[Pkg-owncloud-commits] [owncloud] 47/273: Prevent running the files:scan command as the wrong user
David Prévot
taffit at moszumanska.debian.org
Fri Jul 4 03:12:56 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud.
commit 9a2ed86672d5d7a162263448070ed1c562ef2515
Author: Robin Appelman <icewind at owncloud.com>
Date: Wed Jun 25 15:22:49 2014 +0200
Prevent running the files:scan command as the wrong user
---
apps/files/command/scan.php | 31 ++++++++++++++++++-------------
lib/private/files/utils/scanner.php | 11 ++++++++++-
2 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/apps/files/command/scan.php b/apps/files/command/scan.php
index 25ab70a..5927e41 100644
--- a/apps/files/command/scan.php
+++ b/apps/files/command/scan.php
@@ -9,6 +9,7 @@
namespace OCA\Files\Command;
+use OC\ForbiddenException;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
@@ -32,28 +33,32 @@ class Scan extends Command {
->setName('files:scan')
->setDescription('rescan filesystem')
->addArgument(
- 'user_id',
- InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
- 'will rescan all files of the given user(s)'
- )
+ 'user_id',
+ InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
+ 'will rescan all files of the given user(s)'
+ )
->addOption(
- 'all',
- null,
- InputOption::VALUE_NONE,
- 'will rescan all files of all known users'
- )
- ;
+ 'all',
+ null,
+ InputOption::VALUE_NONE,
+ 'will rescan all files of all known users'
+ );
}
protected function scanFiles($user, OutputInterface $output) {
$scanner = new \OC\Files\Utils\Scanner($user);
- $scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function($path) use ($output) {
+ $scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function ($path) use ($output) {
$output->writeln("Scanning <info>$path</info>");
});
- $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function($path) use ($output) {
+ $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
$output->writeln("Scanning <info>$path</info>");
});
- $scanner->scan('');
+ try {
+ $scanner->scan('');
+ } catch (ForbiddenException $e) {
+ $output->writeln("<error>Home storage for user $user not writable</error>");
+ $output->writeln("Make sure you're running the scan command only as the user the web server runs as");
+ }
}
protected function execute(InputInterface $input, OutputInterface $output) {
diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php
index 1bb3e69..c2fabf5 100644
--- a/lib/private/files/utils/scanner.php
+++ b/lib/private/files/utils/scanner.php
@@ -11,6 +11,7 @@ namespace OC\Files\Utils;
use OC\Files\View;
use OC\Files\Cache\ChangePropagator;
use OC\Files\Filesystem;
+use OC\ForbiddenException;
use OC\Hooks\PublicEmitter;
/**
@@ -104,6 +105,7 @@ class Scanner extends PublicEmitter {
/**
* @param string $dir
+ * @throws \OC\ForbiddenException
*/
public function scan($dir) {
$mounts = $this->getMounts($dir);
@@ -111,7 +113,14 @@ class Scanner extends PublicEmitter {
if (is_null($mount->getStorage())) {
continue;
}
- $scanner = $mount->getStorage()->getScanner();
+ $storage = $mount->getStorage();
+ // if the home storage isn't writable then the scanner is run as the wrong user
+ if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
+ (!$storage->isCreatable('') or !$storage->isCreatable('files'))
+ ) {
+ throw new ForbiddenException();
+ }
+ $scanner = $storage->getScanner();
$this->attachListener($mount);
$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list