. 		} catch (\Exception $e) {

  416. 		}

  417. 		return false;

  418. 	}

  419. 

  420. 	/**

  421. 	 * {@inheritdoc}

  422. 	 */

  423. 	public function touch($path, $mtime = null) {

  424. 		try {

  425. 			if (!is_null($mtime)) {

  426. 				return false;

  427. 			}

  428. 			if (!$this->file_exists($path)) {

  429. 				$this->getConnection()->put($this->absPath($path), '');

  430. 			} else {

  431. 				return false;

  432. 			}

  433. 		} catch (\Exception $e) {

  434. 			return false;

  435. 		}

  436. 		return true;

  437. 	}

  438. 

  439. 	/**

  440. 	 * @param string $path

  441. 	 * @param string $target

  442. 	 * @throws \Exception

  443. 	 */

  444. 	public function getFile($path, $target) {

  445. 		$this->getConnection()->get($path, $target);

  446. 	}

  447. 

  448. 	/**

  449. 	 * {@inheritdoc}

  450. 	 */

  451. 	public function rename($source, $target) {

  452. 		try {

  453. 			if ($this->file_exists($target)) {

  454. 				$this->unlink($target);

  455. 			}

  456. 			return $this->getConnection()->rename(

  457. 				$this->absPath($source),

  458. 				$this->absPath($target)

  459. 			);

  460. 		} catch (\Exception $e) {

  461. 			return false;

  462. 		}

  463. 	}

  464. 

  465. 	/**

  466. 	 * @return array{mtime: int, size: int, ctime: int}|false

  467. 	 */

  468. 	public function stat($path) {

  469. 		try {

  470. 			$stat = $this->getConnection()->stat($this->absPath($path));

  471. 

  472. 			$mtime = $stat ? (int)$stat['mtime'] : -1;

  473. 			$size = $stat ? (int)$stat['size'] : 0;

  474. 

  475. 			return ['mtime' => $mtime, 'size' => $size, 'ctime' => -1];

  476. 		} catch (\Exception $e) {

  477. 			return false;

  478. 		}

  479. 	}

  480. 

  481. 	/**

  482. 	 * @param string $path

  483. 	 * @return string

  484. 	 */

  485. 	public function constructUrl($path) {

  486. 		// Do not pass the password here. We want to use the Net_SFTP object

  487. 		// supplied via stream context or fail. We only supply username and

  488. 		// hostname because this might show up in logs (they are not used).

  489. 		$url = 'sftp://' . urlencode($this->user) . '@' . $this->host . ':' . $this->port . $this->root . $path;

  490. 		return $url;

  491. 	}

  492. 

  493. 	public function file_put_contents($path, $data) {

  494. 		/** @psalm-suppress InternalMethod */

  495. 		$result = $this->getConnection()->put($this->absPath($path), $data);

  496. 		if ($result) {

  497. 			return strlen($data);

  498. 		} else {

  499. 			return false;

  500. 		}

  501. 	}

  502. 

  503. 	public function writeStream(string $path, $stream, ?int $size = null): int {

  504. 		if ($size === null) {

  505. 			$stream = CountWrapper::wrap($stream, function (int $writtenSize) use (&$size) {

  506. 				$size = $writtenSize;

  507. 			});

  508. 			if (!$stream) {

  509. 				throw new \Exception("Failed to wrap stream");

  510. 			}

  511. 		}

  512. 		/** @psalm-suppress InternalMethod */

  513. 		$result = $this->getConnection()->put($this->absPath($path), $stream);

  514. 		fclose($stream);

  515. 		if ($result) {

  516. 			return $size;

  517. 		} else {

  518. 			throw new \Exception("Failed to write steam to sftp storage");

  519. 		}

  520. 	}

  521. 

  522. 	public function copy($source, $target) {

  523. 		if ($this->is_dir($source) || $this->is_dir($target)) {

  524. 			return parent::copy($source, $target);

  525. 		} else {

  526. 			$absSource = $this->absPath($source);

  527. 			$absTarget = $this->absPath($target);

  528. 

  529. 			$connection = $this->getConnection();

  530. 			$size = $connection->size($absSource);

  531. 			if ($size === false) {

  532. 				return false;

  533. 			}

  534. 			for ($i = 0; $i < $size; $i += self::COPY_CHUNK_SIZE) {

  535. 				/** @psalm-suppress InvalidArgument */

  536. 				$chunk = $connection->get($absSource, false, $i, self::COPY_CHUNK_SIZE);

  537. 				if ($chunk === false) {

  538. 					return false;

  539. 				}

  540. 				/** @psalm-suppress InternalMethod */

  541. 				if (!$connection->put($absTarget, $chunk, \phpseclib\Net\SFTP::SOURCE_STRING, $i)) {

  542. 					return false;

  543. 				}

  544. 			}

  545. 			return true;

  546. 		}

  547. 	}

  548. 

  549. 	public function getPermissions($path) {

  550. 		$stat = $this->getConnection()->stat($this->absPath($path));

  551. 		if (!$stat) {

  552. 			return 0;

  553. 		}

  554. 		if ($stat['type'] === NET_SFTP_TYPE_DIRECTORY) {

  555. 			return Constants::PERMISSION_ALL;

  556. 		} else {

  557. 			return Constants::PERMISSION_ALL - Constants::PERMISSION_CREATE;

  558. 		}

  559. 	}

  560. 

  561. 	public function getMetaData($path) {

  562. 		$stat = $this->getConnection()->stat($this->absPath($path));

  563. 		if (!$stat) {

  564. 			return null;

  565. 		}

  566. 

  567. 		if ($stat['type'] === NET_SFTP_TYPE_DIRECTORY) {

  568. 			$stat['permissions'] = Constants::PERMISSION_ALL;

  569. 		} else {

  570. 			$stat['permissions'] = Constants::PERMISSION_ALL - Constants::PERMISSION_CREATE;

  571. 		}

  572. 

  573. 		if ($stat['type'] === NET_SFTP_TYPE_DIRECTORY) {

  574. 			$stat['size'] = -1;

  575. 			$stat['mimetype'] = FileInfo::MIMETYPE_FOLDER;

  576. 		} else {

  577. 			$stat['mimetype'] = $this->mimeTypeDetector->detectPath($path);

  578. 		}

  579. 

  580. 		$stat['etag'] = $this->getETag($path);

  581. 		$stat['storage_mtime'] = $stat['mtime'];

  582. 		$stat['name'] = basename($path);

  583. 

  584. 		$keys = ['size', 'mtime', 'mimetype', 'etag', 'storage_mtime', 'permissions', 'name'];

  585. 		return array_intersect_key($stat, array_flip($keys));

  586. 	}

  587. }