diff options
author | Vincent Petry <vincent@nextcloud.com> | 2021-06-23 16:46:01 +0200 |
---|---|---|
committer | Vincent Petry <vincent@nextcloud.com> | 2021-06-29 14:39:51 +0200 |
commit | a6dc81d419c8719216c0f55b00918bebe786be63 (patch) | |
tree | afe5f7b0ffd974a1c4b292158c12e2e6995ca353 /apps | |
parent | 556f51efb41824fd3ae25620c58f8b48d06fc36d (diff) | |
download | nextcloud-server-a6dc81d419c8719216c0f55b00918bebe786be63.tar.gz nextcloud-server-a6dc81d419c8719216c0f55b00918bebe786be63.zip |
Downstream encryption:fix-encrypted-version
For fixing "Bad signature" errors.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/encryption/appinfo/info.xml | 1 | ||||
-rw-r--r-- | apps/encryption/composer/composer/autoload_classmap.php | 1 | ||||
-rw-r--r-- | apps/encryption/composer/composer/autoload_static.php | 1 | ||||
-rw-r--r-- | apps/encryption/lib/Command/FixEncryptedVersion.php | 244 |
4 files changed, 247 insertions, 0 deletions
diff --git a/apps/encryption/appinfo/info.xml b/apps/encryption/appinfo/info.xml index 6a1453f7d6f..eaa28c111f8 100644 --- a/apps/encryption/appinfo/info.xml +++ b/apps/encryption/appinfo/info.xml @@ -45,6 +45,7 @@ <command>OCA\Encryption\Command\DisableMasterKey</command> <command>OCA\Encryption\Command\RecoverUser</command> <command>OCA\Encryption\Command\ScanLegacyFormat</command> + <command>OCA\Encryption\Command\FixEncryptedVersion</command> </commands> <settings> diff --git a/apps/encryption/composer/composer/autoload_classmap.php b/apps/encryption/composer/composer/autoload_classmap.php index 7d5b84f6147..00c57e913a3 100644 --- a/apps/encryption/composer/composer/autoload_classmap.php +++ b/apps/encryption/composer/composer/autoload_classmap.php @@ -10,6 +10,7 @@ return array( 'OCA\\Encryption\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php', 'OCA\\Encryption\\Command\\DisableMasterKey' => $baseDir . '/../lib/Command/DisableMasterKey.php', 'OCA\\Encryption\\Command\\EnableMasterKey' => $baseDir . '/../lib/Command/EnableMasterKey.php', + 'OCA\\Encryption\\Command\\FixEncryptedVersion' => $baseDir . '/../lib/Command/FixEncryptedVersion.php', 'OCA\\Encryption\\Command\\RecoverUser' => $baseDir . '/../lib/Command/RecoverUser.php', 'OCA\\Encryption\\Command\\ScanLegacyFormat' => $baseDir . '/../lib/Command/ScanLegacyFormat.php', 'OCA\\Encryption\\Controller\\RecoveryController' => $baseDir . '/../lib/Controller/RecoveryController.php', diff --git a/apps/encryption/composer/composer/autoload_static.php b/apps/encryption/composer/composer/autoload_static.php index 64d608a6457..fc1fcbcf63b 100644 --- a/apps/encryption/composer/composer/autoload_static.php +++ b/apps/encryption/composer/composer/autoload_static.php @@ -25,6 +25,7 @@ class ComposerStaticInitEncryption 'OCA\\Encryption\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php', 'OCA\\Encryption\\Command\\DisableMasterKey' => __DIR__ . '/..' . '/../lib/Command/DisableMasterKey.php', 'OCA\\Encryption\\Command\\EnableMasterKey' => __DIR__ . '/..' . '/../lib/Command/EnableMasterKey.php', + 'OCA\\Encryption\\Command\\FixEncryptedVersion' => __DIR__ . '/..' . '/../lib/Command/FixEncryptedVersion.php', 'OCA\\Encryption\\Command\\RecoverUser' => __DIR__ . '/..' . '/../lib/Command/RecoverUser.php', 'OCA\\Encryption\\Command\\ScanLegacyFormat' => __DIR__ . '/..' . '/../lib/Command/ScanLegacyFormat.php', 'OCA\\Encryption\\Controller\\RecoveryController' => __DIR__ . '/..' . '/../lib/Controller/RecoveryController.php', diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php new file mode 100644 index 00000000000..534ddc4c689 --- /dev/null +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -0,0 +1,244 @@ +<?php +/** + * @author Sujith Haridasan <sharidasan@owncloud.com> + * @author Ilja Neumann <ineumann@owncloud.com> + * + * @copyright Copyright (c) 2019, ownCloud GmbH + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\Encryption\Command; + +use OC\Files\View; +use OC\HintException; +use OCP\Files\IRootFolder; +use OCP\IUserManager; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class FixEncryptedVersion extends Command { + /** @var IRootFolder */ + private $rootFolder; + + /** @var IUserManager */ + private $userManager; + + /** @var View */ + private $view; + + public function __construct(IRootFolder $rootFolder, IUserManager $userManager, View $view) { + $this->rootFolder = $rootFolder; + $this->userManager = $userManager; + $this->view = $view; + parent::__construct(); + } + + protected function configure() { + parent::configure(); + + $this + ->setName('encryption:fix-encrypted-version') + ->setDescription('Fix the encrypted version if the encrypted file(s) are not downloadable.') + ->addArgument( + 'user', + InputArgument::REQUIRED, + 'The id of the user whose files need fixing' + )->addOption( + 'path', + 'p', + InputArgument::OPTIONAL, + 'Limit files to fix with path, e.g., --path="/Music/Artist". If path indicates a directory, all the files inside directory will be fixed.' + ); + } + + /** + * @param InputInterface $input + * @param OutputInterface $output + * @return int + */ + protected function execute(InputInterface $input, OutputInterface $output) { + $user = $input->getArgument('user'); + $pathToWalk = "/$user/files"; + + /** + * trim() returns an empty string when the argument is an unset/null + */ + $pathOption = \trim($input->getOption('path'), '/'); + if ($pathOption !