mirrors
/
nextcloud
ミラー元 https://github.com/nextcloud/server.git
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 リリース 993 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
60759 コミット
404 ブランチ
ツリー: 9a37ca9b48
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'9a37ca9b48' から
${ noResults }
nextcloud/apps/encryption/lib/Command/FixEncryptedVersion.php

FixEncryptedVersion.php 10KB
Raw Blame 履歴

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 
  1. <?php

  2. /**

  3.  * @author Sujith Haridasan <sharidasan@owncloud.com>

  4.  * @author Ilja Neumann <ineumann@owncloud.com>

  5.  *

  6.  * @copyright Copyright (c) 2019, ownCloud GmbH

  7.  * @license AGPL-3.0

  8.  *

  9.  * This code is free software: you can redistribute it and/or modify

  10.  * it under the terms of the GNU Affero General Public License, version 3,

  11.  * as published by the Free Software Foundation.

  12.  *

  13.  * This program is distributed in the hope that it will be useful,

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  16.  * GNU Affero General Public License for more details.

  17.  *

  18.  * You should have received a copy of the GNU Affero General Public License, version 3,

  19.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  20.  *

  21.  */

  22. 

  23. namespace OCA\Encryption\Command;

  24. 

  25. use OC\Files\View;

  26. use OC\ServerNotAvailableException;

  27. use OCA\Encryption\Util;

  28. use OCP\Files\IRootFolder;

  29. use OCP\HintException;

  30. use OCP\IConfig;

  31. use OCP\ILogger;

  32. use OCP\IUserManager;

  33. use Symfony\Component\Console\Command\Command;

  34. use Symfony\Component\Console\Input\InputArgument;

  35. use Symfony\Component\Console\Input\InputInterface;

  36. use Symfony\Component\Console\Output\OutputInterface;

  37. 

  38. class FixEncryptedVersion extends Command {

  39. 	/** @var IConfig */

  40. 	private $config;

  41. 

  42. 	/** @var ILogger */

  43. 	private $logger;

  44. 

  45. 	/** @var IRootFolder  */

  46. 	private $rootFolder;

  47. 

  48. 	/** @var IUserManager  */

  49. 	private $userManager;

  50. 

  51. 	/** @var Util */

  52. 	private $util;

  53. 

  54. 	/** @var View  */

  55. 	private $view;

  56. 

  57. 	/** @var bool */

  58. 	private $supportLegacy;

  59. 

  60. 	public function __construct(

  61. 		IConfig $config,

  62. 		ILogger $logger,

  63. 		IRootFolder $rootFolder,

  64. 		IUserManager $userManager,

  65. 		Util $util,

  66. 		View $view

  67. 	) {

  68. 		$this->config = $config;

  69. 		$this->logger = $logger;

  70. 		$this->rootFolder = $rootFolder;

  71. 		$this->userManager = $userManager;

  72. 		$this->util = $util;

  73. 		$this->view = $view;

  74. 		$this->supportLegacy = false;

  75. 

  76. 		parent::__construct();

  77. 	}

  78. 

  79. 	protected function configure(): void {

  80. 		parent::configure();

  81. 

  82. 		$this

  83. 			->setName('encryption:fix-encrypted-version')

  84. 			->setDescription('Fix the encrypted version if the encrypted file(s) are not downloadable.')

  85. 			->addArgument(

  86. 				'user',

  87. 				InputArgument::REQUIRED,

  88. 				'The id of the user whose files need fixing'

  89. 			)->addOption(

  90. 				'path',

  91. 				'p',

  92. 				InputArgument::OPTIONAL,

  93. 				'Limit files to fix with path, e.g., --path="/Music/Artist". If path indicates a directory, all the files inside directory will be fixed.'

  94. 			);

  95. 	}

  96. 

  97. 	/**

  98. 	 * @param InputInterface $input

  99. 	 * @param OutputInterface $output

  100. 	 * @return int

  101. 	 */

  102. 	protected function execute(InputInterface $input, OutputInterface $output): int {

  103. 		$skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);

  104. 		$this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);

  105. 

  106. 		if ($skipSignatureCheck) {

  107. 			$output->writeln("<error>Repairing is not possible when \"encryption_skip_signature_check\" is set. Please disable this flag in the configuration.</error>\n");

  108. 			return 1;

  109. 		}

  110. 

  111. 		if (!$this->util->isMasterKeyEnabled()) {

  112. 			$output->writeln("<error>Repairing only works with master key encryption.</error>\n");

  113. 			return 1;

  114. 		}

  115. 

