dont show smb file/folder if read permissions is denied by acl

Signed-off-by: Robin Appelman <robin@icewind.nl>

apps/files_external/3rdparty/composer.json

@@ -9,6 +9,6 @@
 	},
 	"require": {
 		"icewind/streams": "0.7.1",
-		"icewind/smb": "3.1.1"
+		"icewind/smb": "3.2.0"
 	}
 }

apps/files_external/3rdparty/composer/autoload_classmap.php

@@ -6,6 +6,7 @@
 $baseDir = $vendorDir;
 
 return array(
+    'Icewind\\SMB\\ACL' => $vendorDir . '/icewind/smb/src/ACL.php',
     'Icewind\\SMB\\AbstractServer' => $vendorDir . '/icewind/smb/src/AbstractServer.php',
     'Icewind\\SMB\\AbstractShare' => $vendorDir . '/icewind/smb/src/AbstractShare.php',
     'Icewind\\SMB\\AnonymousAuth' => $vendorDir . '/icewind/smb/src/AnonymousAuth.php',

apps/files_external/3rdparty/composer/autoload_static.php

@@ -36,6 +36,7 @@ class ComposerStaticInit98fe9b281934250b3a93f69a5ce843b3
     );
 
     public static $classMap = array (
+        'Icewind\\SMB\\ACL' => __DIR__ . '/..' . '/icewind/smb/src/ACL.php',
         'Icewind\\SMB\\AbstractServer' => __DIR__ . '/..' . '/icewind/smb/src/AbstractServer.php',
         'Icewind\\SMB\\AbstractShare' => __DIR__ . '/..' . '/icewind/smb/src/AbstractShare.php',
         'Icewind\\SMB\\AnonymousAuth' => __DIR__ . '/..' . '/icewind/smb/src/AnonymousAuth.php',

apps/files_external/3rdparty/composer/installed.json

@@ -1,28 +1,28 @@
 [
     {
         "name": "icewind/smb",
-        "version": "v3.1.1",
-        "version_normalized": "3.1.1.0",
+        "version": "v3.2.0",
+        "version_normalized": "3.2.0.0",
         "source": {
             "type": "git",
             "url": "https://github.com/icewind1991/SMB.git",
-            "reference": "26b7b8780342d0e61313b464b880d50a2ea898e2"
+            "reference": "63319ec68b0fe54b606977bad489367f1b78ca98"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/icewind1991/SMB/zipball/26b7b8780342d0e61313b464b880d50a2ea898e2",
-            "reference": "26b7b8780342d0e61313b464b880d50a2ea898e2",
+            "url": "https://api.github.com/repos/icewind1991/SMB/zipball/63319ec68b0fe54b606977bad489367f1b78ca98",
+            "reference": "63319ec68b0fe54b606977bad489367f1b78ca98",
             "shasum": ""
         },
         "require": {
             "icewind/streams": ">=0.2.0",
-            "php": ">=5.6"
+            "php": ">=7.1"
         },
         "require-dev": {
             "friendsofphp/php-cs-fixer": "^2.13",
-            "phpunit/phpunit": "^5.7"
+            "phpunit/phpunit": "^7.0"
         },
-        "time": "2019-03-04T15:02:42+00:00",
+        "time": "2020-02-10T15:22:31+00:00",
         "type": "library",
         "installation-source": "dist",
         "autoload": {

apps/files_external/3rdparty/icewind/smb/.gitignore

@@ -2,4 +2,5 @@
 vendor
 composer.lock
 .php_cs.cache
-
+listen.php
+test.php

apps/files_external/3rdparty/icewind/smb/README.md

@@ -26,7 +26,7 @@ use Icewind\SMB\BasicAuth;
 require('vendor/autoload.php');
 
 $serverFactory = new ServerFactory();
-$auth = new BasicAuth('test', 'workgroup', 'test');
+$auth = new BasicAuth('user', 'workgroup', 'password');
 $server = $serverFactory->createServer('localhost', $auth);
 
