exclude mounted server-to-server shares from encryption
This commit is contained in:
parent
961317d911
commit
c580aeb455
|
@ -41,6 +41,30 @@ class Proxy extends \OC_FileProxy {
|
||||||
private static $fopenMode = array(); // remember the fopen mode
|
private static $fopenMode = array(); // remember the fopen mode
|
||||||
private static $enableEncryption = false; // Enable encryption for the given path
|
private static $enableEncryption = false; // Enable encryption for the given path
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* check if path is excluded from encryption
|
||||||
|
*
|
||||||
|
* @param string $path relative to data/
|
||||||
|
* @param string $uid user
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
private function isExcludedPath($path, $uid) {
|
||||||
|
|
||||||
|
// files outside of the files-folder are excluded
|
||||||
|
if(strpos($path, '/' . $uid . '/files') !== 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// we don't encrypt server-to-server shares
|
||||||
|
list($storage, ) = \OC\Files\Filesystem::resolvePath($path);
|
||||||
|
if ($storage instanceof OCA\Files_Sharing\External\Storage) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a file requires encryption
|
* Check if a file requires encryption
|
||||||
* @param string $path
|
* @param string $path
|
||||||
|
@ -50,7 +74,7 @@ class Proxy extends \OC_FileProxy {
|
||||||
* Tests if server side encryption is enabled, and if we should call the
|
* Tests if server side encryption is enabled, and if we should call the
|
||||||
* crypt stream wrapper for the given file
|
* crypt stream wrapper for the given file
|
||||||
*/
|
*/
|
||||||
private static function shouldEncrypt($path, $mode = 'w') {
|
private function shouldEncrypt($path, $mode = 'w') {
|
||||||
|
|
||||||
$userId = Helper::getUser($path);
|
$userId = Helper::getUser($path);
|
||||||
$session = new Session(new \OC\Files\View());
|
$session = new Session(new \OC\Files\View());
|
||||||
|
@ -59,7 +83,7 @@ class Proxy extends \OC_FileProxy {
|
||||||
if (
|
if (
|
||||||
$session->getInitialized() !== Session::INIT_SUCCESSFUL // encryption successful initialized
|
$session->getInitialized() !== Session::INIT_SUCCESSFUL // encryption successful initialized
|
||||||
|| Crypt::mode() !== 'server' // we are not in server-side-encryption mode
|
|| Crypt::mode() !== 'server' // we are not in server-side-encryption mode
|
||||||
|| strpos($path, '/' . $userId . '/files') !== 0 // path is not in files/
|
|| $this->isExcludedPath($path, $userId) // if path is excluded from encryption
|
||||||
|| substr($path, 0, 8) === 'crypt://' // we are already in crypt mode
|
|| substr($path, 0, 8) === 'crypt://' // we are already in crypt mode
|
||||||
) {
|
) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -85,7 +109,7 @@ class Proxy extends \OC_FileProxy {
|
||||||
*/
|
*/
|
||||||
public function preFile_put_contents($path, &$data) {
|
public function preFile_put_contents($path, &$data) {
|
||||||
|
|
||||||
if (self::shouldEncrypt($path)) {
|
if ($this->shouldEncrypt($path)) {
|
||||||
|
|
||||||
if (!is_resource($data)) {
|
if (!is_resource($data)) {
|
||||||
|
|
||||||
|
@ -219,7 +243,7 @@ class Proxy extends \OC_FileProxy {
|
||||||
public function preFopen($path, $mode) {
|
public function preFopen($path, $mode) {
|
||||||
|
|
||||||
self::$fopenMode[$path] = $mode;
|
self::$fopenMode[$path] = $mode;
|
||||||
self::$enableEncryption = self::shouldEncrypt($path, $mode);
|
self::$enableEncryption = $this->shouldEncrypt($path, $mode);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue