Implemented initial recoveryAdmin functionality in crypto file proxy

This commit is contained in:
Sam Tuke 2013-05-09 18:09:20 +02:00
parent 101e037529
commit 3003dd46d1
2 changed files with 80 additions and 25 deletions

View File

@ -93,29 +93,29 @@ class Proxy extends \OC_FileProxy {
public function preFile_put_contents( $path, &$data ) { public function preFile_put_contents( $path, &$data ) {
if ( self::shouldEncrypt( $path ) ) { if ( self::shouldEncrypt( $path ) ) {
// Stream put contents should have been converted to fopen // Stream put contents should have been converted to fopen
if ( !is_resource( $data ) ) { if ( !is_resource( $data ) ) {
$userId = \OCP\USER::getUser(); $userId = \OCP\USER::getUser();
$rootView = new \OC_FilesystemView( '/' ); $view = new \OC_FilesystemView( '/' );
$util = new Util( $rootView, $userId ); $util = new Util( $view, $userId );
$session = new Session( $rootView ); $session = new Session( $view );
$privateKey = $session->getPrivateKey(); $privateKey = $session->getPrivateKey();
$filePath = $util->stripUserFilesPath( $path ); $filePath = $util->stripUserFilesPath( $path );
// Set the filesize for userland, before encrypting // Set the filesize for userland, before encrypting
$size = strlen( $data ); $size = strlen( $data );
// Disable encryption proxy to prevent recursive calls // Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled; $proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false; \OC_FileProxy::$enabled = false;
// Check if there is an existing key we can reuse // Check if there is an existing key we can reuse
if ( $encKeyfile = Keymanager::getFileKey( $rootView, $userId, $filePath ) ) { if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) {
// Fetch shareKey // Fetch shareKey
$shareKey = Keymanager::getShareKey( $rootView, $userId, $filePath ); $shareKey = Keymanager::getShareKey( $view, $userId, $filePath );
// Decrypt the keyfile // Decrypt the keyfile
$plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
@ -134,34 +134,73 @@ class Proxy extends \OC_FileProxy {
$uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId ); $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId );
// Fetch public keys for all users who will share the file // Fetch public keys for all users who will share the file
$publicKeys = Keymanager::getPublicKeys( $rootView, $uniqueUserIds ); $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
// Encrypt plain keyfile to multiple sharefiles // Encrypt plain keyfile to multiple sharefiles
$multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys ); $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys );
// Save sharekeys to user folders // Save sharekeys to user folders
Keymanager::setShareKeys( $rootView, $filePath, $multiEncrypted['keys'] ); Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] );
// Set encrypted keyfile as common varname // Set encrypted keyfile as common varname
$encKey = $multiEncrypted['data']; $encKey = $multiEncrypted['data'];
// Save keyfile for newly encrypted file in parallel directory tree // Save keyfile for newly encrypted file in parallel directory tree
Keymanager::setFileKey( $rootView, $filePath, $userId, $encKey ); Keymanager::setFileKey( $view, $filePath, $userId, $encKey );
// Replace plain content with encrypted content by reference // Replace plain content with encrypted content by reference
$data = $encData; $data = $encData;
// Update the file cache with file info // Update the file cache with file info
\OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' ); \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted'=>true, 'size' => strlen($size), 'unencrypted_size' => $size), '' );
// Re-enable proxy - our work is done // Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus; \OC_FileProxy::$enabled = $proxyStatus;
} }
} }
return true; return true;
}
public function postFile_put_contents( $path, $length ) {
$userId = \OCP\USER::getUser();
$view = new \OC_FilesystemView( '/' );
$util = new Util( $view, $userId );
// Check if recoveryAdmin is enabled for system and user
// TODO: Consider storing recoveryAdmin status for user in session
if (
\OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' )
&& $util->recoveryEnabledForUser()
) {
// Get owner UID and filepath
list( $owner, $ownerPath ) = $util->getUidAndFilename( $path );
$recoveryAdminUid = \OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
$usersSharing = \OCP\Share::getUsersSharingFile( $ownerPath, $owner,true, true, true );
// Check if file is already shared to recoveryAdmin
if ( ! in_array( $recoveryAdminUid, $usersSharing ) ) {
$relPath = $util->stripFilesPath( $path );
// Get file info from filecache
$fileInfo = \OC\Files\Filesystem::getFileInfo( $path );
// Register share to recoveryAdmin with share API
// FIXME: Some of these vars aren't set
// FIXME: What should the permission number be to grant all rights?
// \OCP\Share::shareItem( $itemType, $itemSource, 0, $recoveryAdminUid, 17 );
}
}
} }
/** /**

View File

@ -548,6 +548,7 @@ class Util {
/** /**
* @brief Format a path to be relative to the /user/files/ directory * @brief Format a path to be relative to the /user/files/ directory
* @note e.g. turns '/admin/files/test.txt' into 'test.txt'
*/ */
public function stripUserFilesPath( $path ) { public function stripUserFilesPath( $path ) {
@ -560,6 +561,21 @@ class Util {
} }
/**
* @brief Format a path to be relative to the /user directory
* @note e.g. turns '/admin/files/test.txt' into 'files/test.txt'
*/
public function stripFilesPath( $path ) {
$trimmed = ltrim( $path, '/' );
$split = explode( '/', $trimmed );
$sliced = array_slice( $split, 1 );
$relPath = implode( '/', $sliced );
return $relPath;
}
/** /**
* @brief Format a shared path to be relative to the /user/files/ directory * @brief Format a shared path to be relative to the /user/files/ directory
* @note Expects a path like /uid/files/Shared/filepath * @note Expects a path like /uid/files/Shared/filepath
@ -1142,16 +1158,16 @@ class Util {
/** /**
* @brief get shares parent. * @brief get shares parent.
* @param int $Id of the current share * @param int $id of the current share
* @return array of the parent * @return array of the parent
*/ */
public static function getShareParent( $Id ) { public static function getShareParent( $id ) {
$query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`' $query = \OC_DB::prepare( 'SELECT `file_target`, `item_type`'
.' FROM `*PREFIX*share`' .' FROM `*PREFIX*share`'
.' WHERE `id` = ?' ); .' WHERE `id` = ?' );
$result = $query->execute( array( $Id ) ); $result = $query->execute( array( $id ) );
$row = $result->fetchRow(); $row = $result->fetchRow();