diff options
Diffstat (limited to 'lib/private/Encryption')
17 files changed, 346 insertions, 700 deletions
diff --git a/lib/private/Encryption/DecryptAll.php b/lib/private/Encryption/DecryptAll.php index 6d604e38d4b..70dd0c0f0b0 100644 --- a/lib/private/Encryption/DecryptAll.php +++ b/lib/private/Encryption/DecryptAll.php @@ -1,74 +1,36 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christian Jürges <christian@eqipe.ch> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author sammo2828 <sammo2828@gmail.com> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption; use OC\Encryption\Exceptions\DecryptionFailedException; use OC\Files\View; use OCP\Encryption\IEncryptionModule; +use OCP\Encryption\IManager; use OCP\IUserManager; use Symfony\Component\Console\Helper\ProgressBar; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class DecryptAll { - - /** @var OutputInterface */ + /** @var OutputInterface */ protected $output; - /** @var InputInterface */ + /** @var InputInterface */ protected $input; - /** @var Manager */ - protected $encryptionManager; - - /** @var IUserManager */ - protected $userManager; - - /** @var View */ - protected $rootView; - - /** @var array files which couldn't be decrypted */ + /** @var array files which couldn't be decrypted */ protected $failed; - /** - * @param Manager $encryptionManager - * @param IUserManager $userManager - * @param View $rootView - */ public function __construct( - Manager $encryptionManager, - IUserManager $userManager, - View $rootView + protected IManager $encryptionManager, + protected IUserManager $userManager, + protected View $rootView, ) { - $this->encryptionManager = $encryptionManager; - $this->userManager = $userManager; - $this->rootView = $rootView; $this->failed = []; } @@ -152,7 +114,7 @@ class DecryptAll { $fetchUsersProgress = new ProgressBar($this->output); $fetchUsersProgress->setFormat(" %message% \n [%bar%]"); $fetchUsersProgress->start(); - $fetchUsersProgress->setMessage("Fetch list of users..."); + $fetchUsersProgress->setMessage('Fetch list of users...'); $fetchUsersProgress->advance(); foreach ($this->userManager->getBackends() as $backend) { @@ -166,7 +128,7 @@ class DecryptAll { $offset += $limit; $fetchUsersProgress->advance(); } while (count($users) >= $limit); - $fetchUsersProgress->setMessage("Fetch list of users... finished"); + $fetchUsersProgress->setMessage('Fetch list of users... finished'); $fetchUsersProgress->finish(); } } else { @@ -178,7 +140,7 @@ class DecryptAll { $progress = new ProgressBar($this->output); $progress->setFormat(" %message% \n [%bar%]"); $progress->start(); - $progress->setMessage("starting to decrypt files..."); + $progress->setMessage('starting to decrypt files...'); $progress->advance(); $numberOfUsers = count($userList); @@ -189,7 +151,7 @@ class DecryptAll { $userNo++; } - $progress->setMessage("starting to decrypt files... finished"); + $progress->setMessage('starting to decrypt files... finished'); $progress->finish(); $this->output->writeln("\n\n"); @@ -250,7 +212,6 @@ class DecryptAll { * @return bool */ protected function decryptFile($path) { - // skip already decrypted files $fileInfo = $this->rootView->getFileInfo($path); if ($fileInfo !== false && !$fileInfo->isEncrypted()) { diff --git a/lib/private/Encryption/EncryptionEventListener.php b/lib/private/Encryption/EncryptionEventListener.php new file mode 100644 index 00000000000..d51b4b0d531 --- /dev/null +++ b/lib/private/Encryption/EncryptionEventListener.php @@ -0,0 +1,100 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +namespace OC\Encryption; + +use OC\Files\SetupManager; +use OC\Files\View; +use OCA\Files_Trashbin\Events\NodeRestoredEvent; +use OCP\Encryption\IFile; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\EventDispatcher\IEventListener; +use OCP\Files\Events\Node\NodeRenamedEvent; +use OCP\Files\NotFoundException; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IUserSession; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use Psr\Log\LoggerInterface; + +/** @template-implements IEventListener<NodeRenamedEvent|ShareCreatedEvent|ShareDeletedEvent|NodeRestoredEvent> */ +class EncryptionEventListener implements IEventListener { + private ?Update $updater = null; + + public function __construct( + private IUserSession $userSession, + private SetupManager $setupManager, + private Manager $encryptionManager, + private IUserManager $userManager, + ) { + } + + public static function register(IEventDispatcher $dispatcher): void { + $dispatcher->addServiceListener(NodeRenamedEvent::class, static::class); + $dispatcher->addServiceListener(ShareCreatedEvent::class, static::class); + $dispatcher->addServiceListener(ShareDeletedEvent::class, static::class); + $dispatcher->addServiceListener(NodeRestoredEvent::class, static::class); + } + + public function handle(Event $event): void { + if (!