#609728 by dww and JacobSingh: Skip authorize.php step in update manager if webroot files are owned by the httpd user.

2 files changed, 138 insertions, 4 deletions

diff --git a/includes/filetransfer/local.inc b/includes/filetransfer/local.inc
new file mode 100644
index 000000000..268735077
--- /dev/null
+++ b/includes/filetransfer/local.inc
@@ -0,0 +1,77 @@
+<?php
+// $Id$
+
+/**
+ * The local connection class for copying files as the httpd user.
+ */
+class FileTransferLocal extends FileTransfer implements FileTransferChmodInterface {
+
+  function connect() {
+    // No-op.
+  }
+
+  static function factory($jail, $settings) {
+    return new FileTransferLocal($jail);
+  }
+
+  protected function copyFileJailed($source, $destination) {
+    if (@!copy($source, $destination)) {
+      throw new FileTransferException('Cannot copy %source to %destination.', NULL, array('%source' => $source, '%destination' => $destination));
+    }
+  }
+
+  protected function createDirectoryJailed($directory) {
+    if (!is_dir($directory) && @!mkdir($directory, 0777, TRUE)) {
+      throw new FileTransferException('Cannot create directory %directory.', NULL, array('%directory' => $directory));
+    }
+  }
+
+  protected function removeDirectoryJailed($directory) {
+    if (!is_dir($directory)) {
+      // Programmer error assertion, not something we expect users to see.
+      throw new FileTransferException('removeDirectoryJailed() called with a path (%directory) that is not a directory.', NULL, array('%directory' => $directory));
+    }
+    foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory), RecursiveIteratorIterator::CHILD_FIRST) as $filename => $file) {
+      if ($file->isDir()) {
+        if (@!rmdir($filename)) {
+          throw new FileTransferException('Cannot remove directory %directory.', NULL, array('%directory' => $filename));
+        }
+      }
+      elseif ($file->isFile()) {
+        if (@!unlink($filename)) {
+          throw new FileTransferException('Cannot remove file %file.', NULL, array('%file' => $filename));
+        }
+      }
+    }
+    if (@!rmdir($directory)) {
+      throw new FileTransferException('Cannot remove directory %directory.', NULL, array('%directory' => $directory));
+    }
+  }
+
+  protected function removeFileJailed($file) {
+    if (@!unlink($file)) {
+      throw new FileTransferException('Cannot remove file %file.', NULL, array('%file' => $file));
+    }
+  }
+  
+  public function isDirectory($path) {
+    return is_dir($path);
+  }
+
+  public function isFile($path) {
+    return is_file($path);
+  }
+
+  public function chmodJailed($path, $mode, $recursive) {
+    if ($recursive && is_dir($path)) {
+      foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST) as $filename => $file) {
+        if (@!chmod($filename, $mode)) {
+          throw new FileTransferException('Cannot chmod %path.', NULL, array('%path' => $filename));
+        }
+      }
+    }
+    elseif (@!chmod($path, $mode)) {
+      throw new FileTransferException('Cannot chmod %path.', NULL, array('%path' => $path));
+    }
+  }
+}
diff --git a/modules/update/update.manager.inc b/modules/update/update.manager.inc
index 092025c4b..1fb3c99cf 100644
--- a/modules/update/update.manager.inc
+++ b/modules/update/update.manager.inc
@@ -418,14 +418,20 @@ function update_manager_confirm_update_form_submit($form, &$form_state) {
     foreach ($projects as $project => $url) {
       $project_location = $directory . '/' . $project;
       $updater = Updater::factory($project_location);
+      $project_real_location = drupal_realpath($project_location);
       $updates[] = array(
         'project' => $project,
         'updater_name' => get_class($updater),
-        'local_url' => drupal_realpath($project_location),
+        'local_url' => $project_real_location,
       );
     }
 
-    system_run_authorized('update_authorize_run_update', drupal_get_path('module', 'update') . '/update.authorize.inc', array($updates));
+    // Finally, trigger the next step in the workflow, which will either
+    // redirect to authorize.php to prompt for FTP/SSH credentials, or to
+    // directly trigger the updates via Batch API if the install location
+    // (e.g. sites/default) is already owned by the same UID that the web
+    // server is running as.
+    _update_manager_run_authorized('update_authorize_run_update', $updates, $project_real_location);
   }
 }
 
@@ -579,13 +585,19 @@ function update_manager_install_form_submit($form, &$form_state) {
     return;
   }
   
+  $project_real_location = drupal_realpath($project_location);
   $arguments = array(
     'project' => $project,
     'updater_name' => get_class($updater),
-    'local_url' => drupal_realpath($project_location),
+    'local_url' => $project_real_location,
   );
 
-  return system_run_authorized('update_authorize_run_install', drupal_get_path('module', 'update') . '/update.authorize.inc', $arguments);
+  // Finally, trigger the next step in the workflow, which will either
+  // redirect to authorize.php to prompt for FTP/SSH credentials, or to
+  // directly trigger the updates via Batch API if the install location
+  // (e.g. sites/default) is already owned by the same UID that the web
+  // server is running as.
+  _update_manager_run_authorized('update_authorize_run_install', $arguments, $project_real_location);
 }
 
 /**
@@ -598,6 +610,51 @@ function update_manager_install_form_submit($form, &$form_state) {
  */
 
 /**
+ * Run a given Update manager operation with elevated file access permissions.
+ *
+ * If the files we just extracted are owned by the same UID as the owner of
+ * our configuration directory (e.g. sites/default) where we're trying to
+ * install the code, there's no need to prompt for FTP/SSH credentials.
+ * Instead, we instantiate a FileTransferLocal and invoke the operation
+ * directly.
+ *
+ * Otherwise, we go through the regular authorize.php workflow to prompt for
+ * FTP/SSH credentials and invoke the operation indirectly with whatever
+ * FileTransfer object authorize.php creates for us.
+ *
+ * @param $operation
+ *   The name of the operation callback to invoke.
+ * @param $arguments
+ *   Arguments to pass to the operation callback.
+ * @param $extracted_path
+ *   The full path to a project we just extracted to compare ownership.
+ */
+function _update_manager_run_authorized($operation, $arguments, $extracted_path) {
+  if (fileowner($extracted_path) == fileowner(conf_path())) {
+    module_load_include('inc', 'update', 'update.authorize');
+    $filetransfer = new FileTransferLocal(DRUPAL_ROOT);
+    switch ($operation) {
+      case 'update_authorize_run_update':
+        update_authorize_run_update($filetransfer, $arguments);
+        break;
+
+      case 'update_authorize_run_install':
+        call_user_func_array('update_authorize_run_install', array_merge(array($filetransfer), $arguments));
+        break;
+    }
+  }
+  else {
+    // update_authorize_run_update() expects a nested array, and the way
+    // authorize.php invokes our callback we need to wrap our arguments in an
+    // array here.
+    if ($operation == 'update_authorize_run_update') {
+      $arguments = array($arguments);
+    }
+    system_run_authorized($operation, drupal_get_path('module', 'update') . '/update.authorize.inc', $arguments);
+  }
+}
+
+/**
  * Return the directory where update archive files should be extracted.
  *
  * If the directory does not already exist, attempt to create it.