From 640ba1828f3edfdd2e71825828c51b734fb19d1c Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Mon, 19 Mar 2012 21:56:07 +0100
Subject: [PATCH 1/4] Start of audit app

Audit the filesystem action
---
 apps/admin_audit/appinfo/app.php        | 10 +++++++
 apps/admin_audit/appinfo/info.xml       | 10 +++++++
 apps/admin_audit/lib/hooks_handlers.php | 36 +++++++++++++++++++++++++
 lib/filesystem.php                      |  2 +-
 4 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 apps/admin_audit/appinfo/app.php
 create mode 100644 apps/admin_audit/appinfo/info.xml
 create mode 100644 apps/admin_audit/lib/hooks_handlers.php

diff --git a/apps/admin_audit/appinfo/app.php b/apps/admin_audit/appinfo/app.php
new file mode 100644
index 0000000000..b1b986fb7b
--- /dev/null
+++ b/apps/admin_audit/appinfo/app.php
@@ -0,0 +1,10 @@
+<?php
+
+OC::$CLASSPATH['OC_Admin_Audit_Hooks_Handlers'] = 'apps/admin_audit/lib/hooks_handlers.php';
+
+OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_rename, 'OC_Admin_Audit_Hooks_Handlers', 'rename');
+OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_create, 'OC_Admin_Audit_Hooks_Handlers', 'create');
+OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_copy, 'OC_Admin_Audit_Hooks_Handlers', 'copy');
+OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_write, 'OC_Admin_Audit_Hooks_Handlers', 'write');
+OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_read, 'OC_Admin_Audit_Hooks_Handlers', 'read');
+OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_delete, 'OC_Admin_Audit_Hooks_Handlers', 'delete');
diff --git a/apps/admin_audit/appinfo/info.xml b/apps/admin_audit/appinfo/info.xml
new file mode 100644
index 0000000000..6eb62fbbd1
--- /dev/null
+++ b/apps/admin_audit/appinfo/info.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<info>
+	<id>admin_audit</id>
+	<name>Log audit info</name>
+	<version>0.1</version>
+	<licence>AGPL</licence>
+	<author>Bart Visscher</author>
+	<require>2</require>
+	<description>Audit user actions in Owncloud</description>
+</info>
diff --git a/apps/admin_audit/lib/hooks_handlers.php b/apps/admin_audit/lib/hooks_handlers.php
new file mode 100644
index 0000000000..924878840a
--- /dev/null
+++ b/apps/admin_audit/lib/hooks_handlers.php
@@ -0,0 +1,36 @@
+<?php
+
+class OC_Admin_Audit_Hooks_Handlers {
+	static public function rename($params) {
+		$oldpath = $params[OC_Filesystem::signal_param_oldpath];
+		$newpath = $params[OC_Filesystem::signal_param_newpath];
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Rename "'.$oldpath.'" to "'.$newpath.'" by '.$user, OCP\Util::INFO);
+	}
+	static public function create($params) {
+		$path = $params[OC_Filesystem::signal_param_path];
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Create "'.$path.'" by '.$user, OCP\Util::INFO);
+	}
+	static public function copy($params) {
+		$oldpath = $params[OC_Filesystem::signal_param_oldpath];
+		$newpath = $params[OC_Filesystem::signal_param_newpath];
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Copy "'.$oldpath.'" to "'.$newpath.'" by '.$user, OCP\Util::INFO);
+	}
+	static public function write($params) {
+		$path = $params[OC_Filesystem::signal_param_path];
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Write "'.$path.'" by '.$user, OCP\Util::INFO);
+	}
+	static public function read($params) {
+		$path = $params[OC_Filesystem::signal_param_path];
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Read "'.$path.'" by '.$user, OCP\Util::INFO);
+	}
+	static public function delete($params) {
+		$path = $params[OC_Filesystem::signal_param_path];
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Delete "'.$path.'" by '.$user, OCP\Util::INFO);
+	}
+}
diff --git a/lib/filesystem.php b/lib/filesystem.php
index cac7e8648e..2b45e66c92 100644
--- a/lib/filesystem.php
+++ b/lib/filesystem.php
@@ -25,7 +25,7 @@
 /**
  * Class for abstraction of filesystem functions
  * This class won't call any filesystem functions for itself but but will pass them to the correct OC_Filestorage object
- * this class should also handle all the file premission related stuff
+ * this class should also handle all the file permission related stuff
  *
  * Hooks provided:
  *   read(path)

From 1e12db35ee3b7ec96577129c6895c878e6204666 Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Fri, 23 Mar 2012 22:34:55 +0100
Subject: [PATCH 2/4] Audit: Add user login/logout logging

---
 apps/admin_audit/appinfo/app.php        |  4 ++++
 apps/admin_audit/lib/hooks_handlers.php | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/apps/admin_audit/appinfo/app.php b/apps/admin_audit/appinfo/app.php
index b1b986fb7b..27a72de432 100644
--- a/apps/admin_audit/appinfo/app.php
+++ b/apps/admin_audit/appinfo/app.php
@@ -2,6 +2,10 @@
 
 OC::$CLASSPATH['OC_Admin_Audit_Hooks_Handlers'] = 'apps/admin_audit/lib/hooks_handlers.php';
 
+OCP\Util::connectHook('OCP\User', 'pre_login', 'OC_Admin_Audit_Hooks_Handlers', 'pre_login');
+OCP\Util::connectHook('OCP\User', 'post_login', 'OC_Admin_Audit_Hooks_Handlers', 'post_login');
+OCP\Util::connectHook('OCP\User', 'logout', 'OC_Admin_Audit_Hooks_Handlers', 'logout');
+
 OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_rename, 'OC_Admin_Audit_Hooks_Handlers', 'rename');
 OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_create, 'OC_Admin_Audit_Hooks_Handlers', 'create');
 OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_copy, 'OC_Admin_Audit_Hooks_Handlers', 'copy');
diff --git a/apps/admin_audit/lib/hooks_handlers.php b/apps/admin_audit/lib/hooks_handlers.php
index 924878840a..8ebabbac7b 100644
--- a/apps/admin_audit/lib/hooks_handlers.php
+++ b/apps/admin_audit/lib/hooks_handlers.php
@@ -1,6 +1,19 @@
 <?php
 
 class OC_Admin_Audit_Hooks_Handlers {
+	static public function pre_login($params) {
+		$path = $params['uid'];
+		OCP\Util::writeLog('admin_audit', 'Trying login '.$user, OCP\Util::INFO);
+	}
+	static public function post_login($params) {
+		$path = $params['uid'];
+		OCP\Util::writeLog('admin_audit', 'Login '.$user, OCP\Util::INFO);
+	}
+	static public function logout($params) {
+		$user = OCP\User::getUser();
+		OCP\Util::writeLog('admin_audit', 'Logout '.$user, OCP\Util::INFO);
+	}
+
 	static public function rename($params) {
 		$oldpath = $params[OC_Filesystem::signal_param_oldpath];
 		$newpath = $params[OC_Filesystem::signal_param_newpath];

From a2df8a4746dd9c355541501e78726daaa6dbec43 Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Thu, 29 Mar 2012 11:24:29 +0200
Subject: [PATCH 3/4] Audit: Log messages with separate function

---
 apps/admin_audit/lib/hooks_handlers.php | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/apps/admin_audit/lib/hooks_handlers.php b/apps/admin_audit/lib/hooks_handlers.php
index 8ebabbac7b..4cc3194eaf 100644
--- a/apps/admin_audit/lib/hooks_handlers.php
+++ b/apps/admin_audit/lib/hooks_handlers.php
@@ -3,47 +3,50 @@
 class OC_Admin_Audit_Hooks_Handlers {
 	static public function pre_login($params) {
 		$path = $params['uid'];
-		OCP\Util::writeLog('admin_audit', 'Trying login '.$user, OCP\Util::INFO);
+		self::log('Trying login '.$user);
 	}
 	static public function post_login($params) {
 		$path = $params['uid'];
-		OCP\Util::writeLog('admin_audit', 'Login '.$user, OCP\Util::INFO);
+		self::log('Login '.$user);
 	}
 	static public function logout($params) {
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Logout '.$user, OCP\Util::INFO);
+		self::log('Logout '.$user);
 	}
 
 	static public function rename($params) {
 		$oldpath = $params[OC_Filesystem::signal_param_oldpath];
 		$newpath = $params[OC_Filesystem::signal_param_newpath];
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Rename "'.$oldpath.'" to "'.$newpath.'" by '.$user, OCP\Util::INFO);
+		self::log('Rename "'.$oldpath.'" to "'.$newpath.'" by '.$user);
 	}
 	static public function create($params) {
 		$path = $params[OC_Filesystem::signal_param_path];
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Create "'.$path.'" by '.$user, OCP\Util::INFO);
+		self::log('Create "'.$path.'" by '.$user);
 	}
 	static public function copy($params) {
 		$oldpath = $params[OC_Filesystem::signal_param_oldpath];
 		$newpath = $params[OC_Filesystem::signal_param_newpath];
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Copy "'.$oldpath.'" to "'.$newpath.'" by '.$user, OCP\Util::INFO);
+		self::log('Copy "'.$oldpath.'" to "'.$newpath.'" by '.$user);
 	}
 	static public function write($params) {
 		$path = $params[OC_Filesystem::signal_param_path];
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Write "'.$path.'" by '.$user, OCP\Util::INFO);
+		self::log('Write "'.$path.'" by '.$user);
 	}
 	static public function read($params) {
 		$path = $params[OC_Filesystem::signal_param_path];
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Read "'.$path.'" by '.$user, OCP\Util::INFO);
+		self::log('Read "'.$path.'" by '.$user);
 	}
 	static public function delete($params) {
 		$path = $params[OC_Filesystem::signal_param_path];
 		$user = OCP\User::getUser();
-		OCP\Util::writeLog('admin_audit', 'Delete "'.$path.'" by '.$user, OCP\Util::INFO);
+		self::log('Delete "'.$path.'" by '.$user);
+	}
+	static protected function log($msg) {
+		OCP\Util::writeLog('admin_audit', $msg, OCP\Util::INFO);
 	}
 }