$this->encryptionManager->isEnabled()) { + return; + } + if ($event instanceof NodeRenamedEvent) { + $this->getUpdate()->postRename($event->getSource(), $event->getTarget()); + } elseif ($event instanceof ShareCreatedEvent) { + $this->getUpdate()->postShared($event->getShare()->getNode()); + } elseif ($event instanceof ShareDeletedEvent) { + try { + // In case the unsharing happens in a background job, we don't have + // a session and we load instead the user from the UserManager + $owner = $this->userManager->get($event->getShare()->getShareOwner()); + $this->getUpdate($owner)->postUnshared($event->getShare()->getNode()); + } catch (NotFoundException $e) { + /* The node was deleted already, nothing to update */ + } + } elseif ($event instanceof NodeRestoredEvent) { + $this->getUpdate()->postRestore($event->getTarget()); + } + } + + private function getUpdate(?IUser $owner = null): Update { + if (is_null($this->updater)) { + $user = $this->userSession->getUser(); + if (!$user && ($owner !== null)) { + $user = $owner; + } + if (!$user) { + throw new \Exception('Inconsistent data, File unshared, but owner not found. Should not happen'); + } + + $uid = $user->getUID(); + + if (!$this->setupManager->isSetupComplete($user)) { + $this->setupManager->setupForUser($user); + } + + $this->updater = new Update( + new Util( + new View(), + $this->userManager, + \OC::$server->getGroupManager(), + \OC::$server->getConfig()), + \OC::$server->getEncryptionManager(), + \OC::$server->get(IFile::class), + \OC::$server->get(LoggerInterface::class), + $uid + ); + } + + return $this->updater; + } +} diff --git a/lib/private/Encryption/EncryptionWrapper.php b/lib/private/Encryption/EncryptionWrapper.php index f2803fa5ff8..b9db9616538 100644 --- a/lib/private/Encryption/EncryptionWrapper.php +++ b/lib/private/Encryption/EncryptionWrapper.php @@ -1,26 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Julius Härtl <jus@bitgrid.net> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption; @@ -28,8 +11,11 @@ use OC\Files\Filesystem; use OC\Files\Storage\Wrapper\Encryption; use OC\Files\View; use OC\Memcache\ArrayCache; +use OCP\Encryption\IFile; +use OCP\Encryption\Keys\IStorage as EncryptionKeysStorage; use OCP\Files\Mount\IMountPoint; -use OCP\Files\Storage; +use OCP\Files\Storage\IDisableEncryptionStorage; +use OCP\Files\Storage\IStorage; use Psr\Log\LoggerInterface; /** @@ -40,11 +26,10 @@ use Psr\Log\LoggerInterface; * @package OC\Encryption */ class EncryptionWrapper { - - /** @var ArrayCache */ + /** @var ArrayCache */ private $arrayCache; - /** @var Manager */ + /** @var Manager */ private $manager; private LoggerInterface $logger; @@ -53,8 +38,8 @@ class EncryptionWrapper { * EncryptionWrapper constructor. */ public function __construct(ArrayCache $arrayCache, - Manager $manager, - LoggerInterface $logger + Manager $manager, + LoggerInterface $logger, ) { $this->arrayCache = $arrayCache; $this->manager = $manager; @@ -65,23 +50,24 @@ class EncryptionWrapper { * Wraps the given storage when it is not a shared storage * * @param string $mountPoint - * @param Storage $storage + * @param IStorage $storage * @param IMountPoint $mount - * @return Encryption|Storage + * @param bool $force apply the wrapper even if the storage normally has encryption disabled, helpful for repair steps + * @return Encryption|IStorage */ - public function wrapStorage($mountPoint, Storage $storage, IMountPoint $mount) { + public function wrapStorage(string $mountPoint, IStorage $storage, IMountPoint $mount, bool $force = false) { $parameters = [ 'storage' => $storage, 'mountPoint' => $mountPoint, 'mount' => $mount ]; - if (!$storage->instanceOfStorage(Storage\IDisableEncryptionStorage::class) && $mountPoint !== '/') { + if ($force || (!$storage->instanceOfStorage(IDisableEncryptionStorage::class) && $mountPoint !== '/')) { $user = \OC::$server->getUserSession()->getUser(); $mountManager = Filesystem::getMountManager(); $uid = $user ? $user->getUID() : null; - $fileHelper = \OC::$server->getEncryptionFilesHelper(); - $keyStorage = \OC::$server->getEncryptionKeyStorage(); + $fileHelper = \OC::$server->get(IFile::class); + $keyStorage = \OC::$server->get(EncryptionKeysStorage::class); $util = new Util( new View(), @@ -89,15 +75,6 @@ class EncryptionWrapper { \OC::$server->getGroupManager(), \OC::$server->getConfig() ); - $update = new Update( - new View(), - $util, - Filesystem::getMountManager(), - $this->manager, - $fileHelper, - $this->logger, - $uid - ); return new Encryption( $parameters, $this->manager, @@ -106,7 +83,6 @@ class EncryptionWrapper { $fileHelper, $uid, $keyStorage, - $update, $mountManager, $this->arrayCache ); diff --git a/lib/private/Encryption/Exceptions/DecryptionFailedException.php b/lib/private/Encryption/Exceptions/DecryptionFailedException.php index c67edabd0ce..bdda5b381b6 100644 --- a/lib/private/Encryption/Exceptions/DecryptionFailedException.php +++ b/lib/private/Encryption/Exceptions/DecryptionFailedException.php @@ -1,24 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Clark Tomlinson <fallen013@gmail.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; diff --git a/lib/private/Encryption/Exceptions/EmptyEncryptionDataException.php b/lib/private/Encryption/Exceptions/EmptyEncryptionDataException.php index 9a86d876d6a..a2829a8c09c 100644 --- a/lib/private/Encryption/Exceptions/EmptyEncryptionDataException.php +++ b/lib/private/Encryption/Exceptions/EmptyEncryptionDataException.php @@ -1,25 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Clark Tomlinson <fallen013@gmail.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; diff --git a/lib/private/Encryption/Exceptions/EncryptionFailedException.php b/lib/private/Encryption/Exceptions/EncryptionFailedException.php index 8797df51e8e..04ca6eba79c 100644 --- a/lib/private/Encryption/Exceptions/EncryptionFailedException.php +++ b/lib/private/Encryption/Exceptions/EncryptionFailedException.php @@ -1,25 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Clark Tomlinson <fallen013@gmail.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; diff --git a/lib/private/Encryption/Exceptions/EncryptionHeaderKeyExistsException.php b/lib/private/Encryption/Exceptions/EncryptionHeaderKeyExistsException.php index 7c9e70b4958..52f488e2956 100644 --- a/lib/private/Encryption/Exceptions/EncryptionHeaderKeyExistsException.php +++ b/lib/private/Encryption/Exceptions/EncryptionHeaderKeyExistsException.php @@ -1,35 +1,19 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; use OCP\Encryption\Exceptions\GenericEncryptionException; class EncryptionHeaderKeyExistsException extends GenericEncryptionException { - /** * @param string $key */ public function __construct($key) { - parent::__construct('header key "'. $key . '" already reserved by ownCloud'); + parent::__construct('header key "' . $key . '" already reserved by ownCloud'); } } diff --git a/lib/private/Encryption/Exceptions/EncryptionHeaderToLargeException.php b/lib/private/Encryption/Exceptions/EncryptionHeaderToLargeException.php index 45d70dd5f8f..dace9527305 100644 --- a/lib/private/Encryption/Exceptions/EncryptionHeaderToLargeException.php +++ b/lib/private/Encryption/Exceptions/EncryptionHeaderToLargeException.php @@ -1,24 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Clark Tomlinson <fallen013@gmail.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; diff --git a/lib/private/Encryption/Exceptions/ModuleAlreadyExistsException.php b/lib/private/Encryption/Exceptions/ModuleAlreadyExistsException.php index 64b34e1b883..72ff00befc3 100644 --- a/lib/private/Encryption/Exceptions/ModuleAlreadyExistsException.php +++ b/lib/private/Encryption/Exceptions/ModuleAlreadyExistsException.php @@ -1,31 +1,15 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; use OCP\Encryption\Exceptions\GenericEncryptionException; class ModuleAlreadyExistsException extends GenericEncryptionException { - /** * @param string $id * @param string $name diff --git a/lib/private/Encryption/Exceptions/ModuleDoesNotExistsException.php b/lib/private/Encryption/Exceptions/ModuleDoesNotExistsException.php index e0ce8616432..8ec382f176d 100644 --- a/lib/private/Encryption/Exceptions/ModuleDoesNotExistsException.php +++ b/lib/private/Encryption/Exceptions/ModuleDoesNotExistsException.php @@ -1,24 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; diff --git a/lib/private/Encryption/Exceptions/UnknownCipherException.php b/lib/private/Encryption/Exceptions/UnknownCipherException.php index fbb923ce521..a64a413bf8e 100644 --- a/lib/private/Encryption/Exceptions/UnknownCipherException.php +++ b/lib/private/Encryption/Exceptions/UnknownCipherException.php @@ -1,24 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Clark Tomlinson <fallen013@gmail.