From b920f888ae6efab4febfd5138684e91621ea8dd8 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 29 Oct 2014 12:22:50 +0100 Subject: Fix moving share keys as non-owner to subdir This fix gathers the share keys BEFORE a file is moved to make sure that findShareKeys() is able to find all relevant keys when the file still exists. After the move/copy operation the keys are moved/copied to the target dir. Also: refactored preRename and preCopy into a single function to avoid duplicate code. --- apps/files_encryption/hooks/hooks.php | 58 ++++++++++++++++------------------- 1 file changed, 26 insertions(+), 32 deletions(-) (limited to 'apps/files_encryption') diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index e004d4a1d63..3a0a37c0a59 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -409,34 +409,18 @@ class Hooks { * @param array $params with the old path and the new path */ public static function preRename($params) { - $user = \OCP\User::getUser(); - $view = new \OC\Files\View('/'); - $util = new Util($view, $user); - list($ownerOld, $pathOld) = $util->getUidAndFilename($params['oldpath']); - - // we only need to rename the keys if the rename happens on the same mountpoint - // otherwise we perform a stream copy, so we get a new set of keys - $mp1 = $view->getMountPoint('/' . $user . '/files/' . $params['oldpath']); - $mp2 = $view->getMountPoint('/' . $user . '/files/' . $params['newpath']); - - $type = $view->is_dir('/' . $user . '/files/' . $params['oldpath']) ? 'folder' : 'file'; - - if ($mp1 === $mp2) { - self::$renamedFiles[$params['oldpath']] = array( - 'uid' => $ownerOld, - 'path' => $pathOld, - 'type' => $type, - 'operation' => 'rename', - ); - - } + self::preRenameOrCopy($params, 'rename'); } /** - * mark file as renamed so that we know the original source after the file was renamed + * mark file as copied so that we know the original source after the file was copied * @param array $params with the old path and the new path */ public static function preCopy($params) { + self::preRenameOrCopy($params, 'copy'); + } + + private static function preRenameOrCopy($params, $operation) { $user = \OCP\User::getUser(); $view = new \OC\Files\View('/'); $util = new Util($view, $user); @@ -450,11 +434,27 @@ class Hooks { $type = $view->is_dir('/' . $user . '/files/' . $params['oldpath']) ? 'folder' : 'file'; if ($mp1 === $mp2) { + if ($util->isSystemWideMountPoint($pathOld)) { + $oldShareKeyPath = 'files_encryption/share-keys/' . $pathOld; + } else { + $oldShareKeyPath = $ownerOld . '/' . 'files_encryption/share-keys/' . $pathOld; + } + // gather share keys here because in postRename() the file will be moved already + $oldShareKeys = Helper::findShareKeys($pathOld, $oldShareKeyPath, $view); + if (count($oldShareKeys) === 0) { + \OC_Log::write( + 'Encryption library', 'No share keys found for "' . $pathOld . '"', + \OC_Log::WARN + ); + } self::$renamedFiles[$params['oldpath']] = array( 'uid' => $ownerOld, 'path' => $pathOld, 'type' => $type, - 'operation' => 'copy'); + 'operation' => $operation, + 'sharekeys' => $oldShareKeys + ); + } } @@ -476,6 +476,7 @@ class Hooks { $view = new \OC\Files\View('/'); $userId = \OCP\User::getUser(); $util = new Util($view, $userId); + $oldShareKeys = null; if (isset(self::$renamedFiles[$params['oldpath']]['uid']) && isset(self::$renamedFiles[$params['oldpath']]['path'])) { @@ -483,6 +484,7 @@ class Hooks { $pathOld = self::$renamedFiles[$params['oldpath']]['path']; $type = self::$renamedFiles[$params['oldpath']]['type']; $operation = self::$renamedFiles[$params['oldpath']]['operation']; + $oldShareKeys = self::$renamedFiles[$params['oldpath']]['sharekeys']; unset(self::$renamedFiles[$params['oldpath']]); } else { \OCP\Util::writeLog('Encryption library', "can't get path and owner from the file before it was renamed", \OCP\Util::DEBUG); @@ -522,15 +524,7 @@ class Hooks { $oldKeyfilePath .= '.key'; $newKeyfilePath .= '.key'; - // handle share-keys - $matches = Helper::findShareKeys($pathOld, $oldShareKeyPath, $view); - if (count($matches) === 0) { - \OC_Log::write( - 'Encryption library', 'No share keys found for "' . $pathOld . '"', - \OC_Log::WARN - ); - } - foreach ($matches as $src) { + foreach ($oldShareKeys as $src) { $dst = \OC\Files\Filesystem::normalizePath(str_replace($pathOld, $pathNew, $src)); $view->$operation($src, $dst); } -- cgit v1.2.3 From e8f9b929bd04c4228299118a5cca72148d64fed2 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 29 Oct 2014 12:57:12 +0100 Subject: Added encryption test when moving file as non-owner --- apps/files_encryption/tests/share.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'apps/files_encryption') diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php index f4ce94b7ee9..4a0f10b13fb 100755 --- a/apps/files_encryption/tests/share.php +++ b/apps/files_encryption/tests/share.php @@ -1074,8 +1074,19 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { \OC\Files\Filesystem::unlink('/newfolder'); } - function testMoveFileToFolder() { + function usersProvider() { + return array( + // test as owner + array(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1), + // test as share receiver + array(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2), + ); + } + /** + * @dataProvider usersProvider + */ + function testMoveFileToFolder($userId) { $view = new \OC\Files\View('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1); $filename = '/tmp-' . uniqid(); @@ -1108,8 +1119,10 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { $this->assertTrue($view->file_exists('files_encryption/share-keys' . $folder . '/' . $filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '.shareKey')); $this->assertTrue($view->file_exists('files_encryption/share-keys' . $folder . '/' . $filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey')); - // move the file into the subfolder + // move the file into the subfolder as the test user + \Test_Encryption_Util::loginHelper($userId); \OC\Files\Filesystem::rename($folder . $filename, $subFolder . $filename); + \Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1); // Get file decrypted contents $newDecrypt = \OC\Files\Filesystem::file_get_contents($subFolder . $filename); -- cgit v1.2.3