exclude mounted server-to-server shares from encryption

This commit is contained in:
Bjoern Schiessle 2014-05-21 11:39:37 +02:00
parent 961317d911
commit c580aeb455
1 changed files with 28 additions and 4 deletions

View File

@ -41,6 +41,30 @@ class Proxy extends \OC_FileProxy {
private static $fopenMode = array(); // remember the fopen mode private static $fopenMode = array(); // remember the fopen mode
private static $enableEncryption = false; // Enable encryption for the given path private static $enableEncryption = false; // Enable encryption for the given path
/**
* check if path is excluded from encryption
*
* @param string $path relative to data/
* @param string $uid user
* @return boolean
*/
private function isExcludedPath($path, $uid) {
// files outside of the files-folder are excluded
if(strpos($path, '/' . $uid . '/files') !== 0) {
return true;
}
// we don't encrypt server-to-server shares
list($storage, ) = \OC\Files\Filesystem::resolvePath($path);
if ($storage instanceof OCA\Files_Sharing\External\Storage) {
return true;
}
return false;
}
/** /**
* Check if a file requires encryption * Check if a file requires encryption
* @param string $path * @param string $path
@ -50,7 +74,7 @@ class Proxy extends \OC_FileProxy {
* Tests if server side encryption is enabled, and if we should call the * Tests if server side encryption is enabled, and if we should call the
* crypt stream wrapper for the given file * crypt stream wrapper for the given file
*/ */
private static function shouldEncrypt($path, $mode = 'w') { private function shouldEncrypt($path, $mode = 'w') {
$userId = Helper::getUser($path); $userId = Helper::getUser($path);
$session = new Session(new \OC\Files\View()); $session = new Session(new \OC\Files\View());
@ -59,7 +83,7 @@ class Proxy extends \OC_FileProxy {
if ( if (
$session->getInitialized() !== Session::INIT_SUCCESSFUL // encryption successful initialized $session->getInitialized() !== Session::INIT_SUCCESSFUL // encryption successful initialized
|| Crypt::mode() !== 'server' // we are not in server-side-encryption mode || Crypt::mode() !== 'server' // we are not in server-side-encryption mode
|| strpos($path, '/' . $userId . '/files') !== 0 // path is not in files/ || $this->isExcludedPath($path, $userId) // if path is excluded from encryption
|| substr($path, 0, 8) === 'crypt://' // we are already in crypt mode || substr($path, 0, 8) === 'crypt://' // we are already in crypt mode
) { ) {
return false; return false;
@ -85,7 +109,7 @@ class Proxy extends \OC_FileProxy {
*/ */
public function preFile_put_contents($path, &$data) { public function preFile_put_contents($path, &$data) {
if (self::shouldEncrypt($path)) { if ($this->shouldEncrypt($path)) {
if (!is_resource($data)) { if (!is_resource($data)) {
@ -219,7 +243,7 @@ class Proxy extends \OC_FileProxy {
public function preFopen($path, $mode) { public function preFopen($path, $mode) {
self::$fopenMode[$path] = $mode; self::$fopenMode[$path] = $mode;
self::$enableEncryption = self::shouldEncrypt($path, $mode); self::$enableEncryption = $this->shouldEncrypt($path, $mode);
} }