Merge pull request #15938 from owncloud/enc_update_recovery_share_key

[encryption] check recovery key setting for the correct user
author: Björn Schießle <bjoern@schiessle.org> 2015-05-05 10:48:09 +0200
committer: Björn Schießle <bjoern@schiessle.org> 2015-05-05 10:48:09 +0200
commit: 2ce01ee0bfd61a6b947154214908ccf9c4fc877f (patch)
tree: 27003a0380a692edbdd2e2d4f1b0aa6f022dc88a /apps/encryption/lib
parent: a7deba74a7a42cd20d8ad9604ed8a83e78ff0bb6 (diff)
parent: 31b65749dd69baded46e5924082db5de856e7cea (diff)
download: nextcloud-server-2ce01ee0bfd61a6b947154214908ccf9c4fc877f.tar.gz
nextcloud-server-2ce01ee0bfd61a6b947154214908ccf9c4fc877f.zip
4 files changed, 28 insertions, 40 deletions
diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php
index 29fda09e87f..a4abcd7dc5a 100644
--- a/apps/encryption/lib/crypto/encryption.php
+++ b/apps/encryption/lib/crypto/encryption.php
@@ -190,7 +190,7 @@ class Encryption implements IEncryptionModule {
 				}
 			}
 
-			$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys);
+			$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user);
 
 			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
 			$this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
@@ -287,7 +287,7 @@ class Encryption implements IEncryptionModule {
 	 */
 	public function update($path, $uid, array $accessList) {
 		$fileKey = $this->keyManager->getFileKey($path, $uid);
-
+		
 		if (!empty($fileKey)) {
 
 			$publicKeys = array();
@@ -295,7 +295,7 @@ class Encryption implements IEncryptionModule {
 				$publicKeys[$user] = $this->keyManager->getPublicKey($user);
 			}
 
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys);
+			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
 
 			$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
 
@@ -314,28 +314,6 @@ class Encryption implements IEncryptionModule {
 	}
 
 	/**
-	 * add system keys such as the public share key and the recovery key
-	 *
-	 * @param array $accessList
-	 * @param array $publicKeys
-	 * @return array
-	 */
-	public function addSystemKeys(array $accessList, array $publicKeys) {
-		if (!empty($accessList['public'])) {
-			$publicKeys[$this->keyManager->getPublicShareKeyId()] = $this->keyManager->getPublicShareKey();
-		}
-
-		if ($this->keyManager->recoveryKeyExists() &&
-			$this->util->isRecoveryEnabledForUser()) {
-
-			$publicKeys[$this->keyManager->getRecoveryKeyId()] = $this->keyManager->getRecoveryKey();
-		}
-
-		return $publicKeys;
-	}
-
-
-	/**
 	 * should the file be encrypted or not
 	 *
 	 * @param string $path
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index bde8212e9dc..aa9614812bc 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -531,10 +531,11 @@ class KeyManager {
 	 *
 	 * @param array $accessList
 	 * @param array $publicKeys
+	 * @param string $uid
 	 * @return array
 	 * @throws PublicKeyMissingException
 	 */
-	public function addSystemKeys(array $accessList, array $publicKeys) {
+	public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
 		if (!empty($accessList['public'])) {
 			$publicShareKey = $this->getPublicShareKey();
 			if (empty($publicShareKey)) {
@@ -544,7 +545,7 @@ class KeyManager {
 		}
 
 		if ($this->recoveryKeyExists() &&
-			$this->util->isRecoveryEnabledForUser()) {
+			$this->util->isRecoveryEnabledForUser($uid)) {
 
 			$publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
 		}
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php
index cfaa3e49619..61a659e484e 100644
--- a/apps/encryption/lib/recovery.php
+++ b/apps/encryption/lib/recovery.php
@@ -228,7 +228,7 @@ class Recovery {
 						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
 					}
 
-					$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys);
+					$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID());
 
 					$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
 					$this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
@@ -264,33 +264,39 @@ class Recovery {
 		$privateKey = $this->crypt->decryptPrivateKey($encryptedKey,
 			$recoveryPassword);
 
-		$this->recoverAllFiles('/' . $user . '/files/', $privateKey);
+		$this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
 	}
 
 	/**
-	 * @param $path
-	 * @param $privateKey
+	 * recover users files
+	 *
+	 * @param string $path
+	 * @param string $privateKey
+	 * @param string $uid
 	 */
-	private function recoverAllFiles($path, $privateKey) {
+	private function recoverAllFiles($path, $privateKey, $uid) {
 		$dirContent = $this->view->getDirectoryContent($path);
 
 		foreach ($dirContent as $item) {
 			// Get relative path from encryption/keyfiles
 			$filePath = $item->getPath();
 			if ($this->view->is_dir($filePath)) {
-				$this->recoverAllFiles($filePath . '/', $privateKey);
+				$this->recoverAllFiles($filePath . '/', $privateKey, $uid);
 			} else {
-				$this->recoverFile($filePath, $privateKey);
+				$this->recoverFile($filePath, $privateKey, $uid);
 			}
 		}
 
 	}
 
 	/**
+	 * recover file
+	 *
 	 * @param string $path
 	 * @param string $privateKey
+	 * @param string $uid
 	 */
-	private function recoverFile($path, $privateKey) {
+	private function recoverFile($path, $privateKey, $uid) {
 		$encryptedFileKey = $this->keyManager->getEncryptedFileKey($path);
 		$shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId());
 
@@ -303,11 +309,11 @@ class Recovery {
 		if (!empty($fileKey)) {
 			$accessList = $this->file->getAccessList($path);
 			$publicKeys = array();
-			foreach ($accessList['users'] as $uid) {
-				$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+			foreach ($accessList['users'] as $user) {
+				$publicKeys[$user] = $this->keyManager->getPublicKey($user);
 			}
 
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys);
+			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
 
 			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
 			$this->keyManager->setAllFileKeys($path, $encryptedKeyfiles);
diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php
index 04e04028caf..51d5241122f 100644
--- a/apps/encryption/lib/util.php
+++ b/apps/encryption/lib/util.php
@@ -77,10 +77,13 @@ class Util {
 	}
 
 	/**
+	 * check if recovery key is enabled for user
+	 *
+	 * @param string $uid
 	 * @return bool
 	 */
-	public function isRecoveryEnabledForUser() {
-		$recoveryMode = $this->config->getUserValue($this->user->getUID(),
+	public function isRecoveryEnabledForUser($uid) {
+		$recoveryMode = $this->config->getUserValue($uid,
 			'encryption',
 			'recoveryEnabled',
 			0);
author	Björn Schießle <bjoern@schiessle.org>	2015-05-05 10:48:09 +0200
committer	Björn Schießle <bjoern@schiessle.org>	2015-05-05 10:48:09 +0200
commit	2ce01ee0bfd61a6b947154214908ccf9c4fc877f (patch)
tree	27003a0380a692edbdd2e2d4f1b0aa6f022dc88a /apps/encryption/lib
parent	a7deba74a7a42cd20d8ad9604ed8a83e78ff0bb6 (diff)
parent	31b65749dd69baded46e5924082db5de856e7cea (diff)
download	nextcloud-server-2ce01ee0bfd61a6b947154214908ccf9c4fc877f.tar.gz nextcloud-server-2ce01ee0bfd61a6b947154214908ccf9c4fc877f.zip