NTFS Support for Filebrowser
| Project: | Filebrowser |
| Version: | 6.x-2.x-dev |
| Component: | Miscellaneous |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Hi there ...
well my first contribution to this great module is here. NTFS support for directory listing.
It's more a very dirty hackm than a nice solution, but it shows what would be possible.
I needed following things to be checked against NTFS:
1.) Browsing the structure without seeing the folders I'm not allowed.
2.) Securing folders from URL - Hijacking
3.) Securing file-download from URL - Hijacking
So what I did is as follows.
I have Drupal-Roles which are named exactly as my active-dir roles for NTFS permissions.
Now whenever I need to check something, i start an app called "showacls.exe" which is included in the
WindowsServerRessource Kit and ask for the ACLS of the specified folder.
If folder has general access or any group of my user is allowed for that folder than following function returns
true otherwise false.
function _checkNTFS($folder)
{
global $user;
unset($temp);
exec("c:\\showacls ".str_replace("/", "\\", $folder), $temp);
if(preg_grep("/MYDOMAINCONTROLLER\\\\MYGENEREAL GROUP/", $temp))
{
return true;
}
foreach($user->roles as $u_role)
{
if(preg_grep("/MYDOMAINCONTROLLER\\\\".$u_role."/", $temp))
{
return true;
}
}
return false;
}Now I can use this function everywhere i need ... lets say in
function filebrowser_init() {
to prevent downloading the file If I havent enough permissions
or in filebrowser_view()
to simply remove $folders which are secured and not visible for the current user
or in theme_filebrowser_dir_listing()
to prevent from URL hijacking and beeing able to see the folder through manipulating the URL
Hope this helps out
again Filebrowser is a very nice module and I'm happy to use it.
P.S.: Sorry that I havent added a patch, but my filebrowser.module has so much specific code
that creating a nice patch would be an enourmous task :)
Greetings
Zewa