From 1b880f2f96df514c68a17e90141cff9620c2ddb5 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Tue, 19 Feb 2013 19:16:50 +0000 Subject: [PATCH] Moved dependencies out of Crypt methods (encKeyfileToMultipleUsers)(DI) Fixed bug preventing sharing with users other than 'ownCloud' Added comments Moved functionality into filterShareReadyUsers() Other changes --- apps/files_encryption/appinfo/app.php | 2 +- apps/files_encryption/hooks/hooks.php | 23 ++++-- apps/files_encryption/lib/crypt.php | 103 ++++++++++++++------------ apps/files_encryption/lib/util.php | 41 ++++++++++ 4 files changed, 112 insertions(+), 57 deletions(-) diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 6778e1faa3..742e4add8f 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -20,7 +20,7 @@ OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'pos OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' ); // Webdav-related hooks -OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' ); +OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfileFromClient' ); stream_wrapper_register( 'crypt', 'OCA\Encryption\Stream' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 5020724657..1ebfdb1ae0 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -139,7 +139,7 @@ class Hooks { /** * @brief update the encryption key of the file uploaded by the client */ - public static function updateKeyfile( $params ) { + public static function updateKeyfileFromClient( $params ) { if ( Crypt::mode() == 'client' ) { @@ -175,12 +175,13 @@ class Hooks { // uidOwner -> owner of the original file being shared $view = new \OC_FilesystemView( '/' ); + $session = new Session(); $userId = \OCP\User::getUser(); $util = new Util( $view, $userId ); - $path = Util::getFilePath($params['itemSource']); + $path = Util::getFilePath( $params['itemSource'] ); - return Crypt::updateKeyfile($path); + return Crypt::updateKeyfile( $view, $session, $path ); } @@ -188,18 +189,26 @@ class Hooks { * @brief */ public static function postUnshare( $params ) { - $path = Util::getFilePath($params['itemSource']); + + $view = new \OC_FilesystemView( '/' ); + $session = new Session(); + $path = Util::getFilePath( $params['itemSource'] ); + + return Crypt::updateKeyfile( $view, $session, $path ); - return Crypt::updateKeyfile($path); } /** * @brief */ public static function postUnshareAll( $params ) { - $path = Util::getFilePath($params['itemSource']); + + $view = new \OC_FilesystemView( '/' ); + $session = new Session(); + $path = Util::getFilePath( $params['itemSource'] ); + + return Crypt::updateKeyfile( $view, $session, $path ); - return Crypt::updateKeyfile($path); } } diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 49b75c17f6..1b0167834e 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -746,52 +746,44 @@ class Crypt { /** - * @brief encrypt file key to multiple users - * @param $users list of users which should be able to access the file - * @param $fileTarget target of the file + * @brief Encrypt keyfile to multiple users + * @param array $users list of users which should be able to access the file + * @param string $filePath path of the file to be shared */ - private static function encKeyfileToMultipleUsers($users, $filePath) { - $view = new \OC_FilesystemView( '/' ); - $owner = \OCP\User::getUser(); - $util = new Util( $view, $userId ); - $session = new Session(); + private static function encKeyfileToMultipleUsers( \OC_FilesystemView $view, Util $util, Session $session, $userId, array $users, $filePath ) { + + // Make sure users are capable of sharing + $filteredUids = $util->filterShareReadyUsers( $users ); - $userIds = array(); - - foreach ( $users as $user ) { - - $util = new Util( $view, $user ); - - // Check that the user is encryption capable - if ( $util->ready() && $user == 'ownCloud' ) { - // Construct array of just UIDs for Keymanager{} - $userIds[] = $user; - - } else { - - // Log warning; we can't do necessary setup here - // because we don't have the user passphrase - // TODO: Provide user feedback indicating that - // sharing failed - \OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$user.'" is not setup for encryption', \OC_Log::WARN ); - - } - - } - - - $userPubKeys = Keymanager::getPublicKeys( $view, $userIds ); + // Get public keys for each user, ready for generating sharekeys + $userPubKeys = Keymanager::getPublicKeys( $view, $filteredUids ); // TODO: check this includes the owner's public key \OC_FileProxy::$enabled = false; - // get the keyfile + // Get the current users's private key for decrypting existing keyfile + $privateKey = $session->getPrivateKey(); + + // We need to get a decrypted key for the file + // Determine how to decrypt the keyfile by checking if current user is owner + if ( $userId == \OC\Files\Filesystem::getOwner( $filePath ) ) { + + // If current user is owner, decrypt without using sharekey + + } else { + + // Current user is resharing a file they don't own + // Decrypt keyfile using sharekey + + } + + // get the existing keyfile $encKeyfile = Keymanager::getFileKey( $view, $owner, $filePath ); - $privateKey = $session->getPrivateKey(); - - // decrypt the keyfile + // decrypt the existing keyfile $plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey ); - + + trigger_error("PUBKEYS = ". var_export($userPubKeys, 1)); + // re-enc keyfile to sharekeys $shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys ); @@ -816,29 +808,42 @@ class Crypt { * @param path which needs to be updated * @return bool success */ - public static function updateKeyfile($path) { + public static function updateKeyfile( \OC_FilesystemView $view, Util $util, Session $session, $path ) { - $filesView = \OCP\Files::getStorage('files'); + // Make path include 'files' dir for OC_FSV operations + $fPath = 'files' . $path; $result = true; - if ( $filesView->is_dir($path) ) { - $content = $filesView->getDirectoryContent($path); - foreach ( $content as $c) { + if ( ! $view->is_dir( $fPath ) ) { + + $shares = \OCP\Share::getUsersSharingFile( $path, true ); + $result = self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path ); + + } else { + + $content = $view->getDirectoryContent( $fPath ); + + foreach ( $content as $c ) { + $path = substr($c['path'], 5); - if ( $filesView->is_dir($path) ) { - $result &= self::updateKeyfile($path); + + if ( $view->is_dir( $fPath ) ) { + + $result &= self::updateKeyfile( $path ); + } else { + $shares = \OCP\Share::getUsersSharingFile( $path, true ); - $result &= self::encKeyfileToMultipleUsers($shares, $path); + $result &= self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path ); + } } - } else { - $shares = \OCP\Share::getUsersSharingFile( $path, true ); - $result = self::encKeyfileToMultipleUsers($shares, $path); + } return $result; } + } \ No newline at end of file diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 843727d7ab..8ca51c95d7 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -486,5 +486,46 @@ class Util { $row = $result->fetchRow(); return substr($row['path'], 5); } + + /** + * @brief Filter an array of UIDs to return only ones ready for sharing + * @param array $unfilteredUsers users to be checked for sharing readiness + * @return array $userIds filtered users + */ + public function filterShareReadyUsers( $unfilteredUsers ) { + + // This array will collect the filtered IDs + $userIds = array(); + + // Loop through users and create array of UIDs that need new keyfiles + foreach ( $unfilteredUsers as $user ) { + + $util = new Util( $this->view, $user ); + + // Check that the user is encryption capable, or is the + // public system user 'ownCloud' (for public shares) + if ( + $util->ready() + or $user == 'ownCloud' + ) { + + // Construct array of just UIDs for Keymanager{} + $userIds[] = $user; + + } else { + + // Log warning; we can't do necessary setup here + // because we don't have the user passphrase + // TODO: Provide user feedback indicating that + // sharing failed + \OC_Log::write( 'Encryption library', '"'.$user.'" is not setup for encryption', \OC_Log::WARN ); + + } + + } + + return $userIds; + + } }