aboutsummaryrefslogtreecommitdiffstats
path: root/community/gvfs/CVE-2019-12449.patch
blob: 7d58c5d3d8f24981c89476b7a95abbb9f134cbd2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
From d5dfd823c94045488aef8727c553f1e0f7666b90 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Fri, 24 May 2019 09:43:43 +0200
Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri

User and group is not restored properly when moving (or copying with
G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled
by GIO fallback code, which doesn't run with root permissions. Let's
handle this case with pull method to ensure correct ownership.
---
 daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 32b51b1a..9a7e8295 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend,
   complete_job (job, error);
 }
 
+static void
+do_pull (GVfsBackend *backend,
+         GVfsJobPull *pull_job,
+         const char *source,
+         const char *local_path,
+         GFileCopyFlags flags,
+         gboolean remove_source,
+         GFileProgressCallback progress_callback,
+         gpointer progress_callback_data)
+{
+  GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend);
+  GVfsJob *job = G_VFS_JOB (pull_job);
+  GError *error = NULL;
+  GFile *src_file, *dst_file;
+
+  /* Pull method is necessary when user/group needs to be restored, return
+   * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code.
+   */
+  if (!(flags & G_FILE_COPY_ALL_METADATA))
+    {
+      g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR,
+                                G_IO_ERROR_NOT_SUPPORTED,
+                                _("Operation not supported"));
+      return;
+    }
+
+  if (!check_permission (self, job))
+    return;
+
+  src_file = g_file_new_for_path (source);
+  dst_file = g_file_new_for_path (local_path);
+
+  if (remove_source)
+    g_file_move (src_file, dst_file, flags, job->cancellable,
+                 progress_callback, progress_callback_data, &error);
+  else
+    g_file_copy (src_file, dst_file, flags, job->cancellable,
+                 progress_callback, progress_callback_data, &error);
+
+  g_object_unref (src_file);
+  g_object_unref (dst_file);
+
+  complete_job (job, error);
+}
+
 static void
 do_query_settable_attributes (GVfsBackend *backend,
                               GVfsJobQueryAttributes *query_job,
@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
   backend_class->set_attribute = do_set_attribute;
   backend_class->delete = do_delete;
   backend_class->move = do_move;
+  backend_class->pull = do_pull;
   backend_class->query_settable_attributes = do_query_settable_attributes;
   backend_class->query_writable_namespaces = do_query_writable_namespaces;
 }
-- 
2.21.0