Excludes not writable app roots from the directory permission check
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
This commit is contained in:
parent
ebcfe33d0d
commit
3f790bb85b
|
@ -542,16 +542,11 @@ Raw output
|
||||||
$appDirsWithDifferentOwner = [];
|
$appDirsWithDifferentOwner = [];
|
||||||
|
|
||||||
foreach (OC::$APPSROOTS as $appRoot) {
|
foreach (OC::$APPSROOTS as $appRoot) {
|
||||||
$appsPath = $appRoot['path'];
|
if ($appRoot['writable'] === true) {
|
||||||
$appsDir = new DirectoryIterator($appRoot['path']);
|
$appDirsWithDifferentOwner = array_merge(
|
||||||
foreach ($appsDir as $fileInfo) {
|
$appDirsWithDifferentOwner,
|
||||||
if ($fileInfo->isDir() && !$fileInfo->isDot()) {
|
$this->getAppDirsWithDifferentOwnerForAppRoot($currentUser, $appRoot)
|
||||||
$absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
|
);
|
||||||
$appDirUser = posix_getpwuid(fileowner($absAppPath));
|
|
||||||
if ($appDirUser !== $currentUser) {
|
|
||||||
$appDirsWithDifferentOwner[] = $absAppPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -559,6 +554,31 @@ Raw output
|
||||||
return $appDirsWithDifferentOwner;
|
return $appDirsWithDifferentOwner;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests if the directories for one apps directory are writable by the current user.
|
||||||
|
*
|
||||||
|
* @param array $currentUser The current user
|
||||||
|
* @param array $appRoot The app root config
|
||||||
|
* @return string[] The none writable directory paths inside the app root
|
||||||
|
*/
|
||||||
|
private function getAppDirsWithDifferentOwnerForAppRoot(array $currentUser, array $appRoot): array {
|
||||||
|
$appDirsWithDifferentOwner = [];
|
||||||
|
$appsPath = $appRoot['path'];
|
||||||
|
$appsDir = new DirectoryIterator($appRoot['path']);
|
||||||
|
|
||||||
|
foreach ($appsDir as $fileInfo) {
|
||||||
|
if ($fileInfo->isDir() && !$fileInfo->isDot()) {
|
||||||
|
$absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
|
||||||
|
$appDirUser = posix_getpwuid(fileowner($absAppPath));
|
||||||
|
if ($appDirUser !== $currentUser) {
|
||||||
|
$appDirsWithDifferentOwner[] = $absAppPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $appDirsWithDifferentOwner;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return DataResponse
|
* @return DataResponse
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -629,6 +629,27 @@ class CheckSetupControllerTest extends TestCase {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calls the check for a none existing app root that is marked as not writable.
|
||||||
|
* It's expected that no error happens since the check shouldn't apply.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function testAppDirectoryOwnersNotWritable() {
|
||||||
|
$tempDir = tempnam(sys_get_temp_dir(), 'apps') . 'dir';
|
||||||
|
OC::$APPSROOTS = [
|
||||||
|
[
|
||||||
|
'path' => $tempDir,
|
||||||
|
'url' => '/apps',
|
||||||
|
'writable' => false,
|
||||||
|
],
|
||||||
|
];
|
||||||
|
$this->assertSame(
|
||||||
|
[],
|
||||||
|
$this->invokePrivate($this->checkSetupController, 'getAppDirsWithDifferentOwner')
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
public function testIsBuggyNss400() {
|
public function testIsBuggyNss400() {
|
||||||
$this->config->expects($this->any())
|
$this->config->expects($this->any())
|
||||||
->method('getSystemValue')
|
->method('getSystemValue')
|
||||||
|
|
Loading…
Reference in New Issue