 $share = $server->getShare('test');

apps/files_external/3rdparty/icewind/smb/composer.json

@@ -9,11 +9,11 @@
 		}
 	],
 	"require"          : {
-		"php": ">=5.6",
+		"php": ">=7.1",
 		"icewind/streams": ">=0.2.0"
 	},
 	"require-dev": {
-		"phpunit/phpunit": "^5.7",
+		"phpunit/phpunit": "^7.0",
 		"friendsofphp/php-cs-fixer": "^2.13"
 	},
 	"autoload"         : {

apps/files_external/3rdparty/icewind/smb/src/ACL.php

@@ -0,0 +1,81 @@
+<?php declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2020 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Icewind\SMB;
+
+class ACL {
+	const TYPE_ALLOW = 0;
+	const TYPE_DENY = 1;
+
+	const MASK_READ = 0x0001;
+	const MASK_WRITE = 0x0002;
+	const MASK_EXECUTE = 0x00020;
+	const MASK_DELETE = 0x10000;
+
+	const FLAG_OBJECT_INHERIT = 0x1;
+	const FLAG_CONTAINER_INHERIT = 0x2;
+
+	private $type;
+	private $flags;
+	private $mask;
+
+	public function __construct(int $type, int $flags, int $mask) {
+		$this->type = $type;
+		$this->flags = $flags;
+		$this->mask = $mask;
+	}
+
+	/**
+	 * Check if the acl allows a specific permissions
+	 *
+	 * Note that this does not take inherited acls into account
+	 *
+	 * @param int $mask one of the ACL::MASK_* constants
+	 * @return bool
+	 */
+	public function allows(int $mask): bool {
+		return $this->type === self::TYPE_ALLOW && ($this->mask & $mask) === $mask;
+	}
+
+	/**
+	 * Check if the acl allows a specific permissions
+	 *
+	 * Note that this does not take inherited acls into account
+	 *
+	 * @param int $mask one of the ACL::MASK_* constants
+	 * @return bool
+	 */
+	public function denies(int $mask): bool {
+		return $this->type === self::TYPE_DENY && ($this->mask & $mask) === $mask;
+	}
+
+	public function getType(): int {
+		return $this->type;
+	}
+
+	public function getFlags(): int {
+		return $this->flags;
+	}
+
+	public function getMask(): int {
+		return $this->mask;
+	}
+}

apps/files_external/3rdparty/icewind/smb/src/IFileInfo.php

@@ -65,4 +65,9 @@ public function isSystem();
 	 * @return bool
 	 */
 	public function isArchived();
+
+	/**
+	 * @return ACL[]
+	 */
+	public function getAcls(): array;
 }

apps/files_external/3rdparty/icewind/smb/src/ISystem.php

@@ -48,6 +48,13 @@ public function getSmbclientPath();
 	 */
 	public function getNetPath();
 
+	/**
+	 * Get the full path to the `smbcacls` binary of false if the binary is not available
+	 *
+	 * @return string|bool
+	 */
+	public function getSmbcAclsPath();
+
 	/**
 	 * Get the full path to the `stdbuf` binary of false if the binary is not available
 	 *

apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php

@@ -7,6 +7,7 @@
 
 namespace Icewind\SMB\Native;
 
+use Icewind\SMB\ACL;
 use Icewind\SMB\IFileInfo;
 
 class NativeFileInfo implements IFileInfo {
@@ -151,4 +152,22 @@ public function isArchived() {
 		$mode = $this->getMode();
 		return (bool)($mode & IFileInfo::MODE_ARCHIVE);
 	}
+
+	/**
+	 * @return ACL[]
+	 */
+	public function getAcls(): array {
+		$acls = [];
+		$attribute = $this->share->getAttribute($this->path, 'system.nt_sec_desc.acl.*+');
+
+		foreach (explode(',', $attribute) as $acl) {
+			[$user, $permissions] = explode(':', $acl, 2);
+			[$type, $flags, $mask] = explode('/', $permissions);
+			$mask = hexdec($mask);
+
+			$acls[$user] = new ACL($type, $flags, $mask);
+		}
+
+		return $acls;
+	}
 }

apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php

@@ -223,6 +223,12 @@ public function get($source, $target) {
 		if (!$target) {
 			throw new InvalidPathException('Invalid target path: Filename cannot be empty');
 		}
+
+		$sourceHandle = $this->getState()->open($this->buildUrl($source), 'r');
+		if (!$sourceHandle) {
+			throw new InvalidResourceException('Failed opening remote file "' . $source . '" for reading');
+		}
+
 		$targetHandle = @fopen($target, 'wb');
 		if (!$targetHandle) {
 			$error = error_get_last();
@@ -231,15 +237,10 @@ public function get($source, $target) {
 			} else {
 				$reason = 'Unknown error';
 			}
+			$this->getState()->close($sourceHandle);
 			throw new InvalidResourceException('Failed opening local file "' . $target . '" for writing: ' . $reason);
 		}
 
-		$sourceHandle = $this->getState()->open($this->buildUrl($source), 'r');
-		if (!$sourceHandle) {
-			fclose($targetHandle);
-			throw new InvalidResourceException('Failed opening remote file "' . $source . '" for reading');
-		}
-
 		while ($data = $this->getState()->read($sourceHandle, NativeReadStream::CHUNK_SIZE)) {
 			fwrite($targetHandle, $data);
 		}
@@ -289,7 +290,7 @@ public function write($source) {
 	 */
 	public function append($source) {
 		$url = $this->buildUrl($source);
-		$handle = $this->getState()->open($url, "a");
+		$handle = $this->getState()->open($url, "a+");
 		return NativeWriteStream::wrap($this->getState(), $handle, "a", $url);
 	}
 

apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php

@@ -9,6 +9,7 @@
 
 use Icewind\SMB\Exception\AlreadyExistsException;
 use Icewind\SMB\Exception\ConnectionRefusedException;
+use Icewind\SMB\Exception\ConnectionResetException;
 use Icewind\SMB\Exception\Exception;
 use Icewind\SMB\Exception\FileInUseException;
 use Icewind\SMB\Exception\ForbiddenException;
@@ -48,6 +49,7 @@ class NativeState {
 		22  => InvalidArgumentException::class,
 		28  => OutOfSpaceException::class,
 		39  => NotEmptyException::class,
+		104 => ConnectionResetException::class,
 		110 => TimedOutException::class,
 		111 => ConnectionRefusedException::class,
 		112 => HostDownException::class,

apps/files_external/3rdparty/icewind/smb/src/System.php

@@ -41,6 +41,10 @@ public function getNetPath() {
 		return $this->getBinaryPath('net');
 	}
 
+	public function getSmbcAclsPath() {
+		return $this->getBinaryPath('smbcacls');
+	}
+
 	public function getStdBufPath() {
 		return $this->getBinaryPath('stdbuf');
 	}

apps/files_external/3rdparty/icewind/smb/src/Wrapped/FileInfo.php

@@ -7,6 +7,7 @@
 
 namespace Icewind\SMB\Wrapped;
 
+use Icewind\SMB\ACL;
 use Icewind\SMB\IFileInfo;
 
 class FileInfo implements IFileInfo {
@@ -35,19 +36,26 @@ class FileInfo implements IFileInfo {
 	 */
 	protected $mode;
 
+	/**
+	 * @var callable
+	 */
+	protected $aclCallback;
+
 	/**
 	 * @param string $path
 	 * @param string $name
 	 * @param int $size
 	 * @param int $time
 	 * @param int $mode
+	 * @param callable $aclCallback
 	 */
-	public function __construct($path, $name, $size, $time, $mode) {
+	public function __construct($path, $name, $size, $time, $mode, callable $aclCallback) {
 		$this->path = $path;
 		$this->name = $name;
 		$this->size = $size;
 		$this->time = $time;
 		$this->mode = $mode;
+		$this->aclCallback = $aclCallback;
 	}
 
 	/**
@@ -112,4 +120,11 @@ public function isSystem() {
 	public function isArchived() {
 		return (bool)($this->mode & IFileInfo::MODE_ARCHIVE);
 	}
+
+	/**
+	 * @return ACL[]
+	 */
+	public function getAcls(): array {
+		return ($this->aclCallback)();
+	}
 }