== "") { + $pathToWalk = "$pathToWalk/$pathOption"; + } + + if ($user === null) { + $output->writeln("<error>No user id provided.</error>\n"); + return 1; + } + + if ($this->userManager->get($user) === null) { + $output->writeln("<error>User id $user does not exist. Please provide a valid user id</error>"); + return 1; + } + return $this->walkPathOfUser($user, $pathToWalk, $output); + } + + /** + * @param string $user + * @param string $path + * @param OutputInterface $output + * @return int 0 for success, 1 for error + */ + private function walkPathOfUser($user, $path, OutputInterface $output) { + $this->setupUserFs($user); + if (!$this->view->file_exists($path)) { + $output->writeln("<error>Path $path does not exist. Please provide a valid path.</error>"); + return 1; + } + + if ($this->view->is_file($path)) { + $output->writeln("Verifying the content of file $path"); + $this->verifyFileContent($path, $output); + return 0; + } + $directories = []; + $directories[] = $path; + while ($root = \array_pop($directories)) { + $directoryContent = $this->view->getDirectoryContent($root); + foreach ($directoryContent as $file) { + $path = $root . '/' . $file['name']; + if ($this->view->is_dir($path)) { + $directories[] = $path; + } else { + $output->writeln("Verifying the content of file $path"); + $this->verifyFileContent($path, $output); + } + } + } + return 0; + } + + /** + * @param string $path + * @param OutputInterface $output + * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion + */ + private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true) { + try { + /** + * In encryption, the files are read in a block size of 8192 bytes + * Read block size of 8192 and a bit more (808 bytes) + * If there is any problem, the first block should throw the signature + * mismatch error. Which as of now, is enough to proceed ahead to + * correct the encrypted version. + */ + $handle = $this->view->fopen($path, 'rb'); + + if (\fread($handle, 9001) !== false) { + $output->writeln("<info>The file $path is: OK</info>"); + } + + \fclose($handle); + + return true; + } catch (HintException $e) { + \OC::$server->getLogger()->warning("Issue: " . $e->getMessage()); + //If allowOnce is set to false, this becomes recursive. + if ($ignoreCorrectEncVersionCall === true) { + //Lets rectify the file by correcting encrypted version + $output->writeln("<info>Attempting to fix the path: $path</info>"); + return $this->correctEncryptedVersion($path, $output); + } + return false; + } + } + + /** + * @param string $path + * @param OutputInterface $output + * @return bool + */ + private function correctEncryptedVersion($path, OutputInterface $output) { + $fileInfo = $this->view->getFileInfo($path); + $fileId = $fileInfo->getId(); + $encryptedVersion = $fileInfo->getEncryptedVersion(); + $wrongEncryptedVersion = $encryptedVersion; + + $storage = $fileInfo->getStorage(); + + $cache = $storage->getCache(); + $fileCache = $cache->get($fileId); + + if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) { + $output->writeln("<info>The file: $path is a share. Hence kindly fix this by running the script for the owner of share</info>"); + return true; + } + + // Save original encrypted version so we can restore it if decryption fails with all version + $originalEncryptedVersion = $encryptedVersion; + if ($encryptedVersion >= 0) { + //test by decrementing the value till 1 and if nothing works try incrementing + $encryptedVersion--; + while ($encryptedVersion > 0) { + $cacheInfo = ['encryptedVersion' => $encryptedVersion, 'encrypted' => $encryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("<info>Decrement the encrypted version to $encryptedVersion</info>"); + if ($this->verifyFileContent($path, $output, false) === true) { + $output->writeln("<info>Fixed the file: $path with version " . $encryptedVersion . "</info>"); + return true; + } + $encryptedVersion--; + } + + //So decrementing did not work. Now lets increment. Max increment is till 5 + $increment = 1; + while ($increment <= 5) { + /** + * The wrongEncryptedVersion would not be incremented so nothing to worry about here. + * Only the newEncryptedVersion is incremented. + * For example if the wrong encrypted version is 4 then + * cycle1 -> newEncryptedVersion = 5 ( 4 + 1) + * cycle2 -> newEncryptedVersion = 6 ( 4 + 2) + * cycle3 -> newEncryptedVersion = 7 ( 4 + 3) + */ + $newEncryptedVersion = $wrongEncryptedVersion + $increment; + + $cacheInfo = ['encryptedVersion' => $newEncryptedVersion, 'encrypted' => $newEncryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("<info>Increment the encrypted version to $newEncryptedVersion</info>"); + if ($this->verifyFileContent($path, $output, false) === true) { + $output->writeln("<info>Fixed the file: $path with version " . $newEncryptedVersion . "</info>"); + return true; + } + $increment++; + } + } + + $cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("<info>No fix found for $path, restored version to original: $originalEncryptedVersion</info>"); + + return false; + } + + /** + * Setup user file system + * @param string $uid + */ + private function setupUserFs($uid) { + \OC_Util::tearDownFS(); + \OC_Util::setupFS($uid); + } +} |