mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1506 from owncloud/files_encryption 

Files encryption
This commit is contained in:
Lukas Reschke 2013-02-06 11:47:55 -08:00
parent e522872408 2c22619a18
commit 93b1597395
6 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files_encryption/appinfo/app.php
View File

@ -12,7 +12,7 @@ OC_FileProxy::register( new OCA\Encryption\Proxy() );
// User-related hooks // User-related hooks
OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' ); OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' );
OCP\Util::connectHook( 'OC_User', 'post_setPassword','OCA\Encryption\Hooks', 'setPassphrase' ); OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'setPassphrase' );
// Sharing-related hooks // Sharing-related hooks
OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );

9
apps/files_encryption/hooks/hooks.php
View File

@ -38,12 +38,15 @@ class Hooks {
*/ */
public static function login( $params ) { public static function login( $params ) {
// Manually initialise Filesystem{} singleton with correct
// fake root path, in order to avoid fatal webdav errors
\OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' ); \OC\Files\Filesystem::init( $params['uid'] . '/' . 'files' . '/' );
$view = new \OC_FilesystemView( '/' ); $view = new \OC_FilesystemView( '/' );
$util = new Util( $view, $params['uid'] ); $util = new Util( $view, $params['uid'] );
// Check files_encryption infrastructure is ready for action
if ( ! $util->ready() ) { if ( ! $util->ready() ) {
\OC_Log::write( 'Encryption library', 'User account "' . $params['uid'] . '" is not ready for encryption; configuration started', \OC_Log::DEBUG ); \OC_Log::write( 'Encryption library', 'User account "' . $params['uid'] . '" is not ready for encryption; configuration started', \OC_Log::DEBUG );
@ -104,14 +107,16 @@ class Hooks {
* @param array $params keys: uid, password * @param array $params keys: uid, password
*/ */
public static function setPassphrase( $params ) { public static function setPassphrase( $params ) {
// Only attempt to change passphrase if server-side encryption // Only attempt to change passphrase if server-side encryption
// is in use (client-side encryption does not have access to // is in use (client-side encryption does not have access to
// the necessary keys) // the necessary keys)
if ( Crypt::mode() == 'server' ) { if ( Crypt::mode() == 'server' ) {
$session = new Session();
// Get existing decrypted private key // Get existing decrypted private key
$privateKey = $_SESSION['privateKey']; $privateKey = $session->getPrivateKey();
// Encrypt private key with new user pwd as passphrase // Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $privateKey, $params['password'] ); $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $privateKey, $params['password'] );

24
apps/files_encryption/lib/crypt.php
View File

@ -45,24 +45,6 @@ class Crypt {
* @return string 'client' or 'server' * @return string 'client' or 'server'
*/ */
public static function mode( $user = null ) { public static function mode( $user = null ) {
// $mode = \OC_Appconfig::getValue( 'files_encryption', 'mode', 'none' );
//
// if ( $mode == 'user') {
// if ( !$user ) {
// $user = \OCP\User::getUser();
// }
// $mode = 'none';
// if ( $user ) {
// $query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" );
// $result = $query->execute(array($user));
// if ($row = $result->fetchRow()){
// $mode = $row['mode'];
// }
// }
// }
//
// return $mode;
return 'server'; return 'server';
@ -133,12 +115,6 @@ class Crypt {
* @note see also OCA\Encryption\Util->isEncryptedPath() * @note see also OCA\Encryption\Util->isEncryptedPath()
*/ */
public static function isCatfile( $content ) { public static function isCatfile( $content ) {
if ( !$content ) {
return false;
}
$noPadding = self::removePadding( $content ); $noPadding = self::removePadding( $content );

