diff options
Diffstat (limited to 'apps/files_encryption/lib/util.php')
| -rw-r--r-- | apps/files_encryption/lib/util.php | 106 |
1 files changed, 57 insertions, 49 deletions
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index d5a5ce774d2..94defa726a9 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -96,10 +96,13 @@ class Util { //// DONE: test new encryption with sharing //// TODO: test new encryption with proxies + const MIGRATION_COMPLETED = 1; // migration to new encryption completed + const MIGRATION_IN_PROGRESS = -1; // migration is running + const MIGRATION_OPEN = 0; // user still needs to be migrated + private $view; // OC_FilesystemView object for filesystem operations private $userId; // ID of the currently logged-in user - private $pwd; // User Password private $client; // Client side encryption mode flag private $publicKeyDir; // Dir containing all public user keys private $encryptionDir; // Dir containing user's files_encryption @@ -728,40 +731,28 @@ class Util { // Fetch data from file $legacyData = $this->view->file_get_contents($legacyFile['path']); - $sharingEnabled = \OCP\Share::isEnabled(); - - // if file exists try to get sharing users - if ($this->view->file_exists($legacyFile['path'])) { - $uniqueUserIds = $this->getSharingUsersArray($sharingEnabled, $legacyFile['path'], $this->userId); - } else { - $uniqueUserIds[] = $this->userId; - } - - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); - - // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile($legacyData, $legacyPassphrase, $publicKeys); + // decrypt data, generate catfile + $decrypted = Crypt::legacyBlockDecrypt($legacyData, $legacyPassphrase); $rawPath = $legacyFile['path']; - $relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath); - // Save keyfile - Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); + // enable proxy the ensure encryption is handled + \OC_FileProxy::$enabled = true; + + // Open enc file handle for binary writing, with same filename as original plain file + $encHandle = $this->view->fopen( $rawPath, 'wb' ); - // Save sharekeys to user folders - Keymanager::setShareKeys($this->view, $relPath, $recrypted['sharekeys']); + if (is_resource($encHandle)) { - // Overwrite the existing file with the encrypted one - $this->view->file_put_contents($rawPath, $recrypted['data']); + // write data to stream + fwrite($encHandle, $decrypted); - $size = strlen($recrypted['data']); + // close stream + fclose($encHandle); + } - // Add the file to the cache - \OC\Files\Filesystem::putFileInfo($rawPath, array( - 'encrypted' => true, - 'size' => $size - ), ''); + // disable proxy to prevent file being encrypted twice + \OC_FileProxy::$enabled = false; } } @@ -1060,36 +1051,56 @@ class Util { } /** - * @brief Set file migration status for user - * @param $status - * @return bool + * @brief start migration mode to initially encrypt users data + * @return boolean */ - public function setMigrationStatus($status) { - - $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; + public function beginMigration() { - $args = array( - $status, - $this->userId - ); + $return = false; + $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; + $args = array(self::MIGRATION_IN_PROGRESS, $this->userId, self::MIGRATION_OPEN); $query = \OCP\DB::prepare($sql); + $result = $query->execute($args); + $manipulatedRows = $result->numRows(); - if ($query->execute($args)) { + if ($manipulatedRows === 1) { + $return = true; + \OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO); + } else { + \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ". Probably another process already started the initial encryption", \OCP\Util::WARN); + } - return true; + return $return; + } - } else { + /** + * @brief close migration mode after users data has been encrypted successfully + * @return boolean + */ + public function finishMigration() { - return false; + $return = false; + + $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; + $args = array(self::MIGRATION_COMPLETED, $this->userId, self::MIGRATION_IN_PROGRESS); + $query = \OCP\DB::prepare($sql); + $result = $query->execute($args); + $manipulatedRows = $result->numRows(); + if ($manipulatedRows === 1) { + $return = true; + \OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO); + } else { + \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN); } + return $return; } /** - * @brief Check whether pwd recovery is enabled for a given user - * @return bool 1 = yes, 0 = no, false = no record + * @brief check if files are already migrated to the encryption system + * @return migration status, false = in case of no record * @note If records are not being returned, check for a hidden space * at the start of the uid in db */ @@ -1118,14 +1129,11 @@ class Util { // If no record is found if (empty($migrationStatus)) { - + \OCP\Util::writeLog('Encryption library', "Could not get migration status for " . $this->userId . ", no record found", \OCP\Util::ERROR); return false; - // If a record is found } else { - - return $migrationStatus[0]; - + return (int)$migrationStatus[0]; } } |