Encryption storage wrapper is enabled by default - necessary to detect encrypted files even if encryption was disabled after files have been encrypted - prevents data corruption

This commit is contained in:
Thomas Müller 2015-04-02 17:16:27 +02:00
parent 9a7fbbbc5a
commit ba9a797eaa
2 changed files with 14 additions and 5 deletions

View File

@ -701,10 +701,7 @@ class OC {
}
private static function registerEncryptionWrapper() {
$enabled = self::$server->getEncryptionManager()->isEnabled();
if ($enabled) {
\OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC\Encryption\Manager', 'setupStorage');
}
\OCP\Util::connectHook('OC_Filesystem', 'setup', 'OC\Encryption\Manager', 'setupStorage');
}
private static function registerEncryptionHooks() {

View File

@ -229,13 +229,17 @@ class Encryption extends Wrapper {
$encryptionModuleId = $this->util->getEncryptionModuleId($header);
$size = $unencryptedSize = 0;
if ($this->file_exists($path)) {
$targetExists = $this->file_exists($path);
$targetIsEncrypted = false;
if ($targetExists) {
// in case the file exists we require the explicit module as
// specified in the file header - otherwise we need to fail hard to
// prevent data loss on client side
if (!empty($encryptionModuleId)) {
$targetIsEncrypted = true;
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
}
$size = $this->storage->filesize($path);
$unencryptedSize = $this->filesize($path);
}
@ -266,6 +270,14 @@ class Encryption extends Wrapper {
'" not found, file will be stored unencrypted');
}
// encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
$encEnabled = $this->encryptionManager->isEnabled();
if (!$encEnabled ) {
if (!$targetExists || !$targetIsEncrypted) {
$shouldEncrypt = false;
}
}
if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) {
$source = $this->storage->fopen($path, $mode);
$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,