Merge pull request #1506 from owncloud/files_encryption
Files encryption
This commit is contained in:
commit
93b1597395
|
@ -12,7 +12,7 @@ OC_FileProxy::register( new OCA\Encryption\Proxy() );
|
||||||
|
|
||||||
// User-related hooks
|
// User-related hooks
|
||||||
OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' );
|
OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' );
|
||||||
OCP\Util::connectHook( 'OC_User', 'post_setPassword','OCA\Encryption\Hooks', 'setPassphrase' );
|
OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'setPassphrase' );
|
||||||
|
|
||||||
// Sharing-related hooks
|
// Sharing-related hooks
|
||||||
OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
|
OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
|
||||||
|
|
|
@ -38,12 +38,15 @@ class Hooks {
|
||||||
*/
|
*/
|
||||||
public static function login( $params ) {
|
public static function login( $params ) {
|
||||||
|
|
||||||
|
// Manually initialise Filesystem{} singleton with correct
|
||||||
|
// fake root path, in order to avoid fatal webdav errors
|
||||||
\OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' );
|
\OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' );
|
||||||
|
|
||||||
$view = new \OC_FilesystemView( '/' );
|
$view = new \OC_FilesystemView( '/' );
|
||||||
|
|
||||||
$util = new Util( $view, $params['uid'] );
|
$util = new Util( $view, $params['uid'] );
|
||||||
|
|
||||||
|
// Check files_encryption infrastructure is ready for action
|
||||||
if ( ! $util->ready() ) {
|
if ( ! $util->ready() ) {
|
||||||
|
|
||||||
\OC_Log::write( 'Encryption library', 'User account "' . $params['uid'] . '" is not ready for encryption; configuration started', \OC_Log::DEBUG );
|
\OC_Log::write( 'Encryption library', 'User account "' . $params['uid'] . '" is not ready for encryption; configuration started', \OC_Log::DEBUG );
|
||||||
|
@ -110,8 +113,10 @@ class Hooks {
|
||||||
// the necessary keys)
|
// the necessary keys)
|
||||||
if ( Crypt::mode() == 'server' ) {
|
if ( Crypt::mode() == 'server' ) {
|
||||||
|
|
||||||
|
$session = new Session();
|
||||||
|
|
||||||
// Get existing decrypted private key
|
// Get existing decrypted private key
|
||||||
$privateKey = $_SESSION['privateKey'];
|
$privateKey = $session->getPrivateKey();
|
||||||
|
|
||||||
// Encrypt private key with new user pwd as passphrase
|
// Encrypt private key with new user pwd as passphrase
|
||||||
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $privateKey, $params['password'] );
|
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $privateKey, $params['password'] );
|
||||||
|
|
|
@ -46,24 +46,6 @@ class Crypt {
|
||||||
*/
|
*/
|
||||||
public static function mode( $user = null ) {
|
public static function mode( $user = null ) {
|
||||||
|
|
||||||
// $mode = \OC_Appconfig::getValue( 'files_encryption', 'mode', 'none' );
|
|
||||||
//
|
|
||||||
// if ( $mode == 'user') {
|
|
||||||
// if ( !$user ) {
|
|
||||||
// $user = \OCP\User::getUser();
|
|
||||||
// }
|
|
||||||
// $mode = 'none';
|
|
||||||
// if ( $user ) {
|
|
||||||
// $query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" );
|
|
||||||
// $result = $query->execute(array($user));
|
|
||||||
// if ($row = $result->fetchRow()){
|
|
||||||
// $mode = $row['mode'];
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// return $mode;
|
|
||||||
|
|
||||||
return 'server';
|
return 'server';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -134,12 +116,6 @@ class Crypt {
|
||||||
*/
|
*/
|
||||||
public static function isCatfile( $content ) {
|
public static function isCatfile( $content ) {
|
||||||
|
|
||||||
if ( !$content ) {
|
|
||||||
|
|
||||||
return false;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
$noPadding = self::removePadding( $content );
|
$noPadding = self::removePadding( $content );
|
||||||
|
|
||||||
// Fetch encryption metadata from end of file
|
// Fetch encryption metadata from end of file
|
||||||
|
|
|
@ -69,11 +69,6 @@ class Util {
|
||||||
//// DONE: add method to fetch legacy key
|
//// DONE: add method to fetch legacy key
|
||||||
//// DONE: add method to decrypt legacy encrypted data
|
//// DONE: add method to decrypt legacy encrypted data
|
||||||
|
|
||||||
//// TODO: add method to encrypt all user files using new system
|
|
||||||
//// TODO: add method to decrypt all user files using new system
|
|
||||||
//// TODO: add method to encrypt all user files using old system
|
|
||||||
//// TODO: add method to decrypt all user files using old system
|
|
||||||
|
|
||||||
|
|
||||||
// Admin UI:
|
// Admin UI:
|
||||||
|
|
||||||
|
@ -93,7 +88,6 @@ class Util {
|
||||||
|
|
||||||
// Integration testing:
|
// Integration testing:
|
||||||
|
|
||||||
//// TODO: test new encryption with webdav
|
|
||||||
//// TODO: test new encryption with versioning
|
//// TODO: test new encryption with versioning
|
||||||
//// TODO: test new encryption with sharing
|
//// TODO: test new encryption with sharing
|
||||||
//// TODO: test new encryption with proxies
|
//// TODO: test new encryption with proxies
|
||||||
|
@ -278,7 +272,7 @@ class Util {
|
||||||
// will eat server resources :(
|
// will eat server resources :(
|
||||||
if (
|
if (
|
||||||
Keymanager::getFileKey( $this->view, $this->userId, $file )
|
Keymanager::getFileKey( $this->view, $this->userId, $file )
|
||||||
&& Crypt::isCatfile( $filePath )
|
&& Crypt::isCatfile( $data )
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$found['encrypted'][] = array( 'name' => $file, 'path' => $filePath );
|
$found['encrypted'][] = array( 'name' => $file, 'path' => $filePath );
|
||||||
|
@ -391,7 +385,6 @@ class Util {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: Legacy recrypting here isn't finished yet
|
|
||||||
// Encrypt legacy encrypted files
|
// Encrypt legacy encrypted files
|
||||||
if (
|
if (
|
||||||
! empty( $legacyPassphrase )
|
! empty( $legacyPassphrase )
|
||||||
|
@ -437,6 +430,11 @@ class Util {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Return important encryption related paths
|
||||||
|
* @param string $pathName Name of the directory to return the path of
|
||||||
|
* @return string path
|
||||||
|
*/
|
||||||
public function getPath( $pathName ) {
|
public function getPath( $pathName ) {
|
||||||
|
|
||||||
switch ( $pathName ) {
|
switch ( $pathName ) {
|
||||||
|
|
14
lib/hook.php
14
lib/hook.php
|
@ -20,15 +20,18 @@ class OC_Hook{
|
||||||
* TODO: write example
|
* TODO: write example
|
||||||
*/
|
*/
|
||||||
static public function connect( $signalclass, $signalname, $slotclass, $slotname ) {
|
static public function connect( $signalclass, $signalname, $slotclass, $slotname ) {
|
||||||
// Create the data structure
|
// If we're trying to connect to an emitting class that isn't
|
||||||
|
// yet registered, register it
|
||||||
if( !array_key_exists( $signalclass, self::$registered )) {
|
if( !array_key_exists( $signalclass, self::$registered )) {
|
||||||
self::$registered[$signalclass] = array();
|
self::$registered[$signalclass] = array();
|
||||||
}
|
}
|
||||||
|
// If we're trying to connect to an emitting method that isn't
|
||||||
|
// yet registered, register it with the emitting class
|
||||||
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) {
|
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) {
|
||||||
self::$registered[$signalclass][$signalname] = array();
|
self::$registered[$signalclass][$signalname] = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
// register hook
|
// Connect the hook handler to the requested emitter
|
||||||
self::$registered[$signalclass][$signalname][] = array(
|
self::$registered[$signalclass][$signalname][] = array(
|
||||||
"class" => $slotclass,
|
"class" => $slotclass,
|
||||||
"name" => $slotname );
|
"name" => $slotname );
|
||||||
|
@ -49,10 +52,15 @@ class OC_Hook{
|
||||||
* TODO: write example
|
* TODO: write example
|
||||||
*/
|
*/
|
||||||
static public function emit( $signalclass, $signalname, $params = array()) {
|
static public function emit( $signalclass, $signalname, $params = array()) {
|
||||||
// Return false if there are no slots
|
|
||||||
|
// Return false if no hook handlers are listening to this
|
||||||
|
// emitting class
|
||||||
if( !array_key_exists( $signalclass, self::$registered )) {
|
if( !array_key_exists( $signalclass, self::$registered )) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Return false if no hook handlers are listening to this
|
||||||
|
// emitting method
|
||||||
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) {
|
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,9 @@
|
||||||
OCP\JSON::callCheck();
|
OCP\JSON::callCheck();
|
||||||
OC_JSON::checkLoggedIn();
|
OC_JSON::checkLoggedIn();
|
||||||
|
|
||||||
|
// Manually load apps to ensure hooks work correctly (workaround for issue 1503)
|
||||||
|
OC_APP::loadApps();
|
||||||
|
|
||||||
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
|
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
|
||||||
$password = $_POST["password"];
|
$password = $_POST["password"];
|
||||||
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
|
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
|
||||||
|
|
Loading…
Reference in New Issue