14
apps/files_encryption/lib/util.php
View File

@ -69,11 +69,6 @@ class Util {
//// DONE: add method to fetch legacy key //// DONE: add method to fetch legacy key
//// DONE: add method to decrypt legacy encrypted data //// DONE: add method to decrypt legacy encrypted data
//// TODO: add method to encrypt all user files using new system
//// TODO: add method to decrypt all user files using new system
//// TODO: add method to encrypt all user files using old system
//// TODO: add method to decrypt all user files using old system
// Admin UI: // Admin UI:
@ -93,7 +88,6 @@ class Util {
// Integration testing: // Integration testing:
//// TODO: test new encryption with webdav
//// TODO: test new encryption with versioning //// TODO: test new encryption with versioning
//// TODO: test new encryption with sharing //// TODO: test new encryption with sharing
//// TODO: test new encryption with proxies //// TODO: test new encryption with proxies
@ -278,7 +272,7 @@ class Util {
// will eat server resources :( // will eat server resources :(
if ( if (
Keymanager::getFileKey( $this->view, $this->userId, $file ) Keymanager::getFileKey( $this->view, $this->userId, $file )
&& Crypt::isCatfile( $filePath ) && Crypt::isCatfile( $data )
) { ) {
$found['encrypted'][] = array( 'name' => $file, 'path' => $filePath ); $found['encrypted'][] = array( 'name' => $file, 'path' => $filePath );
@ -391,7 +385,6 @@ class Util {
} }
// FIXME: Legacy recrypting here isn't finished yet
// Encrypt legacy encrypted files // Encrypt legacy encrypted files
if ( if (
! empty( $legacyPassphrase ) ! empty( $legacyPassphrase )
@ -437,6 +430,11 @@ class Util {
} }
/**
* @brief Return important encryption related paths
* @param string $pathName Name of the directory to return the path of
* @return string path
*/
public function getPath( $pathName ) { public function getPath( $pathName ) {
switch ( $pathName ) { switch ( $pathName ) {

22
lib/hook.php
View File

@ -20,19 +20,22 @@ class OC_Hook{
* TODO: write example * TODO: write example
*/ */
static public function connect( $signalclass, $signalname, $slotclass, $slotname ) { static public function connect( $signalclass, $signalname, $slotclass, $slotname ) {
// Create the data structure // If we're trying to connect to an emitting class that isn't
// yet registered, register it
if( !array_key_exists( $signalclass, self::$registered )) { if( !array_key_exists( $signalclass, self::$registered )) {
self::$registered[$signalclass] = array(); self::$registered[$signalclass] = array();
} }
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) { // If we're trying to connect to an emitting method that isn't
// yet registered, register it with the emitting class
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) {
self::$registered[$signalclass][$signalname] = array(); self::$registered[$signalclass][$signalname] = array();
} }
// register hook // Connect the hook handler to the requested emitter
self::$registered[$signalclass][$signalname][] = array( self::$registered[$signalclass][$signalname][] = array(
"class" => $slotclass, "class" => $slotclass,
"name" => $slotname ); "name" => $slotname );
// No chance for failure ;-) // No chance for failure ;-)
return true; return true;
} }
@ -49,14 +52,19 @@ class OC_Hook{
* TODO: write example * TODO: write example
*/ */
static public function emit( $signalclass, $signalname, $params = array()) { static public function emit( $signalclass, $signalname, $params = array()) {
// Return false if there are no slots
// Return false if no hook handlers are listening to this
// emitting class
if( !array_key_exists( $signalclass, self::$registered )) { if( !array_key_exists( $signalclass, self::$registered )) {
return false; return false;
} }
// Return false if no hook handlers are listening to this
// emitting method
if( !array_key_exists( $signalname, self::$registered[$signalclass] )) { if( !array_key_exists( $signalname, self::$registered[$signalclass] )) {
return false; return false;
} }
// Call all slots // Call all slots
foreach( self::$registered[$signalclass][$signalname] as $i ) { foreach( self::$registered[$signalclass][$signalname] as $i ) {
try { try {

3
settings/ajax/changepassword.php
View File

@ -4,6 +4,9 @@
OCP\JSON::callCheck(); OCP\JSON::callCheck();
OC_JSON::checkLoggedIn(); OC_JSON::checkLoggedIn();
// Manually load apps to ensure hooks work correctly (workaround for issue 1503)
OC_APP::loadApps();
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$password = $_POST["password"]; $password = $_POST["password"];
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:''; $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';