handle system wide mount points
This commit is contained in:
Björn Schießle
parent
9c855f7b3d
commit
3e4dcafa89
|
|
@ -126,7 +126,12 @@ class Keymanager {
|
|||
$util = new Util($view, \OCP\User::getUser());
|
||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||
|
||||
$basePath = '/' . $owner . '/files_encryption/keyfiles';
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
if (self::isSystemWideMountPoint($filename)) {
|
||||
$basePath = '/files_encryption/keyfiles';
|
||||
} else {
|
||||
$basePath = '/' . $owner . '/files_encryption/keyfiles';
|
||||
}
|
||||
|
||||
$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
|
||||
|
||||
|
|
@ -233,7 +238,12 @@ class Keymanager {
|
|||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||
$filePath_f = ltrim($filename, '/');
|
||||
|
||||
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
if (self::isSystemWideMountPoint($filename)) {
|
||||
$keyfilePath = '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||
} else {
|
||||
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||
}
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
|
@ -341,19 +351,20 @@ class Keymanager {
|
|||
|
||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||
|
||||
$basePath = '/' . $owner . '/files_encryption/share-keys';
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
if (self::isSystemWideMountPoint($filename)) {
|
||||
$basePath = '/files_encryption/share-keys';
|
||||
} else {
|
||||
$basePath = '/' . $owner . '/files_encryption/share-keys';
|
||||
}
|
||||
|
||||
$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
|
||||
|
||||
// try reusing key file if part file
|
||||
if (self::isPartialFilePath($shareKeyPath)) {
|
||||
|
||||
$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
|
||||
|
||||
} else {
|
||||
|
||||
$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
|
||||
|
||||
}
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
|
|
@ -440,8 +451,13 @@ class Keymanager {
|
|||
$util = new Util($view, \OCP\User::getUser());
|
||||
|
||||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||
$shareKeyPath = \OC\Files\Filesystem::normalizePath(
|
||||
'/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
|
||||
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
if (self::isSystemWideMountPoint($filename)) {
|
||||
$shareKeyPath = '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
|
||||
} else {
|
||||
$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
|
||||
}
|
||||
|
||||
if ($view->file_exists($shareKeyPath)) {
|
||||
|
||||
|
|
@ -568,4 +584,19 @@ class Keymanager {
|
|||
return $targetPath;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief check if the file is stored on a system wide mount point
|
||||
* @param $path relative to /data/user with leading '/'
|
||||
* @return boolean
|
||||
*/
|
||||
private static function isSystemWideMountPoint($path) {
|
||||
$mount = OC_Mount_Config::getSystemMountPoints();
|
||||
foreach ($mount as $mountPoint => $data) {
|
||||
if ($mountPoint == substr($path, 1, strlen($mountPoint))) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -992,13 +992,9 @@ class Util {
|
|||
\OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled')
|
||||
&& $this->recoveryEnabledForUser()
|
||||
) {
|
||||
|
||||
$recoveryEnabled = true;
|
||||
|
||||
} else {
|
||||
|
||||
$recoveryEnabled = false;
|
||||
|
||||
}
|
||||
|
||||
// Make sure that a share key is generated for the owner too
|
||||
|
|
@ -1019,20 +1015,24 @@ class Util {
|
|||
// If recovery is enabled, add the
|
||||
// Admin UID to list of users to share to
|
||||
if ($recoveryEnabled) {
|
||||
|
||||
// Find recoveryAdmin user ID
|
||||
$recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
||||
|
||||
// Add recoveryAdmin to list of users sharing
|
||||
$userIds[] = $recoveryKeyId;
|
||||
|
||||
}
|
||||
|
||||
// add current user if given
|
||||
if ($currentUserId !== false) {
|
||||
|
||||
$userIds[] = $currentUserId;
|
||||
}
|
||||
|
||||
// check if it is a group mount
|
||||
$mount = OC_Mount_Config::getSystemMountPoints();
|
||||
foreach ($mount as $mountPoint => $data) {
|
||||
if ($mountPoint == substr($ownerPath, 1, strlen($mountPoint))) {
|
||||
$userIds = array_merge($userIds,
|
||||
$this->getUserWithAccessToMountPoint($data['applicable']['users'], $data['applicable']['groups']));
|
||||
}
|
||||
}
|
||||
|
||||
// Remove duplicate UIDs
|
||||
|
|
@ -1042,6 +1042,20 @@ class Util {
|
|||
|
||||
}
|
||||
|
||||
private function getUserWithAccessToMountPoint($users, $groups) {
|
||||
$result = array();
|
||||
if (in_array('all', $users)) {
|
||||
$result = \OCP\User::getUsers();
|
||||
} else {
|
||||
$result = array_merge($result, $users);
|
||||
foreach ($groups as $group) {
|
||||
$result = array_merge($result, \OC_Group::usersInGroup($group));
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief start migration mode to initially encrypt users data
|
||||
* @return boolean
|
||||
|
|
|
|||
Loading…
Reference in New Issue