2013-05-09 21:36:18 +04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ownCloud
|
|
|
|
*
|
2014-11-14 14:20:59 +03:00
|
|
|
* @copyright (C) 2014 ownCloud, Inc.
|
|
|
|
*
|
|
|
|
* @author Florin Peter <owncloud@florin-peter.de>
|
|
|
|
* @author Bjoern Schiessle <schiessle@owncloud.com>
|
2013-05-09 21:36:18 +04:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
2014-12-03 21:46:32 +03:00
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
2013-05-09 21:36:18 +04:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2014-12-03 12:57:16 +03:00
|
|
|
namespace OCA\Files_Encryption;
|
2013-05-09 21:36:18 +04:00
|
|
|
|
2013-05-17 02:58:41 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* Class to manage registration of hooks an various helper methods
|
2014-12-03 18:52:44 +03:00
|
|
|
* @package OCA\Files_Encryption
|
2013-05-17 02:58:41 +04:00
|
|
|
*/
|
2013-05-27 19:26:58 +04:00
|
|
|
class Helper {
|
2013-05-20 03:24:36 +04:00
|
|
|
|
2013-12-17 21:13:46 +04:00
|
|
|
private static $tmpFileMapping; // Map tmp files to files in data/user/files
|
|
|
|
|
2013-05-09 21:36:18 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* register share related hooks
|
2013-05-20 03:24:36 +04:00
|
|
|
*
|
|
|
|
*/
|
2013-05-24 01:56:31 +04:00
|
|
|
public static function registerShareHooks() {
|
2013-05-20 03:24:36 +04:00
|
|
|
|
2014-12-03 18:52:44 +03:00
|
|
|
\OCP\Util::connectHook('OCP\Share', 'pre_shared', 'OCA\Files_Encryption\Hooks', 'preShared');
|
|
|
|
\OCP\Util::connectHook('OCP\Share', 'post_shared', 'OCA\Files_Encryption\Hooks', 'postShared');
|
|
|
|
\OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OCA\Files_Encryption\Hooks', 'postUnshare');
|
2013-05-20 03:24:36 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* register user related hooks
|
2013-05-20 03:24:36 +04:00
|
|
|
*
|
2013-05-09 21:36:18 +04:00
|
|
|
*/
|
2013-05-24 01:56:31 +04:00
|
|
|
public static function registerUserHooks() {
|
2013-05-09 21:36:18 +04:00
|
|
|
|
2014-12-03 18:52:44 +03:00
|
|
|
\OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Files_Encryption\Hooks', 'login');
|
|
|
|
\OCP\Util::connectHook('OC_User', 'logout', 'OCA\Files_Encryption\Hooks', 'logout');
|
|
|
|
\OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Files_Encryption\Hooks', 'setPassphrase');
|
|
|
|
\OCP\Util::connectHook('OC_User', 'pre_setPassword', 'OCA\Files_Encryption\Hooks', 'preSetPassphrase');
|
|
|
|
\OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Files_Encryption\Hooks', 'postCreateUser');
|
|
|
|
\OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Files_Encryption\Hooks', 'postDeleteUser');
|
2013-05-09 21:36:18 +04:00
|
|
|
}
|
|
|
|
|
2013-05-20 03:24:36 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* register filesystem related hooks
|
2013-05-20 03:24:36 +04:00
|
|
|
*
|
|
|
|
*/
|
2013-05-24 01:56:31 +04:00
|
|
|
public static function registerFilesystemHooks() {
|
2013-05-20 03:24:36 +04:00
|
|
|
|
2014-12-03 18:52:44 +03:00
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'rename', 'OCA\Files_Encryption\Hooks', 'preRename');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Files_Encryption\Hooks', 'postRenameOrCopy');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'copy', 'OCA\Files_Encryption\Hooks', 'preCopy');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'post_copy', 'OCA\Files_Encryption\Hooks', 'postRenameOrCopy');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'post_delete', 'OCA\Files_Encryption\Hooks', 'postDelete');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'delete', 'OCA\Files_Encryption\Hooks', 'preDelete');
