From e6bf35264d2d9ca911dde0425300564ac607e683 Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Fri, 31 Jul 2020 16:21:50 +0200 Subject: [PATCH] Disallow sharing the shares directory --- changelog/unreleased/shares-fix.md | 7 +++++++ .../services/gateway/publicshareprovider.go | 4 ++++ .../grpc/services/gateway/storageprovider.go | 20 ++++++++++++++++++- .../services/gateway/usershareprovider.go | 5 +++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/shares-fix.md diff --git a/changelog/unreleased/shares-fix.md b/changelog/unreleased/shares-fix.md new file mode 100644 index 0000000000..9be67b1c07 --- /dev/null +++ b/changelog/unreleased/shares-fix.md @@ -0,0 +1,7 @@ +Bugfix: Disallow sharing the shares directory + +Previously, it was possible to create public links for and share the shares +directory itself. However, when the recipient tried to accept the share, it +failed. This PR prevents the creation of such shares in the first place. + +https://github.com/cs3org/reva/pull/1051 diff --git a/internal/grpc/services/gateway/publicshareprovider.go b/internal/grpc/services/gateway/publicshareprovider.go index f9517ac0f3..b7894c7b99 100644 --- a/internal/grpc/services/gateway/publicshareprovider.go +++ b/internal/grpc/services/gateway/publicshareprovider.go @@ -29,6 +29,10 @@ import ( ) func (s *svc) CreatePublicShare(ctx context.Context, req *link.CreatePublicShareRequest) (*link.CreatePublicShareResponse, error) { + if s.isSharedFolder(ctx, req.ResourceInfo.GetPath()) { + return nil, errors.New("gateway: can't create a public share of the share folder itself") + } + log := appctx.GetLogger(ctx) log.Info().Msg("create public share") diff --git a/internal/grpc/services/gateway/storageprovider.go b/internal/grpc/services/gateway/storageprovider.go index 932aa79f35..656019cfaf 100644 --- a/internal/grpc/services/gateway/storageprovider.go +++ b/internal/grpc/services/gateway/storageprovider.go @@ -941,8 +941,26 @@ func (s *svc) Stat(ctx context.Context, req *provider.StatRequest) (*provider.St Path: target, }, } + req.Ref = ref - return s.stat(ctx, req) + res, err := s.stat(ctx, req) + if err != nil { + return &provider.StatResponse{ + Status: status.NewInternal(ctx, err, "gateway: error stating"), + }, nil + } + if res.Status.Code != rpc.Code_CODE_OK { + err := status.NewErrorFromCode(res.Status.Code, "gateway") + log.Err(err).Msg("gateway: error stating") + return &provider.StatResponse{ + Status: status.NewInternal(ctx, err, "gateway: error stating"), + }, nil + } + + // we need to make sure we don't expose the reference target in the resource + // information. + res.Info.Path = p + return res, nil } panic("gateway: stating an unknown path:" + p) diff --git a/internal/grpc/services/gateway/usershareprovider.go b/internal/grpc/services/gateway/usershareprovider.go index 7ef63548bb..30086aedd2 100644 --- a/internal/grpc/services/gateway/usershareprovider.go +++ b/internal/grpc/services/gateway/usershareprovider.go @@ -35,6 +35,11 @@ import ( // TODO(labkode): add multi-phase commit logic when commit share or commit ref is enabled. func (s *svc) CreateShare(ctx context.Context, req *collaboration.CreateShareRequest) (*collaboration.CreateShareResponse, error) { + + if s.isSharedFolder(ctx, req.ResourceInfo.GetPath()) { + return nil, errors.New("gateway: can't share the share folder itself") + } + c, err := pool.GetUserShareProviderClient(s.c.UserShareProviderEndpoint) if err != nil { return &collaboration.CreateShareResponse{