summaryrefslogtreecommitdiffstats
path: root/core/Command/Db/AddMissingIndices.php
blob: 506fef94a63a0135edf788ad744a78565f81077a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
<?php

declare(strict_types=1);

/**
 * @copyright Copyright (c) 2017 Bjoern Schiessle <bjoern@schiessle.org>
 *
 * @author Bjoern Schiessle <bjoern@schiessle.org>
 * @author Joas Schilling <coding@schilljs.com>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Robin Appelman <robin@icewind.nl>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 * @author Thomas Citharel <nextcloud@tcit.fr>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OC\Core\Command\Db;

use OC\DB\SchemaWrapper;
use OCP\IDBConnection;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\EventDispatcher\GenericEvent;

/**
 * Class AddMissingIndices
 *
 * if you added any new indices to the database, this is the right place to add
 * your update routine for existing instances
 *
 * @package OC\Core\Command\Db
 */
class AddMissingIndices extends Command {

	/** @var IDBConnection */
	private $connection;

	/** @var EventDispatcherInterface */
	private $dispatcher;

	public function __construct(IDBConnection $connection, EventDispatcherInterface $dispatcher) {
		parent::__construct();

		$this->connection = $connection;
		$this->dispatcher = $dispatcher;
	}

	protected function configure() {
		$this
			->setName('db:add-missing-indices')
			->setDescription('Add missing indices to the database tables');
	}

	protected function execute(InputInterface $input, OutputInterface $output) {
		$this->addCoreIndexes($output);

		// Dispatch event so apps can also update indexes if needed
		$event = new GenericEvent($output);
		$this->dispatcher->dispatch(IDBConnection::ADD_MISSING_INDEXES_EVENT, $event);
	}

	/**
	 * add missing indices to the share table
	 *
	 * @param OutputInterface $output
	 * @throws \Doctrine\DBAL\Schema\SchemaException
	 */
	private function addCoreIndexes(OutputInterface $output) {
		$output->writeln('<info>Check indices of the share table.</info>');

		$schema = new SchemaWrapper($this->connection);
		$updated = false;

		if ($schema->hasTable('share')) {
			$table = $schema->getTable('share');
			if (!$table->hasIndex('share_with_index')) {
				$output->writeln('<info>Adding additional share_with index to the share table, this can take some time...</info>');
				$table->addIndex(['share_with'], 'share_with_index');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>Share table updated successfully.</info>');
			}

			if (!$table->hasIndex('parent_index')) {
				$output->writeln('<info>Adding additional parent index to the share table, this can take some time...</info>');
				$table->addIndex(['parent'], 'parent_index');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>Share table updated successfully.</info>');
			}

			if (!$table->hasIndex('owner_index')) {
				$output->writeln('<info>Adding additional owner index to the share table, this can take some time...</info>');
				$table->addIndex(['uid_owner'], 'owner_index');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>Share table updated successfully.</info>');
			}

			if (!$table->hasIndex('initiator_index')) {
				$output->writeln('<info>Adding additional initiator index to the share table, this can take some time...</info>');
				$table->addIndex(['uid_initiator'], 'initiator_index');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>Share table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the filecache table.</info>');
		if ($schema->hasTable('filecache')) {
			$table = $schema->getTable('filecache');
			if (!$table->hasIndex('fs_mtime')) {
				$output->writeln('<info>Adding additional mtime index to the filecache table, this can take some time...</info>');
				$table->addIndex(['mtime'], 'fs_mtime');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>Filecache table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the twofactor_providers table.</info>');
		if ($schema->hasTable('twofactor_providers')) {
			$table = $schema->getTable('twofactor_providers');
			if (!$table->hasIndex('twofactor_providers_uid')) {
				$output->writeln('<info>Adding additional twofactor_providers_uid index to the twofactor_providers table, this can take some time...</info>');
				$table->addIndex(['uid'], 'twofactor_providers_uid');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>Twofactor_providers table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the login_flow_v2 table.</info>');
		if ($schema->hasTable('login_flow_v2')) {
			$table = $schema->getTable('login_flow_v2');
			if (!$table->hasIndex('poll_token')) {
				$output->writeln('<info>Adding additional indeces to the login_flow_v2 table, this can take some time...</info>');

				foreach ($table->getIndexes() as $index) {
					$columns = $index->getColumns();
					if ($columns === ['poll_token'] ||
						$columns === ['login_token'] ||
						$columns === ['timestamp']) {
						$table->dropIndex($index->getName());
					}
				}

