1 files changed, 69 insertions, 0 deletions
diff --git a/bzrlib/transport/chroot.py b/bzrlib/transport/chroot.py
new file mode 100644
index 0000000..cc8b0ac
--- /dev/null
+++ b/bzrlib/transport/chroot.py
@@ -0,0 +1,69 @@
+# Copyright (C) 2006-2010 Canonical Ltd
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+"""Implementation of Transport that prevents access to locations above a set
+root.
+"""
+
+from __future__ import absolute_import
+
+from bzrlib.transport import (
+    pathfilter,
+    register_transport,
+    )
+
+
+class ChrootServer(pathfilter.PathFilteringServer):
+    """User space 'chroot' facility.
+
+    The server's get_url returns the url for a chroot transport mapped to the
+    backing transport. The url is of the form chroot-xxx:/// so parent
+    directories of the backing transport are not visible. The chroot url will
+    not allow '..' sequences to result in requests to the chroot affecting
+    directories outside the backing transport.
+
+    PathFilteringServer does all the path sanitation needed to enforce a
+    chroot, so this is a simple subclass of PathFilteringServer that ignores
+    filter_func.
+    """
+
+    def __init__(self, backing_transport):
+        pathfilter.PathFilteringServer.__init__(self, backing_transport, None)
+
+    def _factory(self, url):
+        return ChrootTransport(self, url)
+
+    def start_server(self):
+        self.scheme = 'chroot-%d:///' % id(self)
+        register_transport(self.scheme, self._factory)
+
+
+class ChrootTransport(pathfilter.PathFilteringTransport):
+    """A ChrootTransport.
+
+    Please see ChrootServer for details.
+    """
+
+    def _filter(self, relpath):
+        # A simplified version of PathFilteringTransport's _filter that omits
+        # the call to self.server.filter_func.
+        return self._relpath_from_server_root(relpath)
+
+
+def get_test_permutations():
+    """Return the permutations to be used in testing."""
+    from bzrlib.tests import test_server
+    return [(ChrootTransport, test_server.TestingChrootServer)]