Merge pull request #3527 from owncloud/file_encryption_external_storage_fixes
File encryption external storage fixes
This commit is contained in:
commit
d636e168a6
|
@ -327,6 +327,12 @@ class Hooks {
|
||||||
|
|
||||||
$sharingEnabled = \OCP\Share::isEnabled();
|
$sharingEnabled = \OCP\Share::isEnabled();
|
||||||
|
|
||||||
|
// get the path including mount point only if not a shared folder
|
||||||
|
if(strncmp($path, '/Shared' , strlen('/Shared') !== 0)) {
|
||||||
|
// get path including the the storage mount point
|
||||||
|
$path = $util->getPathWithMountPoint($params['itemSource']);
|
||||||
|
}
|
||||||
|
|
||||||
// if a folder was shared, get a list of all (sub-)folders
|
// if a folder was shared, get a list of all (sub-)folders
|
||||||
if ($params['itemType'] === 'folder') {
|
if ($params['itemType'] === 'folder') {
|
||||||
$allFiles = $util->getAllFiles($path);
|
$allFiles = $util->getAllFiles($path);
|
||||||
|
@ -376,17 +382,11 @@ class Hooks {
|
||||||
|
|
||||||
// rebuild path
|
// rebuild path
|
||||||
foreach ($targetPathSplit as $pathPart) {
|
foreach ($targetPathSplit as $pathPart) {
|
||||||
|
|
||||||
if ($pathPart !== $sharedPart) {
|
if ($pathPart !== $sharedPart) {
|
||||||
|
|
||||||
$path = '/' . $pathPart . $path;
|
$path = '/' . $pathPart . $path;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// prefix path with Shared
|
// prefix path with Shared
|
||||||
|
@ -404,13 +404,16 @@ class Hooks {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// get the path including mount point only if not a shared folder
|
||||||
|
if(strncmp($path, '/Shared' , strlen('/Shared') !== 0)) {
|
||||||
|
// get path including the the storage mount point
|
||||||
|
$path = $util->getPathWithMountPoint($params['itemSource']);
|
||||||
|
}
|
||||||
|
|
||||||
// if we unshare a folder we need a list of all (sub-)files
|
// if we unshare a folder we need a list of all (sub-)files
|
||||||
if ($params['itemType'] === 'folder') {
|
if ($params['itemType'] === 'folder') {
|
||||||
|
$allFiles = $util->getAllFiles( $path );
|
||||||
$allFiles = $util->getAllFiles($path);
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
$allFiles = array($path);
|
$allFiles = array($path);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -186,4 +186,18 @@ class Helper {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Format a path to be relative to the /user/files/ directory
|
||||||
|
* @param string $path the absolute path
|
||||||
|
* @return string e.g. turns '/admin/files/test.txt' into 'test.txt'
|
||||||
|
*/
|
||||||
|
public static function stripUserFilesPath($path) {
|
||||||
|
$trimmed = ltrim($path, '/');
|
||||||
|
$split = explode('/', $trimmed);
|
||||||
|
$sliced = array_slice($split, 2);
|
||||||
|
$relPath = implode('/', $sliced);
|
||||||
|
|
||||||
|
return $relPath;
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -169,7 +169,7 @@ class Keymanager {
|
||||||
*/
|
*/
|
||||||
public static function fixPartialFilePath($path) {
|
public static function fixPartialFilePath($path) {
|
||||||
|
|
||||||
if (preg_match('/\.part$/', $path)) {
|
if (preg_match('/\.part$/', $path) || preg_match('/\.etmp$/', $path)) {
|
||||||
|
|
||||||
$newLength = strlen($path) - 5;
|
$newLength = strlen($path) - 5;
|
||||||
$fPath = substr($path, 0, $newLength);
|
$fPath = substr($path, 0, $newLength);
|
||||||
|
@ -191,7 +191,7 @@ class Keymanager {
|
||||||
*/
|
*/
|
||||||
public static function isPartialFilePath($path) {
|
public static function isPartialFilePath($path) {
|
||||||
|
|
||||||
if (preg_match('/\.part$/', $path)) {
|
if (preg_match('/\.part$/', $path) || preg_match('/\.etmp$/', $path)) {
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
|
|
@ -104,78 +104,40 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
if (self::shouldEncrypt($path)) {
|
if (self::shouldEncrypt($path)) {
|
||||||
|
|
||||||
// Stream put contents should have been converted to fopen
|
|
||||||
if (!is_resource($data)) {
|
if (!is_resource($data)) {
|
||||||
|
|
||||||
$userId = \OCP\USER::getUser();
|
// get root view
|
||||||
$view = new \OC_FilesystemView('/');
|
$view = new \OC_FilesystemView('/');
|
||||||
$util = new Util($view, $userId);
|
|
||||||
$session = new \OCA\Encryption\Session($view);
|
|
||||||
$privateKey = $session->getPrivateKey();
|
|
||||||
$filePath = $util->stripUserFilesPath($path);
|
|
||||||
// Set the filesize for userland, before encrypting
|
|
||||||
$size = strlen($data);
|
|
||||||
|
|
||||||
// Disable encryption proxy to prevent recursive calls
|
// get relative path
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
\OC_FileProxy::$enabled = false;
|
|
||||||
|
|
||||||
// Check if there is an existing key we can reuse
|
|
||||||
if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) {
|
|
||||||
|
|
||||||
// Fetch shareKey
|
|
||||||
$shareKey = Keymanager::getShareKey($view, $userId, $filePath);
|
|
||||||
|
|
||||||
// Decrypt the keyfile
|
|
||||||
$plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
// Make a new key
|
|
||||||
$plainKey = Crypt::generateKey();
|
|
||||||
|
|
||||||
|
if (!isset($relativePath)) {
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Encrypt data
|
$handle = fopen('crypt://' . $relativePath . '.etmp', 'w');
|
||||||
$encData = Crypt::symmetricEncryptFileContent($data, $plainKey);
|
if (is_resource($handle)) {
|
||||||
|
|
||||||
$sharingEnabled = \OCP\Share::isEnabled();
|
// write data to stream
|
||||||
|
fwrite($handle, $data);
|
||||||
|
|
||||||
// if file exists try to get sharing users
|
// close stream
|
||||||
if ($view->file_exists($path)) {
|
fclose($handle);
|
||||||
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId);
|
|
||||||
} else {
|
// disable encryption proxy to prevent recursive calls
|
||||||
$uniqueUserIds[] = $userId;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
|
// get encrypted content
|
||||||
|
$data = $view->file_get_contents($path . '.etmp');
|
||||||
|
|
||||||
|
// remove our temp file
|
||||||
|
$view->unlink($path . '.etmp');
|
||||||
|
|
||||||
|
// re-enable proxy - our work is done
|
||||||
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fetch public keys for all users who will share the file
|
|
||||||
$publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds);
|
|
||||||
|
|
||||||
// Encrypt plain keyfile to multiple sharefiles
|
|
||||||
$multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys);
|
|
||||||
|
|
||||||
// Save sharekeys to user folders
|
|
||||||
Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']);
|
|
||||||
|
|
||||||
// Set encrypted keyfile as common varname
|
|
||||||
$encKey = $multiEncrypted['data'];
|
|
||||||
|
|
||||||
// Save keyfile for newly encrypted file in parallel directory tree
|
|
||||||
Keymanager::setFileKey($view, $filePath, $userId, $encKey);
|
|
||||||
|
|
||||||
// Replace plain content with encrypted content by reference
|
|
||||||
$data = $encData;
|
|
||||||
|
|
||||||
// Update the file cache with file info
|
|
||||||
\OC\Files\Filesystem::putFileInfo($filePath, array(
|
|
||||||
'encrypted' => true,
|
|
||||||
'size' => strlen($data),
|
|
||||||
'unencrypted_size' => $size
|
|
||||||
), '');
|
|
||||||
|
|
||||||
// Re-enable proxy - our work is done
|
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,15 +151,11 @@ class Proxy extends \OC_FileProxy {
|
||||||
*/
|
*/
|
||||||
public function postFile_get_contents($path, $data) {
|
public function postFile_get_contents($path, $data) {
|
||||||
|
|
||||||
$userId = \OCP\USER::getUser();
|
$plainData = null;
|
||||||
$view = new \OC_FilesystemView('/');
|
$view = new \OC_FilesystemView('/');
|
||||||
$util = new Util($view, $userId);
|
|
||||||
|
|
||||||
$relPath = $util->stripUserFilesPath($path);
|
// get relative path
|
||||||
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
// Disable encryption proxy to prevent recursive calls
|
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
|
||||||
\OC_FileProxy::$enabled = false;
|
|
||||||
|
|
||||||
// init session
|
// init session
|
||||||
$session = new \OCA\Encryption\Session($view);
|
$session = new \OCA\Encryption\Session($view);
|
||||||
|
@ -208,28 +166,27 @@ class Proxy extends \OC_FileProxy {
|
||||||
&& Crypt::isCatfileContent($data)
|
&& Crypt::isCatfileContent($data)
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$privateKey = $session->getPrivateKey($userId);
|
$handle = fopen('crypt://' . $relativePath, 'r');
|
||||||
|
|
||||||
// Get the encrypted keyfile
|
if (is_resource($handle)) {
|
||||||
$encKeyfile = Keymanager::getFileKey($view, $userId, $relPath);
|
while (($plainDataChunk = fgets($handle, 8192)) !== false) {
|
||||||
|
$plainData .= $plainDataChunk;
|
||||||
// Attempt to fetch the user's shareKey
|
}
|
||||||
$shareKey = Keymanager::getShareKey($view, $userId, $relPath);
|
}
|
||||||
|
|
||||||
// Decrypt keyfile with shareKey
|
|
||||||
$plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
|
|
||||||
|
|
||||||
$plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile);
|
|
||||||
|
|
||||||
} elseif (
|
} elseif (
|
||||||
Crypt::mode() == 'server'
|
Crypt::mode() == 'server'
|
||||||
&& \OC::$session->exists('legacyenckey')
|
&& \OC::$session->exists('legacyenckey')
|
||||||
&& Crypt::isEncryptedMeta($path)
|
&& Crypt::isEncryptedMeta($path)
|
||||||
) {
|
) {
|
||||||
$plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey());
|
// Disable encryption proxy to prevent recursive calls
|
||||||
}
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
$plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey());
|
||||||
|
|
||||||
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
}
|
||||||
|
|
||||||
if (!isset($plainData)) {
|
if (!isset($plainData)) {
|
||||||
|
|
||||||
|
@ -261,10 +218,10 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
$util = new Util($view, $userId);
|
$util = new Util($view, $userId);
|
||||||
|
|
||||||
// Format path to be relative to user files dir
|
// get relative path
|
||||||
$relPath = $util->stripUserFilesPath($path);
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
|
|
||||||
list($owner, $ownerPath) = $util->getUidAndFilename($relPath);
|
list($owner, $ownerPath) = $util->getUidAndFilename($relativePath);
|
||||||
|
|
||||||
// Delete keyfile & shareKey so it isn't orphaned
|
// Delete keyfile & shareKey so it isn't orphaned
|
||||||
if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) {
|
if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) {
|
||||||
|
@ -305,12 +262,14 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reformat path for use with OC_FSV
|
// split the path parts
|
||||||
$path_split = explode('/', $path);
|
$pathParts = explode('/', $path);
|
||||||
$path_f = implode('/', array_slice($path_split, 3));
|
|
||||||
|
// get relative path
|
||||||
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
|
|
||||||
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
|
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
|
||||||
if (isset($path_split) && $path_split[2] === 'cache') {
|
if (isset($pathParts[2]) && $pathParts[2] === 'cache') {
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -335,14 +294,14 @@ class Proxy extends \OC_FileProxy {
|
||||||
|
|
||||||
// Open the file using the crypto stream wrapper
|
// Open the file using the crypto stream wrapper
|
||||||
// protocol and let it do the decryption work instead
|
// protocol and let it do the decryption work instead
|
||||||
$result = fopen('crypt://' . $path_f, $meta['mode']);
|
$result = fopen('crypt://' . $relativePath, $meta['mode']);
|
||||||
|
|
||||||
} elseif (
|
} elseif (
|
||||||
self::shouldEncrypt($path)
|
self::shouldEncrypt($path)
|
||||||
and $meta ['mode'] !== 'r'
|
and $meta ['mode'] !== 'r'
|
||||||
and $meta['mode'] !== 'rb'
|
and $meta['mode'] !== 'rb'
|
||||||
) {
|
) {
|
||||||
$result = fopen('crypt://' . $path_f, $meta['mode']);
|
$result = fopen('crypt://' . $relativePath, $meta['mode']);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Re-enable the proxy
|
// Re-enable the proxy
|
||||||
|
@ -390,12 +349,11 @@ class Proxy extends \OC_FileProxy {
|
||||||
return $size;
|
return $size;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reformat path for use with OC_FSV
|
// get relative path
|
||||||
$path_split = explode('/', $path);
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
$path_f = implode('/', array_slice($path_split, 3));
|
|
||||||
|
|
||||||
// if path is empty we cannot resolve anything
|
// if path is empty we cannot resolve anything
|
||||||
if (empty($path_f)) {
|
if (empty($relativePath)) {
|
||||||
return $size;
|
return $size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -424,7 +382,7 @@ class Proxy extends \OC_FileProxy {
|
||||||
$fileInfo['unencrypted_size'] = $size;
|
$fileInfo['unencrypted_size'] = $size;
|
||||||
|
|
||||||
// put file info if not .part file
|
// put file info if not .part file
|
||||||
if (!Keymanager::isPartialFilePath($path_f)) {
|
if (!Keymanager::isPartialFilePath($relativePath)) {
|
||||||
$view->putFileInfo($path, $fileInfo);
|
$view->putFileInfo($path, $fileInfo);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -447,21 +405,23 @@ class Proxy extends \OC_FileProxy {
|
||||||
$userId = \OCP\User::getUser();
|
$userId = \OCP\User::getUser();
|
||||||
$util = new Util($view, $userId);
|
$util = new Util($view, $userId);
|
||||||
|
|
||||||
// Reformat path for use with OC_FSV
|
// split the path parts
|
||||||
$path_split = explode('/', $path);
|
$pathParts = explode('/', $path);
|
||||||
$path_f = implode('/', array_slice($path_split, 3));
|
|
||||||
|
// get relative path
|
||||||
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
|
|
||||||
// only if file is on 'files' folder fix file size and sharing
|
// only if file is on 'files' folder fix file size and sharing
|
||||||
if (isset($path_split) && $path_split[2] === 'files' && $util->fixFileSize($path)) {
|
if (isset($pathParts[2]) && $pathParts[2] === 'files' && $util->fixFileSize($path)) {
|
||||||
|
|
||||||
// get sharing app state
|
// get sharing app state
|
||||||
$sharingEnabled = \OCP\Share::isEnabled();
|
$sharingEnabled = \OCP\Share::isEnabled();
|
||||||
|
|
||||||
// get users
|
// get users
|
||||||
$usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f);
|
$usersSharing = $util->getSharingUsersArray($sharingEnabled, $relativePath);
|
||||||
|
|
||||||
// update sharing-keys
|
// update sharing-keys
|
||||||
$util->setSharedFileKeyfiles($session, $usersSharing, $path_f);
|
$util->setSharedFileKeyfiles($session, $usersSharing, $relativePath);
|
||||||
}
|
}
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = $proxyStatus;
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
|
|
@ -188,7 +188,9 @@ class Util {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Sets up user folders and keys for serverside encryption
|
* @brief Sets up user folders and keys for serverside encryption
|
||||||
* @param string $passphrase passphrase to encrypt server-stored private key with
|
*
|
||||||
|
* @param string $passphrase to encrypt server-stored private key with
|
||||||
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function setupServerSide($passphrase = null) {
|
public function setupServerSide($passphrase = null) {
|
||||||
|
|
||||||
|
@ -403,7 +405,7 @@ class Util {
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$filePath = $directory . '/' . $this->view->getRelativePath('/' . $file);
|
$filePath = $directory . '/' . $this->view->getRelativePath('/' . $file);
|
||||||
$relPath = $this->stripUserFilesPath($filePath);
|
$relPath = \OCA\Encryption\Helper::stripUserFilesPath($filePath);
|
||||||
|
|
||||||
// If the path is a directory, search
|
// If the path is a directory, search
|
||||||
// its contents
|
// its contents
|
||||||
|
@ -528,7 +530,7 @@ class Util {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Check if a given path identifies an encrypted file
|
* @brief Check if a given path identifies an encrypted file
|
||||||
* @param $path
|
* @param string $path
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function isEncryptedPath($path) {
|
public function isEncryptedPath($path) {
|
||||||
|
@ -541,7 +543,7 @@ class Util {
|
||||||
// we only need 24 byte from the last chunk
|
// we only need 24 byte from the last chunk
|
||||||
$data = '';
|
$data = '';
|
||||||
$handle = $this->view->fopen($path, 'r');
|
$handle = $this->view->fopen($path, 'r');
|
||||||
if (!fseek($handle, -24, SEEK_END)) {
|
if (is_resource($handle) && !fseek($handle, -24, SEEK_END)) {
|
||||||
$data = fgets($handle);
|
$data = fgets($handle);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -565,11 +567,13 @@ class Util {
|
||||||
$proxyStatus = \OC_FileProxy::$enabled;
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
\OC_FileProxy::$enabled = false;
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// Reformat path for use with OC_FSV
|
// split the path parts
|
||||||
$pathSplit = explode('/', $path);
|
$pathParts = explode('/', $path);
|
||||||
$pathRelative = implode('/', array_slice($pathSplit, 3));
|
|
||||||
|
|
||||||
if (isset($pathSplit[2]) && $pathSplit[2] === 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) {
|
// get relative path
|
||||||
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
|
|
||||||
|
if (isset($pathParts[2]) && $pathParts[2] === 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) {
|
||||||
|
|
||||||
// get the size from filesystem
|
// get the size from filesystem
|
||||||
$fullPath = $this->view->getLocalFile($path);
|
$fullPath = $this->view->getLocalFile($path);
|
||||||
|
@ -579,7 +583,7 @@ class Util {
|
||||||
$lastChunkNr = floor($size / 8192);
|
$lastChunkNr = floor($size / 8192);
|
||||||
|
|
||||||
// open stream
|
// open stream
|
||||||
$stream = fopen('crypt://' . $pathRelative, "r");
|
$stream = fopen('crypt://' . $relativePath, "r");
|
||||||
|
|
||||||
if (is_resource($stream)) {
|
if (is_resource($stream)) {
|
||||||
// calculate last chunk position
|
// calculate last chunk position
|
||||||
|
@ -639,21 +643,7 @@ class Util {
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Format a path to be relative to the /user/files/ directory
|
|
||||||
* @note e.g. turns '/admin/files/test.txt' into 'test.txt'
|
|
||||||
*/
|
|
||||||
public function stripUserFilesPath($path) {
|
|
||||||
|
|
||||||
$trimmed = ltrim($path, '/');
|
|
||||||
$split = explode('/', $trimmed);
|
|
||||||
$sliced = array_slice($split, 2);
|
|
||||||
$relPath = implode('/', $sliced);
|
|
||||||
|
|
||||||
return $relPath;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $path
|
* @param $path
|
||||||
* @return bool
|
* @return bool
|
||||||
|
@ -748,7 +738,7 @@ class Util {
|
||||||
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys );
|
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys );
|
||||||
|
|
||||||
$rawPath = $legacyFile['path'];
|
$rawPath = $legacyFile['path'];
|
||||||
$relPath = $this->stripUserFilesPath($rawPath);
|
$relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath);
|
||||||
|
|
||||||
// Save keyfile
|
// Save keyfile
|
||||||
Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']);
|
Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']);
|
||||||
|
@ -903,6 +893,7 @@ class Util {
|
||||||
* @param string $filePath
|
* @param string $filePath
|
||||||
* @param string $fileOwner
|
* @param string $fileOwner
|
||||||
* @param string $privateKey
|
* @param string $privateKey
|
||||||
|
* @return bool|string
|
||||||
* @note Checks whether file was encrypted with openssl_seal or
|
* @note Checks whether file was encrypted with openssl_seal or
|
||||||
* openssl_encrypt, and decrypts accrdingly
|
* openssl_encrypt, and decrypts accrdingly
|
||||||
* @note This was used when 2 types of encryption for keyfiles was used,
|
* @note This was used when 2 types of encryption for keyfiles was used,
|
||||||
|
@ -1028,7 +1019,7 @@ class Util {
|
||||||
if ($sharingEnabled) {
|
if ($sharingEnabled) {
|
||||||
|
|
||||||
// Find out who, if anyone, is sharing the file
|
// Find out who, if anyone, is sharing the file
|
||||||
$result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true, true, true);
|
$result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true);
|
||||||
$userIds = $result['users'];
|
$userIds = $result['users'];
|
||||||
if ($result['public']) {
|
if ($result['public']) {
|
||||||
$userIds[] = $this->publicShareKeyId;
|
$userIds[] = $this->publicShareKeyId;
|
||||||
|
@ -1136,6 +1127,7 @@ class Util {
|
||||||
/**
|
/**
|
||||||
* @brief get uid of the owners of the file and the path to the file
|
* @brief get uid of the owners of the file and the path to the file
|
||||||
* @param string $path Path of the file to check
|
* @param string $path Path of the file to check
|
||||||
|
* @throws \Exception
|
||||||
* @note $shareFilePath must be relative to data/UID/files. Files
|
* @note $shareFilePath must be relative to data/UID/files. Files
|
||||||
* relative to /Shared are also acceptable
|
* relative to /Shared are also acceptable
|
||||||
* @return array
|
* @return array
|
||||||
|
@ -1199,14 +1191,14 @@ class Util {
|
||||||
|
|
||||||
$result = array();
|
$result = array();
|
||||||
|
|
||||||
$content = $this->view->getDirectoryContent($this->userFilesDir . $dir);
|
$content = $this->view->getDirectoryContent(\OC\Files\Filesystem::normalizePath($this->userFilesDir . '/' . $dir));
|
||||||
|
|
||||||
// handling for re shared folders
|
// handling for re shared folders
|
||||||
$path_split = explode('/', $dir);
|
$pathSplit = explode('/', $dir);
|
||||||
|
|
||||||
foreach ($content as $c) {
|
foreach ($content as $c) {
|
||||||
|
|
||||||
$sharedPart = $path_split[sizeof($path_split) - 1];
|
$sharedPart = $pathSplit[sizeof($pathSplit) - 1];
|
||||||
$targetPathSplit = array_reverse(explode('/', $c['path']));
|
$targetPathSplit = array_reverse(explode('/', $c['path']));
|
||||||
|
|
||||||
$path = '';
|
$path = '';
|
||||||
|
@ -1459,7 +1451,7 @@ class Util {
|
||||||
|
|
||||||
// Find out who, if anyone, is sharing the file
|
// Find out who, if anyone, is sharing the file
|
||||||
if ($sharingEnabled) {
|
if ($sharingEnabled) {
|
||||||
$result = \OCP\Share::getUsersSharingFile($file, $this->userId, true, true, true);
|
$result = \OCP\Share::getUsersSharingFile($file, $this->userId, true);
|
||||||
$userIds = $result['users'];
|
$userIds = $result['users'];
|
||||||
$userIds[] = $this->recoveryKeyId;
|
$userIds[] = $this->recoveryKeyId;
|
||||||
if ($result['public']) {
|
if ($result['public']) {
|
||||||
|
@ -1535,4 +1527,21 @@ class Util {
|
||||||
$this->recoverAllFiles('/', $privateKey);
|
$this->recoverAllFiles('/', $privateKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the path including the storage mount point
|
||||||
|
* @param int $id
|
||||||
|
* @return string the path including the mount point like AmazonS3/folder/file.txt
|
||||||
|
*/
|
||||||
|
public function getPathWithMountPoint($id) {
|
||||||
|
list($storage, $internalPath) = \OC\Files\Cache\Cache::getById($id);
|
||||||
|
$mount = \OC\Files\Filesystem::getMountByStorageId($storage);
|
||||||
|
$mountPoint = $mount[0]->getMountPoint();
|
||||||
|
$path = \OC\Files\Filesystem::normalizePath($mountPoint.'/'.$internalPath);
|
||||||
|
|
||||||
|
// reformat the path to be relative e.g. /user/files/folder becomes /folder/
|
||||||
|
$relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
|
||||||
|
|
||||||
|
return $relativePath;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -216,7 +216,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase {
|
||||||
*
|
*
|
||||||
* @param bool $body
|
* @param bool $body
|
||||||
*
|
*
|
||||||
* @note this init procedure is copied from /apps/files/remote.php
|
* @note this init procedure is copied from /apps/files/appinfo/remote.php
|
||||||
*/
|
*/
|
||||||
function handleWebdavRequest($body = false) {
|
function handleWebdavRequest($body = false) {
|
||||||
// Backends
|
// Backends
|
||||||
|
|
|
@ -113,8 +113,16 @@ class Storage {
|
||||||
mkdir($versionsFolderName.'/'.$info['dirname'], 0750, true);
|
mkdir($versionsFolderName.'/'.$info['dirname'], 0750, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// disable proxy to prevent multiple fopen calls
|
||||||
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// store a new version of a file
|
// store a new version of a file
|
||||||
$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename));
|
$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename));
|
||||||
|
|
||||||
|
// reset proxy state
|
||||||
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
|
||||||
$versionsSize = self::getVersionsSize($uid);
|
$versionsSize = self::getVersionsSize($uid);
|
||||||
if ( $versionsSize === false || $versionsSize < 0 ) {
|
if ( $versionsSize === false || $versionsSize < 0 ) {
|
||||||
$versionsSize = self::calculateSize($uid);
|
$versionsSize = self::calculateSize($uid);
|
||||||
|
@ -195,7 +203,16 @@ class Storage {
|
||||||
//first create a new version
|
//first create a new version
|
||||||
$version = 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename);
|
$version = 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename);
|
||||||
if ( !$users_view->file_exists($version)) {
|
if ( !$users_view->file_exists($version)) {
|
||||||
|
|
||||||
|
// disable proxy to prevent multiple fopen calls
|
||||||
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename));
|
$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename));
|
||||||
|
|
||||||
|
// reset proxy state
|
||||||
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
|
||||||
$versionCreated = true;
|
$versionCreated = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -123,27 +123,32 @@ class Share {
|
||||||
return $path;
|
return $path;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Find which users can access a shared item
|
* @brief Find which users can access a shared item
|
||||||
* @param $path to the file
|
* @param $path to the file
|
||||||
* @param $user owner of the file
|
* @param $user owner of the file
|
||||||
* @param include owner to the list of users with access to the file
|
* @param include owner to the list of users with access to the file
|
||||||
* @return array
|
* @return array
|
||||||
* @note $path needs to be relative to user data dir, e.g. 'file.txt'
|
* @note $path needs to be relative to user data dir, e.g. 'file.txt'
|
||||||
* not '/admin/data/file.txt'
|
* not '/admin/data/file.txt'
|
||||||
*/
|
*/
|
||||||
public static function getUsersSharingFile($path, $user, $includeOwner = false, $removeDuplicates = true) {
|
public static function getUsersSharingFile($path, $user, $includeOwner = false) {
|
||||||
|
|
||||||
$path_parts = explode(DIRECTORY_SEPARATOR, trim($path, DIRECTORY_SEPARATOR));
|
|
||||||
$path = '';
|
|
||||||
$shares = array();
|
$shares = array();
|
||||||
$publicShare = false;
|
$publicShare = false;
|
||||||
|
$source = -1;
|
||||||
|
$cache = false;
|
||||||
|
|
||||||
$view = new \OC\Files\View('/' . $user . '/files/');
|
$view = new \OC\Files\View('/' . $user . '/files/');
|
||||||
foreach ($path_parts as $p) {
|
$meta = $view->getFileInfo(\OC\Files\Filesystem::normalizePath($path));
|
||||||
$path .= '/' . $p;
|
|
||||||
$meta = $view->getFileInfo(\OC_Filesystem::normalizePath($path));
|
if($meta !== false) {
|
||||||
$source = $meta['fileid'];
|
$source = $meta['fileid'];
|
||||||
|
$cache = new \OC\Files\Cache\Cache($meta['storage']);
|
||||||
|
}
|
||||||
|
|
||||||
|
while ($source !== -1) {
|
||||||
|
|
||||||
// Fetch all shares of this file path from DB
|
// Fetch all shares of this file path from DB
|
||||||
$query = \OC_DB::prepare(
|
$query = \OC_DB::prepare(
|
||||||
|
@ -156,14 +161,13 @@ class Share {
|
||||||
|
|
||||||
$result = $query->execute(array($source, self::SHARE_TYPE_USER));
|
$result = $query->execute(array($source, self::SHARE_TYPE_USER));
|
||||||
|
|
||||||
if (\OC_DB::isError($result)) {
|
if (\OCP\DB::isError($result)) {
|
||||||
\OC_Log::write('OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR);
|
\OCP\Util::writeLog('OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR);
|
||||||
|
} else {
|
||||||
|
while ($row = $result->fetchRow()) {
|
||||||
|
$shares[] = $row['share_with'];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
while ($row = $result->fetchRow()) {
|
|
||||||
$shares[] = $row['share_with'];
|
|
||||||
}
|
|
||||||
|
|
||||||
// We also need to take group shares into account
|
// We also need to take group shares into account
|
||||||
|
|
||||||
$query = \OC_DB::prepare(
|
$query = \OC_DB::prepare(
|
||||||
|
@ -176,32 +180,42 @@ class Share {
|
||||||
|
|
||||||
$result = $query->execute(array($source, self::SHARE_TYPE_GROUP));
|
$result = $query->execute(array($source, self::SHARE_TYPE_GROUP));
|
||||||
|
|
||||||
if (\OC_DB::isError($result)) {
|
if (\OCP\DB::isError($result)) {
|
||||||
\OC_Log::write('OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR);
|
\OCP\Util::writeLog('OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR);
|
||||||
}
|
} else {
|
||||||
|
while ($row = $result->fetchRow()) {
|
||||||
while ($row = $result->fetchRow()) {
|
$usersInGroup = \OC_Group::usersInGroup($row['share_with']);
|
||||||
$usersInGroup = \OC_Group::usersInGroup($row['share_with']);
|
$shares = array_merge($shares, $usersInGroup);
|
||||||
$shares = array_merge($shares, $usersInGroup);
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//check for public link shares
|
//check for public link shares
|
||||||
$query = \OC_DB::prepare(
|
if (!$publicShare) {
|
||||||
'SELECT share_with
|
$query = \OC_DB::prepare(
|
||||||
FROM
|
'SELECT share_with
|
||||||
`*PREFIX*share`
|
FROM
|
||||||
WHERE
|
`*PREFIX*share`
|
||||||
item_source = ? AND share_type = ?'
|
WHERE
|
||||||
);
|
item_source = ? AND share_type = ?'
|
||||||
|
);
|
||||||
|
|
||||||
$result = $query->execute(array($source, self::SHARE_TYPE_LINK));
|
$result = $query->execute(array($source, self::SHARE_TYPE_LINK));
|
||||||
|
|
||||||
if (\OC_DB::isError($result)) {
|
if (\OCP\DB::isError($result)) {
|
||||||
\OC_Log::write('OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR);
|
\OCP\Util::writeLog('OCP\Share', \OC_DB::getErrorMessage($result), \OC_Log::ERROR);
|
||||||
|
} else {
|
||||||
|
if ($result->fetchRow()) {
|
||||||
|
$publicShare = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($result->fetchRow()) {
|
// let's get the parent for the next round
|
||||||
$publicShare = true;
|
$meta = $cache->get((int)$source);
|
||||||
|
if($meta !== false) {
|
||||||
|
$source = (int)$meta['parent'];
|
||||||
|
} else {
|
||||||
|
$source = -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Include owner in list of users, if requested
|
// Include owner in list of users, if requested
|
||||||
|
|
Loading…
Reference in New Issue