				$table->addUniqueIndex(['poll_token'], 'poll_token');
				$table->addUniqueIndex(['login_token'], 'login_token');
				$table->addIndex(['timestamp'], 'timestamp');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>login_flow_v2 table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the whats_new table.</info>');
		if ($schema->hasTable('whats_new')) {
			$table = $schema->getTable('whats_new');
			if (!$table->hasIndex('version')) {
				$output->writeln('<info>Adding version index to the whats_new table, this can take some time...</info>');

				foreach ($table->getIndexes() as $index) {
					if ($index->getColumns() === ['version']) {
						$table->dropIndex($index->getName());
					}
				}

				$table->addUniqueIndex(['version'], 'version');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>whats_new table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the cards table.</info>');
		if ($schema->hasTable('cards')) {
			$table = $schema->getTable('cards');
			if (!$table->hasIndex('cards_abid')) {
				$output->writeln('<info>Adding cards_abid index to the cards table, this can take some time...</info>');

				foreach ($table->getIndexes() as $index) {
					if ($index->getColumns() === ['addressbookid']) {
						$table->dropIndex($index->getName());
					}
				}

				$table->addIndex(['addressbookid'], 'cards_abid');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>cards table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the cards_properties table.</info>');
		if ($schema->hasTable('cards_properties')) {
			$table = $schema->getTable('cards_properties');
			if (!$table->hasIndex('cards_prop_abid')) {
				$output->writeln('<info>Adding cards_prop_abid index to the cards_properties table, this can take some time...</info>');

				foreach ($table->getIndexes() as $index) {
					if ($index->getColumns() === ['addressbookid']) {
						$table->dropIndex($index->getName());
					}
				}

				$table->addIndex(['addressbookid'], 'cards_prop_abid');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>cards_properties table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the calendarobjects_props table.</info>');
		if ($schema->hasTable('calendarobjects_props')) {
			$table = $schema->getTable('calendarobjects_props');
			if (!$table->hasIndex('calendarobject_calid_index')) {
				$output->writeln('<info>Adding calendarobject_calid_index index to the calendarobjects_props table, this can take some time...</info>');

				$table->addIndex(['calendarid', 'calendartype'], 'calendarobject_calid_index');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>calendarobjects_props table updated successfully.</info>');
			}
		}

		$output->writeln('<info>Check indices of the schedulingobjects table.</info>');
		if ($schema->hasTable('schedulingobjects')) {
			$table = $schema->getTable('schedulingobjects');
			if (!$table->hasIndex('schedulobj_principuri_index')) {
				$output->writeln('<info>Adding schedulobj_principuri_index index to the schedulingobjects table, this can take some time...</info>');

				$table->addIndex(['principaluri'], 'schedulobj_principuri_index');
				$this->connection->migrateToSchema($schema->getWrappedSchema());
				$updated = true;
				$output->writeln('<info>schedulingobjects table updated successfully.</info>');
			}
		}

