diff options
| author | Björn Schießle <schiessle@owncloud.com> | 2014-06-30 21:23:59 +0200 |
|---|---|---|
| committer | Björn Schießle <schiessle@owncloud.com> | 2014-06-30 21:23:59 +0200 |
| commit | f3973c1c205893e9260b3684a20acc0ec0a9ae13 (patch) | |
| tree | d828a26d08e18e2068b3bf2c4f2df3f69a6ad04a | |
| parent | 07ba9442db227cd46e66e10720c35a979d442431 (diff) | |
| parent | 618c9fd033231fe113c4e89607b4f0f213e81d81 (diff) | |
| download | nextcloud-server-f3973c1c205893e9260b3684a20acc0ec0a9ae13.tar.gz nextcloud-server-f3973c1c205893e9260b3684a20acc0ec0a9ae13.zip | |
Merge pull request #9240 from owncloud/enc_check_if_file_exists
[encryption] check if file still exists before removing encryption keys
| -rwxr-xr-x | apps/files_encryption/lib/keymanager.php | 64 | ||||
| -rw-r--r-- | apps/files_encryption/tests/keymanager.php | 211 |
2 files changed, 237 insertions, 38 deletions
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index e71fec56854..70820a6f940 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -228,24 +228,23 @@ class Keymanager { } $result = false; + $fileExists = $view->file_exists('/' . $userId . '/files/' . $trimmed); - if ($view->is_dir($keyPath)) { - + if ($view->is_dir($keyPath) && !$fileExists) { + \OCP\Util::writeLog('files_encryption', 'deleteFileKey: delete file key: ' . $keyPath, \OCP\Util::DEBUG); $result = $view->unlink($keyPath); + } elseif ($view->file_exists($keyPath . '.key') && !$fileExists) { + \OCP\Util::writeLog('files_encryption', 'deleteFileKey: delete file key: ' . $keyPath, \OCP\Util::DEBUG); + $result = $view->unlink($keyPath . '.key'); - } else { - if ($view->file_exists($keyPath . '.key')) { - - $result = $view->unlink($keyPath . '.key'); - - } } - if (!$result) { - + if ($fileExists) { \OCP\Util::writeLog('Encryption library', - 'Could not delete keyfile; does not exist: "' . $keyPath, \OCP\Util::ERROR); - + 'Did not delete the file key, file still exists: ' . '/' . $userId . '/files/' . $trimmed, \OCP\Util::ERROR); + } elseif (!$result) { + \OCP\Util::writeLog('Encryption library', + 'Could not delete keyfile; does not exist: "' . $keyPath, \OCP\Util::ERROR); } return $result; @@ -403,6 +402,12 @@ class Keymanager { $filePath = ltrim($filePath, '/'); + if ($view->file_exists('/' . $userId . '/files/' . $filePath)) { + \OCP\Util::writeLog('Encryption library', + 'File still exists, stop deleting share keys!', \OCP\Util::ERROR); + return false; + } + if ($filePath === '') { \OCP\Util::writeLog('Encryption library', 'Can\'t delete share-keys empty path given!', \OCP\Util::ERROR); @@ -417,19 +422,24 @@ class Keymanager { $baseDir = $userId . '/files_encryption/share-keys/'; } + $result = true; if ($view->is_dir($baseDir . $filePath)) { - $view->unlink($baseDir . $filePath); + \OCP\Util::writeLog('files_encryption', 'delAllShareKeys: delete share keys: ' . $baseDir . $filePath, \OCP\Util::DEBUG); + $result = $view->unlink($baseDir . $filePath); } else { $parentDir = dirname($baseDir . $filePath); $filename = pathinfo($filePath, PATHINFO_BASENAME); foreach($view->getDirectoryContent($parentDir) as $content) { $path = $content['path']; if (self::getFilenameFromShareKey($content['name']) === $filename) { - $view->unlink('/' . $userId . '/' . $path); + \OCP\Util::writeLog('files_encryption', 'dellAllShareKeys: delete share keys: ' . '/' . $userId . '/' . $path, \OCP\Util::DEBUG); + $result &= $view->unlink('/' . $userId . '/' . $path); } } } + + return (bool)$result; } /** @@ -454,18 +464,23 @@ class Keymanager { if ($view->is_dir($shareKeyPath)) { - self::recursiveDelShareKeys($shareKeyPath, $userIds, $view); + self::recursiveDelShareKeys($shareKeyPath, $userIds, $owner, $view); } else { foreach ($userIds as $userId) { - if (!$view->unlink($shareKeyPath . '.' . $userId . '.shareKey')) { + if ($userId === $owner && $view->file_exists('/' . $owner . '/files/' . $filename)) { + \OCP\Util::writeLog('files_encryption', 'Tried to delete owner key, but the file still exists!', \OCP\Util::FATAL); + continue; + } + $result = $view->unlink($shareKeyPath . '.' . $userId . '.shareKey'); + \OCP\Util::writeLog('files_encryption', 'delShareKey: delete share key: ' . $shareKeyPath . '.' . $userId . '.shareKey' , \OCP\Util::DEBUG); + if (!$result) { \OCP\Util::writeLog('Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OCP\Util::ERROR); } - } } @@ -477,19 +492,30 @@ class Keymanager { * * @param string $dir directory * @param array $userIds user ids for which the share keys should be deleted + * @param string $owner owner of the file + * @param \OC\Files\View $view view relative to data/ */ - private static function recursiveDelShareKeys($dir, $userIds, $view) { + private static function recursiveDelShareKeys($dir, $userIds, $owner, $view) { $dirContent = $view->opendir($dir); + $dirSlices = explode('/', ltrim($dir, '/')); + $realFileDir = '/' . $owner . '/files/' . implode('/', array_slice($dirSlices, 3)) . '/'; if (is_resource($dirContent)) { while (($file = readdir($dirContent)) !== false) { if (!\OC\Files\Filesystem::isIgnoredDir($file)) { if ($view->is_dir($dir . '/' . $file)) { - self::recursiveDelShareKeys($dir . '/' . $file, $userIds, $view); + self::recursiveDelShareKeys($dir . '/' . $file, $userIds, $owner, $view); } else { + $realFile = $realFileDir . self::getFilenameFromShareKey($file); foreach ($userIds as $userId) { if (preg_match("/(.*)." . $userId . ".shareKey/", $file)) { + if ($userId === $owner && + $view->file_exists($realFile)) { + \OCP\Util::writeLog('files_encryption', 'original file still exists, keep owners share key!', \OCP\Util::ERROR); + continue; + } + \OCP\Util::writeLog('files_encryption', 'recursiveDelShareKey: delete share key: ' . $file, \OCP\Util::DEBUG); $view->unlink($dir . '/' . $file); } } diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index 3339f8c73e6..eb7583650a8 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -27,7 +27,7 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { public $userId; public $pass; - public $stateFilesTrashbin; + public static $stateFilesTrashbin; /** * @var OC\Files\View */ @@ -50,6 +50,12 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { // disable file proxy by default \OC_FileProxy::$enabled = false; + // remember files_trashbin state + self::$stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); + + // we don't want to tests with app files_trashbin enabled + \OC_App::disable('files_trashbin'); + // create test user \OC_User::deleteUser(\Test_Encryption_Keymanager::TEST_USER); \Test_Encryption_Util::loginHelper(\Test_Encryption_Keymanager::TEST_USER, true); @@ -70,28 +76,17 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $this->view = new \OC\Files\View('/'); - \OC_User::setUserId(\Test_Encryption_Keymanager::TEST_USER); + \Test_Encryption_Util::loginHelper(Test_Encryption_Keymanager::TEST_USER); $this->userId = \Test_Encryption_Keymanager::TEST_USER; $this->pass = \Test_Encryption_Keymanager::TEST_USER; $userHome = \OC_User::getHome($this->userId); $this->dataDir = str_replace('/' . $this->userId, '', $userHome); - - // remember files_trashbin state - $this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); - - // we don't want to tests with app files_trashbin enabled - \OC_App::disable('files_trashbin'); } function tearDown() { - // reset app files_trashbin - if ($this->stateFilesTrashbin) { - OC_App::enable('files_trashbin'); - } - else { - OC_App::disable('files_trashbin'); - } + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys'); + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles'); } public static function tearDownAfterClass() { @@ -99,6 +94,10 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { // cleanup test user \OC_User::deleteUser(\Test_Encryption_Keymanager::TEST_USER); + // reset app files_trashbin + if (self::$stateFilesTrashbin) { + OC_App::enable('files_trashbin'); + } } /** @@ -204,14 +203,19 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { /** * @medium */ - function testRecursiveDelShareKeys() { + function testRecursiveDelShareKeysFolder() { + + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1/existingFile.txt', 'data'); - // create folder structure + // create folder structure for some dummy share key files $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1'); $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/subfolder'); $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/subfolder/subsubfolder'); // create some dummy share keys + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/file1.user1.shareKey', 'data'); $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/file2.user2.shareKey', 'data'); $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/file2.user3.shareKey', 'data'); @@ -221,10 +225,12 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/subfolder/subsubfolder/file2.user3.shareKey', 'data'); // recursive delete share keys from user1 and user2 - Encryption\Keymanager::delShareKey($this->view, array('user1', 'user2'), '/folder1/'); + Encryption\Keymanager::delShareKey($this->view, array('user1', 'user2', Test_Encryption_Keymanager::TEST_USER), '/folder1/'); // check if share keys from user1 and user2 are deleted $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.user1.shareKey')); + $this->assertFalse($this->view->file_exists( '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/file1.user1.shareKey')); $this->assertFalse($this->view->file_exists( '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/file2.user2.shareKey')); @@ -241,8 +247,175 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { $this->assertTrue($this->view->file_exists( '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/subfolder/file2.user3.shareKey')); + // owner key from existing file should still exists because the file is still there + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); + // cleanup - $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys'); + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + + } + + /** + * @medium + */ + function testRecursiveDelShareKeysFile() { + + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1/existingFile.txt', 'data'); + + // create folder structure