diff options
author | Björn Schießle <bjoern@schiessle.org> | 2013-06-13 03:54:19 -0700 |
---|---|---|
committer | Björn Schießle <bjoern@schiessle.org> | 2013-06-13 03:54:19 -0700 |
commit | dd8011925acbd701de10e604b377c3d7f01aeff8 (patch) | |
tree | 30938e61873554edd056de942189ac3851e9d488 /apps | |
parent | 54f3174665262a5d1b1e1135667342b17b5d05b0 (diff) | |
parent | bc2862fcb947ac65c80b5d49ea8f2c2271eb8021 (diff) | |
download | nextcloud-server-dd8011925acbd701de10e604b377c3d7f01aeff8.tar.gz nextcloud-server-dd8011925acbd701de10e604b377c3d7f01aeff8.zip |
Merge pull request #3552 from owncloud/files_encryption_upgrade_fix
Fix files_encryption app upgrade from 4.5 to 5.0
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files_encryption/appinfo/app.php | 59 | ||||
-rw-r--r-- | apps/files_encryption/hooks/hooks.php | 2 | ||||
-rwxr-xr-x | apps/files_encryption/lib/crypt.php | 26 | ||||
-rw-r--r-- | apps/files_encryption/lib/proxy.php | 2 | ||||
-rw-r--r-- | apps/files_encryption/lib/util.php | 42 | ||||
-rwxr-xr-x | apps/files_encryption/tests/crypt.php | 18 | ||||
-rwxr-xr-x | apps/files_encryption/tests/util.php | 2 |
7 files changed, 52 insertions, 99 deletions
diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 99bdc2c2470..f69e04b5bbf 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -10,45 +10,50 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php'; OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php'; OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php'; -OC_FileProxy::register(new OCA\Encryption\Proxy()); +if (!OC_Config::getValue('maintenance', false)) { + OC_FileProxy::register(new OCA\Encryption\Proxy()); -// User related hooks -OCA\Encryption\Helper::registerUserHooks(); + // User related hooks + OCA\Encryption\Helper::registerUserHooks(); -// Sharing related hooks -OCA\Encryption\Helper::registerShareHooks(); + // Sharing related hooks + OCA\Encryption\Helper::registerShareHooks(); -// Filesystem related hooks -OCA\Encryption\Helper::registerFilesystemHooks(); + // Filesystem related hooks + OCA\Encryption\Helper::registerFilesystemHooks(); -stream_wrapper_register('crypt', 'OCA\Encryption\Stream'); + stream_wrapper_register('crypt', 'OCA\Encryption\Stream'); -// check if we are logged in -if (OCP\User::isLoggedIn()) { + // check if we are logged in + if (OCP\User::isLoggedIn()) { - // ensure filesystem is loaded - if(!\OC\Files\Filesystem::$loaded) { - \OC_Util::setupFS(); - } + // ensure filesystem is loaded + if (!\OC\Files\Filesystem::$loaded) { + \OC_Util::setupFS(); + } - $view = new OC_FilesystemView('/'); - $session = new \OCA\Encryption\Session($view); + $view = new OC_FilesystemView('/'); + $session = new \OCA\Encryption\Session($view); - // check if user has a private key - if ( - !$session->getPrivateKey(\OCP\USER::getUser()) - && OCA\Encryption\Crypt::mode() === 'server' - ) { + // check if user has a private key + if ( + !$session->getPrivateKey(\OCP\USER::getUser()) + && OCA\Encryption\Crypt::mode() === 'server' + ) { - // Force the user to log-in again if the encryption key isn't unlocked - // (happens when a user is logged in before the encryption app is - // enabled) - OCP\User::logout(); + // Force the user to log-in again if the encryption key isn't unlocked + // (happens when a user is logged in before the encryption app is + // enabled) + OCP\User::logout(); - header("Location: " . OC::$WEBROOT . '/'); + header("Location: " . OC::$WEBROOT . '/'); - exit(); + exit(); + } } +} else { + // logout user if we are in maintenance to force re-login + OCP\User::logout(); } // Register settings scripts diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 7e68f476a7f..0580b713d1a 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -84,7 +84,7 @@ class Hooks { && $encLegacyKey = $userView->file_get_contents('encryption.key')
) {
- $plainLegacyKey = Crypt::legacyBlockDecrypt($encLegacyKey, $params['password']);
+ $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
$session->setLegacyKey($plainLegacyKey);
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index ddeb3590f60..ced9ab7c676 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -608,7 +608,7 @@ class Crypt { *
* This function decrypts an content
*/
