aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
Diffstat (limited to 'apps')
-rw-r--r--apps/files_encryption/hooks/hooks.php23
-rwxr-xr-xapps/files_encryption/lib/helper.php14
-rwxr-xr-xapps/files_encryption/lib/keymanager.php4
-rw-r--r--apps/files_encryption/lib/proxy.php158
-rw-r--r--apps/files_encryption/lib/util.php69
-rwxr-xr-xapps/files_encryption/tests/webdav.php2
-rw-r--r--apps/files_versions/lib/versions.php17
7 files changed, 145 insertions, 142 deletions
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index 743593d798a..d1b08a0b978 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -332,6 +332,12 @@ class Hooks {
$sharingEnabled = \OCP\Share::isEnabled();
+ // get the path including mount point only if not a shared folder
+ if(strncmp($path, '/Shared' , strlen('/Shared') !== 0)) {
+ // get path including the the storage mount point
+ $path = $util->getPathWithMountPoint($params['itemSource']);
+ }
+
// if a folder was shared, get a list of all (sub-)folders
if ($params['itemType'] === 'folder') {
$allFiles = $util->getAllFiles($path);
@@ -381,17 +387,11 @@ class Hooks {
// rebuild path
foreach ($targetPathSplit as $pathPart) {
-
if ($pathPart !== $sharedPart) {
-
$path = '/' . $pathPart . $path;
-
} else {
-
break;
-
}
-
}
// prefix path with Shared
@@ -409,13 +409,16 @@ class Hooks {
}
}
+ // get the path including mount point only if not a shared folder
+ if(strncmp($path, '/Shared' , strlen('/Shared') !== 0)) {
+ // get path including the the storage mount point
+ $path = $util->getPathWithMountPoint($params['itemSource']);
+ }
+
// if we unshare a folder we need a list of all (sub-)files
if ($params['itemType'] === 'folder') {
-
- $allFiles = $util->getAllFiles($path);
-
+ $allFiles = $util->getAllFiles( $path );
} else {
-
$allFiles = array($path);
}
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 1b3e5b1a642..e078ab35541 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -186,4 +186,18 @@ class Helper {
return false;
}
}
+
+ /**
+ * @brief Format a path to be relative to the /user/files/ directory
+ * @param string $path the absolute path
+ * @return string e.g. turns '/admin/files/test.txt' into 'test.txt'
+ */
+ public static function stripUserFilesPath($path) {
+ $trimmed = ltrim($path, '/');
+ $split = explode('/', $trimmed);
+ $sliced = array_slice($split, 2);
+ $relPath = implode('/', $sliced);
+
+ return $relPath;
+ }
} \ No newline at end of file
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 9bb854325de..e911c1785df 100755
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -169,7 +169,7 @@ class Keymanager {
*/
public static function fixPartialFilePath($path) {
- if (preg_match('/\.part$/', $path)) {
+ if (preg_match('/\.part$/', $path) || preg_match('/\.etmp$/', $path)) {
$newLength = strlen($path) - 5;
$fPath = substr($path, 0, $newLength);
@@ -191,7 +191,7 @@ class Keymanager {
*/
public static function isPartialFilePath($path) {
- if (preg_match('/\.part$/', $path)) {
+ if (preg_match('/\.part$/', $path) || preg_match('/\.etmp$/', $path)) {
return true;
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index 11308612daf..0df34a38bd7 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -104,78 +104,40 @@ class Proxy extends \OC_FileProxy {
if (self::shouldEncrypt($path)) {
- // Stream put contents should have been converted to fopen
if (!is_resource($data)) {
- $userId = \OCP\USER::getUser();
+ // get root view
$view = new \OC_FilesystemView('/');
- $util = new Util($view, $userId);
- $session = new \OCA\Encryption\Session($view);
- $privateKey = $session->getPrivateKey();
- $filePath = $util->stripUserFilesPath($path);
- // Set the filesize for userland, before encrypting
- $size = strlen($data);
- // Disable encryption proxy to prevent recursive calls
- $proxyStatus = \OC_FileProxy::$enabled;
- \OC_FileProxy::$enabled = false;
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
- // Check if there is an existing key we can reuse
- if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) {
-
- // Fetch shareKey
- $shareKey = Keymanager::getShareKey($view, $userId, $filePath);
-
- // Decrypt the keyfile
- $plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
-
- } else {
-
- // Make a new key
- $plainKey = Crypt::generateKey();
-
- }
-
- // Encrypt data
- $encData = Crypt::symmetricEncryptFileContent($data, $plainKey);
-
- $sharingEnabled = \OCP\Share::isEnabled();
-
- // if file exists try to get sharing users
- if ($view->file_exists($path)) {
- $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId);
