summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xapps/files_encryption/lib/helper.php34
-rwxr-xr-xapps/files_encryption/lib/keymanager.php28
-rw-r--r--apps/files_encryption/lib/proxy.php7
-rw-r--r--apps/files_encryption/lib/stream.php24
-rw-r--r--apps/files_encryption/lib/util.php82
-rwxr-xr-xapps/files_encryption/tests/crypt.php12
6 files changed, 108 insertions, 79 deletions
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 0ac6fcf403a..e66a84d909f 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -225,10 +225,7 @@ class Helper {
* @return bool
*/
public static function isPublicAccess() {
- if (\OCP\USER::getUser() === false
- || (isset($_GET['service']) && $_GET['service'] == 'files'
- && isset($_GET['t']))
- ) {
+ if (\OCP\USER::getUser() === false) {
return true;
} else {
return false;
@@ -255,6 +252,35 @@ class Helper {
return $relPath;
}
+ public static function getUser($path) {
+
+ $user = \OCP\User::getUser();
+
+ // if we are logged in, than we return the userid
+ if ($user) {
+ return $user;
+ }
+
+ // if no user is logged in we try to access a publically shared files.
+ // In this case we need to try to get the user from the path
+
+ $trimmed = ltrim($path, '/');
+ $split = explode('/', $trimmed);
+
+ // it is not a file relative to data/user/files
+ if (count($split) < 2 || $split[1] !== 'files') {
+ return false;
+ }
+
+ $user = $split[0];
+
+ if (\OCP\User::userExists($user)) {
+ return $user;
+ }
+
+ return false;
+ }
+
/**
* @brief get path to the correspondig file in data/user/files if path points
* to a version or to a file in cache
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 3427e8a963a..4695673a48b 100755
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -125,8 +125,8 @@ class Keymanager {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- //here we need the currently logged in user, while userId can be a different user
- $util = new Util($view, \OCP\User::getUser());
+ $userId = Helper::getUser($path);
+ $util = new Util($view, $userId);
list($owner, $filename) = $util->getUidAndFilename($path);
// in case of system wide mount points the keys are stored directly in the data directory
@@ -172,15 +172,15 @@ class Keymanager {
/**
* @brief retrieve keyfile for an encrypted file
* @param \OC_FilesystemView $view
+ * @param \OCA\Encryption\Util $util
* @param $filePath
* @internal param \OCA\Encryption\file $string name
* @return string file key or false
* @note The keyfile returned is asymmetrically encrypted. Decryption
* of the keyfile must be performed by client code
*/
- public static function getFileKey(\OC_FilesystemView $view, $filePath) {
+ public static function getFileKey(\OC_FilesystemView $view, $util, $filePath) {
- $util = new Util($view, \OCP\User::getUser());
list($owner, $filename) = $util->getUidAndFilename($filePath);
$filename = Helper::stripPartialFileExtension($filename);
@@ -226,7 +226,8 @@ class Keymanager {
$trimmed = ltrim($path, '/');
- $util = new Util($view, \OCP\User::getUser());
+ $userId = Helper::getUser($path);
+ $util = new Util($view, $userId);
if($util->isSystemWideMountPoint($path)) {
$keyPath = '/files_encryption/keyfiles/' . $trimmed;
@@ -323,8 +324,10 @@ class Keymanager {
// $shareKeys must be an array with the following format:
// [userId] => [encrypted key]
- // Here we need the currently logged in user, while userId can be a different user
- $util = new Util($view, \OCP\User::getUser());
+
+ $userId = Helper::getUser($path);
+
+ $util = new Util($view, $userId);
list($owner, $filename) = $util->getUidAndFilename($path);
@@ -363,21 +366,19 @@ class Keymanager {
* @brief retrieve shareKey for an encrypted file
* @param \OC_FilesystemView $view
* @param string $userId
+ * @param \OCA\Encryption\Util $util
* @param string $filePath
* @internal param \OCA\Encryption\file $string name
* @return string file key or false
* @note The sharekey returned is encrypted. Decryption
* of the keyfile must be performed by client code
*/
- public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) {
+ public static function getShareKey(\OC_FilesystemView $view, $userId, $util, $filePath) {
// try reusing key file if part file
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- //here we need the currently logged in user, while userId can be a different user
- $util = new Util($view, \OCP\User::getUser());
-
list($owner, $filename) = $util->getUidAndFilename($filePath);
$filename = Helper::stripPartialFileExtension($filename);
// in case of system wide mount points the keys are stored directly in the data directory
@@ -444,8 +445,9 @@ class Keymanager {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- //here we need the currently logged in user, while userId can be a different user
- $util = new Util($view, \OCP\User::getUser());
+ $userId = Helper::getUser($filePath);
+
+ $util = new Util($view, $userId);
list($owner, $filename) = $util->getUidAndFilename($filePath);
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index a8c74bd9dd4..b0b2b62aa1b 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -260,7 +260,8 @@ class Proxy extends \OC_FileProxy {
$view = new \OC_FilesystemView('');
- $util = new Util($view, \OCP\USER::getUser());
+ $userId = Helper::getUser($path);
+ $util = new Util($view, $userId);
// If file is already encrypted, decrypt using crypto protocol
if (
@@ -323,7 +324,7 @@ class Proxy extends \OC_FileProxy {
$view = new \OC_FilesystemView('/');
- $userId = \OCP\User::getUser();
+ $userId = Helper::getUser($path);
$util = new Util($view, $userId);
// if encryption is no longer enabled or if the files aren't migrated yet
@@ -401,7 +402,7 @@ class Proxy extends \OC_FileProxy {
$view = new \OC_FilesystemView('/');
$session = new \OCA\Encryption\Session($view);
- $userId = \OCP\User::getUser();
+ $userId = Helper::getUser($path);
$util = new Util($view, $userId);
// split the path parts
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 1186a5f1d8d..4b0156e661e 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -55,6 +55,7 @@ class Stream {
private $rawPath; // The raw path relative to the data dir
private $relPath; // rel path to users file dir
private $userId;
+ private $keyId;
private $handle; // Resource returned by fopen
private $meta = array(); // Header / meta for source stream
private $writeCache;
@@ -92,15 +93,19 @@ class Stream {
$this->session = new \OCA\Encryption\Session($this->rootView);
- $this->privateKey = $this->session->getPrivateKey($this->userId);
-
- $util = new Util($this->rootView, \OCP\USER::getUser());
-
- $this->userId = $util->getUserId();
+ $this->privateKey = $this->session->getPrivateKey();
// rawPath is relative to the data directory
$this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
+ $this->userId = Helper::getUser($this->rawPath);
+
+ $util = new Util($this->rootView, $this->userId);
+
+ // get the key ID which we want to use, canm be the users key or the
+ // public share key
+ $this->keyId = $util->getKeyId();
+
// Strip identifier text from path, this gives us the path relative to data/<user>/files
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
// if raw path doesn't point to a real file, check if it is a version or a file in the trash bin
@@ -250,12 +255,13 @@ class Stream {
// Fetch and decrypt keyfile
// Fetch existing keyfile
- $this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->relPath);
+ $util = new \OCA\Encryption\Util($this->rootView, $this->userId);
+ $this->encKeyfile = Keymanager::getFileKey($this->rootView, $util, $this->relPath);
// If a keyfile already exists
if ($this->encKeyfile) {
- $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
+ $shareKey = Keymanager::getShareKey($this->rootView, $this->keyId, $util, $this->relPath);
// if there is no valid private key return false
if ($this->privateKey === false) {
@@ -503,7 +509,7 @@ class Stream {
\OC_FileProxy::$enabled = false;
// Fetch user's public key
- $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId);
+ $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId);
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
@@ -521,7 +527,7 @@ class Stream {
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
// Save the new encrypted file key
- Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']);
+ Keymanager::setFileKey($this->rootView, $this->relPath, $this->keyId, $this->encKeyfiles['data']);
// Save the sharekeys
Keymanager::setShareKeys($this->rootView, $this->relPath, $this->encKeyfiles['keys']);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index b208a808bac..ca9651742f8 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -38,7 +38,8 @@ class Util {
const MIGRATION_OPEN = 0; // user still needs to be migrated
private $view; // OC_FilesystemView object for filesystem operations
- private $userId; // ID of the currently logged-in user
+ private $userId; // ID of the user we use to encrypt/decrypt files
+ private $keyId; // ID of the key we want to manipulate
private $client; // Client side encryption mode flag
private $publicKeyDir; // Dir containing all public user keys
private $encryptionDir; // Dir containing user's files_encryption
@@ -58,51 +59,33 @@ class Util {
public function __construct(\OC_FilesystemView $view, $userId, $client = false) {
$this->view = $view;
- $this->userId = $userId;
$this->client = $client;
- $this->isPublic = false;
+ $this->userId = $userId;
$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
- // if we are anonymous/public
- if (\OCA\Encryption\Helper::isPublicAccess()) {
- $this->userId = $this->publicShareKeyId;
-
- // only handle for files_sharing app
- if (isset($GLOBALS['app']) && $GLOBALS['app'] === 'files_sharing') {
- $this->userDir = '/' . $GLOBALS['fileOwner'];
- $this->fileFolderName = 'files';
- $this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/'
- . $this->fileFolderName; // TODO: Does this need to be user configurable?
- $this->publicKeyDir = '/' . 'public-keys';
- $this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption';
- $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
- $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
- $this->publicKeyPath =
- $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
- $this->privateKeyPath =
- '/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
- $this->isPublic = true;
- // make sure that the owners home is mounted
- \OC\Files\Filesystem::initMountPoints($GLOBALS['fileOwner']);
- }
-
- } else {
- $this->userDir = '/' . $this->userId;
- $this->fileFolderName = 'files';
- $this->userFilesDir =
- '/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
- $this->publicKeyDir = '/' . 'public-keys';
- $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
- $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
- $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
- $this->publicKeyPath =
+ $this->userDir = '/' . $this->userId;
+ $this->fileFolderName = 'files';
+ $this->userFilesDir =
+ '/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
+ $this->publicKeyDir = '/' . 'public-keys';
+ $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
+ $this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
+ $this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
+ $this->publicKeyPath =
$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
- $this->privateKeyPath =
+ $this->privateKeyPath =
$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
- // make sure that the owners home is mounted
- \OC\Files\Filesystem::initMountPoints($this->userId);
+ // make sure that the owners home is mounted
+ \OC\Files\Filesystem::initMountPoints($userId);
+
+ if (\OCA\Encryption\Helper::isPublicAccess()) {
+ $this->keyId = $this->publicShareKeyId;
+ $this->isPublic = true;
+ } else {
+ $this->keyId = $this->userId;
+ $this->isPublic = false;
}
}
@@ -188,13 +171,13 @@ class Util {
// check if public-key exists but private-key is missing
if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
\OCP\Util::writeLog('Encryption library',
- 'public key exists but private key is missing for "' . $this->userId . '"', \OCP\Util::FATAL);
+ 'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
} else {
if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)
) {
\OCP\Util::writeLog('Encryption library',
- 'private key exists but public key is missing for "' . $this->userId . '"', \OCP\Util::FATAL);
+ 'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
}
}
@@ -367,7 +350,7 @@ class Util {
// scanning every file like this
// will eat server resources :(
if (
- Keymanager::getFileKey($this->view, $relPath)
+ Keymanager::getFileKey($this->view, $this, $relPath)
&& $isEncryptedPath
) {
@@ -478,7 +461,7 @@ class Util {
$relPath = Helper::stripUserFilesPath($path);
}
- $fileKey = Keymanager::getFileKey($this->view, $relPath);
+ $fileKey = Keymanager::getFileKey($this->view, $this, $relPath);
if ($fileKey === false) {
return false;
@@ -1056,10 +1039,10 @@ class Util {
private function decryptKeyfile($filePath, $privateKey) {
// Get the encrypted keyfile
- $encKeyfile = Keymanager::getFileKey($this->view, $filePath);
+ $encKeyfile = Keymanager::getFileKey($this->view, $this, $filePath);
// The file has a shareKey and must use it for decryption
- $shareKey = Keymanager::getShareKey($this->view, $this->userId, $filePath);
+ $shareKey = Keymanager::getShareKey($this->view, $this->keyId, $this, $filePath);
$plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
@@ -1335,7 +1318,7 @@ class Util {
// handle public access
if ($this->isPublic) {
$filename = $path;
- $fileOwnerUid = $GLOBALS['fileOwner'];
+ $fileOwnerUid = $this->userId;
return array(
$fileOwnerUid,
@@ -1563,6 +1546,13 @@ class Util {
/**
* @return string
*/
+ public function getKeyId() {
+ return $this->keyId;
+ }
+
+ /**
+ * @return string
+ */
public function getUserFilesDir() {
return $this->userFilesDir;
}
diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php
index 9c32ee06453..0086371d223 100755
--- a/apps/files_encryption/tests/crypt.php
+++ b/apps/files_encryption/tests/crypt.php
@@ -157,6 +157,8 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase {
$filename = 'tmp-' . time() . '.test';
+ $util = new Encryption\Util(new \OC_FilesystemView(), $this->userId);
+
$cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/'. $filename, $this->dataShort);
// Test that data was successfully written
@@ -176,10 +178,10 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase {
$this->assertNotEquals($this->dataShort, $retreivedCryptedFile);
// Get the encrypted keyfile
- $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $filename);
+ $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $util, $filename);
// Attempt to fetch the user's shareKey
- $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $filename);
+ $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $util, $filename);
// get session
$session = new \OCA\Encryption\Session($this->view);
@@ -214,6 +216,8 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase {
// Generate a a random filename
$filename = 'tmp-' . time() . '.test';
+ $util = new Encryption\Util(new \OC_FilesystemView(), $this->userId);
+
// Save long data as encrypted file using stream wrapper
$cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong . $this->dataLong);
@@ -250,10 +254,10 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase {
//print_r($e);
// Get the encrypted keyfile
- $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $filename);
+ $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $util, $filename);
// Attempt to fetch the user's shareKey
- $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $filename);
+ $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $util, $filename);
// get session
$session = new \OCA\Encryption\Session($this->view);