Prevent running the files:scan command as the wrong user
This commit is contained in:
Robin Appelman
parent
b1116880f8
commit
9a2ed86672
2 changed files with 28 additions and 14 deletions
|
|
@ -9,6 +9,7 @@
|
|||
|
||||
namespace OCA\Files\Command;
|
||||
|
||||
use OC\ForbiddenException;
|
||||
use Symfony\Component\Console\Command\Command;
|
||||
use Symfony\Component\Console\Input\InputArgument;
|
||||
use Symfony\Component\Console\Input\InputInterface;
|
||||
|
|
@ -32,28 +33,32 @@ class Scan extends Command {
|
|||
->setName('files:scan')
|
||||
->setDescription('rescan filesystem')
|
||||
->addArgument(
|
||||
'user_id',
|
||||
InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
|
||||
'will rescan all files of the given user(s)'
|
||||
)
|
||||
'user_id',
|
||||
InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
|
||||
'will rescan all files of the given user(s)'
|
||||
)
|
||||
->addOption(
|
||||
'all',
|
||||
null,
|
||||
InputOption::VALUE_NONE,
|
||||
'will rescan all files of all known users'
|
||||
)
|
||||
;
|
||||
'all',
|
||||
null,
|
||||
InputOption::VALUE_NONE,
|
||||
'will rescan all files of all known users'
|
||||
);
|
||||
}
|
||||
|
||||
protected function scanFiles($user, OutputInterface $output) {
|
||||
$scanner = new \OC\Files\Utils\Scanner($user);
|
||||
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function($path) use ($output) {
|
||||
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFile', function ($path) use ($output) {
|
||||
$output->writeln("Scanning <info>$path</info>");
|
||||
});
|
||||
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function($path) use ($output) {
|
||||
$scanner->listen('\OC\Files\Utils\Scanner', 'scanFolder', function ($path) use ($output) {
|
||||
$output->writeln("Scanning <info>$path</info>");
|
||||
});
|
||||
$scanner->scan('');
|
||||
try {
|
||||
$scanner->scan('');
|
||||
} catch (ForbiddenException $e) {
|
||||
$output->writeln("<error>Home storage for user $user not writable</error>");
|
||||
$output->writeln("Make sure you're running the scan command only as the user the web server runs as");
|
||||
}
|
||||
}
|
||||
|
||||
protected function execute(InputInterface $input, OutputInterface $output) {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ namespace OC\Files\Utils;
|
|||
use OC\Files\View;
|
||||
use OC\Files\Cache\ChangePropagator;
|
||||
use OC\Files\Filesystem;
|
||||
use OC\ForbiddenException;
|
||||
use OC\Hooks\PublicEmitter;
|
||||
|
||||
/**
|
||||
|
|
@ -104,6 +105,7 @@ class Scanner extends PublicEmitter {
|
|||
|
||||
/**
|
||||
* @param string $dir
|
||||
* @throws \OC\ForbiddenException
|
||||
*/
|
||||
public function scan($dir) {
|
||||
$mounts = $this->getMounts($dir);
|
||||
|
|
@ -111,7 +113,14 @@ class Scanner extends PublicEmitter {
|
|||
if (is_null($mount->getStorage())) {
|
||||
continue;
|
||||
}
|
||||
$scanner = $mount->getStorage()->getScanner();
|
||||
$storage = $mount->getStorage();
|
||||
// if the home storage isn't writable then the scanner is run as the wrong user
|
||||
if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
|
||||
(!$storage->isCreatable('') or !$storage->isCreatable('files'))
|
||||
) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
$scanner = $storage->getScanner();
|
||||
$this->attachListener($mount);
|
||||
$scanner->scan('', \OC\Files\Cache\Scanner::SCAN_RECURSIVE, \OC\Files\Cache\Scanner::REUSE_ETAG | \OC\Files\Cache\Scanner::REUSE_SIZE);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue