diff options
Diffstat (limited to 'apps/files_encryption/lib/util.php')
| -rw-r--r-- | apps/files_encryption/lib/util.php | 108 |
1 files changed, 70 insertions, 38 deletions
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index ae3e2a2e15a..ec06bd52f5e 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -63,8 +63,10 @@ class Util { $this->client = $client; $this->userId = $userId; - $this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); - $this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + $appConfig = \OC::$server->getAppConfig(); + + $this->publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId'); + $this->recoveryKeyId = $appConfig->getValue('files_encryption', 'recoveryKeyId'); $this->userDir = '/' . $this->userId; $this->fileFolderName = 'files'; @@ -316,7 +318,8 @@ class Util { $found = array( 'plain' => array(), 'encrypted' => array(), - 'legacy' => array() + 'legacy' => array(), + 'broken' => array(), ); } @@ -327,10 +330,7 @@ class Util { if(is_resource($handle)) { while (false !== ($file = readdir($handle))) { - if ( - $file !== "." - && $file !== ".." - ) { + if ($file !== "." && $file !== "..") { $filePath = $directory . '/' . $this->view->getRelativePath('/' . $file); $relPath = \OCA\Encryption\Helper::stripUserFilesPath($filePath); @@ -357,15 +357,23 @@ class Util { // NOTE: This is inefficient; // scanning every file like this // will eat server resources :( - if ( - Keymanager::getFileKey($this->view, $this, $relPath) - && $isEncryptedPath - ) { - - $found['encrypted'][] = array( - 'name' => $file, - 'path' => $filePath - ); + if ($isEncryptedPath) { + + $fileKey = Keymanager::getFileKey($this->view, $this, $relPath); + $shareKey = Keymanager::getShareKey($this->view, $this->userId, $this, $relPath); + // if file is encrypted but now file key is available, throw exception + if ($fileKey === false || $shareKey === false) { + \OCP\Util::writeLog('encryption library', 'No keys available to decrypt the file: ' . $filePath, \OCP\Util::ERROR); + $found['broken'][] = array( + 'name' => $file, + 'path' => $filePath, + ); + } else { + $found['encrypted'][] = array( + 'name' => $file, + 'path' => $filePath, + ); + } // If the file uses old // encryption system @@ -563,7 +571,7 @@ class Util { /** - * @param $path + * @param string $path * @return bool */ public function isSharedPath($path) { @@ -771,6 +779,12 @@ class Util { $successful = false; } + // if there are broken encrypted files than the complete decryption + // was not successful + if (!empty($found['broken'])) { + $successful = false; + } + if ($successful) { $this->view->deleteAll($this->keyfilesPath); $this->view->deleteAll($this->shareKeysPath); @@ -1031,7 +1045,7 @@ class Util { * @brief Decrypt a keyfile * @param string $filePath * @param string $privateKey - * @return bool|string + * @return false|string */ private function decryptKeyfile($filePath, $privateKey) { @@ -1110,12 +1124,15 @@ class Util { /** * @brief Find, sanitise and format users sharing a file * @note This wraps other methods into a portable bundle + * @param boolean $sharingEnabled */ public function getSharingUsersArray($sharingEnabled, $filePath, $currentUserId = false) { + $appConfig = \OC::$server->getAppConfig(); + // Check if key recovery is enabled if ( - \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled') + $appConfig->getValue('files_encryption', 'recoveryAdminEnabled') && $this->recoveryEnabledForUser() ) { $recoveryEnabled = true; @@ -1144,7 +1161,7 @@ class Util { // Admin UID to list of users to share to if ($recoveryEnabled) { // Find recoveryAdmin user ID - $recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); + $recoveryKeyId = $appConfig->getValue('files_encryption', 'recoveryKeyId'); // Add recoveryAdmin to list of users sharing $userIds[] = $recoveryKeyId; } @@ -1186,26 +1203,48 @@ class Util { } /** - * @brief start migration mode to initially encrypt users data + * @brief set migration status + * @param int $status * @return boolean */ - public function beginMigration() { - - $return = false; + private function setMigrationStatus($status) { - $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; - $args = array(self::MIGRATION_IN_PROGRESS, $this->userId, self::MIGRATION_OPEN); + $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; + $args = array($status, $this->userId); $query = \OCP\DB::prepare($sql); $manipulatedRows = $query->execute($args); if ($manipulatedRows === 1) { - $return = true; + $result = true; + \OCP\Util::writeLog('Encryption library', "Migration status set to " . self::MIGRATION_OPEN, \OCP\Util::INFO); + } else { + $result = false; + \OCP\Util::writeLog('Encryption library', "Could not set migration status to " . self::MIGRATION_OPEN, \OCP\Util::WARN); + } + + return $result; + } + + /** + * @brief start migration mode to initially encrypt users data + * @return boolean + */ + public function beginMigration() { + + $result = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS); + + if ($result) { \OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO); } else { \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ". Probably another process already started the initial encryption", \OCP\Util::WARN); } - return $return; + return $result; + } + + public function resetMigrationStatus() { + return $this->setMigrationStatus(self::MIGRATION_OPEN); + } /** @@ -1213,22 +1252,15 @@ class Util { * @return boolean */ public function finishMigration() { + $result = $this->setMigrationStatus(self::MIGRATION_COMPLETED); - $return = false; - - $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; - $args = array(self::MIGRATION_COMPLETED, $this->userId, self::MIGRATION_IN_PROGRESS); - $query = \OCP\DB::prepare($sql); - $manipulatedRows = $query->execute($args); - - if ($manipulatedRows === 1) { - $return = true; + if ($result) { \OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO); } else { \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN); } - return $return; + return $result; } /** |