|
|
|
|
\OCP\Util::connectHook('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', 'OCA\Files_Encryption\Hooks', 'postPasswordReset');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'post_umount', 'OCA\Files_Encryption\Hooks', 'postUnmount');
|
|
|
|
\OCP\Util::connectHook('OC_Filesystem', 'umount', 'OCA\Files_Encryption\Hooks', 'preUnmount');
|
2013-05-20 03:24:36 +04:00
|
|
|
}
|
|
|
|
|
2013-06-27 16:09:22 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* register app management related hooks
|
2013-06-27 16:09:22 +04:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function registerAppHooks() {
|
|
|
|
|
2014-12-03 18:52:44 +03:00
|
|
|
\OCP\Util::connectHook('OC_App', 'pre_disable', 'OCA\Files_Encryption\Hooks', 'preDisable');
|
|
|
|
\OCP\Util::connectHook('OC_App', 'post_disable', 'OCA\Files_Encryption\Hooks', 'postEnable');
|
2013-06-27 16:09:22 +04:00
|
|
|
}
|
|
|
|
|
2013-05-20 03:24:36 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* setup user for files_encryption
|
2013-05-20 03:24:36 +04:00
|
|
|
*
|
|
|
|
* @param Util $util
|
|
|
|
* @param string $password
|
|
|
|
* @return bool
|
|
|
|
*/
|
2014-10-24 16:13:40 +04:00
|
|
|
public static function setupUser(Util $util, $password) {
|
2013-05-20 03:24:36 +04:00
|
|
|
// Check files_encryption infrastructure is ready for action
|
2013-05-27 19:26:58 +04:00
|
|
|
if (!$util->ready()) {
|
2013-05-20 03:24:36 +04:00
|
|
|
|
2013-05-27 22:51:52 +04:00
|
|
|
\OCP\Util::writeLog('Encryption library', 'User account "' . $util->getUserId()
|
2013-06-03 20:42:13 +04:00
|
|
|
. '" is not ready for encryption; configuration started', \OCP\Util::DEBUG);
|
2013-05-20 03:24:36 +04:00
|
|
|
|
2013-05-27 19:26:58 +04:00
|
|
|
if (!$util->setupServerSide($password)) {
|
2013-05-20 03:24:36 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2013-05-17 02:58:41 +04:00
|
|
|
|
2014-11-14 19:30:38 +03:00
|
|
|
/**
|
|
|
|
* get recovery key id
|
|
|
|
*
|
|
|
|
* @return string|bool recovery key ID or false
|
|
|
|
*/
|
|
|
|
public static function getRecoveryKeyId() {
|
|
|
|
$appConfig = \OC::$server->getAppConfig();
|
|
|
|
$key = $appConfig->getValue('files_encryption', 'recoveryKeyId');
|
|
|
|
|
|
|
|
return ($key === null) ? false : $key;
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function getPublicShareKeyId() {
|
|
|
|
$appConfig = \OC::$server->getAppConfig();
|
|
|
|
$key = $appConfig->getValue('files_encryption', 'publicShareKeyId');
|
|
|
|
|
|
|
|
return ($key === null) ? false : $key;
|
|
|
|
}
|
|
|
|
|
2013-05-17 02:58:41 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* enable recovery
|
2013-05-17 02:58:41 +04:00
|
|
|
*
|
2014-05-13 15:29:25 +04:00
|
|
|
* @param string $recoveryKeyId
|
2014-02-06 19:30:58 +04:00
|
|
|
* @param string $recoveryPassword
|
2013-05-17 02:58:41 +04:00
|
|
|
* @return bool
|
|
|
|
*/
|
2013-05-27 19:26:58 +04:00
|
|
|
public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) {
|
2013-06-03 16:19:31 +04:00
|
|
|
|
2013-05-27 19:26:58 +04:00
|
|
|
$view = new \OC\Files\View('/');
|
2014-02-13 19:28:49 +04:00
|
|
|
$appConfig = \OC::$server->getAppConfig();
|
2013-05-17 02:58:41 +04:00
|
|
|
|
2013-05-27 19:26:58 +04:00
|
|
|
if ($recoveryKeyId === null) {
|
|
|
|
$recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8);
|
2014-02-13 19:28:49 +04:00
|
|
|
$appConfig->setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
|
2013-05-17 02:58:41 +04:00
|
|
|
}
|
|
|
|
|
2014-11-14 19:30:38 +03:00
|
|
|
if (!Keymanager::recoveryKeyExists($view)) {
|
2013-05-17 02:58:41 +04:00
|
|
|
|
2014-12-03 18:52:44 +03:00
|
|
|
$keypair = Crypt::createKeypair();
|
2013-05-17 02:58:41 +04:00
|
|
|
|
|
|
|
// Save public key
|
2014-11-14 19:30:38 +03:00
|
|
|
Keymanager::setPublicKey($keypair['publicKey'], $recoveryKeyId);
|
2013-05-17 02:58:41 +04:00
|
|
|
|
2014-12-03 18:52:44 +03:00
|
|
|
$cipher = Helper::getCipher();
|
|
|
|
$encryptedKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword, $cipher);
|
2014-07-21 15:02:28 +04:00
|
|
|
if ($encryptedKey) {
|
2014-11-14 19:30:38 +03:00
|
|
|
Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId);
|
2014-07-21 15:02:28 +04:00
|
|
|
// Set recoveryAdmin as enabled
|
|
|
|
$appConfig->setValue('files_encryption', 'recoveryAdminEnabled', 1);
|
|
|
|
$return = true;
|
|
|
|
}
|
2013-05-17 02:58:41 +04:00
|
|
|
|
|
|
|
} else { // get recovery key and check the password
|
2014-12-03 18:52:44 +03:00
|
|
|
$util = new Util(new \OC\Files\View('/'), \OCP\User::getUser());
|
2013-05-27 19:26:58 +04:00
|
|
|
$return = $util->checkRecoveryPassword($recoveryPassword);
|
|
|
|
if ($return) {
|
2014-02-13 19:28:49 +04:00
|
|
|
$appConfig->setValue('files_encryption', 'recoveryAdminEnabled', 1);
|
2013-05-17 02:58:41 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
}
|
|
|
|
|
2013-11-12 13:24:10 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* Check if a path is a .part file
|
2013-11-12 13:24:10 +04:00
|
|
|
* @param string $path Path that may identify a .part file
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public static function isPartialFilePath($path) {
|
|
|
|
|
|
|
|
$extension = pathinfo($path, PATHINFO_EXTENSION);
|
2013-11-14 20:32:21 +04:00
|
|
|
if ( $extension === 'part') {
|
2013-11-12 13:24:10 +04:00
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2013-05-17 02:58:41 +04:00
|
|
|
|
2013-11-11 20:47:59 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* Remove .path extension from a file path
|
2013-11-11 20:47:59 +04:00
|
|
|
* @param string $path Path that may identify a .part file
|
|
|
|
* @return string File path without .part extension
|
|
|
|
* @note this is needed for reusing keys
|
|
|
|
*/
|
2013-11-12 19:48:24 +04:00
|
|
|
public static function stripPartialFileExtension($path) {
|
2013-11-11 20:47:59 +04:00
|
|
|
$extension = pathinfo($path, PATHINFO_EXTENSION);
|
|
|
|
|
2013-11-14 20:32:21 +04:00
|
|
|
if ( $extension === 'part') {
|
2013-11-11 20:47:59 +04:00
|
|
|
|
|
|
|
$newLength = strlen($path) - 5; // 5 = strlen(".part") = strlen(".etmp")
|
|
|
|
$fPath = substr($path, 0, $newLength);
|
|
|
|
|
|
|
|
// if path also contains a transaction id, we remove it too
|
|
|
|
$extension = pathinfo($fPath, PATHINFO_EXTENSION);
|
|
|
|
if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
|
|
|
|
$newLength = strlen($fPath) - strlen($extension) -1;
|
|
|
|
$fPath = substr($fPath, 0, $newLength);
|
|
|
|
}
|
|
|
|
return $fPath;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
return $path;
|
|
|
|
}
|
|
|
|
}
|
2013-05-17 02:58:41 +04:00
|
|
|
|
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* disable recovery
|
2013-05-17 02:58:41 +04:00
|
|
|
*
|
2014-02-06 19:30:58 +04:00
|
|
|
* @param string $recoveryPassword
|
2013-05-17 02:58:41 +04:00
|
|
|
* @return bool
|
|
|
|
*/
|
2013-05-27 19:26:58 +04:00
|
|
|
public static function adminDisableRecovery($recoveryPassword) {
|
2014-05-12 18:30:39 +04:00
|
|
|
$util = new Util(new \OC\Files\View('/'), \OCP\User::getUser());
|
2013-05-27 19:26:58 +04:00
|
|
|
$return = $util->checkRecoveryPassword($recoveryPassword);
|
2013-05-17 02:58:41 +04:00
|
|
|
|
2013-05-27 19:26:58 +04:00
|
|
|
if ($return) {
|
2013-05-17 02:58:41 +04:00
|
|
|
// Set recoveryAdmin as disabled
|
2014-02-13 19:28:49 +04:00
|
|
|
\OC::$server->getAppConfig()->setValue('files_encryption', 'recoveryAdminEnabled', 0);
|
2013-05-17 02:58:41 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
}
|
2013-05-28 11:27:04 +04:00
|
|
|
|
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* checks if access is public/anonymous user
|
2013-05-28 11:27:04 +04:00
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public static function isPublicAccess() {
|
2013-11-27 14:46:24 +04:00
|
|
|
if (\OCP\User::getUser() === false) {
|
2013-05-28 11:27:04 +04:00
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2013-05-30 03:13:22 +04:00
|
|
|
|
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* Format a path to be relative to the /user/files/ directory
|
2013-05-30 03:13:22 +04:00
|
|
|
* @param string $path the absolute path
|
|
|
|
* @return string e.g. turns '/admin/files/test.txt' into 'test.txt'
|
|
|
|
*/
|
|
|
|
public static function stripUserFilesPath($path) {
|
|
|
|
$trimmed = ltrim($path, '/');
|
|
|
|
$split = explode('/', $trimmed);
|
2013-08-30 12:17:50 +04:00
|
|
|
|
2013-06-10 13:03:07 +04:00
|
|
|
// it is not a file relative to data/user/files
|
2013-07-30 17:27:59 +04:00
|
|
|
if (count($split) < 3 || $split[1] !== 'files') {
|
2013-06-10 13:03:07 +04:00
|
|
|
return false;
|
|
|
|
}
|
2013-08-30 12:17:50 +04:00
|
|
|
|
2013-05-30 03:13:22 +04:00
|
|
|
$sliced = array_slice($split, 2);
|
|
|
|
$relPath = implode('/', $sliced);
|
|
|
|
|
|
|
|
return $relPath;
|
|
|
|
}
|
2013-06-04 01:41:57 +04:00
|
|
|
|
2013-11-21 18:57:49 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* try to get the user from the path if no user is logged in
|
2013-11-27 14:46:24 +04:00
|
|
|
* @param string $path
|
|
|
|
* @return mixed user or false if we couldn't determine a user
|
2013-11-21 18:57:49 +04:00
|
|
|
*/
|
2013-11-20 21:10:56 +04:00
|
|
|
public static function getUser($path) {
|
|
|
|
|
|
|
|
$user = \OCP\User::getUser();
|
|
|
|
|
2013-11-27 18:08:09 +04:00
|
|
|
|
2013-11-25 13:29:05 +04:00
|
|
|
// if we are logged in, then we return the userid
|
2013-11-20 21:10:56 +04:00
|
|
|
if ($user) {
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
|
2013-11-27 14:46:24 +04:00
|
|
|
// if no user is logged in we try to access a publicly shared files.
|
2013-11-20 21:10:56 +04:00
|
|
|
// In this case we need to try to get the user from the path
|
|
|
|
|
|
|
|
$trimmed = ltrim($path, '/');
|
|
|
|
$split = explode('/', $trimmed);
|
|
|
|
|
|
|
|
// it is not a file relative to data/user/files
|
2013-12-19 14:15:59 +04:00
|
|
|
if (count($split) < 2 || ($split[1] !== 'files' && $split[1] !== 'cache')) {
|
2013-11-20 21:10:56 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$user = $split[0];
|
|
|
|
|
|
|
|
if (\OCP\User::userExists($user)) {
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-06-10 13:03:07 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* get path to the corresponding file in data/user/files if path points
|
2013-11-14 20:32:21 +04:00
|
|
|
* to a version or to a file in cache
|
2013-06-10 13:03:07 +04:00
|
|
|
* @param string $path path to a version or a file in the trash
|
2013-11-27 15:25:04 +04:00
|
|
|
* @return string path to corresponding file relative to data/user/files
|
2013-06-10 13:03:07 +04:00
|
|
|
*/
|
|
|
|
public static function getPathToRealFile($path) {
|
|
|
|
$trimmed = ltrim($path, '/');
|
|
|
|
$split = explode('/', $trimmed);
|
2013-11-14 20:32:21 +04:00
|
|
|
$result = false;
|
|
|
|
|
|
|
|
if (count($split) >= 3 && ($split[1] === "files_versions" || $split[1] === 'cache')) {
|
|
|
|
$sliced = array_slice($split, 2);
|
|
|
|
$result = implode('/', $sliced);
|
|
|
|
if ($split[1] === "files_versions") {
|
|
|
|
// we skip user/files
|
|
|
|
$sliced = array_slice($split, 2);
|
|
|
|
$relPath = implode('/', $sliced);
|
|
|
|
//remove the last .v
|
|
|
|
$result = substr($relPath, 0, strrpos($relPath, '.v'));
|
|
|
|
}
|
|
|
|
if ($split[1] === "cache") {
|
|
|
|
// we skip /user/cache/transactionId
|
|
|
|
$sliced = array_slice($split, 3);
|
|
|
|
$result = implode('/', $sliced);
|
|
|
|
//prepare the folders
|
|
|
|
self::mkdirr($path, new \OC\Files\View('/'));
|
|
|
|
}
|
2013-06-10 13:03:07 +04:00
|
|
|
}
|
2013-08-30 12:17:50 +04:00
|
|
|
|
2013-11-14 20:32:21 +04:00
|
|
|
return $result;
|
|
|
|
}
|
2013-06-10 13:03:07 +04:00
|
|
|
|
2013-11-14 20:32:21 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* create directory recursively
|
2013-11-14 20:32:21 +04:00
|
|
|
* @param string $path
|
|
|
|
* @param \OC\Files\View $view
|
|
|
|
*/
|
2014-10-24 16:13:40 +04:00
|
|
|
public static function mkdirr($path, \OC\Files\View $view) {
|
2014-05-12 18:20:07 +04:00
|
|
|
$dirname = \OC\Files\Filesystem::normalizePath(dirname($path));
|
2013-11-14 20:32:21 +04:00
|
|
|
$dirParts = explode('/', $dirname);
|
|
|
|
$dir = "";
|
|
|
|
foreach ($dirParts as $part) {
|
|
|
|
$dir = $dir . '/' . $part;
|
|
|
|
if (!$view->file_exists($dir)) {
|
|
|
|
$view->mkdir($dir);
|
|
|
|
}
|
|
|
|
}
|
2013-08-30 12:17:50 +04:00
|
|
|
}
|
|
|
|
|
2013-06-04 01:41:57 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* redirect to a error page
|
2014-02-06 19:30:58 +04:00
|
|
|
* @param Session $session
|
2014-10-24 16:13:40 +04:00
|
|
|
* @param int|null $errorCode
|
|
|
|
* @throws \Exception
|
2013-06-04 01:41:57 +04:00
|
|
|
*/
|
2014-10-24 16:13:40 +04:00
|
|
|
public static function redirectToErrorPage(Session $session, $errorCode = null) {
|
2013-10-11 16:20:46 +04:00
|
|
|
|
|
|
|
if ($errorCode === null) {
|
|
|
|
$init = $session->getInitialized();
|
|
|
|
switch ($init) {
|
2014-12-03 18:52:44 +03:00
|
|
|
case Session::INIT_EXECUTED:
|
|
|
|
$errorCode = Crypt::ENCRYPTION_PRIVATE_KEY_NOT_VALID_ERROR;
|
2013-10-11 16:20:46 +04:00
|
|
|
break;
|
2014-12-03 18:52:44 +03:00
|
|
|
case Session::NOT_INITIALIZED:
|
|
|
|
$errorCode = Crypt::ENCRYPTION_NOT_INITIALIZED_ERROR;
|
2013-10-11 16:20:46 +04:00
|
|
|
break;
|
|
|
|
default:
|
2014-12-03 18:52:44 +03:00
|
|
|
$errorCode = Crypt::ENCRYPTION_UNKNOWN_ERROR;
|
2013-10-11 16:20:46 +04:00
|
|
|
}
|
|
|
|
}
|
2013-08-30 12:17:50 +04:00
|
|
|
|
2013-09-06 14:27:40 +04:00
|
|
|
$location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php');
|
|
|
|
$post = 0;
|
2013-06-04 02:41:47 +04:00
|
|
|
if(count($_POST) > 0) {
|
2013-09-06 14:27:40 +04:00
|
|
|
$post = 1;
|
2014-03-14 21:20:33 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if(defined('PHPUNIT_RUN') and PHPUNIT_RUN) {
|
|
|
|
throw new \Exception("Encryption error: $errorCode");
|
|
|
|
}
|
|
|
|
|
|
|
|
header('Location: ' . $location . '?p=' . $post . '&errorCode=' . $errorCode);
|
|
|
|
exit();
|
2013-06-04 01:41:57 +04:00
|
|
|
}
|
2013-07-01 14:16:36 +04:00
|
|
|
|
|
|
|
/**
|
2013-07-01 23:12:21 +04:00
|
|
|
* check requirements for encryption app.
|
2013-07-01 14:16:36 +04:00
|
|
|
* @return bool true if requirements are met
|
|
|
|
*/
|
|
|
|
public static function checkRequirements() {
|
2013-12-04 16:27:38 +04:00
|
|
|
|
|
|
|
//openssl extension needs to be loaded
|
2014-12-04 13:17:44 +03:00
|
|
|
return extension_loaded("openssl");
|
2013-12-04 16:27:38 +04:00
|
|
|
|
2013-07-01 14:16:36 +04:00
|
|
|
}
|
2013-08-30 12:17:50 +04:00
|
|
|
|
2013-08-01 13:50:56 +04:00
|
|
|
/**
|
|
|
|
* check some common errors if the server isn't configured properly for encryption
|
|
|
|
* @return bool true if configuration seems to be OK
|
|
|
|
*/
|
|
|
|
public static function checkConfiguration() {
|
2013-08-18 21:11:48 +04:00
|
|
|
if(self::getOpenSSLPkey()) {
|
2013-08-01 13:50:56 +04:00
|
|
|
return true;
|
|
|
|
} else {
|
2013-08-01 17:52:00 +04:00
|
|
|
while ($msg = openssl_error_string()) {
|
|
|
|
\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails: ' . $msg, \OCP\Util::ERROR);
|
|
|
|
}
|
2013-08-01 13:50:56 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2013-07-05 16:58:33 +04:00
|
|
|
|
2013-08-18 21:11:48 +04:00
|
|
|
/**
|
|
|
|
* Create an openssl pkey with config-supplied settings
|
2013-08-26 23:56:45 +04:00
|
|
|
* WARNING: This initializes a new private keypair, which is computationally expensive
|
2013-08-18 21:11:48 +04:00
|
|
|
* @return resource The pkey resource created
|
|
|
|
*/
|
|
|
|
public static function getOpenSSLPkey() {
|
2013-08-26 20:08:23 +04:00
|
|
|
return openssl_pkey_new(self::getOpenSSLConfig());
|
2013-08-19 14:36:19 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return an array of OpenSSL config options, default + config
|
|
|
|
* Used for multiple OpenSSL functions
|
|
|
|
* @return array The combined defaults and config settings
|
|
|
|
*/
|
|
|
|
public static function getOpenSSLConfig() {
|
2013-08-18 21:11:48 +04:00
|
|
|
$config = array('private_key_bits' => 4096);
|
2013-08-19 14:36:19 +04:00
|
|
|
$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
|
|
|
|
return $config;
|
2013-08-18 21:11:48 +04:00
|
|
|
}
|
|
|
|
|
2013-12-17 21:13:46 +04:00
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* remember from which file the tmp file (getLocalFile() call) was created
|
2013-12-17 21:13:46 +04:00
|
|
|
* @param string $tmpFile path of tmp file
|
|
|
|
* @param string $originalFile path of the original file relative to data/
|
|
|
|
*/
|
|
|
|
public static function addTmpFileToMapper($tmpFile, $originalFile) {
|
|
|
|
self::$tmpFileMapping[$tmpFile] = $originalFile;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2014-05-19 19:50:53 +04:00
|
|
|
* get the path of the original file
|
2013-12-17 21:13:46 +04:00
|
|
|
* @param string $tmpFile path of the tmp file
|
2014-02-06 19:30:58 +04:00
|
|
|
* @return string|false path of the original file or false
|
2013-12-17 21:13:46 +04:00
|
|
|
*/
|
|
|
|
public static function getPathFromTmpFile($tmpFile) {
|
|
|
|
if (isset(self::$tmpFileMapping[$tmpFile])) {
|
|
|
|
return self::$tmpFileMapping[$tmpFile];
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2014-07-21 15:02:28 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* read the cipher used for encryption from the config.php
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function getCipher() {
|
|
|
|
|
|
|
|
$cipher = \OCP\Config::getSystemValue('cipher', Crypt::DEFAULT_CIPHER);
|
|
|
|
|
|
|
|
if ($cipher !== 'AES-256-CFB' && $cipher !== 'AES-128-CFB') {
|
|
|
|
\OCP\Util::writeLog('files_encryption',
|
|
|
|
'wrong cipher defined in config.php, only AES-128-CFB and AES-256-CFB is supported. Fall back ' . Crypt::DEFAULT_CIPHER,
|
|
|
|
\OCP\Util::WARN);
|
|
|
|
|
|
|
|
$cipher = Crypt::DEFAULT_CIPHER;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $cipher;
|
|
|
|
}
|
2013-07-05 16:58:33 +04:00
|
|
|
}
|
|
|
|
|