From bae5be3dc14085a5061cd38e74c07453ed19b66b Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 27 Jul 2017 16:52:28 +0200 Subject: [PATCH] add prefix to user and system keys to avoid name collisions Signed-off-by: Bjoern Schiessle --- lib/private/Repair.php | 5 +- .../NC13/RepairIdentityProofKeyFolders.php | 110 ++++++++++++++++++ .../Security/IdentityProof/Manager.php | 5 +- .../Security/IdentityProof/ManagerTest.php | 10 +- 4 files changed, 122 insertions(+), 8 deletions(-) create mode 100644 lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php diff --git a/lib/private/Repair.php b/lib/private/Repair.php index dae328e634..4864ad77b8 100644 --- a/lib/private/Repair.php +++ b/lib/private/Repair.php @@ -31,6 +31,7 @@ namespace OC; use OC\App\AppStore\Bundles\BundleFetcher; +use OC\Files\AppData\Factory; use OC\Repair\CleanTags; use OC\Repair\Collation; use OC\Repair\MoveUpdaterStepFile; @@ -39,6 +40,7 @@ use OC\Repair\NC11\FixMountStorages; use OC\Repair\NC11\MoveAvatars; use OC\Repair\NC12\InstallCoreBundle; use OC\Repair\NC12\UpdateLanguageCodes; +use OC\Repair\NC13\RepairIdentityProofKeyFolders; use OC\Repair\OldGroupMembershipShares; use OC\Repair\Owncloud\SaveAccountsTableData; use OC\Repair\RemoveRootShares; @@ -145,7 +147,8 @@ class Repair implements IOutput{ \OC::$server->getConfig(), \OC::$server->query(Installer::class) ), - new RepairInvalidPaths(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig()) + new RepairInvalidPaths(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig()), + new RepairIdentityProofKeyFolders(\OC::$server->getConfig(), \OC::$server->query(Factory::class), \OC::$server->getRootFolder()), ]; } diff --git a/lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php b/lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php new file mode 100644 index 0000000000..93a135b5cf --- /dev/null +++ b/lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php @@ -0,0 +1,110 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + + +namespace OC\Repair\NC13; + + +use OC\Files\AppData\Factory; +use OCP\Files\IRootFolder; +use OCP\Files\SimpleFS\ISimpleFolder; +use OCP\IConfig; +use OCP\Migration\IOutput; +use OCP\Migration\IRepairStep; + +class RepairIdentityProofKeyFolders implements IRepairStep { + + /** @var IConfig */ + private $config; + + /** @var \OC\Files\AppData\AppData */ + private $appDataIdentityProof; + + /** @var IRootFolder */ + private $rootFolder; + + /** @var string */ + private $identityProofDir; + + /** + * RepairIdentityProofKeyFolders constructor. + * + * @param IConfig $config + * @param Factory $appDataFactory + * @param IRootFolder $rootFolder + */ + public function __construct(IConfig $config, Factory $appDataFactory, IRootFolder $rootFolder) { + $this->config = $config; + $this->appDataIdentityProof = $appDataFactory->get('identityproof'); + $this->rootFolder = $rootFolder; + + $instanceId = $this->config->getSystemValue('instanceid', null); + if ($instanceId === null) { + throw new \RuntimeException('no instance id!'); + } + $this->identityProofDir = 'appdata_' . $instanceId . '/identityproof/'; + } + + /** + * Returns the step's name + * + * @return string + * @since 9.1.0 + */ + public function getName() { + return "Rename folder with user specific keys"; + } + + /** + * Run repair step. + * Must throw exception on error. + * + * @param IOutput $output + * @throws \Exception in case of failure + * @since 9.1.0 + */ + public function run(IOutput $output) { + $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0'); + if (version_compare($versionFromBeforeUpdate, '13.0.0.1', '<=')) { + $count = $this->repair(); + $output->info('Repaired ' . $count . ' folders'); + } + } + + /** + * rename all dirs with user specific keys to 'user-uid' + * + * @return int + */ + private function repair() { + $count = 0; + $dirListing = $this->appDataIdentityProof->getDirectoryListing(); + /** @var ISimpleFolder $folder */ + foreach ($dirListing as $folder) { + $name = $folder->getName(); + $node = $this->rootFolder->get($this->identityProofDir . $name); + $node->move($this->identityProofDir . 'user-' . $name); + $count++; + } + + return $count; + } +} diff --git a/lib/private/Security/IdentityProof/Manager.php b/lib/private/Security/IdentityProof/Manager.php index a8c204c84b..c5134e12b8 100644 --- a/lib/private/Security/IdentityProof/Manager.php +++ b/lib/private/Security/IdentityProof/Manager.php @@ -121,7 +121,8 @@ class Manager { * @return Key */ public function getKey(IUser $user) { - return $this->retrieveKey($user->getUID()); + $uid = $user->getUID(); + return $this->retrieveKey('user-' . $uid); } /** @@ -135,7 +136,7 @@ class Manager { if ($instanceId === null) { throw new \RuntimeException('no instance id!'); } - return $this->retrieveKey($instanceId); + return $this->retrieveKey('system-' . $instanceId); } diff --git a/tests/lib/Security/IdentityProof/ManagerTest.php b/tests/lib/Security/IdentityProof/ManagerTest.php index 5ab9ce63fb..290e7be5c9 100644 --- a/tests/lib/Security/IdentityProof/ManagerTest.php +++ b/tests/lib/Security/IdentityProof/ManagerTest.php @@ -119,7 +119,7 @@ class ManagerTest extends TestCase { $this->appData ->expects($this->once()) ->method('getFolder') - ->with('MyUid') + ->with('user-MyUid') ->willReturn($folder); $expected = new Key('MyPublicKey', 'MyPrivateKey'); @@ -135,7 +135,7 @@ class ManagerTest extends TestCase { $this->appData ->expects($this->at(0)) ->method('getFolder') - ->with('MyUid') + ->with('user-MyUid') ->willThrowException(new \Exception()); $this->manager ->expects($this->once()) @@ -144,7 +144,7 @@ class ManagerTest extends TestCase { $this->appData ->expects($this->at(1)) ->method('newFolder') - ->with('MyUid'); + ->with('user-MyUid'); $folder = $this->createMock(ISimpleFolder::class); $this->crypto ->expects($this->once()) @@ -174,7 +174,7 @@ class ManagerTest extends TestCase { $this->appData ->expects($this->at(2)) ->method('getFolder') - ->with('MyUid') + ->with('user-MyUid') ->willReturn($folder); @@ -203,7 +203,7 @@ class ManagerTest extends TestCase { $this->config->expects($this->once())->method('getSystemValue') ->with('instanceid', null)->willReturn('instanceId'); - $manager->expects($this->once())->method('retrieveKey')->with('instanceId') + $manager->expects($this->once())->method('retrieveKey')->with('system-instanceId') ->willReturn($key); $this->assertSame($key, $manager->getSystemKey());