Prevent running the files:scan command as the wrong user

This commit is contained in:
Robin Appelman 2014-06-25 15:22:49 +02:00
parent b1116880f8
commit 9a2ed86672
2 changed files with 28 additions and 14 deletions

View File

@ -9,6 +9,7 @@
namespace OCA\Files\Command; namespace OCA\Files\Command;
use OC\ForbiddenException;
use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputInterface;
@ -41,8 +42,7 @@ class Scan extends Command {
null, null,
InputOption::VALUE_NONE, InputOption::VALUE_NONE,
'will rescan all files of all known users' 'will rescan all files of all known users'
) );
;
} }
protected function scanFiles($user, OutputInterface $output) { protected function scanFiles($user, OutputInterface $output) {
@ -53,7 +53,12 @@ class Scan extends Command {
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) { $scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
$output->writeln("Scanning <info>$path</info>"); $output->writeln("Scanning <info>$path</info>");
}); });
try {
$scanner->scan(''); $scanner->scan('');
} catch (ForbiddenException $e) {
$output->writeln("<error>Home storage for user $user not writable</error>");
$output->writeln("Make sure you're running the scan command only as the user the web server runs as");
}
} }
protected function execute(InputInterface $input, OutputInterface $output) { protected function execute(InputInterface $input, OutputInterface $output) {

View File

@ -11,6 +11,7 @@ namespace OC\Files\Utils;
use OC\Files\View; use OC\Files\View;
use OC\Files\Cache\ChangePropagator; use OC\Files\Cache\ChangePropagator;
use OC\Files\Filesystem; use OC\Files\Filesystem;
use OC\ForbiddenException;
use OC\Hooks\PublicEmitter; use OC\Hooks\PublicEmitter;
/** /**
@ -104,6 +105,7 @@ class Scanner extends PublicEmitter {
/** /**
* @param string $dir * @param string $dir
* @throws \OC\ForbiddenException
*/ */
public function scan($dir) { public function scan($dir) {
$mounts = $this->getMounts($dir); $mounts = $this->getMounts($dir);
@ -111,7 +113,14 @@ class Scanner extends PublicEmitter {
if (is_null($mount->getStorage())) { if (is_null($mount->getStorage())) {
continue; continue;
} }
$scanner = $mount->getStorage()->getScanner(); $storage = $mount->getStorage();
// if the home storage isn't writable then the scanner is run as the wrong user
if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
(!$storage->isCreatable('') or !$storage->isCreatable('files'))
) {
throw new ForbiddenException();
}
$scanner = $storage->getScanner();
$this->attachListener($mount); $this->attachListener($mount);
$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE); $scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
} }