for some dummy share key files + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1'); + + // create some dummy share keys + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); + + // recursive delete share keys from user1 and user2 + Encryption\Keymanager::delShareKey($this->view, array('user1', 'user2', Test_Encryption_Keymanager::TEST_USER), '/folder1/existingFile.txt'); + + // check if share keys from user1 and user2 are deleted + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.user1.shareKey')); + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.user2.shareKey')); + + // check if share keys for user3 and owner + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey')); + // cleanup + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + + } + + /** + * @medium + */ + function testDeleteFileKey() { + + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1/existingFile.txt', 'data'); + + // create folder structure for some dummy file key files + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1'); + + // create dummy keyfile + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/dummyFile.txt.key', 'data'); + + // recursive delete share keys from user1 and user2 + $result = Encryption\Keymanager::deleteFileKey($this->view, '/folder1/existingFile.txt'); + $this->assertFalse($result); + + $result2 = Encryption\Keymanager::deleteFileKey($this->view, '/folder1/dummyFile.txt'); + $this->assertTrue($result2); + + // check if file key from dummyFile was deleted + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/dummyFile.txt.key')); + + // check if file key from existing file still exists + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/existingFile.txt.key')); + + // cleanup + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + + } + + /** + * @medium + */ + function testDeleteFileKeyFolder() { + + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1/existingFile.txt', 'data'); + + // create folder structure for some dummy file key files + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1'); + + // create dummy keyfile + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/dummyFile.txt.key', 'data'); + + // recursive delete share keys from user1 and user2 + $result = Encryption\Keymanager::deleteFileKey($this->view, '/folder1'); + $this->assertFalse($result); + + // all file keys should still exists if we try to delete a folder with keys for which some files still exists + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/dummyFile.txt.key')); + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/existingFile.txt.key')); + + // delete folder + $this->view->unlink('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + // create dummy keyfile + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1/dummyFile.txt.key', 'data'); + + // now file keys should be deleted since the folder no longer exists + $result = Encryption\Keymanager::deleteFileKey($this->view, '/folder1'); + $this->assertTrue($result); + + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/keyfiles/folder1')); + + // cleanup + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + + } + + function testDelAllShareKeysFile() { + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1/existingFile.txt', 'data'); + + // create folder structure for some dummy share key files + $this->view->mkdir('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1'); + + // create some dummy share keys for the existing file + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); + + // create some dummy share keys for a non-existing file + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.user1.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.user2.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.user3.shareKey', 'data'); + $this->view->file_put_contents('/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); + + // try to del all share keys from a existing file, should fail because the file still exists + $result = Encryption\Keymanager::delAllShareKeys($this->view, Test_Encryption_Keymanager::TEST_USER, 'folder1/existingFile.txt'); + $this->assertFalse($result); + + // check if share keys still exists + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey')); + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey')); + $this->assertTrue($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey')); + + // try to del all share keys froma file, should fail because the file still exists + $result2 = Encryption\Keymanager::delAllShareKeys($this->view, Test_Encryption_Keymanager::TEST_USER, 'folder1/nonexistingFile.txt'); + $this->assertTrue($result2); + + // check if share keys are really gone + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.user1.shareKey')); + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.user2.shareKey')); + $this->assertFalse($this->view->file_exists( + '/'.Test_Encryption_Keymanager::TEST_USER.'/files_encryption/share-keys/folder1/nonexistingFile.txt.user3.shareKey')); + + // cleanup + $this->view->deleteAll('/'.Test_Encryption_Keymanager::TEST_USER.'/files/folder1'); } |