  116. 		$user = (string)$input->getArgument('user');

  117. 		$pathToWalk = "/$user/files";

  118. 

  119. 		$pathOption = \trim(($input->getOption('path') ?? ''), '/');

  120. 		if ($pathOption !== "") {

  121. 			$pathToWalk = "$pathToWalk/$pathOption";

  122. 		}

  123. 

  124. 		if ($user === null) {

  125. 			$output->writeln("<error>No user id provided.</error>\n");

  126. 			return 1;

  127. 		}

  128. 

  129. 		if ($this->userManager->get($user) === null) {

  130. 			$output->writeln("<error>User id $user does not exist. Please provide a valid user id</error>");

  131. 			return 1;

  132. 		}

  133. 		return $this->walkPathOfUser($user, $pathToWalk, $output);

  134. 	}

  135. 

  136. 	/**

  137. 	 * @param string $user

  138. 	 * @param string $path

  139. 	 * @param OutputInterface $output

  140. 	 * @return int 0 for success, 1 for error

  141. 	 */

  142. 	private function walkPathOfUser($user, $path, OutputInterface $output): int {

  143. 		$this->setupUserFs($user);

  144. 		if (!$this->view->file_exists($path)) {

  145. 			$output->writeln("<error>Path \"$path\" does not exist. Please provide a valid path.</error>");

  146. 			return 1;

  147. 		}

  148. 

  149. 		if ($this->view->is_file($path)) {

  150. 			$output->writeln("Verifying the content of file \"$path\"");

  151. 			$this->verifyFileContent($path, $output);

  152. 			return 0;

  153. 		}

  154. 		$directories = [];

  155. 		$directories[] = $path;

  156. 		while ($root = \array_pop($directories)) {

  157. 			$directoryContent = $this->view->getDirectoryContent($root);

  158. 			foreach ($directoryContent as $file) {

  159. 				$path = $root . '/' . $file['name'];

  160. 				if ($this->view->is_dir($path)) {

  161. 					$directories[] = $path;

  162. 				} else {

  163. 					$output->writeln("Verifying the content of file \"$path\"");

  164. 					$this->verifyFileContent($path, $output);

  165. 				}

  166. 			}

  167. 		}

  168. 		return 0;

  169. 	}

  170. 

  171. 	/**

  172. 	 * @param string $path

  173. 	 * @param OutputInterface $output

  174. 	 * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion

  175. 	 */

  176. 	private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true): bool {

  177. 		try {

  178. 			/**

  179. 			 * In encryption, the files are read in a block size of 8192 bytes

  180. 			 * Read block size of 8192 and a bit more (808 bytes)

  181. 			 * If there is any problem, the first block should throw the signature

  182. 			 * mismatch error. Which as of now, is enough to proceed ahead to

  183. 			 * correct the encrypted version.

  184. 			 */

  185. 			$handle = $this->view->fopen($path, 'rb');

  186. 

  187. 			if (\fread($handle, 9001) !== false) {

  188. 				$output->writeln("<info>The file \"$path\" is: OK</info>");

  189. 			}

  190. 

  191. 			\fclose($handle);

  192. 

  193. 			return true;

  194. 		} catch (ServerNotAvailableException $e) {

  195. 			// not a "bad signature" error and likely "legacy cipher" exception

  196. 			// this could mean that the file is maybe not encrypted but the encrypted version is set

  197. 			if (!$this->supportLegacy && $ignoreCorrectEncVersionCall === true) {

  198. 				$output->writeln("<info>Attempting to fix the path: \"$path\"</info>");

  199. 				return $this->correctEncryptedVersion($path, $output, true);

  200. 			}

  201. 			return false;

  202. 		} catch (HintException $e) {

  203. 			$this->logger->warning("Issue: " . $e->getMessage());

  204. 			//If allowOnce is set to false, this becomes recursive.

  205. 			if ($ignoreCorrectEncVersionCall === true) {

  206. 				//Lets rectify the file by correcting encrypted version

  207. 				$output->writeln("<info>Attempting to fix the path: \"$path\"</info>");

  208. 				return $this->correctEncryptedVersion($path, $output);

  209. 			}

  210. 			return false;

  211. 		}

  212. 	}

  213. 

