summaryrefslogtreecommitdiffstats
path: root/apps/encryption/lib
diff options
context:
space:
mode:
Diffstat (limited to 'apps/encryption/lib')
-rw-r--r--apps/encryption/lib/Command/FixEncryptedVersion.php286
1 files changed, 286 insertions, 0 deletions
diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php
new file mode 100644
index 00000000000..a85a96258fc
--- /dev/null
+++ b/apps/encryption/lib/Command/FixEncryptedVersion.php
@@ -0,0 +1,286 @@
+<?php
+/**
+ * @author Sujith Haridasan <sharidasan@owncloud.com>
+ * @author Ilja Neumann <ineumann@owncloud.com>
+ *
+ * @copyright Copyright (c) 2019, ownCloud GmbH
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Encryption\Command;
+
+use OC\Files\View;
+use OC\HintException;
+use OCA\Encryption\Util;
+use OCP\Files\IRootFolder;
+use OCP\IConfig;
+use OCP\ILogger;
+use OCP\IUserManager;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class FixEncryptedVersion extends Command {
+ /** @var IConfig */
+ private $config;
+
+ /** @var ILogger */
+ private $logger;
+
+ /** @var IRootFolder */
+ private $rootFolder;
+
+ /** @var IUserManager */
+ private $userManager;
+
+ /** @var Util */
+ private $util;
+
+ /** @var View */
+ private $view;
+
+ public function __construct(
+ IConfig $config,
+ ILogger $logger,
+ IRootFolder $rootFolder,
+ IUserManager $userManager,
+ Util $util,
+ View $view
+ ) {
+ $this->config = $config;
+ $this->logger = $logger;
+ $this->rootFolder = $rootFolder;
+ $this->userManager = $userManager;
+ $this->util = $util;
+ $this->view = $view;
+ parent::__construct();
+ }
+
+ protected function configure(): void {
+ parent::configure();
+
+ $this
+ ->setName('encryption:fix-encrypted-version')
+ ->setDescription('Fix the encrypted version if the encrypted file(s) are not downloadable.')
+ ->addArgument(
+ 'user',
+ InputArgument::REQUIRED,
+ 'The id of the user whose files need fixing'
+ )->addOption(
+ 'path',
+ 'p',
+ InputArgument::OPTIONAL,
+ 'Limit files to fix with path, e.g., --path="/Music/Artist". If path indicates a directory, all the files inside directory will be fixed.'
+ );
+ }
+
+ /**
+ * @param InputInterface $input
+ * @param OutputInterface $output
+ * @return int
+ */
+ protected function execute(InputInterface $input, OutputInterface $output): int {
+ $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
+
+ if ($skipSignatureCheck) {
+ $output->writeln("<error>Repairing is not possible when \"encryption_skip_signature_check\" is set. Please disable this flag in the configuration.</error>\n");
+ return 1;
+ }
+
+ if (!$this->util->isMasterKeyEnabled()) {
+ $output->writeln("<error>Repairing only works with master key encryption.</error>\n");
+ return 1;
+ }
+
+ $user = (string)$input->getArgument('user');
+ $pathToWalk = "/$user/files";
+
+ /**
+ * trim() returns an empty string when the argument is an unset/null
+ */
+ $pathOption = \trim($input->getOption('path'), '/');
+ if ($pathOption !== "") {
+ $pathToWalk = "$pathToWalk/$pathOption";
+ }
+
+ if ($user === null) {
+ $output->writeln("<error>No user id provided.</error>\n");
+ return 1;
+ }
+
+ if ($this->userManager->get($user) === null) {
+ $output->writeln("<error>User id $user does not exist. Please provide a valid user id</error>");
+ return 1;
+ }
+ return $this->walkPathOfUser($user, $pathToWalk, $output);
+ }
+
+ /**
+ * @param string $user
+ * @param string $path
+ * @param OutputInterface $output
+ * @return int 0 for success, 1 for error
+ */
+ private function walkPathOfUser($user, $path, OutputInterface $output): int {
+ $this->setupUserFs($user);
+ if (!$this->view->file_exists($path)) {
+ $output->writeln("<error>Path \"$path\" does not exist. Please provide a valid path.</error>");
+ return 1;
+ }
+
+ if ($this->view->is_file($path)) {
+ $output->writeln("Verifying the content of file \"$path\"");
+ $this->verifyFileContent($path, $output);
+ return 0;
+ }
+ $directories = [];
+ $directories[] = $path;
+ while ($root = \array_pop($directories)) {
+ $directoryContent = $this->view->getDirectoryContent($root);
+ foreach ($directoryContent as $file) {
+ $path = $root . '/' . $file['name'];
+ if ($this->view->is_dir($path)) {
+ $directories[] = $path;
+ } else {
+ $output->writeln("Verifying the content of file \"$path\"");
+ $this->verifyFileContent($path, $output);
+ }
+ }
+ }
+ return 0;
+ }
+
+ /**
+ * @param string $path
+ * @param OutputInterface $output
+ * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion
+ */
+ private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true): bool {
+ try {
+ /**
+ * In encryption, the files are read in a block size of 8192 bytes
+ * Read block size of 8192 and a bit more (808 bytes)
+ * If there is any problem, the first block should throw the signature
+ * mismatch error. Which as of now, is enough to proceed ahead to
+ * correct the encrypted version.
