Implemented initial recoveryAdmin functionality in crypto file proxy
This commit is contained in:
parent
101e037529
commit
3003dd46d1
|
@ -93,29 +93,29 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
public function preFile_put_contents( $path, &$data ) {
|
public function preFile_put_contents( $path, &$data ) {
|
||||||
|
|
||||||
if ( self::shouldEncrypt( $path ) ) {
|
if ( self::shouldEncrypt( $path ) ) {
|
||||||
|
|
||||||
// Stream put contents should have been converted to fopen
|
// Stream put contents should have been converted to fopen
|
||||||
if ( !is_resource( $data ) ) {
|
if ( !is_resource( $data ) ) {
|
||||||
|
|
||||||
$userId = \OCP\USER::getUser();
|
$userId = \OCP\USER::getUser();
|
||||||
$rootView = new \OC_FilesystemView( '/' );
|
$view = new \OC_FilesystemView( '/' );
|
||||||
$util = new Util( $rootView, $userId );
|
$util = new Util( $view, $userId );
|
||||||
$session = new Session( $rootView );
|
$session = new Session( $view );
|
||||||
$privateKey = $session->getPrivateKey();
|
$privateKey = $session->getPrivateKey();
|
||||||
$filePath = $util->stripUserFilesPath( $path );
|
$filePath = $util->stripUserFilesPath( $path );
|
||||||
// Set the filesize for userland, before encrypting
|
// Set the filesize for userland, before encrypting
|
||||||
$size = strlen( $data );
|
$size = strlen( $data );
|
||||||
|
|
||||||
// Disable encryption proxy to prevent recursive calls
|
// Disable encryption proxy to prevent recursive calls
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// Check if there is an existing key we can reuse
|
// Check if there is an existing key we can reuse
|
||||||
if ( $encKeyfile = Keymanager::getFileKey( $rootView, $userId, $filePath ) ) {
|
if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) {
|
||||||
|
|
||||||
// Fetch shareKey
|
// Fetch shareKey
|
||||||
$shareKey = Keymanager::getShareKey( $rootView, $userId, $filePath );
|
$shareKey = Keymanager::getShareKey( $view, $userId, $filePath );
|
||||||
|
|
||||||
// Decrypt the keyfile
|
// Decrypt the keyfile
|
||||||
$plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
|
$plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
|
||||||
|
@ -134,34 +134,73 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId );
|
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId );
|
||||||
|
|
||||||
// Fetch public keys for all users who will share the file
|
// Fetch public keys for all users who will share the file
|
||||||
$publicKeys = Keymanager::getPublicKeys( $rootView, $uniqueUserIds );
|
$publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
|
||||||
|
|
||||||
// Encrypt plain keyfile to multiple sharefiles
|
// Encrypt plain keyfile to multiple sharefiles
|
||||||
$multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys );
|
$multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys );
|
||||||
|
|
||||||
// Save sharekeys to user folders
|
// Save sharekeys to user folders
|
||||||
Keymanager::setShareKeys( $rootView, $filePath, $multiEncrypted['keys'] );
|
Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] );
|
||||||
|
|
||||||
// Set encrypted keyfile as common varname
|
// Set encrypted keyfile as common varname
|
||||||
$encKey = $multiEncrypted['data'];
|
$encKey = $multiEncrypted['data'];
|
||||||
|
|
||||||
// Save keyfile for newly encrypted file in parallel directory tree
|
// Save keyfile for newly encrypted file in parallel directory tree
|
||||||
Keymanager::setFileKey( $rootView, $filePath, $userId, $encKey );
|
Keymanager::setFileKey( $view, $filePath, $userId, $encKey );
|
||||||
|
|
||||||
// Replace plain content with encrypted content by reference
|
// Replace plain content with encrypted content by reference
|
||||||
$data = $encData;
|
$data = $encData;
|
||||||
|
|
||||||
// Update the file cache with file info
|
// Update the file cache with file info
|
||||||
\OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' );
|
\OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' );
|
||||||
|
|
||||||
// Re-enable proxy - our work is done
|
// Re-enable proxy - our work is done
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public function postFile_put_contents( $path, $length ) {
|
||||||
|
|
||||||
|
$userId = \OCP\USER::getUser();
|
||||||
|
$view = new \OC_FilesystemView( '/' );
|
||||||
|
$util = new Util( $view, $userId );
|
||||||
|
|
||||||
|
// Check if recoveryAdmin is enabled for system and user
|
||||||
|
// TODO: Consider storing recoveryAdmin status for user in session
|
||||||
|
if (
|
||||||
|
\OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' )
|
||||||
|
&& $util->recoveryEnabledForUser()
|
||||||
|
) {
|
||||||
|
|
||||||
|
// Get owner UID and filepath
|
||||||
|
list( $owner, $ownerPath ) = $util->getUidAndFilename( $path );
|
||||||
|
|
||||||
|
$recoveryAdminUid = \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
|
||||||
|
$usersSharing = \OCP\Share::getUsersSharingFile( $ownerPath, $owner,true, true, true );
|
||||||
|
|
||||||
|
// Check if file is already shared to recoveryAdmin
|
||||||
|
if ( ! in_array( $recoveryAdminUid, $usersSharing ) ) {
|
||||||
|
|
||||||
|
$relPath = $util->stripFilesPath( $path );
|
||||||
|
|
||||||
|
// Get file info from filecache
|
||||||
|
$fileInfo = \OC\Files\Filesystem::getFileInfo( $path );
|
||||||
|
|
||||||
|
// Register share to recoveryAdmin with share API
|
||||||
|
// FIXME: Some of these vars aren't set
|
||||||
|
// FIXME: What should the permission number be to grant all rights?
|
||||||
|
// \OCP\Share::shareItem( $itemType, $itemSource, 0, $recoveryAdminUid, 17 );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -548,6 +548,7 @@ class Util {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Format a path to be relative to the /user/files/ directory
|
* @brief Format a path to be relative to the /user/files/ directory
|
||||||
|
* @note e.g. turns '/admin/files/test.txt' into 'test.txt'
|
||||||
*/
|
*/
|
||||||
public function stripUserFilesPath( $path ) {
|
public function stripUserFilesPath( $path ) {
|
||||||
|
|
||||||
|
@ -560,6 +561,21 @@ class Util {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Format a path to be relative to the /user directory
|
||||||
|
* @note e.g. turns '/admin/files/test.txt' into 'files/test.txt'
|
||||||
|
*/
|
||||||
|
public function stripFilesPath( $path ) {
|
||||||
|
|
||||||
|
$trimmed = ltrim( $path, '/' );
|
||||||
|
$split = explode( '/', $trimmed );
|
||||||
|
$sliced = array_slice( $split, 1 );
|
||||||
|
$relPath = implode( '/', $sliced );
|
||||||
|
|
||||||
|
return $relPath;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Format a shared path to be relative to the /user/files/ directory
|
* @brief Format a shared path to be relative to the /user/files/ directory
|
||||||
* @note Expects a path like /uid/files/Shared/filepath
|
* @note Expects a path like /uid/files/Shared/filepath
|
||||||
|
@ -1142,16 +1158,16 @@ class Util {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief get shares parent.
|
* @brief get shares parent.
|
||||||
* @param int $Id of the current share
|
* @param int $id of the current share
|
||||||
* @return array of the parent
|
* @return array of the parent
|
||||||
*/
|
*/
|
||||||
public static function getShareParent( $Id ) {
|
public static function getShareParent( $id ) {
|
||||||
|
|
||||||
$query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`'
|
$query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`'
|
||||||
.' FROM `*PREFIX*share`'
|
.' FROM `*PREFIX*share`'
|
||||||
.' WHERE `id` = ?' );
|
.' WHERE `id` = ?' );
|
||||||
|
|
||||||
$result = $query->execute( array( $Id ) );
|
$result = $query->execute( array( $id ) );
|
||||||
|
|
||||||
$row = $result->fetchRow();
|
$row = $result->fetchRow();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue