diff options
author | Morris Jobke <hey@morrisjobke.de> | 2018-08-20 17:08:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-20 17:08:18 +0200 |
commit | 37869d9b2f7bf5e9f3779ccd344114649ce459c1 (patch) | |
tree | 336dc41c77bb07406537379339aa8f780f344dc0 /settings | |
parent | 080572993e891a76721f4f7a7b76c85bc0e4c65d (diff) | |
parent | 3f790bb85b3544680f4af2e3e005d736a5aff8a0 (diff) | |
download | nextcloud-server-37869d9b2f7bf5e9f3779ccd344114649ce459c1.tar.gz nextcloud-server-37869d9b2f7bf5e9f3779ccd344114649ce459c1.zip |
Merge pull request #10628 from nextcloud/feature/10154/app-directory-permission-check
Adds a permission check for app directories
Diffstat (limited to 'settings')
-rw-r--r-- | settings/Controller/CheckSetupController.php | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/settings/Controller/CheckSetupController.php b/settings/Controller/CheckSetupController.php index c706d6e7350..e6c88b6f7ca 100644 --- a/settings/Controller/CheckSetupController.php +++ b/settings/Controller/CheckSetupController.php @@ -31,9 +31,11 @@ namespace OC\Settings\Controller; use bantu\IniGetWrapper\IniGetWrapper; +use DirectoryIterator; use Doctrine\DBAL\DBALException; use Doctrine\DBAL\Platforms\SqlitePlatform; use GuzzleHttp\Exception\ClientException; +use OC; use OC\AppFramework\Http; use OC\DB\Connection; use OC\DB\MissingIndexInformation; @@ -530,6 +532,54 @@ Raw output } /** + * Iterates through the configured app roots and + * tests if the subdirectories are owned by the same user than the current user. + * + * @return array + */ + protected function getAppDirsWithDifferentOwner(): array { + $currentUser = posix_getpwuid(posix_getuid()); + $appDirsWithDifferentOwner = []; + + foreach (OC::$APPSROOTS as $appRoot) { + if ($appRoot['writable'] === true) { + $appDirsWithDifferentOwner = array_merge( + $appDirsWithDifferentOwner, + $this->getAppDirsWithDifferentOwnerForAppRoot($currentUser, $appRoot) + ); + } + } + + sort($appDirsWithDifferentOwner); + return $appDirsWithDifferentOwner; + } + + /** + * Tests if the directories for one apps directory are writable by the current user. + * + * @param array $currentUser The current user + * @param array $appRoot The app root config + * @return string[] The none writable directory paths inside the app root + */ + private function getAppDirsWithDifferentOwnerForAppRoot(array $currentUser, array $appRoot): array { + $appDirsWithDifferentOwner = []; + $appsPath = $appRoot['path']; + $appsDir = new DirectoryIterator($appRoot['path']); + + foreach ($appsDir as $fileInfo) { + if ($fileInfo->isDir() && !$fileInfo->isDot()) { + $absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename(); + $appDirUser = posix_getpwuid(fileowner($absAppPath)); + if ($appDirUser !== $currentUser) { + $appDirsWithDifferentOwner[] = $absAppPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename(); + } + } + } + + return $appDirsWithDifferentOwner; + } + + /** * @return DataResponse */ public function check() { @@ -565,7 +615,8 @@ Raw output 'isSqliteUsed' => $this->isSqliteUsed(), 'databaseConversionDocumentation' => $this->urlGenerator->linkToDocs('admin-db-conversion'), 'isPhpMailerUsed' => $this->isPhpMailerUsed(), - 'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin') + 'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin'), + 'appDirsWithDifferentOwner' => $this->getAppDirsWithDifferentOwner(), ] ); } |