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Exceptions; diff --git a/lib/private/Encryption/File.php b/lib/private/Encryption/File.php index 2c486dfade6..26e643d1006 100644 --- a/lib/private/Encryption/File.php +++ b/lib/private/Encryption/File.php @@ -1,74 +1,56 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption; -use OC\Cache\CappedMemoryCache; use OCA\Files_External\Service\GlobalStoragesService; +use OCP\App\IAppManager; +use OCP\Cache\CappedMemoryCache; use OCP\Files\IRootFolder; use OCP\Files\NotFoundException; use OCP\Share\IManager; class File implements \OCP\Encryption\IFile { - - /** @var Util */ - protected $util; - - /** @var IRootFolder */ - private $rootFolder; - - /** @var IManager */ - private $shareManager; + protected Util $util; + private IRootFolder $rootFolder; + private IManager $shareManager; /** - * cache results of already checked folders - * - * @var array + * Cache results of already checked folders + * @var CappedMemoryCache<array> */ - protected $cache; + protected CappedMemoryCache $cache; + private ?IAppManager $appManager = null; public function __construct(Util $util, - IRootFolder $rootFolder, - IManager $shareManager) { + IRootFolder $rootFolder, + IManager $shareManager) { $this->util = $util; $this->cache = new CappedMemoryCache(); $this->rootFolder = $rootFolder; $this->shareManager = $shareManager; } + public function getAppManager(): IAppManager { + // Lazy evaluate app manager as it initialize the db too early otherwise + if ($this->appManager) { + return $this->appManager; + } + $this->appManager = \OCP\Server::get(IAppManager::class); + return $this->appManager; + } /** - * get list of users with access to the file + * Get list of users with access to the file * * @param string $path to the file - * @return array ['users' => $uniqueUserIds, 'public' => $public] + * @return array{users: string[], public: bool} */ public function getAccessList($path) { - // Make sure that a share key is generated for the owner too [$owner, $ownerPath] = $this->util->getUidAndFilename($path); @@ -110,7 +92,7 @@ class File implements \OCP\Encryption\IFile { } // check if it is a group mount - if (\OCP\App::isEnabled("files_external")) { + if ($this->getAppManager()->isEnabledForUser('files_external')) { /** @var GlobalStoragesService $storageService */ $storageService = \OC::$server->get(GlobalStoragesService::class); $storages = $storageService->getAllStorages(); diff --git a/lib/private/Encryption/HookManager.php b/lib/private/Encryption/HookManager.php deleted file mode 100644 index a2d6b990a88..00000000000 --- a/lib/private/Encryption/HookManager.php +++ /dev/null @@ -1,78 +0,0 @@ -<?php -/** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Julius Härtl <jus@bitgrid.net> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ -namespace OC\Encryption; - -use OC\Files\Filesystem; -use OC\Files\View; -use Psr\Log\LoggerInterface; - -class HookManager { - /** - * @var Update - */ - private static $updater; - - public static function postShared($params) { - self::getUpdate()->postShared($params); - } - public static function postUnshared($params) { - self::getUpdate()->postUnshared($params); - } - - public static function postRename($params) { - self::getUpdate()->postRename($params); - } - - public static function postRestore($params) { - self::getUpdate()->postRestore($params); - } - - /** - * @return Update - */ - private static function getUpdate() { - if (is_null(self::$updater)) { - $user = \OC::$server->getUserSession()->getUser(); - $uid = ''; - if ($user) { - $uid = $user->getUID(); - } - self::$updater = new Update( - new View(), - new Util( - new View(), - \OC::$server->getUserManager(), - \OC::$server->getGroupManager(), - \OC::$server->getConfig()), - Filesystem::getMountManager(), - \OC::$server->getEncryptionManager(), - \OC::$server->getEncryptionFilesHelper(), - \OC::$server->get(LoggerInterface::class), - $uid - ); - } - - return self::$updater; - } -} diff --git a/lib/private/Encryption/Keys/Storage.php b/lib/private/Encryption/Keys/Storage.php index a3772af5878..cce22b9138a 100644 --- a/lib/private/Encryption/Keys/Storage.php +++ b/lib/private/Encryption/Keys/Storage.php @@ -1,29 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption\Keys; @@ -37,7 +17,6 @@ use OCP\IConfig; use OCP\Security\ICrypto; class Storage implements IStorage { - // hidden file which indicate that the folder is a valid key storage public const KEY_STORAGE_MARKER = '.oc_key_storage'; @@ -79,8 +58,8 @@ class Storage implements IStorage { $this->util = $util; $this->encryption_base_dir = '/files_encryption'; - $this->keys_base_dir = $this->encryption_base_dir .'/keys'; - $this->backup_base_dir = $this->encryption_base_dir .'/backup'; + $this->keys_base_dir = $this->encryption_base_dir . '/keys'; + $this->backup_base_dir = $this->encryption_base_dir . '/backup'; $this->root_dir = $this->util->getKeyStorageRoot(); $this->crypto = $crypto; $this->config = $config; @@ -99,14 +78,14 @@ class Storage implements IStorage { */ public function getFileKey($path, $keyId, $encryptionModuleId) { $realFile = $this->util->stripPartialFileExtension($path); - $keyDir = $this->getFileKeyDir($encryptionModuleId, $realFile); + $keyDir = $this->util->getFileKeyDir($encryptionModuleId, $realFile); $key = $this->getKey($keyDir . $keyId)['key']; if ($key === '' && $realFile !== $path) { // Check if the part file has keys and use them, if no normal keys // exist. This is required to fix copyBetweenStorage() when we // rename a .part file over storage borders. - $keyDir = $this->getFileKeyDir($encryptionModuleId, $path); + $keyDir = $this->util->getFileKeyDir($encryptionModuleId, $path); $key = $this->getKey($keyDir . $keyId)['key']; } @@ -136,7 +115,7 @@ class Storage implements IStorage { * @inheritdoc */ public function setFileKey($path, $keyId, $key, $encryptionModuleId) { - $keyDir = $this->getFileKeyDir($encryptionModuleId, $path); + $keyDir = $this->util->getFileKeyDir($encryptionModuleId, $path); return $this->setKey($keyDir . $keyId, [ 'key' => base64_encode($key), ]); @@ -178,7 +157,7 @@ class Storage implements IStorage { * @inheritdoc */ public function deleteFileKey($path, $keyId, $encryptionModuleId) { - $keyDir = $this->getFileKeyDir($encryptionModuleId, $path); + $keyDir = $this->util->getFileKeyDir($encryptionModuleId, $path); return !$this->view->file_exists($keyDir . $keyId) || $this->view->unlink($keyDir . $keyId); } @@ -186,7 +165,7 @@ class Storage implements IStorage { * @inheritdoc */ public function deleteAllFileKeys($path) { - $keyDir = $this->getFileKeyDir('', $path); + $keyDir = $this->util->getFileKeyDir('', $path); return !$this->view->file_exists($keyDir) || $this->view->deleteAll($keyDir); } @@ -238,7 +217,7 @@ class Storage implements IStorage { if (!array_key_exists('uid', $data) || $data['uid'] !== $uid) { // If the migration is done we error out - $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0'); + $versionFromBeforeUpdate = $this->config->getSystemValueString('version', '0.0.0.0'); if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) { return $data['key']; } @@ -273,7 +252,7 @@ class Storage implements IStorage { $data = $this->view->file_get_contents($path); // Version <20.0.0.1 doesn't have this - $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0'); + $versionFromBeforeUpdate = $this->config->getSystemValueString('version', '0.0.0.0'); if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) { $key = [ 'key' => base64_encode($data), @@ -336,7 +315,7 @@ class Storage implements IStorage { private function setKey($path, $key) { $this->keySetPreparation(dirname($path)); - $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0'); + $versionFromBeforeUpdate = $this->config->getSystemValueString('version', '0.0.0.0'); if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) { // Only store old format if this happens during the migration. // TODO: Remove for 21 @@ -357,26 +336,6 @@ class Storage implements IStorage { } /** - * get path to key folder for a given file - * - * @param string $encryptionModuleId - * @param string $path path to the file, relative to data/ - * @return string - */ - private function getFileKeyDir($encryptionModuleId, $path) { - [$owner, $filename] = $this->util->getUidAndFilename($path); - - // in case of system wide mount points the keys are stored directly in the data directory - if ($this->util->isSystemWideMountPoint($filename, $owner)) { - $keyPath = $this->root_dir . '/' . $this->keys_base_dir . $filename . '/'; - } else { - $keyPath = $this->root_dir . '/' . $owner . $this->keys_base_dir . $filename . '/'; - } - - return Filesystem::normalizePath($keyPath . $encryptionModuleId . '/', false); - } - - /** * move keys if a file was renamed * * @param string $source diff --git a/lib/private/Encryption/Manager.php b/lib/private/Encryption/Manager.php index 5788da990d5..a07c778bfe0 100644 --- a/lib/private/Encryption/Manager.php +++ b/lib/private/Encryption/Manager.php @@ -1,27 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption; @@ -32,40 +14,24 @@ use OC\Memcache\ArrayCache; use OC\ServiceUnavailableException; use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IManager; +use OCP\Files\Mount\IMountPoint; +use OCP\Files\Storage\IStorage; use OCP\IConfig; use OCP\IL10N; use Psr\Log\LoggerInterface; class Manager implements IManager { - - /** @var array */ - protected $encryptionModules; - - /** @var IConfig */ - protected $config; - - protected LoggerInterface $logger; - - /** @var Il10n */ - protected $l; - - /** @var View */ - protected $rootView; - - /** @var Util */ - protected $util; - - /** @var ArrayCache */ - protected $arrayCache; - - public function __construct(IConfig $config, LoggerInterface $logger, IL10N $l10n, View $rootView, Util $util, ArrayCache $arrayCache) { + protected array $encryptionModules; + + public function __construct( + protected IConfig $config, + protected LoggerInterface $logger, + protected IL10N $l, + protected View $rootView, + protected Util $util, + protected ArrayCache $arrayCache, + ) { $this->encryptionModules = []; - $this->config = $config; - $this->logger = $logger; - $this->l = $l10n; - $this->rootView = $rootView; - $this->util = $util; - $this->arrayCache = $arrayCache; } /** @@ -74,7 +40,7 @@ class Manager implements IManager { * @return bool true if enabled, false if not */ public function isEnabled() { - $installed = $this->config->getSystemValue('installed', false); + $installed = $this->config->getSystemValueBool('installed', false); if (!