Work on post_share hook for files_encryption
New method in OCP\Share{}:: getUsersSharingFile() Development shapshot
This commit is contained in:
parent
1aba986d9f
commit
b3e59ca1e3
|
@ -166,14 +166,77 @@ class Hooks {
|
||||||
*/
|
*/
|
||||||
public static function postShared( $params ) {
|
public static function postShared( $params ) {
|
||||||
|
|
||||||
// Delete existing catfile
|
// NOTE: $params is an array with these keys:
|
||||||
Keymanager::deleteFileKey( );
|
// itemSource -> int, filecache file ID
|
||||||
|
// shareWith -> string, uid of user being shared to
|
||||||
|
// fileTarget -> path of file being shared
|
||||||
|
// uidOwner -> owner of the original file being shared
|
||||||
|
|
||||||
// Generate new catfile and env keys
|
$view = new \OC_FilesystemView( '/' );
|
||||||
Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
|
$userId = \OCP\User::getUser();
|
||||||
|
$util = new Util( $view, $userId );
|
||||||
|
|
||||||
|
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'] );
|
||||||
|
|
||||||
|
$userIds = array();
|
||||||
|
|
||||||
|
foreach ( $shares as $share ) {
|
||||||
|
|
||||||
|
$util = new Util( $view, $share['userId'] );
|
||||||
|
|
||||||
|
// Check that the user is encryption capable
|
||||||
|
if ( $util->ready() ) {
|
||||||
|
|
||||||
|
// Construct array of just UIDs for Keymanager{}
|
||||||
|
$userIds[] = $share['userId'];
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// Log warning; we can't do necessary setup here
|
||||||
|
// because we don't have the user passphrase
|
||||||
|
// TODO: Provide user feedback indicating that
|
||||||
|
// sharing failed
|
||||||
|
\OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$share['userId'].'" is not setup for encryption', \OC_Log::WARN );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
trigger_error("UIDS = ".var_export($userIds, 1));
|
||||||
|
|
||||||
|
$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
|
||||||
|
|
||||||
|
// trigger_error("PUB KEYS = ".var_export($userPubKeys, 1));
|
||||||
|
|
||||||
|
// TODO: Fetch path from Crypt{} getter
|
||||||
|
$plainContent = $view->file_get_contents( $userId . '/' . 'files'. '/' . $params['fileTarget'] );
|
||||||
|
|
||||||
|
// Generate new catfile and share keys
|
||||||
|
if ( ! $encrypted = Crypt::multiKeyEncrypt( $plainContent, $userPubKeys ) ) {
|
||||||
|
|
||||||
|
// If the re-encryption failed, don't risk deleting data
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
trigger_error("ENCRYPTED = ". var_export($encrypted, 1));
|
||||||
|
|
||||||
// Save env keys to user folders
|
// Save env keys to user folders
|
||||||
|
foreach ( $encrypted['keys'] as $key ) {
|
||||||
|
|
||||||
|
// Keymanager::setShareKey( $view, $params['fileTarget'], $userId, $key );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete existing catfile
|
||||||
|
// Check if keyfile exists (it won't if file has been shared before)
|
||||||
|
// Do this last to ensure file is recoverable in case of error
|
||||||
|
if ( $util->isEncryptedPath( $params['fileTarget'] ) ) {
|
||||||
|
|
||||||
|
// NOTE: This will trigger an error if keyfile isn't found
|
||||||
|
// Keymanager::deleteFileKey( $params['fileTarget'] );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,267 +1,244 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ownCloud
|
* ownCloud
|
||||||
*
|
*
|
||||||
* @author Bjoern Schiessle
|
* @author Bjoern Schiessle
|
||||||
* @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
|
* @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
|
||||||
*
|
*
|
||||||
* This library is free software; you can redistribute it and/or
|
* This library is free software; you can redistribute it and/or
|
||||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
* License as published by the Free Software Foundation; either
|
* License as published by the Free Software Foundation; either
|
||||||
* version 3 of the License, or any later version.
|
* version 3 of the License, or any later version.
|
||||||
*
|
*
|
||||||
* This library is distributed in the hope that it will be useful,
|
* This library is distributed in the hope that it will be useful,
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the GNU Affero General Public
|
* You should have received a copy of the GNU Affero General Public
|
||||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace OCA\Encryption;
|
namespace OCA\Encryption;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Class to manage storage and retrieval of encryption keys
|
* @brief Class to manage storage and retrieval of encryption keys
|
||||||
* @note Where a method requires a view object, it's root must be '/'
|
* @note Where a method requires a view object, it's root must be '/'
|
||||||
*/
|
*/
|
||||||
class Keymanager {
|
class Keymanager {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief retrieve the ENCRYPTED private key from a user
|
* @brief retrieve the ENCRYPTED private key from a user
|
||||||
*
|
*
|
||||||
* @return string private key or false
|
* @return string private key or false
|
||||||
* @note the key returned by this method must be decrypted before use
|
* @note the key returned by this method must be decrypted before use
|
||||||
*/
|
*/
|
||||||
public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
|
public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
|
||||||
|
|
||||||
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key';
|
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key';
|
||||||
|
|
||||||
$key = $view->file_get_contents( $path );
|
$key = $view->file_get_contents( $path );
|
||||||
|
|
||||||
return $key;
|
return $key;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief retrieve public key for a specified user
|
* @brief retrieve public key for a specified user
|
||||||
* @param \OC_FilesystemView $view
|
* @param \OC_FilesystemView $view
|
||||||
* @param $userId
|
* @param $userId
|
||||||
* @return string public key or false
|
* @return string public key or false
|
||||||
*/
|
*/
|
||||||
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
|
public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
|
||||||
|
|
||||||
return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' );
|
return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief retrieve both keys from a user (private and public)
|
* @brief Retrieve a user's public and private key
|
||||||
* @param \OC_FilesystemView $view
|
* @param \OC_FilesystemView $view
|
||||||
* @param $userId
|
* @param $userId
|
||||||
* @return array keys: privateKey, publicKey
|
* @return array keys: privateKey, publicKey
|
||||||
*/
|
*/
|
||||||
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
|
public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'publicKey' => self::getPublicKey( $view, $userId )
|
'publicKey' => self::getPublicKey( $view, $userId )
|
||||||
, 'privateKey' => self::getPrivateKey( $view, $userId )
|
, 'privateKey' => self::getPrivateKey( $view, $userId )
|
||||||
);
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Retrieve public keys of all users with access to a file
|
* @brief Retrieve public keys for given users
|
||||||
* @param string $path Path to file
|
* @param \OC_FilesystemView $view
|
||||||
* @return array of public keys for the given file
|
* @param array $userIds
|
||||||
* @note Checks that the sharing app is enabled should be performed
|
* @return array of public keys for the specified users
|
||||||
* by client code, that isn't checked here
|
*/
|
||||||
*/
|
public static function getPublicKeys( \OC_FilesystemView $view, $userIds ) {
|
||||||
public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
|
|
||||||
|
$i = 0;
|
||||||
$path = ltrim( $path, '/' );
|
$keys = array();
|
||||||
|
|
||||||
$filepath = '/' . $userId . '/files/' . $filePath;
|
foreach ( $userIds as $userId ) {
|
||||||
|
|
||||||
// Check if sharing is enabled
|
$i++;
|
||||||
if ( OC_App::isEnabled( 'files_sharing' ) ) {
|
$keys[$userId] = self::getPublicKey( $view, $userId );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
} else {
|
$keys['total'] = $i;
|
||||||
|
|
||||||
// check if it is a file owned by the user and not shared at all
|
return $keys;
|
||||||
$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
|
|
||||||
|
}
|
||||||
if ( $userview->file_exists( $path ) ) {
|
|
||||||
|
/**
|
||||||
$users[] = $userId;
|
* @brief store file encryption key
|
||||||
|
*
|
||||||
}
|
* @param string $path relative path of the file, including filename
|
||||||
|
* @param string $key
|
||||||
}
|
* @return bool true/false
|
||||||
|
* @note The keyfile is not encrypted here. Client code must
|
||||||
$view = new \OC_FilesystemView( '/public-keys/' );
|
* asymmetrically encrypt the keyfile before passing it to this method
|
||||||
|
*/
|
||||||
$keylist = array();
|
public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
|
||||||
|
|
||||||
$count = 0;
|
$basePath = '/' . $userId . '/files_encryption/keyfiles';
|
||||||
|
|
||||||
foreach ( $users as $user ) {
|
$targetPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
||||||
|
|
||||||
$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
|
if ( $view->is_dir( $basePath . '/' . $targetPath ) ) {
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return $keylist;
|
} else {
|
||||||
|
|
||||||
}
|
// Save the keyfile in parallel directory
|
||||||
|
return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
|
||||||
/**
|
|
||||||
* @brief store file encryption key
|
}
|
||||||
*
|
|
||||||
* @param string $path relative path of the file, including filename
|
}
|
||||||
* @param string $key
|
|
||||||
* @return bool true/false
|
/**
|
||||||
* @note The keyfile is not encrypted here. Client code must
|
* @brief retrieve keyfile for an encrypted file
|
||||||
* asymmetrically encrypt the keyfile before passing it to this method
|
|
||||||
*/
|
|
||||||
public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
|
|
||||||
|
|
||||||
$basePath = '/' . $userId . '/files_encryption/keyfiles';
|
|
||||||
|
|
||||||
$targetPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
|
||||||
|
|
||||||
if ( $view->is_dir( $basePath . '/' . $targetPath ) ) {
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
// Save the keyfile in parallel directory
|
|
||||||
return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief retrieve keyfile for an encrypted file
|
|
||||||
* @param \OC_FilesystemView $view
|
* @param \OC_FilesystemView $view
|
||||||
* @param $userId
|
* @param $userId
|
||||||
* @param $filePath
|
* @param $filePath
|
||||||
* @internal param \OCA\Encryption\file $string name
|
* @internal param \OCA\Encryption\file $string name
|
||||||
* @return string file key or false
|
* @return string file key or false
|
||||||
* @note The keyfile returned is asymmetrically encrypted. Decryption
|
* @note The keyfile returned is asymmetrically encrypted. Decryption
|
||||||
* of the keyfile must be performed by client code
|
* of the keyfile must be performed by client code
|
||||||
*/
|
*/
|
||||||
public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
|
public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
|
||||||
|
|
||||||
$filePath_f = ltrim( $filePath, '/' );
|
$filePath_f = ltrim( $filePath, '/' );
|
||||||
|
|
||||||
$catfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
$catfilePath = '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key';
|
||||||
|
|
||||||
if ( $view->file_exists( $catfilePath ) ) {
|
if ( $view->file_exists( $catfilePath ) ) {
|
||||||
|
|
||||||
return $view->file_get_contents( $catfilePath );
|
return $view->file_get_contents( $catfilePath );
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Delete a keyfile
|
* @brief Delete a keyfile
|
||||||
*
|
*
|
||||||
* @param OC_FilesystemView $view
|
* @param OC_FilesystemView $view
|
||||||
* @param string $userId username
|
* @param string $userId username
|
||||||
* @param string $path path of the file the key belongs to
|
* @param string $path path of the file the key belongs to
|
||||||
* @return bool Outcome of unlink operation
|
* @return bool Outcome of unlink operation
|
||||||
* @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
|
* @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
|
||||||
* /data/admin/files/mydoc.txt
|
* /data/admin/files/mydoc.txt
|
||||||
*/
|
*/
|
||||||
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
|
public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
|
||||||
|
|
||||||
$trimmed = ltrim( $path, '/' );
|
$trimmed = ltrim( $path, '/' );
|
||||||
$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed . '.key';
|
$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed . '.key';
|
||||||
|
|
||||||
// Unlink doesn't tell us if file was deleted (not found returns
|
// Unlink doesn't tell us if file was deleted (not found returns
|
||||||
// true), so we perform our own test
|
// true), so we perform our own test
|
||||||
if ( $view->file_exists( $keyPath ) ) {
|
if ( $view->file_exists( $keyPath ) ) {
|
||||||
|
|
||||||
return $view->unlink( $keyPath );
|
return $view->unlink( $keyPath );
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
\OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
|
\OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief store private key from the user
|
* @brief store private key from the user
|
||||||
* @param string key
|
* @param string key
|
||||||
* @return bool
|
* @return bool
|
||||||
* @note Encryption of the private key must be performed by client code
|
* @note Encryption of the private key must be performed by client code
|
||||||
* as no encryption takes place here
|
* as no encryption takes place here
|
||||||
*/
|
*/
|
||||||
public static function setPrivateKey( $key ) {
|
public static function setPrivateKey( $key ) {
|
||||||
|
|
||||||
$user = \OCP\User::getUser();
|
$user = \OCP\User::getUser();
|
||||||
|
|
||||||
$view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
|
$view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
|
if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
|
||||||
|
|
||||||
return $view->file_put_contents( $user . '.private.key', $key );
|
return $view->file_put_contents( $user . '.private.key', $key );
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = true;
|
\OC_FileProxy::$enabled = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief store private keys from the user
|
* @brief store private keys from the user
|
||||||
*
|
*
|
||||||
* @param string privatekey
|
* @param string privatekey
|
||||||
* @param string publickey
|
* @param string publickey
|
||||||
* @return bool true/false
|
* @return bool true/false
|
||||||
*/
|
*/
|
||||||
public static function setUserKeys($privatekey, $publickey) {
|
public static function setUserKeys($privatekey, $publickey) {
|
||||||
|
|
||||||
return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) );
|
return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief store public key of the user
|
* @brief store public key of the user
|
||||||
*
|
*
|
||||||
* @param string key
|
* @param string key
|
||||||
* @return bool true/false
|
* @return bool true/false
|
||||||
*/
|
*/
|
||||||
public static function setPublicKey( $key ) {
|
public static function setPublicKey( $key ) {
|
||||||
|
|
||||||
$view = new \OC_FilesystemView( '/public-keys' );
|
$view = new \OC_FilesystemView( '/public-keys' );
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
|
if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
|
||||||
|
|
||||||
return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
|
return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = true;
|
\OC_FileProxy::$enabled = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief store file encryption key
|
* @brief store file encryption key
|
||||||
*
|
*
|
||||||
* @param string $path relative path of the file, including filename
|
* @param string $path relative path of the file, including filename
|
||||||
|
@ -271,70 +248,70 @@ class Keymanager {
|
||||||
* @return bool true/false
|
* @return bool true/false
|
||||||
* @note The keyfile is not encrypted here. Client code must
|
* @note The keyfile is not encrypted here. Client code must
|
||||||
* asymmetrically encrypt the keyfile before passing it to this method
|
* asymmetrically encrypt the keyfile before passing it to this method
|
||||||
*/
|
*/
|
||||||
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
|
public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
|
||||||
|
|
||||||
$basePath = '/' . $userId . '/files_encryption/share-keys';
|
$basePath = '/' . $userId . '/files_encryption/share-keys';
|
||||||
|
|
||||||
$shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
$shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId );
|
||||||
|
|
||||||
return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
|
return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Make preparations to vars and filesystem for saving a keyfile
|
* @brief Make preparations to vars and filesystem for saving a keyfile
|
||||||
*/
|
*/
|
||||||
public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
|
public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
|
||||||
|
|
||||||
$targetPath = ltrim( $path, '/' );
|
$targetPath = ltrim( $path, '/' );
|
||||||
|
|
||||||
$path_parts = pathinfo( $targetPath );
|
$path_parts = pathinfo( $targetPath );
|
||||||
|
|
||||||
// If the file resides within a subdirectory, create it
|
// If the file resides within a subdirectory, create it
|
||||||
if (
|
if (
|
||||||
isset( $path_parts['dirname'] )
|
isset( $path_parts['dirname'] )
|
||||||
&& ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
|
&& ! $view->file_exists( $basePath . '/' . $path_parts['dirname'] )
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$view->mkdir( $basePath . '/' . $path_parts['dirname'] );
|
$view->mkdir( $basePath . '/' . $path_parts['dirname'] );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $targetPath;
|
return $targetPath;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief change password of private encryption key
|
* @brief change password of private encryption key
|
||||||
*
|
*
|
||||||
* @param string $oldpasswd old password
|
* @param string $oldpasswd old password
|
||||||
* @param string $newpasswd new password
|
* @param string $newpasswd new password
|
||||||
* @return bool true/false
|
* @return bool true/false
|
||||||
*/
|
*/
|
||||||
public static function changePasswd($oldpasswd, $newpasswd) {
|
public static function changePasswd($oldpasswd, $newpasswd) {
|
||||||
|
|
||||||
if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
|
if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
|
||||||
return Crypt::changekeypasscode($oldpasswd, $newpasswd);
|
return Crypt::changekeypasscode($oldpasswd, $newpasswd);
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Fetch the legacy encryption key from user files
|
* @brief Fetch the legacy encryption key from user files
|
||||||
* @param string $login used to locate the legacy key
|
* @param string $login used to locate the legacy key
|
||||||
* @param string $passphrase used to decrypt the legacy key
|
* @param string $passphrase used to decrypt the legacy key
|
||||||
* @return true / false
|
* @return true / false
|
||||||
*
|
*
|
||||||
* if the key is left out, the default handeler will be used
|
* if the key is left out, the default handeler will be used
|
||||||
*/
|
*/
|
||||||
public function getLegacyKey() {
|
public function getLegacyKey() {
|
||||||
|
|
||||||
$user = \OCP\User::getUser();
|
$user = \OCP\User::getUser();
|
||||||
$view = new \OC_FilesystemView( '/' . $user );
|
$view = new \OC_FilesystemView( '/' . $user );
|
||||||
return $view->file_get_contents( 'encryption.key' );
|
return $view->file_get_contents( 'encryption.key' );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -95,7 +95,8 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
if ( self::shouldEncrypt( $path ) ) {
|
if ( self::shouldEncrypt( $path ) ) {
|
||||||
|
|
||||||
if ( !is_resource( $data ) ) { //stream put contents should have been converted to fopen
|
// Stream put contents should have been converted to fopen
|
||||||
|
if ( !is_resource( $data ) ) {
|
||||||
|
|
||||||
$userId = \OCP\USER::getUser();
|
$userId = \OCP\USER::getUser();
|
||||||
|
|
||||||
|
@ -107,10 +108,33 @@ class Proxy extends \OC_FileProxy {
|
||||||
// Disable encryption proxy to prevent recursive calls
|
// Disable encryption proxy to prevent recursive calls
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// TODO: Check if file is shared, if so, use multiKeyEncrypt
|
$fileOwner = \OC\Files\Filesystem::getOwner( $path );
|
||||||
|
|
||||||
// Encrypt plain data and fetch key
|
// Check if the keyfile needs to be shared
|
||||||
$encrypted = Crypt::keyEncryptKeyfile( $data, Keymanager::getPublicKey( $rootView, $userId ) );
|
if (
|
||||||
|
$fileOwner !== true
|
||||||
|
or $fileOwner !== $userId
|
||||||
|
) {
|
||||||
|
|
||||||
|
// Shared storage backend isn't loaded
|
||||||
|
|
||||||
|
$users = \OCP\Share::getItemShared( 'file', $path, \OC_Share_backend_File::FORMAT_SHARED_STORAGE );
|
||||||
|
//
|
||||||
|
trigger_error("SHARE USERS = ". var_export($users, 1));
|
||||||
|
//
|
||||||
|
// $publicKeys = Keymanager::getPublicKeys( $rootView, $users);
|
||||||
|
//
|
||||||
|
// // Encrypt plain data to multiple users
|
||||||
|
// $encrypted = Crypt::multiKeyEncrypt( $data, $publicKeys );
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
$publicKey = Keymanager::getPublicKey( $rootView, $userId );
|
||||||
|
|
||||||
|
// Encrypt plain data to a single user
|
||||||
|
$encrypted = Crypt::keyEncryptKeyfile( $data, $publicKey );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Replace plain content with encrypted content by reference
|
// Replace plain content with encrypted content by reference
|
||||||
$data = $encrypted['data'];
|
$data = $encrypted['data'];
|
||||||
|
|
|
@ -91,6 +91,60 @@ class Share {
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Find which users can access a shared item
|
||||||
|
* @param string Item type
|
||||||
|
* @param int Format (optional) Format type must be defined by the backend
|
||||||
|
* @param int Number of items to return (optional) Returns all by default
|
||||||
|
* @return Return depends on format
|
||||||
|
*/
|
||||||
|
public static function getUsersSharingFile( $path ) {
|
||||||
|
|
||||||
|
// Fetch all shares of this file path from DB
|
||||||
|
$query = \OC_DB::prepare(
|
||||||
|
'SELECT
|
||||||
|
share_type
|
||||||
|
, share_with
|
||||||
|
, permissions
|
||||||
|
FROM
|
||||||
|
`*PREFIX*share`
|
||||||
|
WHERE
|
||||||
|
file_target = ?'
|
||||||
|
);
|
||||||
|
|
||||||
|
$result = $query->execute( array( $path ) );
|
||||||
|
|
||||||
|
if ( \OC_DB::isError( $result ) ) {
|
||||||
|
|
||||||
|
\OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result) . ', path=' . $path, \OC_Log::ERROR );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
$shares = array();
|
||||||
|
|
||||||
|
while( $row = $result->fetchRow() ) {
|
||||||
|
|
||||||
|
// Set helpful array keys
|
||||||
|
$shares[] = array(
|
||||||
|
'userId' => $row['share_with']
|
||||||
|
, 'shareType' => $row['share_type']
|
||||||
|
, 'permissions' => $row['permissions']
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! empty( $shares ) ) {
|
||||||
|
|
||||||
|
return $shares;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Get the items of item type shared with the current user
|
* @brief Get the items of item type shared with the current user
|
||||||
|
|
Loading…
Reference in New Issue