Work on post_share hook for files_encryption
New method in OCP\Share{}:: getUsersSharingFile() Development shapshot
This commit is contained in:
parent
1aba986d9f
commit
b3e59ca1e3
|
@ -166,14 +166,77 @@ class Hooks {
|
||||||
*/
|
*/
|
||||||
public static function postShared( $params ) {
|
public static function postShared( $params ) {
|
||||||
|
|
||||||
// Delete existing catfile
|
// NOTE: $params is an array with these keys:
|
||||||
Keymanager::deleteFileKey( );
|
// itemSource -> int, filecache file ID
|
||||||
|
// shareWith -> string, uid of user being shared to
|
||||||
|
// fileTarget -> path of file being shared
|
||||||
|
// uidOwner -> owner of the original file being shared
|
||||||
|
|
||||||
// Generate new catfile and env keys
|
$view = new \OC_FilesystemView( '/' );
|
||||||
Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
|
$userId = \OCP\User::getUser();
|
||||||
|
$util = new Util( $view, $userId );
|
||||||
|
|
||||||
|
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'] );
|
||||||
|
|
||||||
|
$userIds = array();
|
||||||
|
|
||||||
|
foreach ( $shares as $share ) {
|
||||||
|
|
||||||
|
$util = new Util( $view, $share['userId'] );
|
||||||
|
|
||||||
|
// Check that the user is encryption capable
|
||||||
|
if ( $util->ready() ) {
|
||||||
|
|
||||||
|
// Construct array of just UIDs for Keymanager{}
|
||||||
|
$userIds[] = $share['userId'];
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// Log warning; we can't do necessary setup here
|
||||||
|
// because we don't have the user passphrase
|
||||||
|
// TODO: Provide user feedback indicating that
|
||||||
|
// sharing failed
|
||||||
|
\OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$share['userId'].'" is not setup for encryption', \OC_Log::WARN );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
trigger_error("UIDS = ".var_export($userIds, 1));
|
||||||
|
|
||||||
|
$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
|
||||||
|
|
||||||
|
// trigger_error("PUB KEYS = ".var_export($userPubKeys, 1));
|
||||||
|
|
||||||
|
// TODO: Fetch path from Crypt{} getter
|
||||||
|
$plainContent = $view->file_get_contents( $userId . '/' . 'files'. '/' . $params['fileTarget'] );
|
||||||
|
|
||||||
|
// Generate new catfile and share keys
|
||||||
|
if ( ! $encrypted = Crypt::multiKeyEncrypt( $plainContent, $userPubKeys ) ) {
|
||||||
|
|
||||||
|
// If the re-encryption failed, don't risk deleting data
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
trigger_error("ENCRYPTED = ". var_export($encrypted, 1));
|
||||||
|
|
||||||
// Save env keys to user folders
|
// Save env keys to user folders
|
||||||
|
foreach ( $encrypted['keys'] as $key ) {
|
||||||
|
|
||||||
|
// Keymanager::setShareKey( $view, $params['fileTarget'], $userId, $key );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete existing catfile
|
||||||
|
// Check if keyfile exists (it won't if file has been shared before)
|
||||||
|
// Do this last to ensure file is recoverable in case of error
|
||||||
|
if ( $util->isEncryptedPath( $params['fileTarget'] ) ) {
|
||||||
|
|
||||||
|
// NOTE: This will trigger an error if keyfile isn't found
|
||||||
|
// Keymanager::deleteFileKey( $params['fileTarget'] );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ class Keymanager {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief retrieve both keys from a user (private and public)
|
* @brief Retrieve a user's public and private key
|
||||||
* @param \OC_FilesystemView $view
|
* @param \OC_FilesystemView $view
|
||||||
* @param $userId
|
* @param $userId
|
||||||
* @return array keys: privateKey, publicKey
|
* @return array keys: privateKey, publicKey
|
||||||
|
@ -72,49 +72,26 @@ class Keymanager {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Retrieve public keys of all users with access to a file
|
* @brief Retrieve public keys for given users
|
||||||
* @param string $path Path to file
|
* @param \OC_FilesystemView $view
|
||||||
* @return array of public keys for the given file
|
* @param array $userIds
|
||||||
* @note Checks that the sharing app is enabled should be performed
|
* @return array of public keys for the specified users
|
||||||
* by client code, that isn't checked here
|
|
||||||
*/
|
*/
|
||||||
public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
|
public static function getPublicKeys( \OC_FilesystemView $view, $userIds ) {
|
||||||
|
|
||||||
$path = ltrim( $path, '/' );
|
$i = 0;
|
||||||
|
$keys = array();
|
||||||
|
|
||||||
$filepath = '/' . $userId . '/files/' . $filePath;
|
foreach ( $userIds as $userId ) {
|
||||||
|
|
||||||
// Check if sharing is enabled
|
$i++;
|
||||||
if ( OC_App::isEnabled( 'files_sharing' ) ) {
|
$keys[$userId] = self::getPublicKey( $view, $userId );
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
// check if it is a file owned by the user and not shared at all
|
|
||||||
$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
|
|
||||||
|
|
||||||
if ( $userview->file_exists( $path ) ) {
|
|
||||||
|
|
||||||
$users[] = $userId;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
$keys['total'] = $i;
|
||||||
|
|
||||||
$view = new \OC_FilesystemView( '/public-keys/' );
|
return $keys;
|
||||||
|
|
||||||
$keylist = array();
|
|
||||||
|
|
||||||
$count = 0;
|
|
||||||
|
|
||||||
foreach ( $users as $user ) {
|
|
||||||
|
|
||||||
$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return $keylist;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -95,7 +95,8 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
if ( self::shouldEncrypt( $path ) ) {
|
if ( self::shouldEncrypt( $path ) ) {
|
||||||
|
|
||||||
if ( !is_resource( $data ) ) { //stream put contents should have been converted to fopen
|
// Stream put contents should have been converted to fopen
|
||||||
|
if ( !is_resource( $data ) ) {
|
||||||
|
|
||||||
$userId = \OCP\USER::getUser();
|
$userId = \OCP\USER::getUser();
|
||||||
|
|
||||||
|
@ -107,10 +108,33 @@ class Proxy extends \OC_FileProxy {
|
||||||
// Disable encryption proxy to prevent recursive calls
|
// Disable encryption proxy to prevent recursive calls
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// TODO: Check if file is shared, if so, use multiKeyEncrypt
|
$fileOwner = \OC\Files\Filesystem::getOwner( $path );
|
||||||
|
|
||||||
// Encrypt plain data and fetch key
|
// Check if the keyfile needs to be shared
|
||||||
$encrypted = Crypt::keyEncryptKeyfile( $data, Keymanager::getPublicKey( $rootView, $userId ) );
|
if (
|
||||||
|
$fileOwner !== true
|
||||||
|
or $fileOwner !== $userId
|
||||||
|
) {
|
||||||
|
|
||||||
|
// Shared storage backend isn't loaded
|
||||||
|
|
||||||
|
$users = \OCP\Share::getItemShared( 'file', $path, \OC_Share_backend_File::FORMAT_SHARED_STORAGE );
|
||||||
|
//
|
||||||
|
trigger_error("SHARE USERS = ". var_export($users, 1));
|
||||||
|
//
|
||||||
|
// $publicKeys = Keymanager::getPublicKeys( $rootView, $users);
|
||||||
|
//
|
||||||
|
// // Encrypt plain data to multiple users
|
||||||
|
// $encrypted = Crypt::multiKeyEncrypt( $data, $publicKeys );
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
$publicKey = Keymanager::getPublicKey( $rootView, $userId );
|
||||||
|
|
||||||
|
// Encrypt plain data to a single user
|
||||||
|
$encrypted = Crypt::keyEncryptKeyfile( $data, $publicKey );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Replace plain content with encrypted content by reference
|
// Replace plain content with encrypted content by reference
|
||||||
$data = $encrypted['data'];
|
$data = $encrypted['data'];
|
||||||
|
|
|
@ -92,6 +92,60 @@ class Share {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Find which users can access a shared item
|
||||||
|
* @param string Item type
|
||||||
|
* @param int Format (optional) Format type must be defined by the backend
|
||||||
|
* @param int Number of items to return (optional) Returns all by default
|
||||||
|
* @return Return depends on format
|
||||||
|
*/
|
||||||
|
public static function getUsersSharingFile( $path ) {
|
||||||
|
|
||||||
|
// Fetch all shares of this file path from DB
|
||||||
|
$query = \OC_DB::prepare(
|
||||||
|
'SELECT
|
||||||
|
share_type
|
||||||
|
, share_with
|
||||||
|
, permissions
|
||||||
|
FROM
|
||||||
|
`*PREFIX*share`
|
||||||
|
WHERE
|
||||||
|
file_target = ?'
|
||||||
|
);
|
||||||
|
|
||||||
|
$result = $query->execute( array( $path ) );
|
||||||
|
|
||||||
|
if ( \OC_DB::isError( $result ) ) {
|
||||||
|
|
||||||
|
\OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result) . ', path=' . $path, \OC_Log::ERROR );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
$shares = array();
|
||||||
|
|
||||||
|
while( $row = $result->fetchRow() ) {
|
||||||
|
|
||||||
|
// Set helpful array keys
|
||||||
|
$shares[] = array(
|
||||||
|
'userId' => $row['share_with']
|
||||||
|
, 'shareType' => $row['share_type']
|
||||||
|
, 'permissions' => $row['permissions']
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! empty( $shares ) ) {
|
||||||
|
|
||||||
|
return $shares;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Get the items of item type shared with the current user
|
* @brief Get the items of item type shared with the current user
|
||||||
* @param string Item type
|
* @param string Item type
|
||||||
|
|
Loading…
Reference in New Issue