- private static function legacyDecrypt($content, $passphrase = '') {
+ public static function legacyDecrypt($content, $passphrase = '') {
$bf = self::getBlowfish($passphrase);
@@ -637,28 +637,4 @@ class Crypt { }
}
- /**
- * @param $legacyEncryptedContent
- * @param $legacyPassphrase
- * @param $publicKeys
- * @return array
- */
- public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) {
-
- $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);
-
- // Encrypt plain data, generate keyfile & encrypted file
- $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);
-
- // Encrypt plain keyfile to multiple sharefiles
- $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);
-
- return array(
- 'data' => $cryptedData['encrypted'],
- 'filekey' => $multiEncrypted['data'],
- 'sharekeys' => $multiEncrypted['keys']
- );
-
- }
-
}
\ No newline at end of file diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 0df34a38bd7..735eba911a9 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -256,6 +256,8 @@ class Proxy extends \OC_FileProxy { */ public function postFopen($path, &$result) { + $path = \OC\Files\Filesystem::normalizePath($path); + if (!$result) { return $result; diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index b6e3543bca7..463e4fae794 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -725,40 +725,28 @@ class Util { // Fetch data from file $legacyData = $this->view->file_get_contents($legacyFile['path']); - $sharingEnabled = \OCP\Share::isEnabled(); - - // if file exists try to get sharing users - if ($this->view->file_exists($legacyFile['path'])) { - $uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId); - } else { - $uniqueUserIds[] = $this->userId; - } - - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); - - // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys ); + // decrypt data, generate catfile + $decrypted = Crypt::legacyBlockDecrypt($legacyData, $legacyPassphrase); $rawPath = $legacyFile['path']; - $relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath); - // Save keyfile - Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); + // enable proxy the ensure encryption is handled + \OC_FileProxy::$enabled = true; + + // Open enc file handle for binary writing, with same filename as original plain file + $encHandle = $this->view->fopen( $rawPath, 'wb' ); - // Save sharekeys to user folders - Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']); + if (is_resource($encHandle)) { - // Overwrite the existing file with the encrypted one - $this->view->file_put_contents($rawPath, $recrypted['data']); + // write data to stream + fwrite($encHandle, $decrypted); - $size = strlen($recrypted['data']); + // close stream + fclose($encHandle); + } - // Add the file to the cache - \OC\Files\Filesystem::putFileInfo($rawPath, array( - 'encrypted' => true, - 'size' => $size - ), ''); + // disable proxy to prevent file being encrypted twice + \OC_FileProxy::$enabled = false; } } diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 341904b1189..c105e5ad319 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -613,24 +613,6 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { /** * @medium - * @brief test decryption using legacy blowfish method - * @depends testLegacyEncryptLong - */ - function testLegacyKeyRecryptKeyfileEncrypt($crypted) { - - $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey)); - - $this->assertNotEquals($this->dataLong, $recrypted['data']); - - return $recrypted; - - # TODO: search inencrypted text for actual content to ensure it - # genuine transformation - - } - - /** - * @medium */ function testRenameFile() { diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php index 14caf1105de..cb10befc8e4 100755 --- a/apps/files_encryption/tests/util.php +++ b/apps/files_encryption/tests/util.php @@ -75,7 +75,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { $this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt'); $this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt'); $this->legacyEncryptedDataKey = realpath(dirname(__FILE__) . '/encryption.key'); - $this->legacyKey = '30943623843030686906'; + $this->legacyKey = "30943623843030686906\0\0\0\0"; $keypair = Encryption\Crypt::createKeypair(); |