summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2015-03-27 14:58:33 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2015-03-27 14:58:33 +0100
commit98bc1ad70a26a02f2c4ea87809613f9fb1dc31fd (patch)
tree42a6b8acd7a94433a37ba85054d40d9b1a25c542
parente918bcf2127a727f401f116625b2ea81978d6fdd (diff)
parentb5fad75e579b9aeada87e63b4e7866956e1e20ff (diff)
downloadnextcloud-server-98bc1ad70a26a02f2c4ea87809613f9fb1dc31fd.tar.gz
nextcloud-server-98bc1ad70a26a02f2c4ea87809613f9fb1dc31fd.zip
Merge pull request #15265 from owncloud/enc2_fixes
core improvements for Encryption 2.0
-rw-r--r--lib/private/encryption/update.php2
-rw-r--r--lib/private/encryption/util.php19
-rw-r--r--lib/private/files/storage/wrapper/encryption.php2
-rw-r--r--lib/public/encryption/iencryptionmodule.php3
-rw-r--r--lib/public/encryption/keys/istorage.php8
-rw-r--r--tests/lib/encryption/utiltest.php35
6 files changed, 63 insertions, 6 deletions
diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php
index 649cf0285a6..06dc330151e 100644
--- a/lib/private/encryption/update.php
+++ b/lib/private/encryption/update.php
@@ -104,7 +104,7 @@ class Update {
foreach ($allFiles as $path) {
$usersSharing = $this->util->getSharingUsersArray($path);
- $encryptionModule->update($absPath, $usersSharing);
+ $encryptionModule->update($absPath, $this->uid, $usersSharing);
}
}
diff --git a/lib/private/encryption/util.php b/lib/private/encryption/util.php
index 2c6ff266841..85e852ec2c9 100644
--- a/lib/private/encryption/util.php
+++ b/lib/private/encryption/util.php
@@ -389,9 +389,22 @@ class Util {
* @return boolean
*/
public function isExcluded($path) {
- $root = explode('/', $path, 2);
- if (isset($root[0])) {
- if (in_array($root[0], $this->excludedPaths)) {
+ $normalizedPath = \OC\Files\Filesystem::normalizePath($path);
+ $root = explode('/', $normalizedPath, 4);
+ if (count($root) > 2) {
+
+ //detect system wide folders
+ if (in_array($root[1], $this->excludedPaths)) {
+ return true;
+ }
+
+ $v1 = $this->userManager->userExists($root[1]);
+ $v2 = in_array($root[2], $this->excludedPaths);
+
+ // detect user specific folders
+ if ($this->userManager->userExists($root[1])
+ && in_array($root[2], $this->excludedPaths)) {
+
return true;
}
}
diff --git a/lib/private/files/storage/wrapper/encryption.php b/lib/private/files/storage/wrapper/encryption.php
index 44fc2124f7a..0e70c99c8d7 100644
--- a/lib/private/files/storage/wrapper/encryption.php
+++ b/lib/private/files/storage/wrapper/encryption.php
@@ -254,7 +254,7 @@ class Encryption extends Wrapper {
'" not found, file will be stored unencrypted');
}
- if($shouldEncrypt === true && !$this->util->isExcluded($path) && $encryptionModule !== null) {
+ if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) {
$source = $this->storage->fopen($path, $mode);
$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
$this->uid, $encryptionModule, $this->storage, $this, $this->util, $mode,
diff --git a/lib/public/encryption/iencryptionmodule.php b/lib/public/encryption/iencryptionmodule.php
index 2527e35e639..7265fee1259 100644
--- a/lib/public/encryption/iencryptionmodule.php
+++ b/lib/public/encryption/iencryptionmodule.php
@@ -84,10 +84,11 @@ interface IEncryptionModule {
* update encrypted file, e.g. give additional users access to the file
*
* @param string $path path to the file which should be updated
+ * @param string $uid of the user who performs the operation
* @param array $accessList who has access to the file contains the key 'users' and 'public'
* @return boolean
*/
- public function update($path, $accessList);
+ public function update($path, $uid, $accessList);
/**
* should the file be encrypted or not
diff --git a/lib/public/encryption/keys/istorage.php b/lib/public/encryption/keys/istorage.php
index 24f6efd6e51..4c2b01f4ad0 100644
--- a/lib/public/encryption/keys/istorage.php
+++ b/lib/public/encryption/keys/istorage.php
@@ -105,6 +105,14 @@ interface IStorage {
public function deleteFileKey($path, $keyId);
/**
+ * delete all file keys for a given file
+ *
+ * @param string $path to the file
+ * @return boolean
+ */
+ public function deleteAllFileKeys($path);
+
+ /**
* delete system-wide encryption keys not related to a specific user,
* e.g something like a key for public link shares
*
diff --git a/tests/lib/encryption/utiltest.php b/tests/lib/encryption/utiltest.php
index 00a9ab9c578..672f9ff5e97 100644
--- a/tests/lib/encryption/utiltest.php
+++ b/tests/lib/encryption/utiltest.php
@@ -98,4 +98,39 @@ class UtilTest extends TestCase {
$u->createHeader($header, $em);
}
+ /**
+ * @dataProvider providePathsForTestIsExcluded
+ */
+ public function testIsEcluded($path, $expected) {
+ $this->userManager
+ ->expects($this->any())
+ ->method('userExists')
+ ->will($this->returnCallback(array($this, 'isExcludedCallback')));
+
+ $u = new Util($this->view, $this->userManager);
+
+ $this->assertSame($expected,
+ $u->isExcluded($path)
+ );
+ }
+
+ public function providePathsForTestIsExcluded() {
+ return array(
+ array('files_encryption/foo.txt', true),
+ array('test/foo.txt', false),
+ array('/user1/files_encryption/foo.txt', true),
+ array('/user1/files/foo.txt', false),
+
+ );
+ }
+
+ public function isExcludedCallback() {
+ $args = func_get_args();
+ if ($args[0] === 'user1') {
+ return true;
+ }
+
+ return false;
+ }
+
}