handle system wide mount points

This commit is contained in:
Björn Schießle 2013-06-25 12:21:54 +02:00
parent 9c855f7b3d
commit 3e4dcafa89
2 changed files with 62 additions and 17 deletions

View File

@ -126,7 +126,12 @@ class Keymanager {
$util = new Util($view, \OCP\User::getUser()); $util = new Util($view, \OCP\User::getUser());
list($owner, $filename) = $util->getUidAndFilename($path); list($owner, $filename) = $util->getUidAndFilename($path);
$basePath = '/' . $owner . '/files_encryption/keyfiles'; // in case of system wide mount points the keys are stored directly in the data directory
if (self::isSystemWideMountPoint($filename)) {
$basePath = '/files_encryption/keyfiles';
} else {
$basePath = '/' . $owner . '/files_encryption/keyfiles';
}
$targetPath = self::keySetPreparation($view, $filename, $basePath, $owner); $targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
@ -233,7 +238,12 @@ class Keymanager {
list($owner, $filename) = $util->getUidAndFilename($filePath); list($owner, $filename) = $util->getUidAndFilename($filePath);
$filePath_f = ltrim($filename, '/'); $filePath_f = ltrim($filename, '/');
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key'; // in case of system wide mount points the keys are stored directly in the data directory
if (self::isSystemWideMountPoint($filename)) {
$keyfilePath = '/files_encryption/keyfiles/' . $filePath_f . '.key';
} else {
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
}
$proxyStatus = \OC_FileProxy::$enabled; $proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false; \OC_FileProxy::$enabled = false;
@ -341,19 +351,20 @@ class Keymanager {
list($owner, $filename) = $util->getUidAndFilename($path); list($owner, $filename) = $util->getUidAndFilename($path);
$basePath = '/' . $owner . '/files_encryption/share-keys'; // in case of system wide mount points the keys are stored directly in the data directory
if (self::isSystemWideMountPoint($filename)) {
$basePath = '/files_encryption/share-keys';
} else {
$basePath = '/' . $owner . '/files_encryption/share-keys';
}
$shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner); $shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
// try reusing key file if part file // try reusing key file if part file
if (self::isPartialFilePath($shareKeyPath)) { if (self::isPartialFilePath($shareKeyPath)) {
$writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey'; $writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
} else { } else {
$writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey'; $writePath = $basePath . '/' . $shareKeyPath . '.' . $userId . '.shareKey';
} }
$proxyStatus = \OC_FileProxy::$enabled; $proxyStatus = \OC_FileProxy::$enabled;
@ -440,8 +451,13 @@ class Keymanager {
$util = new Util($view, \OCP\User::getUser()); $util = new Util($view, \OCP\User::getUser());
list($owner, $filename) = $util->getUidAndFilename($filePath); list($owner, $filename) = $util->getUidAndFilename($filePath);
$shareKeyPath = \OC\Files\Filesystem::normalizePath(
'/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey'); // in case of system wide mount points the keys are stored directly in the data directory
if (self::isSystemWideMountPoint($filename)) {
$shareKeyPath = '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
} else {
$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
}
if ($view->file_exists($shareKeyPath)) { if ($view->file_exists($shareKeyPath)) {
@ -568,4 +584,19 @@ class Keymanager {
return $targetPath; return $targetPath;
} }
/**
* @brief check if the file is stored on a system wide mount point
* @param $path relative to /data/user with leading '/'
* @return boolean
*/
private static function isSystemWideMountPoint($path) {
$mount = OC_Mount_Config::getSystemMountPoints();
foreach ($mount as $mountPoint => $data) {
if ($mountPoint == substr($path, 1, strlen($mountPoint))) {
return true;
}
}
return false;
}
} }

View File

@ -992,13 +992,9 @@ class Util {
\OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled') \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled')
&& $this->recoveryEnabledForUser() && $this->recoveryEnabledForUser()
) { ) {
$recoveryEnabled = true; $recoveryEnabled = true;
} else { } else {
$recoveryEnabled = false; $recoveryEnabled = false;
} }
// Make sure that a share key is generated for the owner too // Make sure that a share key is generated for the owner too
@ -1019,20 +1015,24 @@ class Util {
// If recovery is enabled, add the // If recovery is enabled, add the
// Admin UID to list of users to share to // Admin UID to list of users to share to
if ($recoveryEnabled) { if ($recoveryEnabled) {
// Find recoveryAdmin user ID // Find recoveryAdmin user ID
$recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); $recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
// Add recoveryAdmin to list of users sharing // Add recoveryAdmin to list of users sharing
$userIds[] = $recoveryKeyId; $userIds[] = $recoveryKeyId;
} }
// add current user if given // add current user if given
if ($currentUserId !== false) { if ($currentUserId !== false) {
$userIds[] = $currentUserId; $userIds[] = $currentUserId;
}
// check if it is a group mount
$mount = OC_Mount_Config::getSystemMountPoints();
foreach ($mount as $mountPoint => $data) {
if ($mountPoint == substr($ownerPath, 1, strlen($mountPoint))) {
$userIds = array_merge($userIds,
$this->getUserWithAccessToMountPoint($data['applicable']['users'], $data['applicable']['groups']));
}
} }
// Remove duplicate UIDs // Remove duplicate UIDs
@ -1042,6 +1042,20 @@ class Util {
} }
private function getUserWithAccessToMountPoint($users, $groups) {
$result = array();
if (in_array('all', $users)) {
$result = \OCP\User::getUsers();
} else {
$result = array_merge($result, $users);
foreach ($groups as $group) {
$result = array_merge($result, \OC_Group::usersInGroup($group));
}
}
return $result;
}
/** /**
* @brief start migration mode to initially encrypt users data * @brief start migration mode to initially encrypt users data
* @return boolean * @return boolean