From 2d581c675fb488df0875e4a489821cf88b7679ac Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Fri, 13 Apr 2012 19:40:33 +0200
Subject: [PATCH 4/4] Audit: Log sharing actions

---
 apps/admin_audit/appinfo/app.php        |  4 ++++
 apps/admin_audit/lib/hooks_handlers.php | 20 ++++++++++++++++++++
 apps/files_sharing/get.php              |  1 +
 apps/files_sharing/lib_share.php        |  2 ++
 4 files changed, 27 insertions(+)

diff --git a/apps/admin_audit/appinfo/app.php b/apps/admin_audit/appinfo/app.php
index 27a72de432..e52f633cf1 100644
--- a/apps/admin_audit/appinfo/app.php
+++ b/apps/admin_audit/appinfo/app.php
@@ -12,3 +12,7 @@ OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_copy, 'OC_
 OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_write, 'OC_Admin_Audit_Hooks_Handlers', 'write');
 OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_read, 'OC_Admin_Audit_Hooks_Handlers', 'read');
 OCP\Util::connectHook(OC_Filesystem::CLASSNAME, OC_Filesystem::signal_delete, 'OC_Admin_Audit_Hooks_Handlers', 'delete');
+
+OCP\Util::connectHook('OC_Share', 'public', 'OC_Admin_Audit_Hooks_Handlers', 'share_public');
+OCP\Util::connectHook('OC_Share', 'public-download', 'OC_Admin_Audit_Hooks_Handlers', 'share_public_download');
+OCP\Util::connectHook('OC_Share', 'user', 'OC_Admin_Audit_Hooks_Handlers', 'share_user');
diff --git a/apps/admin_audit/lib/hooks_handlers.php b/apps/admin_audit/lib/hooks_handlers.php
index 4cc3194eaf..c5aec97d93 100644
--- a/apps/admin_audit/lib/hooks_handlers.php
+++ b/apps/admin_audit/lib/hooks_handlers.php
@@ -46,6 +46,26 @@ class OC_Admin_Audit_Hooks_Handlers {
 		$user = OCP\User::getUser();
 		self::log('Delete "'.$path.'" by '.$user);
 	}
+	static public function share_public($params) {
+		$path = $params['source'];
+		$token = $params['token'];
+		$user = OCP\User::getUser();
+		self::log('Shared "'.$path.'" with public, token="'.$token.'" by '.$user);
+	}
+	static public function share_public_download($params) {
+		$path = $params['source'];
+		$token = $params['token'];
+		$user = $_SERVER['REMOTE_ADDR'];
+		self::log('Download of shared "'.$path.'" token="'.$token.'" by '.$user);
+	}
+	static public function share_user($params) {
+		$path = $params['source'];
+		$permissions = $params['permissions'];
+		$with = $params['with'];
+		$user = OCP\User::getUser();
+		$rw = $permissions & OC_Share::WRITE ? 'w' : 'o';
+		self::log('Shared "'.$path.'" (r'.$rw.') with user "'.$with.'" by '.$user);
+	}
 	static protected function log($msg) {
 		OCP\Util::writeLog('admin_audit', $msg, OCP\Util::INFO);
 	}
diff --git a/apps/files_sharing/get.php b/apps/files_sharing/get.php
index de3bc5f46d..57ff6b6e20 100755
--- a/apps/files_sharing/get.php
+++ b/apps/files_sharing/get.php
@@ -74,6 +74,7 @@ if ($source !== false) {
 		header("Content-Length: " . OC_Filesystem::filesize($source));
 		//download the file
 		@ob_clean();
+		OCP\Util::emitHook('OC_Share', 'public-download', array('source'=>$source, 'token'=>$token);
 		OC_Filesystem::readfile($source);
 	}
 } else {
diff --git a/apps/files_sharing/lib_share.php b/apps/files_sharing/lib_share.php
index d5cf3d0a1b..14c61c620a 100755
--- a/apps/files_sharing/lib_share.php
+++ b/apps/files_sharing/lib_share.php
@@ -43,6 +43,7 @@ class OC_Share {
 		$query = OCP\DB::prepare("INSERT INTO *PREFIX*sharing VALUES(?,?,?,?,?)");
 		if ($uid_shared_with == self::PUBLICLINK) {
 			$token = sha1("$uid_shared_with-$source");
+			OCP\Util::emitHook('OC_Share', 'public', array('source'=>$source, 'token'=>$token, 'permissions'=>$permissions));
 			$query->execute(array($uid_owner, self::PUBLICLINK, $source, $token, $permissions));
 			$this->token = $token;
 		} else {
@@ -97,6 +98,7 @@ class OC_Share {
 				if (isset($gid)) {
 					$uid = $uid."@".$gid;
 				}
+				OCP\Util::emitHook('OC_Share', 'user', array('source'=>$source, 'target'=>$target, 'with'=>$uid, 'permissions'=>$permissions));
 				$query->execute(array($uid_owner, $uid, $source, $target, $permissions));
 				// Add file to filesystem cache
 				$userDirectory = "/".OCP\USER::getUser()."/files";