handle system wide mount points
This commit is contained in:
Björn Schießle
parent
9c855f7b3d
commit
3e4dcafa89
|
|
@ -126,7 +126,12 @@ class Keymanager {
|
||||||
$util = new Util($view, \OCP\User::getUser());
|
$util = new Util($view, \OCP\User::getUser());
|
||||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||||
|
|
||||||
|
// in case of system wide mount points the keys are stored directly in the data directory
|
||||||
|
if (self::isSystemWideMountPoint($filename)) {
|
||||||
|
$basePath = '/files_encryption/keyfiles';
|
||||||
|
} else {
|
||||||
$basePath = '/' . $owner . '/files_encryption/keyfiles';
|
$basePath = '/' . $owner . '/files_encryption/keyfiles';
|
||||||
|
}
|
||||||
|
|
||||||
$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
|
$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
|
||||||
|
|
||||||
|
|
@ -233,7 +238,12 @@ class Keymanager {
|
||||||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||||
$filePath_f = ltrim($filename, '/');
|
$filePath_f = ltrim($filename, '/');
|
||||||
|
|
||||||
|
// in case of system wide mount points the keys are stored directly in the data directory
|
||||||
|
if (self::isSystemWideMountPoint($filename)) {
|
||||||
|
$keyfilePath = '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||||
|
} else {
|
||||||
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||||
|
}
|
||||||
|
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
@ -341,19 +351,20 @@ class Keymanager {
|
||||||
|
|
||||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||||
|
|
||||||
|
// in case of system wide mount points the keys are stored directly in the data directory
|
||||||
|
if (self::isSystemWideMountPoint($filename)) {
|
||||||
|
$basePath = '/files_encryption/share-keys';
|
||||||
|
} else {
|
||||||
$basePath = '/' . $owner . '/files_encryption/share-keys';
|
$basePath = '/' . $owner . '/files_encryption/share-keys';
|
||||||
|
}
|
||||||
|
|
||||||
$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
|
$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
|
||||||
|
|
||||||
// try reusing key file if part file
|
// try reusing key file if part file
|
||||||
if (self::isPartialFilePath($shareKeyPath)) {
|
if (self::isPartialFilePath($shareKeyPath)) {
|
||||||
|
|
||||||
$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
|
$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
|
$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
|
@ -440,8 +451,13 @@ class Keymanager {
|
||||||
$util = new Util($view, \OCP\User::getUser());
|
$util = new Util($view, \OCP\User::getUser());
|
||||||
|
|
||||||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||||
$shareKeyPath = \OC\Files\Filesystem::normalizePath(
|
|
||||||
'/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
|
// in case of system wide mount points the keys are stored directly in the data directory
|
||||||
|
if (self::isSystemWideMountPoint($filename)) {
|
||||||
|
$shareKeyPath = '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
|
||||||
|
} else {
|
||||||
|
$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
|
||||||
|
}
|
||||||
|
|
||||||
if ($view->file_exists($shareKeyPath)) {
|
if ($view->file_exists($shareKeyPath)) {
|
||||||
|
|
||||||
|
|
@ -568,4 +584,19 @@ class Keymanager {
|
||||||
return $targetPath;
|
return $targetPath;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief check if the file is stored on a system wide mount point
|
||||||
|
* @param $path relative to /data/user with leading '/'
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
private static function isSystemWideMountPoint($path) {
|
||||||
|
$mount = OC_Mount_Config::getSystemMountPoints();
|
||||||
|
foreach ($mount as $mountPoint => $data) {
|
||||||
|
if ($mountPoint == substr($path, 1, strlen($mountPoint))) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -992,13 +992,9 @@ class Util {
|
||||||
\OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled')
|
\OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled')
|
||||||
&& $this->recoveryEnabledForUser()
|
&& $this->recoveryEnabledForUser()
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$recoveryEnabled = true;
|
$recoveryEnabled = true;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
$recoveryEnabled = false;
|
$recoveryEnabled = false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make sure that a share key is generated for the owner too
|
// Make sure that a share key is generated for the owner too
|
||||||
|
|
@ -1019,20 +1015,24 @@ class Util {
|
||||||
// If recovery is enabled, add the
|
// If recovery is enabled, add the
|
||||||
// Admin UID to list of users to share to
|
// Admin UID to list of users to share to
|
||||||
if ($recoveryEnabled) {
|
if ($recoveryEnabled) {
|
||||||
|
|
||||||
// Find recoveryAdmin user ID
|
// Find recoveryAdmin user ID
|
||||||
$recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
$recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
||||||
|
|
||||||
// Add recoveryAdmin to list of users sharing
|
// Add recoveryAdmin to list of users sharing
|
||||||
$userIds[] = $recoveryKeyId;
|
$userIds[] = $recoveryKeyId;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// add current user if given
|
// add current user if given
|
||||||
if ($currentUserId !== false) {
|
if ($currentUserId !== false) {
|
||||||
|
|
||||||
$userIds[] = $currentUserId;
|
$userIds[] = $currentUserId;
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if it is a group mount
|
||||||
|
$mount = OC_Mount_Config::getSystemMountPoints();
|
||||||
|
foreach ($mount as $mountPoint => $data) {
|
||||||
|
if ($mountPoint == substr($ownerPath, 1, strlen($mountPoint))) {
|
||||||
|
$userIds = array_merge($userIds,
|
||||||
|
$this->getUserWithAccessToMountPoint($data['applicable']['users'], $data['applicable']['groups']));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove duplicate UIDs
|
// Remove duplicate UIDs
|
||||||
|
|
@ -1042,6 +1042,20 @@ class Util {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function getUserWithAccessToMountPoint($users, $groups) {
|
||||||
|
$result = array();
|
||||||
|
if (in_array('all', $users)) {
|
||||||
|
$result = \OCP\User::getUsers();
|
||||||
|
} else {
|
||||||
|
$result = array_merge($result, $users);
|
||||||
|
foreach ($groups as $group) {
|
||||||
|
$result = array_merge($result, \OC_Group::usersInGroup($group));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief start migration mode to initially encrypt users data
|
* @brief start migration mode to initially encrypt users data
|
||||||
* @return boolean
|
* @return boolean
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue