From 16a5ace43497ada40848ed1478caa2901a481684 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 14:30:40 +0000 Subject: [PATCH 1/9] Fixed bug causing encrypted files to be doubly encrypted at login Added comments and docblocks --- apps/files_encryption/hooks/hooks.php | 3 +++ apps/files_encryption/lib/crypt.php | 6 ------ apps/files_encryption/lib/util.php | 14 ++++++-------- 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 065ef9d241..2d7bd73487 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -38,12 +38,15 @@ class Hooks { */ public static function login( $params ) { + // Manually initialise Filesystem{} singleton with correct + // fake root path, in order to avoid fatal webdav errors \OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' ); $view = new \OC_FilesystemView( '/' ); $util = new Util( $view, $params['uid'] ); + // Check files_encryption infrastructure is ready for action if ( ! $util->ready() ) { \OC_Log::write( 'Encryption library', 'User account "' . $params['uid'] . '" is not ready for encryption; configuration started', \OC_Log::DEBUG ); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index e3ffacabc9..136c776045 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -133,12 +133,6 @@ class Crypt { * @note see also OCA\Encryption\Util->isEncryptedPath() */ public static function isCatfile( $content ) { - - if ( !$content ) { - - return false; - - } $noPadding = self::removePadding( $content ); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 355ffb90ef..52bc74db27 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -69,11 +69,6 @@ class Util { //// DONE: add method to fetch legacy key //// DONE: add method to decrypt legacy encrypted data - //// TODO: add method to encrypt all user files using new system - //// TODO: add method to decrypt all user files using new system - //// TODO: add method to encrypt all user files using old system - //// TODO: add method to decrypt all user files using old system - // Admin UI: @@ -93,7 +88,6 @@ class Util { // Integration testing: - //// TODO: test new encryption with webdav //// TODO: test new encryption with versioning //// TODO: test new encryption with sharing //// TODO: test new encryption with proxies @@ -278,7 +272,7 @@ class Util { // will eat server resources :( if ( Keymanager::getFileKey( $this->view, $this->userId, $file ) - && Crypt::isCatfile( $filePath ) + && Crypt::isCatfile( $data ) ) { $found['encrypted'][] = array( 'name' => $file, 'path' => $filePath ); @@ -391,7 +385,6 @@ class Util { } - // FIXME: Legacy recrypting here isn't finished yet // Encrypt legacy encrypted files if ( ! empty( $legacyPassphrase ) @@ -437,6 +430,11 @@ class Util { } + /** + * @brief Return important encryption related paths + * @param string $pathName Name of the directory to return the path of + * @return string path + */ public function getPath( $pathName ) { switch ( $pathName ) { From 6870add18f92d94ec520671dfa94021b340d7a4f Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 15:08:36 +0000 Subject: [PATCH 2/9] Development snapshot --- apps/files_encryption/hooks/hooks.php | 6 ++++-- apps/files_encryption/lib/crypt.php | 18 ------------------ apps/files_encryption/lib/keymanager.php | 2 +- 3 files changed, 5 insertions(+), 21 deletions(-) diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 2d7bd73487..9a4aef7946 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -107,14 +107,16 @@ class Hooks { * @param array $params keys: uid, password */ public static function setPassphrase( $params ) { - + trigger_error("HOSH"); // Only attempt to change passphrase if server-side encryption // is in use (client-side encryption does not have access to // the necessary keys) if ( Crypt::mode() == 'server' ) { + $session = new Session(); + // Get existing decrypted private key - $privateKey = $_SESSION['privateKey']; + $privateKey = $session->getPrivateKey(); // Encrypt private key with new user pwd as passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $privateKey, $params['password'] ); diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 136c776045..d00f71b614 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -45,24 +45,6 @@ class Crypt { * @return string 'client' or 'server' */ public static function mode( $user = null ) { - -// $mode = \OC_Appconfig::getValue( 'files_encryption', 'mode', 'none' ); -// -// if ( $mode == 'user') { -// if ( !$user ) { -// $user = \OCP\User::getUser(); -// } -// $mode = 'none'; -// if ( $user ) { -// $query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" ); -// $result = $query->execute(array($user)); -// if ($row = $result->fetchRow()){ -// $mode = $row['mode']; -// } -// } -// } -// -// return $mode; return 'server'; diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 43af70dacc..65efd38781 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -206,7 +206,7 @@ class Keymanager { * as no encryption takes place here */ public static function setPrivateKey( $key ) { - + trigger_error("MOSH"); $user = \OCP\User::getUser(); $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); From a8c0e3612cf12879c5f1d20832f0cfd9b6236348 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 16:01:43 +0000 Subject: [PATCH 3/9] Removed call to depreciated isUserVerified() --- settings/ajax/changepassword.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index 8d45e62e4d..6c4cab44a2 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -19,9 +19,7 @@ if(OC_User::getUser() === $username) { if (OC_User::checkPassword($username, $oldPassword)) { $userstatus = 'user'; } else { - if (!OC_Util::isUserVerified()) { - $userstatus = null; - } + $userstatus = null; } } From 70d937cb29e2b1310e20f6cb8bf8d6fd53acf767 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 17:42:15 +0000 Subject: [PATCH 4/9] Fixed syntax bug --- core/templates/login.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/templates/login.php b/core/templates/login.php index ed9aaba8a4..e66d27f6d6 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -48,9 +48,9 @@
t('Alternative Logins') ?>
    - +
    • - +
From 81de09711b27bbe5ba421448671bfdf7cf48be22 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 17:42:29 +0000 Subject: [PATCH 5/9] Fixed bug causing password change related hooks to not be called due to ajax --- settings/ajax/changepassword.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index 6c4cab44a2..3bc88e6b66 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -4,6 +4,8 @@ OCP\JSON::callCheck(); OC_JSON::checkLoggedIn(); +OC_APP::loadApps(); + $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $password = $_POST["password"]; $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:''; From ae8cfe6569f3c23f162b2d36dfad3aeb3cf5b522 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 17:43:03 +0000 Subject: [PATCH 6/9] Added comments --- lib/hook.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/lib/hook.php b/lib/hook.php index 4da331bb5d..e30aefb5e1 100644 --- a/lib/hook.php +++ b/lib/hook.php @@ -20,19 +20,22 @@ class OC_Hook{ * TODO: write example */ static public function connect( $signalclass, $signalname, $slotclass, $slotname ) { - // Create the data structure + // If we're trying to connect to an emitting class that isn't + // yet registered, register it if( !array_key_exists( $signalclass, self::$registered )) { self::$registered[$signalclass] = array(); } - if( !array_key_exists( $signalname, self::$registered[$signalclass] )) { + // If we're trying to connect to an emitting method that isn't + // yet registered, register it with the emitting class + if( !array_key_exists( $signalname, self::$registered[$signalclass] )) { self::$registered[$signalclass][$signalname] = array(); } - - // register hook + + // Connect the hook handler to the requested emitter self::$registered[$signalclass][$signalname][] = array( "class" => $slotclass, "name" => $slotname ); - + // No chance for failure ;-) return true; } @@ -49,14 +52,19 @@ class OC_Hook{ * TODO: write example */ static public function emit( $signalclass, $signalname, $params = array()) { - // Return false if there are no slots + + // Return false if no hook handlers are listening to this + // emitting class if( !array_key_exists( $signalclass, self::$registered )) { return false; } + + // Return false if no hook handlers are listening to this + // emitting method if( !array_key_exists( $signalname, self::$registered[$signalclass] )) { return false; } - + // Call all slots foreach( self::$registered[$signalclass][$signalname] as $i ) { try { From 2b07afc8ab5eddb53973f57a63e586ffde201809 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 17:59:47 +0000 Subject: [PATCH 7/9] Removed debugging code --- apps/files_encryption/appinfo/app.php | 2 +- apps/files_encryption/hooks/hooks.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index e426f237bb..f83109a18e 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -12,7 +12,7 @@ OC_FileProxy::register( new OCA\Encryption\Proxy() ); // User-related hooks OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' ); -OCP\Util::connectHook( 'OC_User', 'post_setPassword','OCA\Encryption\Hooks', 'setPassphrase' ); +OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'setPassphrase' ); // Sharing-related hooks OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 9a4aef7946..8bdeee0937 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -107,7 +107,7 @@ class Hooks { * @param array $params keys: uid, password */ public static function setPassphrase( $params ) { - trigger_error("HOSH"); + // Only attempt to change passphrase if server-side encryption // is in use (client-side encryption does not have access to // the necessary keys) From 954a6274836e8fbf83fbbfb34fc89c250c7da13b Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 18:24:35 +0000 Subject: [PATCH 8/9] Added comment --- apps/files_encryption/lib/keymanager.php | 2 +- settings/ajax/changepassword.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 65efd38781..43af70dacc 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -206,7 +206,7 @@ class Keymanager { * as no encryption takes place here */ public static function setPrivateKey( $key ) { - trigger_error("MOSH"); + $user = \OCP\User::getUser(); $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index 3bc88e6b66..ce4e326830 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -4,6 +4,7 @@ OCP\JSON::callCheck(); OC_JSON::checkLoggedIn(); +// Manually load apps to ensure hooks work correctly (workaround for issue 1503) OC_APP::loadApps(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); From 2c22619a18961d107b61b7486f2caf5cff4bc6a5 Mon Sep 17 00:00:00 2001 From: Sam Tuke Date: Wed, 6 Feb 2013 19:06:55 +0000 Subject: [PATCH 9/9] Reverted fix temporarily; another fix by LukasReschke is awaiting merge --- settings/ajax/changepassword.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index ce4e326830..3077e77bf4 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -22,7 +22,9 @@ if(OC_User::getUser() === $username) { if (OC_User::checkPassword($username, $oldPassword)) { $userstatus = 'user'; } else { - $userstatus = null; + if (!OC_Util::isUserVerified()) { + $userstatus = null; + } } }