+ */
+ $handle = $this->view->fopen($path, 'rb');
+
+ if (\fread($handle, 9001) !== false) {
+ $output->writeln("<info>The file \"$path\" is: OK</info>");
+ }
+
+ \fclose($handle);
+
+ return true;
+ } catch (HintException $e) {
+ $this->logger->warning("Issue: " . $e->getMessage());
+ //If allowOnce is set to false, this becomes recursive.
+ if ($ignoreCorrectEncVersionCall === true) {
+ //Lets rectify the file by correcting encrypted version
+ $output->writeln("<info>Attempting to fix the path: \"$path\"</info>");
+ return $this->correctEncryptedVersion($path, $output);
+ }
+ return false;
+ }
+ }
+
+ /**
+ * @param string $path
+ * @param OutputInterface $output
+ * @return bool
+ */
+ private function correctEncryptedVersion($path, OutputInterface $output): bool {
+ $fileInfo = $this->view->getFileInfo($path);
+ if (!$fileInfo) {
+ $output->writeln("<warning>File info not found for file: \"$path\"</warning>");
+ return true;
+ }
+ $fileId = $fileInfo->getId();
+ $encryptedVersion = $fileInfo->getEncryptedVersion();
+ $wrongEncryptedVersion = $encryptedVersion;
+
+ $storage = $fileInfo->getStorage();
+
+ $cache = $storage->getCache();
+ $fileCache = $cache->get($fileId);
+ if (!$fileCache) {
+ $output->writeln("<warning>File cache entry not found for file: \"$path\"</warning>");
+ return true;
+ }
+
+ if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) {
+ $output->writeln("<info>The file: \"$path\" is a share. Please also run the script for the owner of the share</info>");
+ return true;
+ }
+
+ // Save original encrypted version so we can restore it if decryption fails with all version
+ $originalEncryptedVersion = $encryptedVersion;
+ if ($encryptedVersion >= 0) {
+ //test by decrementing the value till 1 and if nothing works try incrementing
+ $encryptedVersion--;
+ while ($encryptedVersion > 0) {
+ $cacheInfo = ['encryptedVersion' => $encryptedVersion, 'encrypted' => $encryptedVersion];
+ $cache->put($fileCache->getPath(), $cacheInfo);
+ $output->writeln("<info>Decrement the encrypted version to $encryptedVersion</info>");
+ if ($this->verifyFileContent($path, $output, false) === true) {
+ $output->writeln("<info>Fixed the file: \"$path\" with version " . $encryptedVersion . "</info>");
+ return true;
+ }
+ $encryptedVersion--;
+ }
+
+ //So decrementing did not work. Now lets increment. Max increment is till 5
+ $increment = 1;
+ while ($increment <= 5) {
+ /**
+ * The wrongEncryptedVersion would not be incremented so nothing to worry about here.
+ * Only the newEncryptedVersion is incremented.
+ * For example if the wrong encrypted version is 4 then
+ * cycle1 -> newEncryptedVersion = 5 ( 4 + 1)
+ * cycle2 -> newEncryptedVersion = 6 ( 4 + 2)
+ * cycle3 -> newEncryptedVersion = 7 ( 4 + 3)
+ */
+ $newEncryptedVersion = $wrongEncryptedVersion + $increment;
+
+ $cacheInfo = ['encryptedVersion' => $newEncryptedVersion, 'encrypted' => $newEncryptedVersion];
+ $cache->put($fileCache->getPath(), $cacheInfo);
+ $output->writeln("<info>Increment the encrypted version to $newEncryptedVersion</info>");
+ if ($this->verifyFileContent($path, $output, false) === true) {
+ $output->writeln("<info>Fixed the file: \"$path\" with version " . $newEncryptedVersion . "</info>");
+ return true;
+ }
+ $increment++;
+ }
+ }
+
+ $cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion];
+ $cache->put($fileCache->getPath(), $cacheInfo);
+ $output->writeln("<info>No fix found for \"$path\", restored version to original: $originalEncryptedVersion</info>");
+
+ return false;
+ }
+
+ /**
+ * Setup user file system
+ * @param string $uid
+ */
+ private function setupUserFs($uid): void {
+ \OC_Util::tearDownFS();
+ \OC_Util::setupFS($uid);
+ }
+}