- } else {
- $uniqueUserIds[] = $userId;
+ if (!isset($relativePath)) {
+ return true;
}
- // Fetch public keys for all users who will share the file
- $publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds);
+ $handle = fopen('crypt://' . $relativePath . '.etmp', 'w');
+ if (is_resource($handle)) {
- // Encrypt plain keyfile to multiple sharefiles
- $multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys);
+ // write data to stream
+ fwrite($handle, $data);
- // Save sharekeys to user folders
- Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']);
+ // close stream
+ fclose($handle);
- // Set encrypted keyfile as common varname
- $encKey = $multiEncrypted['data'];
+ // disable encryption proxy to prevent recursive calls
+ $proxyStatus = \OC_FileProxy::$enabled;
+ \OC_FileProxy::$enabled = false;
- // Save keyfile for newly encrypted file in parallel directory tree
- Keymanager::setFileKey($view, $filePath, $userId, $encKey);
+ // get encrypted content
+ $data = $view->file_get_contents($path . '.etmp');
- // Replace plain content with encrypted content by reference
- $data = $encData;
-
- // Update the file cache with file info
- \OC\Files\Filesystem::putFileInfo($filePath, array(
- 'encrypted' => true,
- 'size' => strlen($data),
- 'unencrypted_size' => $size
- ), '');
-
- // Re-enable proxy - our work is done
- \OC_FileProxy::$enabled = $proxyStatus;
+ // remove our temp file
+ $view->unlink($path . '.etmp');
+ // re-enable proxy - our work is done
+ \OC_FileProxy::$enabled = $proxyStatus;
+ }
}
}
@@ -189,15 +151,11 @@ class Proxy extends \OC_FileProxy {
*/
public function postFile_get_contents($path, $data) {
- $userId = \OCP\USER::getUser();
+ $plainData = null;
$view = new \OC_FilesystemView('/');
- $util = new Util($view, $userId);
- $relPath = $util->stripUserFilesPath($path);
-
- // Disable encryption proxy to prevent recursive calls
- $proxyStatus = \OC_FileProxy::$enabled;
- \OC_FileProxy::$enabled = false;
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
// init session
$session = new \OCA\Encryption\Session($view);
@@ -208,28 +166,27 @@ class Proxy extends \OC_FileProxy {
&& Crypt::isCatfileContent($data)
) {
- $privateKey = $session->getPrivateKey($userId);
-
- // Get the encrypted keyfile
- $encKeyfile = Keymanager::getFileKey($view, $userId, $relPath);
-
- // Attempt to fetch the user's shareKey
- $shareKey = Keymanager::getShareKey($view, $userId, $relPath);
-
- // Decrypt keyfile with shareKey
- $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
+ $handle = fopen('crypt://' . $relativePath, 'r');
- $plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile);
+ if (is_resource($handle)) {
+ while (($plainDataChunk = fgets($handle, 8192)) !== false) {
+ $plainData .= $plainDataChunk;
+ }
+ }
} elseif (
Crypt::mode() == 'server'
&& \OC::$session->exists('legacyenckey')
&& Crypt::isEncryptedMeta($path)
) {
+ // Disable encryption proxy to prevent recursive calls
+ $proxyStatus = \OC_FileProxy::$enabled;
+ \OC_FileProxy::$enabled = false;
+
$plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey());
- }
- \OC_FileProxy::$enabled = $proxyStatus;
+ \OC_FileProxy::$enabled = $proxyStatus;
+ }
if (!isset($plainData)) {
@@ -261,10 +218,10 @@ class Proxy extends \OC_FileProxy {
$util = new Util($view, $userId);
- // Format path to be relative to user files dir
- $relPath = $util->stripUserFilesPath($path);
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
- list($owner, $ownerPath) = $util->getUidAndFilename($relPath);
+ list($owner, $ownerPath) = $util->getUidAndFilename($relativePath);
// Delete keyfile & shareKey so it isn't orphaned
if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) {
@@ -305,12 +262,14 @@ class Proxy extends \OC_FileProxy {
}
- // Reformat path for use with OC_FSV
- $path_split = explode('/', $path);
- $path_f = implode('/', array_slice($path_split, 3));
+ // split the path parts
+ $pathParts = explode('/', $path);
+
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
- if (isset($path_split) && $path_split[2] === 'cache') {
+ if (isset($pathParts[2]) && $pathParts[2] === 'cache') {
return $result;
}
@@ -335,14 +294,14 @@ class Proxy extends \OC_FileProxy {
// Open the file using the crypto stream wrapper
// protocol and let it do the decryption work instead
- $result = fopen('crypt://' . $path_f, $meta['mode']);
+ $result = fopen('crypt://' . $relativePath, $meta['mode']);
} elseif (
self::shouldEncrypt($path)
and $meta ['mode'] !== 'r'
and $meta['mode'] !== 'rb'
