Add sanity checks for user home directory

When the mapped user home is not a fully qualified path name we'll fall
back to setting the mapped home below the server's datadirectory. This
provides consistent behavior with the "user_ldap" app which uses the same
fallback/safety mechanism.

Signed-off-by: Daniel Klaffenbach <daniel.klaffenbach@hrz.tu-chemnitz.de>
This commit is contained in:
Daniel Klaffenbach 2018-11-26 09:28:37 +01:00
parent b84b1ecc3c
commit 3b930d8628
1 changed files with 12 additions and 2 deletions

View File

@ -121,10 +121,20 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
try {
$home = $this->getAttributeValue('saml-attribute-mapping-home_mapping', $attributes);
} catch (\InvalidArgumentException $e) {
$home = null;
$home = '';
}
if ($home !== null) {
if ($home !== '') {
//if attribute's value is an absolute path take this, otherwise append it to data dir
//check for / at the beginning or pattern c:\ resp. c:/
if( '/' !== $home[0]
&& !(3 < strlen($home) && ctype_alpha($home[0])
&& $home[1] === ':' && ('\\' === $home[2] || '/' === $home[2]))
) {
$home = $this->config->getSystemValue('datadirectory',
\OC::$SERVERROOT.'/data' ) . '/' . $home;
}
$values['home'] = $home;
}