]> source.dussan.org Git - nextcloud-server.git/commitdiff
Downstream encryption:fix-encrypted-version
authorVincent Petry <vincent@nextcloud.com>
Wed, 23 Jun 2021 14:46:01 +0000 (16:46 +0200)
committerbackportbot[bot] <backportbot[bot]@users.noreply.github.com>
Wed, 30 Jun 2021 12:26:37 +0000 (12:26 +0000)
For fixing "Bad signature" errors.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
apps/encryption/appinfo/info.xml
apps/encryption/composer/composer/autoload_classmap.php
apps/encryption/composer/composer/autoload_static.php
apps/encryption/lib/Command/FixEncryptedVersion.php [new file with mode: 0644]

index 9603f9d16cdb774a9bca10474098e2323185eef0..6dfb977cac7e203cc6d6a5b3010d2809b3179c73 100644 (file)
@@ -45,6 +45,7 @@
                <command>OCA\Encryption\Command\DisableMasterKey</command>
                <command>OCA\Encryption\Command\RecoverUser</command>
                <command>OCA\Encryption\Command\ScanLegacyFormat</command>
+               <command>OCA\Encryption\Command\FixEncryptedVersion</command>
        </commands>
 
        <settings>
index b8226a2793f942ae924d2b8c13493f9238984ff5..b471d10b47563217e0ec758d00cd1e0116afa59e 100644 (file)
@@ -9,6 +9,7 @@ return array(
     'OCA\\Encryption\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php',
     'OCA\\Encryption\\Command\\DisableMasterKey' => $baseDir . '/../lib/Command/DisableMasterKey.php',
     'OCA\\Encryption\\Command\\EnableMasterKey' => $baseDir . '/../lib/Command/EnableMasterKey.php',
+    'OCA\\Encryption\\Command\\FixEncryptedVersion' => $baseDir . '/../lib/Command/FixEncryptedVersion.php',
     'OCA\\Encryption\\Command\\RecoverUser' => $baseDir . '/../lib/Command/RecoverUser.php',
     'OCA\\Encryption\\Command\\ScanLegacyFormat' => $baseDir . '/../lib/Command/ScanLegacyFormat.php',
     'OCA\\Encryption\\Controller\\RecoveryController' => $baseDir . '/../lib/Controller/RecoveryController.php',
index 95c3c8d02236c9bbceeeb14658d033cc7475207d..4c8f0d3953edc193667e27ab07fc983e01cc9994 100644 (file)
@@ -24,6 +24,7 @@ class ComposerStaticInitEncryption
         'OCA\\Encryption\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php',
         'OCA\\Encryption\\Command\\DisableMasterKey' => __DIR__ . '/..' . '/../lib/Command/DisableMasterKey.php',
         'OCA\\Encryption\\Command\\EnableMasterKey' => __DIR__ . '/..' . '/../lib/Command/EnableMasterKey.php',
+        'OCA\\Encryption\\Command\\FixEncryptedVersion' => __DIR__ . '/..' . '/../lib/Command/FixEncryptedVersion.php',
         'OCA\\Encryption\\Command\\RecoverUser' => __DIR__ . '/..' . '/../lib/Command/RecoverUser.php',
         'OCA\\Encryption\\Command\\ScanLegacyFormat' => __DIR__ . '/..' . '/../lib/Command/ScanLegacyFormat.php',
         'OCA\\Encryption\\Controller\\RecoveryController' => __DIR__ . '/..' . '/../lib/Controller/RecoveryController.php',
diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php
new file mode 100644 (file)
index 0000000..534ddc4
--- /dev/null
@@ -0,0 +1,244 @@
+<?php
+/**
+ * @author Sujith Haridasan <sharidasan@owncloud.com>
+ * @author Ilja Neumann <ineumann@owncloud.com>
+ *
+ * @copyright Copyright (c) 2019, ownCloud GmbH
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Encryption\Command;
+
+use OC\Files\View;
+use OC\HintException;
+use OCP\Files\IRootFolder;
+use OCP\IUserManager;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class FixEncryptedVersion extends Command {
+       /** @var IRootFolder  */
+       private $rootFolder;
+
+       /** @var IUserManager  */
+       private $userManager;
+
+       /** @var View  */
+       private $view;
+
+       public function __construct(IRootFolder $rootFolder, IUserManager $userManager, View $view) {
+               $this->rootFolder = $rootFolder;
+               $this->userManager = $userManager;
+               $this->view = $view;
+               parent::__construct();
+       }
+
+       protected function configure() {
+               parent::configure();
+
+               $this
+                       ->setName('encryption:fix-encrypted-version')
+                       ->setDescription('Fix the encrypted version if the encrypted file(s) are not downloadable.')
+                       ->addArgument(
+                               'user',
+                               InputArgument::REQUIRED,
+                               'The id of the user whose files need fixing'
+                       )->addOption(
+                               'path',
+                               'p',
+                               InputArgument::OPTIONAL,
+                               'Limit files to fix with path, e.g., --path="/Music/Artist". If path indicates a directory, all the files inside directory will be fixed.'
+                       );
+       }
+
+       /**
+        * @param InputInterface $input
+        * @param OutputInterface $output
+        * @return int
+        */
+       protected function execute(InputInterface $input, OutputInterface $output) {
+               $user = $input->getArgument('user');
+               $pathToWalk = "/$user/files";
+
+               /**
+                * trim() returns an empty string when the argument is an unset/null
+                */
+               $pathOption = \trim($input->getOption('path'), '/');
+               if ($pathOption !== "") {
+                       $pathToWalk = "$pathToWalk/$pathOption";
+               }
+
+               if ($user === null) {
+                       $output->writeln("<error>No user id provided.</error>\n");
+                       return 1;
+               }
+
+               if ($this->userManager->get($user) === null) {
+                       $output->writeln("<error>User id $user does not exist. Please provide a valid user id</error>");
+                       return 1;
+               }
+               return $this->walkPathOfUser($user, $pathToWalk, $output);
+       }
+
+       /**
+        * @param string $user
+        * @param string $path
+        * @param OutputInterface $output
+        * @return int 0 for success, 1 for error
+        */
+       private function walkPathOfUser($user, $path, OutputInterface $output) {
+               $this->setupUserFs($user);
+               if (!$this->view->file_exists($path)) {
+                       $output->writeln("<error>Path $path does not exist. Please provide a valid path.</error>");
+                       return 1;
+               }
+
+               if ($this->view->is_file($path)) {
+                       $output->writeln("Verifying the content of file $path");
+                       $this->verifyFileContent($path, $output);
+                       return 0;
+               }
+               $directories = [];
+               $directories[] = $path;
+               while ($root = \array_pop($directories)) {
+                       $directoryContent = $this->view->getDirectoryContent($root);
+                       foreach ($directoryContent as $file) {
+                               $path = $root . '/' . $file['name'];
+                               if ($this->view->is_dir($path)) {
+                                       $directories[] = $path;
+                               } else {
+                                       $output->writeln("Verifying the content of file $path");
+                                       $this->verifyFileContent($path, $output);
+                               }
+                       }
+               }
+               return 0;
+       }
+
+       /**
+        * @param string $path
+        * @param OutputInterface $output
+        * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion
+        */
+       private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true) {
+               try {
+                       /**
+                        * In encryption, the files are read in a block size of 8192 bytes
+                        * Read block size of 8192 and a bit more (808 bytes)
+                        * If there is any problem, the first block should throw the signature
+                        * mismatch error. Which as of now, is enough to proceed ahead to
+                        * correct the encrypted version.
+                        */
+                       $handle = $this->view->fopen($path, 'rb');
+
+                       if (\fread($handle, 9001) !== false) {
+                               $output->writeln("<info>The file $path is: OK</info>");
+                       }
+
+                       \fclose($handle);
+
+                       return true;
+               } catch (HintException $e) {
+                       \OC::$server->getLogger()->warning("Issue: " . $e->getMessage());
+                       //If allowOnce is set to false, this becomes recursive.
+                       if ($ignoreCorrectEncVersionCall === true) {
+                               //Lets rectify the file by correcting encrypted version
+                               $output->writeln("<info>Attempting to fix the path: $path</info>");
+                               return $this->correctEncryptedVersion($path, $output);
+                       }
+                       return false;
+               }
+       }
+
+       /**
+        * @param string $path
+        * @param OutputInterface $output
+        * @return bool
+        */
+       private function correctEncryptedVersion($path, OutputInterface $output) {
+               $fileInfo = $this->view->getFileInfo($path);
+               $fileId = $fileInfo->getId();
+               $encryptedVersion = $fileInfo->getEncryptedVersion();
+               $wrongEncryptedVersion = $encryptedVersion;
+
+               $storage = $fileInfo->getStorage();
+
+               $cache = $storage->getCache();
+               $fileCache = $cache->get($fileId);
+
+               if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) {
+                       $output->writeln("<info>The file: $path is a share. Hence kindly fix this by running the script for the owner of share</info>");
+                       return true;
+               }
+
+               // Save original encrypted version so we can restore it if decryption fails with all version
+               $originalEncryptedVersion = $encryptedVersion;
+               if ($encryptedVersion >= 0) {
+                       //test by decrementing the value till 1 and if nothing works try incrementing
+                       $encryptedVersion--;
+                       while ($encryptedVersion > 0) {
+                               $cacheInfo = ['encryptedVersion' => $encryptedVersion, 'encrypted' => $encryptedVersion];
+                               $cache->put($fileCache->getPath(), $cacheInfo);
+                               $output->writeln("<info>Decrement the encrypted version to $encryptedVersion</info>");
+                               if ($this->verifyFileContent($path, $output, false) === true) {
+                                       $output->writeln("<info>Fixed the file: $path with version " . $encryptedVersion . "</info>");
+                                       return true;
+                               }
+                               $encryptedVersion--;
+                       }
+
+                       //So decrementing did not work. Now lets increment. Max increment is till 5
+                       $increment = 1;
+                       while ($increment <= 5) {
+                               /**
+                                * The wrongEncryptedVersion would not be incremented so nothing to worry about here.
+                                * Only the newEncryptedVersion is incremented.
+                                * For example if the wrong encrypted version is 4 then
+                                * cycle1 -> newEncryptedVersion = 5 ( 4 + 1)
+                                * cycle2 -> newEncryptedVersion = 6 ( 4 + 2)
+                                * cycle3 -> newEncryptedVersion = 7 ( 4 + 3)
+                                */
+                               $newEncryptedVersion = $wrongEncryptedVersion + $increment;
+
+                               $cacheInfo = ['encryptedVersion' => $newEncryptedVersion, 'encrypted' => $newEncryptedVersion];
+                               $cache->put($fileCache->getPath(), $cacheInfo);
+                               $output->writeln("<info>Increment the encrypted version to $newEncryptedVersion</info>");
+                               if ($this->verifyFileContent($path, $output, false) === true) {
+                                       $output->writeln("<info>Fixed the file: $path with version " . $newEncryptedVersion . "</info>");
+                                       return true;
+                               }
+                               $increment++;
+                       }
+               }
+
+               $cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion];
+               $cache->put($fileCache->getPath(), $cacheInfo);
+               $output->writeln("<info>No fix found for $path, restored version to original: $originalEncryptedVersion</info>");
+
+               return false;
+       }
+
+       /**
+        * Setup user file system
+        * @param string $uid
+        */
+       private function setupUserFs($uid) {
+               \OC_Util::tearDownFS();
+               \OC_Util::setupFS($uid);
+       }
+}