) {
- $result = fopen('crypt://' . $path_f, $meta['mode']);
+ $result = fopen('crypt://' . $relativePath, $meta['mode']);
}
// Re-enable the proxy
@@ -390,12 +349,11 @@ class Proxy extends \OC_FileProxy {
return $size;
}
- // Reformat path for use with OC_FSV
- $path_split = explode('/', $path);
- $path_f = implode('/', array_slice($path_split, 3));
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
// if path is empty we cannot resolve anything
- if (empty($path_f)) {
+ if (empty($relativePath)) {
return $size;
}
@@ -424,7 +382,7 @@ class Proxy extends \OC_FileProxy {
$fileInfo['unencrypted_size'] = $size;
// put file info if not .part file
- if (!Keymanager::isPartialFilePath($path_f)) {
+ if (!Keymanager::isPartialFilePath($relativePath)) {
$view->putFileInfo($path, $fileInfo);
}
}
@@ -447,21 +405,23 @@ class Proxy extends \OC_FileProxy {
$userId = \OCP\User::getUser();
$util = new Util($view, $userId);
- // Reformat path for use with OC_FSV
- $path_split = explode('/', $path);
- $path_f = implode('/', array_slice($path_split, 3));
+ // split the path parts
+ $pathParts = explode('/', $path);
+
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
// only if file is on 'files' folder fix file size and sharing
- if (isset($path_split) && $path_split[2] === 'files' && $util->fixFileSize($path)) {
+ if (isset($pathParts[2]) && $pathParts[2] === 'files' && $util->fixFileSize($path)) {
// get sharing app state
$sharingEnabled = \OCP\Share::isEnabled();
// get users
- $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f);
+ $usersSharing = $util->getSharingUsersArray($sharingEnabled, $relativePath);
// update sharing-keys
- $util->setSharedFileKeyfiles($session, $usersSharing, $path_f);
+ $util->setSharedFileKeyfiles($session, $usersSharing, $relativePath);
}
\OC_FileProxy::$enabled = $proxyStatus;
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 0d663549bf6..04bd4dc8aca 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -188,7 +188,9 @@ class Util {
/**
* @brief Sets up user folders and keys for serverside encryption
- * @param string $passphrase passphrase to encrypt server-stored private key with
+ *
+ * @param string $passphrase to encrypt server-stored private key with
+ * @return bool
*/
public function setupServerSide($passphrase = null) {
@@ -403,7 +405,7 @@ class Util {
) {
$filePath = $directory . '/' . $this->view->getRelativePath('/' . $file);
- $relPath = $this->stripUserFilesPath($filePath);
+ $relPath = \OCA\Encryption\Helper::stripUserFilesPath($filePath);
// If the path is a directory, search
// its contents
@@ -528,7 +530,7 @@ class Util {
/**
* @brief Check if a given path identifies an encrypted file
- * @param $path
+ * @param string $path
* @return boolean
*/
public function isEncryptedPath($path) {
@@ -541,7 +543,7 @@ class Util {
// we only need 24 byte from the last chunk
$data = '';
$handle = $this->view->fopen($path, 'r');
- if (!fseek($handle, -24, SEEK_END)) {
+ if (is_resource($handle) && !fseek($handle, -24, SEEK_END)) {
$data = fgets($handle);
}
@@ -565,11 +567,13 @@ class Util {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- // Reformat path for use with OC_FSV
- $pathSplit = explode('/', $path);
- $pathRelative = implode('/', array_slice($pathSplit, 3));
+ // split the path parts
+ $pathParts = explode('/', $path);
- if (isset($pathSplit[2]) && $pathSplit[2] === 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) {
+ // get relative path
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
+
+ if (isset($pathParts[2]) && $pathParts[2] === 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) {
// get the size from filesystem
$fullPath = $this->view->getLocalFile($path);
@@ -579,7 +583,7 @@ class Util {
$lastChunkNr = floor($size / 8192);
// open stream
- $stream = fopen('crypt://' . $pathRelative, "r");
+ $stream = fopen('crypt://' . $relativePath, "r");
if (is_resource($stream)) {
// calculate last chunk position
@@ -639,21 +643,7 @@ class Util {
return $result;
}
- /**
- * @brief Format a path to be relative to the /user/files/ directory
- * @note e.g. turns '/admin/files/test.txt' into 'test.txt'
- */
- public function stripUserFilesPath($path) {
-
- $trimmed = ltrim($path, '/');
- $split = explode('/', $trimmed);
- $sliced = array_slice($split, 2);
- $relPath = implode('/', $sliced);
-
- return $relPath;
-
- }
-
+
/**
* @param $path
* @return bool
@@ -748,7 +738,7 @@ class Util {
$recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys );
$rawPath = $legacyFile['path'];
