From 3003dd46d17e9d4b70a5b19d4a7807bb0fbad298 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Thu, 9 May 2013 18:09:20 +0200 Subject: [PATCH] Implemented initial recoveryAdmin functionality in crypto file proxy --- apps/files_encryption/lib/proxy.php | 83 +++++++++++++++++++++-------- apps/files_encryption/lib/util.php | 22 ++++++-- 2 files changed, 80 insertions(+), 25 deletions(-) diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 820b7d8b67..ae36b9fe09 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -93,29 +93,29 @@ class Proxy extends \OC_FileProxy { public function preFile_put_contents( $path, &$data ) { - if ( self::shouldEncrypt( $path ) ) { + if ( self::shouldEncrypt( $path ) ) { - // Stream put contents should have been converted to fopen + // Stream put contents should have been converted to fopen if ( !is_resource( $data ) ) { - $userId = \OCP\USER::getUser(); - $rootView = new \OC_FilesystemView( '/' ); - $util = new Util( $rootView, $userId ); - $session = new Session( $rootView ); + $userId = \OCP\USER::getUser(); + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $userId ); + $session = new Session( $view ); $privateKey = $session->getPrivateKey(); $filePath = $util->stripUserFilesPath( $path ); // Set the filesize for userland, before encrypting $size = strlen( $data ); - + // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + // Check if there is an existing key we can reuse - if ( $encKeyfile = Keymanager::getFileKey( $rootView, $userId, $filePath ) ) { + if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) { // Fetch shareKey - $shareKey = Keymanager::getShareKey( $rootView, $userId, $filePath ); + $shareKey = Keymanager::getShareKey( $view, $userId, $filePath ); // Decrypt the keyfile $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); @@ -124,7 +124,7 @@ class Proxy extends \OC_FileProxy { // Make a new key $plainKey = Crypt::generateKey(); - + } // Encrypt data @@ -134,34 +134,73 @@ class Proxy extends \OC_FileProxy { $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId ); - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys( $rootView, $uniqueUserIds ); + // Fetch public keys for all users who will share the file + $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds ); - // Encrypt plain keyfile to multiple sharefiles + // Encrypt plain keyfile to multiple sharefiles $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys ); // Save sharekeys to user folders - Keymanager::setShareKeys( $rootView, $filePath, $multiEncrypted['keys'] ); + Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] ); // Set encrypted keyfile as common varname $encKey = $multiEncrypted['data']; // Save keyfile for newly encrypted file in parallel directory tree - Keymanager::setFileKey( $rootView, $filePath, $userId, $encKey ); + Keymanager::setFileKey( $view, $filePath, $userId, $encKey ); // Replace plain content with encrypted content by reference $data = $encData; - + // Update the file cache with file info - \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' ); + \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' ); - // Re-enable proxy - our work is done + // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; } } - return true; + return true; + + } + + public function postFile_put_contents( $path, $length ) { + + $userId = \OCP\USER::getUser(); + $view = new \OC_FilesystemView( '/' ); + $util = new Util( $view, $userId ); + + // Check if recoveryAdmin is enabled for system and user + // TODO: Consider storing recoveryAdmin status for user in session + if ( + \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ) + && $util->recoveryEnabledForUser() + ) { + + // Get owner UID and filepath + list( $owner, $ownerPath ) = $util->getUidAndFilename( $path ); + + $recoveryAdminUid = \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); + $usersSharing = \OCP\Share::getUsersSharingFile( $ownerPath, $owner,true, true, true ); + + // Check if file is already shared to recoveryAdmin + if ( ! in_array( $recoveryAdminUid, $usersSharing ) ) { + + $relPath = $util->stripFilesPath( $path ); + + // Get file info from filecache + $fileInfo = \OC\Files\Filesystem::getFileInfo( $path ); + + // Register share to recoveryAdmin with share API + // FIXME: Some of these vars aren't set + // FIXME: What should the permission number be to grant all rights? +// \OCP\Share::shareItem( $itemType, $itemSource, 0, $recoveryAdminUid, 17 ); + + } + + } + } /** diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 068f714842..41d51fbf6f 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -548,6 +548,7 @@ class Util { /** * @brief Format a path to be relative to the /user/files/ directory + * @note e.g. turns '/admin/files/test.txt' into 'test.txt' */ public function stripUserFilesPath( $path ) { @@ -560,6 +561,21 @@ class Util { } + /** + * @brief Format a path to be relative to the /user directory + * @note e.g. turns '/admin/files/test.txt' into 'files/test.txt' + */ + public function stripFilesPath( $path ) { + + $trimmed = ltrim( $path, '/' ); + $split = explode( '/', $trimmed ); + $sliced = array_slice( $split, 1 ); + $relPath = implode( '/', $sliced ); + + return $relPath; + + } + /** * @brief Format a shared path to be relative to the /user/files/ directory * @note Expects a path like /uid/files/Shared/filepath @@ -1142,16 +1158,16 @@ class Util { /** * @brief get shares parent. - * @param int $Id of the current share + * @param int $id of the current share * @return array of the parent */ - public static function getShareParent( $Id ) { + public static function getShareParent( $id ) { $query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`' .' FROM `*PREFIX*share`' .' WHERE `id` = ?' ); - $result = $query->execute( array( $Id ) ); + $result = $query->execute( array( $id ) ); $row = $result->fetchRow();