$installed) { return false; } @@ -235,6 +201,11 @@ class Manager implements IManager { } } + public function forceWrapStorage(IMountPoint $mountPoint, IStorage $storage) { + $encryptionWrapper = new EncryptionWrapper($this->arrayCache, $this, $this->logger); + return $encryptionWrapper->wrapStorage($mountPoint->getMountPoint(), $storage, $mountPoint, true); + } + /** * check if key storage is ready diff --git a/lib/private/Encryption/Update.php b/lib/private/Encryption/Update.php index 9996d6e077c..293a1ce653c 100644 --- a/lib/private/Encryption/Update.php +++ b/lib/private/Encryption/Update.php @@ -1,166 +1,85 @@ <?php + +declare(strict_types=1); + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Julius Härtl <jus@bitgrid.net> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Encryption; use InvalidArgumentException; -use OC\Files\Filesystem; -use OC\Files\Mount; use OC\Files\View; use OCP\Encryption\Exceptions\GenericEncryptionException; +use OCP\Files\File as OCPFile; +use OCP\Files\Folder; +use OCP\Files\NotFoundException; use Psr\Log\LoggerInterface; /** * update encrypted files, e.g. because a file was shared */ class Update { - - /** @var View */ - protected $view; - - /** @var Util */ - protected $util; - - /** @var \OC\Files\Mount\Manager */ - protected $mountManager; - - /** @var Manager */ - protected $encryptionManager; - - /** @var string */ - protected $uid; - - /** @var File */ - protected $file; - - /** @var LoggerInterface */ - protected $logger; - - /** - * @param string $uid - */ public function __construct( - View $view, - Util $util, - Mount\Manager $mountManager, - Manager $encryptionManager, - File $file, - LoggerInterface $logger, - $uid - ) { - $this->view = $view; - $this->util = $util; - $this->mountManager = $mountManager; - $this->encryptionManager = $encryptionManager; - $this->file = $file; - $this->logger = $logger; - $this->uid = $uid; + protected Util $util, + protected Manager $encryptionManager, + protected File $file, + protected LoggerInterface $logger, + protected string $uid, + ) { } /** * hook after file was shared - * - * @param array $params */ - public function postShared($params) { - if ($this->encryptionManager->isEnabled()) { - if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') { - $path = Filesystem::getPath($params['fileSource']); - [$owner, $ownerPath] = $this->getOwnerPath($path); - $absPath = '/' . $owner . '/files/' . $ownerPath; - $this->update($absPath); - } - } + public function postShared(OCPFile|Folder $node): void { + $this->update($node); } /** * hook after file was unshared - * - * @param array $params */ - public function postUnshared($params) { - if ($this->encryptionManager->isEnabled()) { - if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') { - $path = Filesystem::getPath($params['fileSource']); - [$owner, $ownerPath] = $this->getOwnerPath($path); - $absPath = '/' . $owner . '/files/' . $ownerPath; - $this->update($absPath); - } - } + public function postUnshared(OCPFile|Folder $node): void { + $this->update($node); } /** * inform encryption module that a file was restored from the trash bin, * e.g. to update the encryption keys - * - * @param array $params */ - public function postRestore($params) { - if ($this->encryptionManager->isEnabled()) { - $path = Filesystem::normalizePath('/' . $this->uid . '/files/' . $params['filePath']); - $this->update($path); - } + public function postRestore(OCPFile|Folder $node): void { + $this->update($node); } /** * inform encryption module that a file was renamed, * e.g. to update the encryption keys - * - * @param array $params */ - public function postRename($params) { - $source = $params['oldpath']; - $target = $params['newpath']; - if ( - $this->encryptionManager->isEnabled() && - dirname($source) !== dirname($target) - ) { - [$owner, $ownerPath] = $this->getOwnerPath($target); - $absPath = '/' . $owner . '/files/' . $ownerPath; - $this->update($absPath); + public function postRename(OCPFile|Folder $source, OCPFile|Folder $target): void { + if (dirname($source->getPath()) !