- $relPath = $this->stripUserFilesPath($rawPath);
+ $relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath);
// Save keyfile
Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']);
@@ -903,6 +893,7 @@ class Util {
* @param string $filePath
* @param string $fileOwner
* @param string $privateKey
+ * @return bool|string
* @note Checks whether file was encrypted with openssl_seal or
* openssl_encrypt, and decrypts accrdingly
* @note This was used when 2 types of encryption for keyfiles was used,
@@ -1028,7 +1019,7 @@ class Util {
if ($sharingEnabled) {
// Find out who, if anyone, is sharing the file
- $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true, true, true);
+ $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true);
$userIds = $result['users'];
if ($result['public']) {
$userIds[] = $this->publicShareKeyId;
@@ -1136,6 +1127,7 @@ class Util {
/**
* @brief get uid of the owners of the file and the path to the file
* @param string $path Path of the file to check
+ * @throws \Exception
* @note $shareFilePath must be relative to data/UID/files. Files
* relative to /Shared are also acceptable
* @return array
@@ -1199,14 +1191,14 @@ class Util {
$result = array();
- $content = $this->view->getDirectoryContent($this->userFilesDir . $dir);
+ $content = $this->view->getDirectoryContent(\OC\Files\Filesystem::normalizePath($this->userFilesDir . '/' . $dir));
// handling for re shared folders
- $path_split = explode('/', $dir);
+ $pathSplit = explode('/', $dir);
foreach ($content as $c) {
- $sharedPart = $path_split[sizeof($path_split) - 1];
+ $sharedPart = $pathSplit[sizeof($pathSplit) - 1];
$targetPathSplit = array_reverse(explode('/', $c['path']));
$path = '';
@@ -1459,7 +1451,7 @@ class Util {
// Find out who, if anyone, is sharing the file
if ($sharingEnabled) {
- $result = \OCP\Share::getUsersSharingFile($file, $this->userId, true, true, true);
+ $result = \OCP\Share::getUsersSharingFile($file, $this->userId, true);
$userIds = $result['users'];
$userIds[] = $this->recoveryKeyId;
if ($result['public']) {
@@ -1535,4 +1527,21 @@ class Util {
$this->recoverAllFiles('/', $privateKey);
}
+ /**
+ * Get the path including the storage mount point
+ * @param int $id
+ * @return string the path including the mount point like AmazonS3/folder/file.txt
+ */
+ public function getPathWithMountPoint($id) {
+ list($storage, $internalPath) = \OC\Files\Cache\Cache::getById($id);
+ $mount = \OC\Files\Filesystem::getMountByStorageId($storage);
+ $mountPoint = $mount[0]->getMountPoint();
+ $path = \OC\Files\Filesystem::normalizePath($mountPoint.'/'.$internalPath);
+
+ // reformat the path to be relative e.g. /user/files/folder becomes /folder/
+ $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path);
+
+ return $relativePath;
+ }
+
}
diff --git a/apps/files_encryption/tests/webdav.php b/apps/files_encryption/tests/webdav.php
index 0b3bed93e1f..1d406789f0c 100755
--- a/apps/files_encryption/tests/webdav.php
+++ b/apps/files_encryption/tests/webdav.php
@@ -216,7 +216,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase {
*
* @param bool $body
*
- * @note this init procedure is copied from /apps/files/remote.php
+ * @note this init procedure is copied from /apps/files/appinfo/remote.php
*/
function handleWebdavRequest($body = false) {
// Backends
diff --git a/apps/files_versions/lib/versions.php b/apps/files_versions/lib/versions.php
index 5fdbef27743..4beb9e0fe5c 100644
--- a/apps/files_versions/lib/versions.php
+++ b/apps/files_versions/lib/versions.php
@@ -113,8 +113,16 @@ class Storage {
mkdir($versionsFolderName.'/'.$info['dirname'], 0750, true);
}
+ // disable proxy to prevent multiple fopen calls
+ $proxyStatus = \OC_FileProxy::$enabled;
+ \OC_FileProxy::$enabled = false;
+
// store a new version of a file
$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename));
+
+ // reset proxy state
+ \OC_FileProxy::$enabled = $proxyStatus;
+
$versionsSize = self::getVersionsSize($uid);
if ( $versionsSize === false || $versionsSize < 0 ) {
$versionsSize = self::calculateSize($uid);
@@ -195,7 +203,16 @@ class Storage {
//first create a new version
$version = 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename);
if ( !$users_view->file_exists($version)) {
+
+ // disable proxy to prevent multiple fopen calls
+ $proxyStatus = \OC_FileProxy::$enabled;
+ \OC_FileProxy::$enabled = false;
+
$users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename));
+
+ // reset proxy state
+ \OC_FileProxy::$enabled = $proxyStatus;
+
$versionCreated = true;
}