  214. 	/**

  215. 	 * @param string $path

  216. 	 * @param OutputInterface $output

  217. 	 * @param bool $includeZero whether to try zero version for unencrypted file

  218. 	 * @return bool

  219. 	 */

  220. 	private function correctEncryptedVersion($path, OutputInterface $output, bool $includeZero = false): bool {

  221. 		$fileInfo = $this->view->getFileInfo($path);

  222. 		if (!$fileInfo) {

  223. 			$output->writeln("<warning>File info not found for file: \"$path\"</warning>");

  224. 			return true;

  225. 		}

  226. 		$fileId = $fileInfo->getId();

  227. 		$encryptedVersion = $fileInfo->getEncryptedVersion();

  228. 		$wrongEncryptedVersion = $encryptedVersion;

  229. 

  230. 		$storage = $fileInfo->getStorage();

  231. 

  232. 		$cache = $storage->getCache();

  233. 		$fileCache = $cache->get($fileId);

  234. 		if (!$fileCache) {

  235. 			$output->writeln("<warning>File cache entry not found for file: \"$path\"</warning>");

  236. 			return true;

  237. 		}

  238. 

  239. 		if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) {

  240. 			$output->writeln("<info>The file: \"$path\" is a share. Please also run the script for the owner of the share</info>");

  241. 			return true;

  242. 		}

  243. 

  244. 		// Save original encrypted version so we can restore it if decryption fails with all version

  245. 		$originalEncryptedVersion = $encryptedVersion;

  246. 		if ($encryptedVersion >= 0) {

  247. 			if ($includeZero) {

  248. 				// try with zero first

  249. 				$cacheInfo = ['encryptedVersion' => 0, 'encrypted' => 0];

  250. 				$cache->put($fileCache->getPath(), $cacheInfo);

  251. 				$output->writeln("<info>Set the encrypted version to 0 (unencrypted)</info>");

  252. 				if ($this->verifyFileContent($path, $output, false) === true) {

  253. 					$output->writeln("<info>Fixed the file: \"$path\" with version 0 (unencrypted)</info>");

  254. 					return true;

  255. 				}

  256. 			}

  257. 

  258. 			//test by decrementing the value till 1 and if nothing works try incrementing

  259. 			$encryptedVersion--;

  260. 			while ($encryptedVersion > 0) {

  261. 				$cacheInfo = ['encryptedVersion' => $encryptedVersion, 'encrypted' => $encryptedVersion];

  262. 				$cache->put($fileCache->getPath(), $cacheInfo);

  263. 				$output->writeln("<info>Decrement the encrypted version to $encryptedVersion</info>");

  264. 				if ($this->verifyFileContent($path, $output, false) === true) {

  265. 					$output->writeln("<info>Fixed the file: \"$path\" with version " . $encryptedVersion . "</info>");

  266. 					return true;

  267. 				}

  268. 				$encryptedVersion--;

  269. 			}

  270. 

  271. 			//So decrementing did not work. Now lets increment. Max increment is till 5

  272. 			$increment = 1;

  273. 			while ($increment <= 5) {

  274. 				/**

  275. 				 * The wrongEncryptedVersion would not be incremented so nothing to worry about here.

  276. 				 * Only the newEncryptedVersion is incremented.

  277. 				 * For example if the wrong encrypted version is 4 then

  278. 				 * cycle1 -> newEncryptedVersion = 5 ( 4 + 1)

  279. 				 * cycle2 -> newEncryptedVersion = 6 ( 4 + 2)

  280. 				 * cycle3 -> newEncryptedVersion = 7 ( 4 + 3)

  281. 				 */

  282. 				$newEncryptedVersion = $wrongEncryptedVersion + $increment;

  283. 

  284. 				$cacheInfo = ['encryptedVersion' => $newEncryptedVersion, 'encrypted' => $newEncryptedVersion];

  285. 				$cache->put($fileCache->getPath(), $cacheInfo);

  286. 				$output->writeln("<info>Increment the encrypted version to $newEncryptedVersion</info>");

  287. 				if ($this->verifyFileContent($path, $output, false) === true) {

  288. 					$output->writeln("<info>Fixed the file: \"$path\" with version " . $newEncryptedVersion . "</info>");

  289. 					return true;

  290. 				}

  291. 				$increment++;

  292. 			}

  293. 		}

  294. 

  295. 		$cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion];

  296. 		$cache->put($fileCache->getPath(), $cacheInfo);

  297. 		$output->writeln("<info>No fix found for \"$path\", restored version to original: $originalEncryptedVersion</info>");

  298. 

  299. 		return false;

  300. 	}

  301. 

  302. 	/**

  303. 	 * Setup user file system

  304. 	 * @param string $uid

  305. 	 */

  306. 	private function setupUserFs($uid): void {

  307. 		\OC_Util::tearDownFS();

  308. 		\OC_Util::setupFS($uid);

  309. 	}

  310. }