diff options
| author | Frank Karlitschek <karlitschek@kde.org> | 2011-08-11 17:49:36 +0200 |
|---|---|---|
| committer | Frank Karlitschek <karlitschek@kde.org> | 2011-08-11 17:49:36 +0200 |
| commit | aa582ec43a9060f5f9fba6540d1ea4e24bc70330 (patch) | |
| tree | aefed6544e55ccd07b9367c523859387c97d00d3 | |
| parent | 4a334f0d12c70196cb2e09515c7580544e896d98 (diff) | |
| download | nextcloud-server-aa582ec43a9060f5f9fba6540d1ea4e24bc70330.tar.gz nextcloud-server-aa582ec43a9060f5f9fba6540d1ea4e24bc70330.zip | |
more work on encryption
| -rwxr-xr-x | lib/crypt.php | 54 | ||||
| -rw-r--r-- | lib/user.php | 1 | ||||
| -rw-r--r-- | lib/util.php | 2 | ||||
| -rw-r--r-- | settings/ajax/changepassword.php | 1 |
4 files changed, 48 insertions, 10 deletions
diff --git a/lib/crypt.php b/lib/crypt.php index d75515cf2de..83e6ac4cde0 100755 --- a/lib/crypt.php +++ b/lib/crypt.php @@ -24,9 +24,10 @@ // Todo: // Crypt/decrypt button in the userinterface +// setting if crypto should be on by default // transparent decrypt/encrpt in filesystem.php // don't use a password directly as encryption key. but a key which is stored on the server and encrypted with the user password. -> password change faster - +// check if the block lenght of the encrypted data stays the same require_once('Crypt_Blowfish/Blowfish.php'); @@ -38,15 +39,50 @@ class OC_Crypt { static $encription_extension='.encrypted'; - public static function createkey( $passcode) { - // generate a random key - $key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999); + public static function init($login,$password) { + $_SESSION['user_password'] = $password; // save the password as passcode for the encryption + if(OC_User::isLoggedIn()){ + // does key exist? + if(!file_exists(OC_Config::getValue( "datadirectory").'/'.$login.'/encryption.key')){ + OC_Crypt::createkey($_SESSION['user_password']); + } + } + } + - // encrypt the key with the passcode of the user - $enckey=OC_Crypt::encrypt($key,$passcode); - // Write the file - file_put_contents( "$SERVERROOT/config/encryption.key", $enckey ); + public static function createkey($passcode) { + if(OC_User::isLoggedIn()){ + // generate a random key + $key=mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999).mt_rand(10000,99999); + + // encrypt the key with the passcode of the user + $enckey=OC_Crypt::encrypt($key,$passcode); + + // Write the file + $username=OC_USER::getUser(); + file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $enckey ); + } + } + + public static function changekeypasscode( $newpasscode) { + if(OC_User::isLoggedIn()){ + $username=OC_USER::getUser(); + + // read old key + $key=file_get_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key'); + + // decrypt key with old passcode + $key=OC_Crypt::decrypt($key, $_SESSION['user_password']); + + // encrypt again with new passcode + $key=OC_Crypt::encrypt($key,$newpassword); + + // store the new key + file_put_contents(OC_Config::getValue( "datadirectory").'/'.$username.'/encryption.key', $key ); + + $_SESSION['user_password']=$newpasscode; + } } /** @@ -59,7 +95,7 @@ class OC_Crypt { */ public static function encrypt( $content, $key) { $bf = new Crypt_Blowfish($key); - return($bf->encrypt($contents)); + return($bf->encrypt($content)); } diff --git a/lib/user.php b/lib/user.php index a2ede8234be..e53ba145c9e 100644 --- a/lib/user.php +++ b/lib/user.php @@ -193,6 +193,7 @@ class OC_User { if( $run && self::checkPassword( $uid, $password )){ $_SESSION['user_id'] = $uid; + OC_Crypt::init($uid,$password); OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid )); return true; } diff --git a/lib/util.php b/lib/util.php index 8b8a27657b2..83d39b3dd21 100644 --- a/lib/util.php +++ b/lib/util.php @@ -190,7 +190,7 @@ class OC_Util { global $SERVERROOT; global $CONFIG_DATADIRECTORY; - $CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" );; + $CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", "$SERVERROOT/data" ); $CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", "$SERVERROOT/backup" ); $CONFIG_INSTALLED = OC_Config::getValue( "installed", false ); $errors=array(); diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index c8c1f740889..750edf17696 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -29,6 +29,7 @@ if( !OC_User::checkPassword( $_SESSION["user_id"], $_POST["oldpassword"] )){ // Change password if( OC_User::setPassword( $_SESSION["user_id"], $_POST["password"] )){ echo json_encode( array( "status" => "success", "data" => array( "message" => $l->t("Password changed") ))); + OC_Crypt::changekeypasscode( $_POST["password"]) { } else{ echo json_encode( array( "status" => "error", "data" => array( "message" => $l->t("Unable to change password") ))); |