== dirname($target->getPath())) { + $this->update($target); } } /** - * get owner and path relative to data/<owner>/files + * get owner and path relative to data/ * - * @param string $path path to file for current user - * @return array ['owner' => $owner, 'path' => $path] - * @throw \InvalidArgumentException + * @throws \InvalidArgumentException */ - protected function getOwnerPath($path) { - $info = Filesystem::getFileInfo($path); - $owner = Filesystem::getOwner($path); + protected function getOwnerPath(OCPFile|Folder $node): string { + $owner = $node->getOwner()?->getUID(); + if ($owner === null) { + throw new InvalidArgumentException('No owner found for ' . $node->getId()); + } $view = new View('/' . $owner . '/files'); - $path = $view->getPath($info->getId()); - if ($path === null) { - throw new InvalidArgumentException('No file found for ' . $info->getId()); + try { + $path = $view->getPath($node->getId()); + } catch (NotFoundException $e) { + throw new InvalidArgumentException('No file found for ' . $node->getId(), previous:$e); } - - return [$owner, $path]; + return '/' . $owner . '/files/' . $path; } /** @@ -169,7 +88,7 @@ class Update { * @param string $path relative to data/ * @throws Exceptions\ModuleDoesNotExistsException */ - public function update($path) { + public function update(OCPFile|Folder $node): void { $encryptionModule = $this->encryptionManager->getEncryptionModule(); // if the encryption module doesn't encrypt the files on a per-user basis @@ -178,15 +97,14 @@ class Update { return; } + $path = $this->getOwnerPath($node); // if a folder was shared, get a list of all (sub-)folders - if ($this->view->is_dir($path)) { + if ($node instanceof Folder) { $allFiles = $this->util->getAllFiles($path); } else { $allFiles = [$path]; } - - foreach ($allFiles as $file) { $usersSharing = $this->file->getAccessList($file); try { diff --git a/lib/private/Encryption/Util.php b/lib/private/Encryption/Util.php index dc878ba8fc1..2d7bc28129b 100644 --- a/lib/private/Encryption/Util.php +++ b/lib/private/Encryption/Util.php @@ -1,29 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Jan-Christoph Borchardt <hey@jancborchardt.net> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Encryption; @@ -32,11 +12,12 @@ use OC\Encryption\Exceptions\EncryptionHeaderToLargeException; use OC\Encryption\Exceptions\ModuleDoesNotExistsException; use OC\Files\Filesystem; use OC\Files\View; -use OCA\Files_External\Lib\StorageConfig; -use OCA\Files_External\Service\GlobalStoragesService; use OCP\Encryption\IEncryptionModule; +use OCP\Files\Mount\ISystemMountPoint; use OCP\IConfig; +use OCP\IGroupManager; use OCP\IUser; +use OCP\IUserManager; class Util { public const HEADER_START = 'HBEGIN'; @@ -65,29 +46,23 @@ class Util { /** @var array */ protected $ocHeaderKeys; - /** @var \OC\User\Manager */ - protected $userManager; - /** @var IConfig */ protected $config; /** @var array paths excluded from encryption */ - protected $excludedPaths; - - /** @var \OC\Group\Manager $manager */ - protected $groupManager; + protected array $excludedPaths = []; + protected IGroupManager $groupManager; + protected IUserManager $userManager; /** * * @param View $rootView - * @param \OC\User\Manager $userManager - * @param \OC\Group\Manager $groupManager * @param IConfig $config */ public function __construct( View $rootView, - \OC\User\Manager $userManager, - \OC\Group\Manager $groupManager, + IUserManager $userManager, + IGroupManager $groupManager, IConfig $config) { $this->ocHeaderKeys = [ self::HEADER_ENCRYPTION_MODULE_KEY @@ -99,7 +74,7 @@ class Util { $this->config = $config; $this->excludedPaths[] = 'files_encryption'; - $this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null); + $this->excludedPaths[] = 'appdata_' . $config->getSystemValueString('instanceid'); $this->excludedPaths[] = 'files_external'; } @@ -110,7 +85,7 @@ class Util { * @return string * @throws ModuleDoesNotExistsException */ - public function getEncryptionModuleId(array $header = null) { + public function getEncryptionModuleId(?array $header = null) { $id = ''; $encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY; @@ -220,7 +195,7 @@ class Util { * get the owner and the path for the file relative to the owners files folder * * @param string $path - * @return array + * @return array{0: string, 1: string} * @throws \BadMethodCallException */ public function getUidAndFilename($path) { @@ -275,7 +250,7 @@ class Util { } else { $result = array_merge($result, $users); - $groupManager = \OC::$server->getGroupManager(); + $groupManager = $this->groupManager; foreach ($groups as $group) { $groupObject = $groupManager->get($group); if ($groupObject) { @@ -298,45 +273,9 @@ class Util { * @param string $uid * @return boolean */ - public function isSystemWideMountPoint($path, $uid) { - if (\OCP\App::isEnabled("files_external")) { - /** @var GlobalStoragesService $storageService */ - $storageService = \OC::$server->get(GlobalStoragesService::class); - $storages = $storageService->getAllStorages(); - foreach ($storages as $storage) { - if (strpos($path, '/files/' . $storage->getMountPoint()) === 0) { - if ($this->isMountPointApplicableToUser($storage, $uid)) { - return true; - } - } - } - } - return false; - } - - /** - * check if mount point is applicable to user - * - * @param StorageConfig $mount - * @param string $uid - * @return boolean - */ - private function isMountPointApplicableToUser(StorageConfig $mount, string $uid) { - if ($mount->getApplicableUsers() === [] && $mount->getApplicableGroups() === []) { - // applicable for everyone - return true; - } - // check if mount point is applicable for the user - if (array_search($uid, $mount->getApplicableUsers()) !== false) { - return true; - } - // check if mount point is applicable for group where the user is a member - foreach ($mount->getApplicableGroups() as $gid) { - if ($this->groupManager->isInGroup($uid, $gid)) { - return true; - } - } - return false; + public function isSystemWideMountPoint(string $path, string $uid) { + $mount = Filesystem::getMountManager()->find('/' . $uid . $path); + return $mount instanceof ISystemMountPoint; } /** @@ -349,14 +288,10 @@ class Util { $normalizedPath = Filesystem::normalizePath($path); $root = explode('/', $normalizedPath, 4); if (count($root) > 1) { - // detect alternative key storage root $rootDir = $this->getKeyStorageRoot(); - if ($rootDir !== '' && - 0 === strpos( - Filesystem::normalizePath($path), - Filesystem::normalizePath($rootDir) - ) + if ($rootDir !== '' + && str_starts_with(Filesystem::normalizePath($path), Filesystem::normalizePath($rootDir)) ) { return true; } @@ -369,7 +304,7 @@ class Util { // detect user specific folders if ($this->userManager->userExists($root[1]) - && in_array($root[2], $this->excludedPaths)) { + && in_array($root[2] ?? '', $this->excludedPaths)) { return true; } } @@ -377,32 +312,78 @@ class Util { } /** - * check if recovery key is enabled for user - * - * @param string $uid - * @return boolean + * Check if recovery key is enabled for user */ - public function recoveryEnabled($uid) { + public function recoveryEnabled(string $uid): bool { $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0'); return $enabled === '1'; } /** - * set new key storage root + * Set new key storage root * * @param string $root new key store root relative to the data folder */ - public function setKeyStorageRoot($root) { + public function setKeyStorageRoot(string $root): void { $this->config->setAppValue('core', 'encryption_key_storage_root', $root); } /** - * get key storage root + * Get key storage root * * @return string key storage root */ - public function getKeyStorageRoot() { + public function getKeyStorageRoot(): string { return $this->config->getAppValue('core', 'encryption_key_storage_root', ''); } + + /** + * parse raw header to array + * + * @param string $rawHeader + * @return array + */ + public function parseRawHeader(string $rawHeader) { + $result = []; + if (str_starts_with($rawHeader, Util::HEADER_START)) { + $header = $rawHeader; + $endAt = strpos($header, Util::HEADER_END); + if ($endAt !== false) { + $header = substr($header, 0, $endAt + strlen(Util::HEADER_END)); + + // +1 to not start with an ':' which would result in empty element at the beginning + $exploded = explode(':', substr($header, strlen(Util::HEADER_START) + 1)); + + $element = array_shift($exploded); + while ($element !== Util::HEADER_END && $element !== null) { + $result[$element] = array_shift($exploded); + $element = array_shift($exploded); + } + } + } + + return $result; + } + + /** + * get path to key folder for a given file + * + * @param string $encryptionModuleId + * @param string $path path to the file, relative to data/ + * @return string + */ + public function getFileKeyDir(string $encryptionModuleId, string $path): string { + [$owner, $filename] = $this->getUidAndFilename($path); + $root = $this->getKeyStorageRoot(); + + // in case of system-wide mount points the keys are stored directly in the data directory + if ($this->isSystemWideMountPoint($filename, $owner)) { + $keyPath = $root . '/' . '/files_encryption/keys' . $filename . '/'; + } else { + $keyPath = $root . '/' . $owner . '/files_encryption/keys' . $filename . '/'; + } + + return Filesystem::normalizePath($keyPath . $encryptionModuleId . '/', false); + } } |