		if (!$updated) {
			$output->writeln('<info>Done.</info>');
		}
	}
}
'') { if (!$keyfileContent) { throw new \Exception('Encryption library: no data provided for decryption'); } // Remove padding $noPadding = self::removePadding($keyfileContent); // Split into enc data and catfile $catfile = self::splitIv($noPadding); if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) { return $plainContent; } else { return false; } } /** * @brief Creates symmetric keyfile content using a generated key * @param string $plainContent content to be encrypted * @returns array keys: key, encrypted * @note symmetricDecryptFileContent() can be used to decrypt files created using this method * * This function decrypts a file */ public static function symmetricEncryptFileContentKeyfile($plainContent) { $key = self::generateKey(); if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) { return array( 'key' => $key, 'encrypted' => $encryptedContent ); } else { return false; } } /** * @brief Create asymmetrically encrypted keyfile content using a generated key * @param string $plainContent content to be encrypted * @param array $publicKeys array keys must be the userId of corresponding user * @returns array keys: keys (array, key = userId), data * @note symmetricDecryptFileContent() can decrypt files created using this method */ public static function multiKeyEncrypt($plainContent, array $publicKeys) { // openssl_seal returns false without errors if $plainContent // is empty, so trigger our own error if (empty($plainContent)) { throw new \Exception('Cannot mutliKeyEncrypt empty plain content'); } // Set empty vars to be set by openssl by reference $sealed = ''; $shareKeys = array(); $mappedShareKeys = array(); if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) { $i = 0; // Ensure each shareKey is labelled with its // corresponding userId foreach ($publicKeys as $userId => $publicKey) { $mappedShareKeys[$userId] = $shareKeys[$i]; $i++; } return array( 'keys' => $mappedShareKeys, 'data' => $sealed ); } else { return false; } } /** * @brief Asymmetrically encrypt a file using multiple public keys * @param $encryptedContent * @param $shareKey * @param $privateKey * @return bool * @internal param string $plainContent content to be encrypted * @returns string $plainContent decrypted string * @note symmetricDecryptFileContent() can be used to decrypt files created using this method * * This function decrypts a file */ public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) { if (!$encryptedContent) { return false; } if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) { return $plainContent; } else { \OCP\Util::writeLog('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OCP\Util::ERROR); return false; } } /** * @brief Asymetrically encrypt a string using a public key * @param $plainContent * @param $publicKey * @return string encrypted file */ public static function keyEncrypt($plainContent, $publicKey) { openssl_public_encrypt($plainContent, $encryptedContent, $publicKey); return $encryptedContent; } /** * @brief Asymetrically decrypt a file using a private key * @param $encryptedContent * @param $privatekey * @return string decrypted file */ public static function keyDecrypt($encryptedContent, $privatekey) { $result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey); if ($result) { return $plainContent; } return $result; } /** * @brief Generates a pseudo random initialisation vector * @return String $iv generated IV */ public static function generateIv() { if ($random = openssl_random_pseudo_bytes(12, $strong)) { if (!$strong) { // If OpenSSL indicates randomness is insecure, log error \OCP\Util::writeLog('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OCP\Util::WARN); } // We encode the iv purely for string manipulation // purposes - it gets decoded before use $iv = base64_encode($random); return $iv; } else { throw new \Exception('Generating IV failed'); } } /** * @brief Generate a pseudo random 1024kb ASCII key * @returns $key Generated key */ public static function generateKey() { // Generate key if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) { if (!$strong) { // If OpenSSL indicates randomness is insecure, log error throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()'); } return $key; } else { return false; } } /** * @brief Get the blowfish encryption handeler for a key * @param $key string (optional) * @return \Crypt_Blowfish blowfish object * * if the key is left out, the default handeler will be used */ public static function getBlowfish($key = '') { if ($key) { return new \Crypt_Blowfish($key); } else { return false; } } /** * @param $passphrase * @return mixed */ public static function legacyCreateKey($passphrase) { // Generate a random integer $key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999); // Encrypt the key with the passphrase $legacyEncKey = self::legacyEncrypt($key, $passphrase); return $legacyEncKey; } /** * @brief encrypts content using legacy blowfish system * @param string $content the cleartext message you want to encrypt * @param string $passphrase * @returns string encrypted content * * This function encrypts an content */ public static function legacyEncrypt($content, $passphrase = '') { $bf = self::getBlowfish($passphrase); return $bf->encrypt($content); } /** * @brief decrypts content using legacy blowfish system * @param string $content the cleartext message you want to decrypt * @param string $passphrase * @return string cleartext content * * This function decrypts an content */ private static function legacyDecrypt($content, $passphrase = '') { $bf = self::getBlowfish($passphrase); $decrypted = $bf->decrypt($content); return $decrypted; } /** * @param $data * @param string $key * @param int $maxLength * @return string */ public static function legacyBlockDecrypt($data, $key = '', $maxLength = 0) { $result = ''; while (strlen($data)) { $result .= self::legacyDecrypt(substr($data, 0, 8192), $key); $data = substr($data, 8192); } if ($maxLength > 0) { return substr($result, 0, $maxLength); } else { return rtrim($result, "\0"); } } /** * @param $legacyEncryptedContent * @param $legacyPassphrase * @param $publicKeys * @return array */ public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) { $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase); // Encrypt plain data, generate keyfile & encrypted file $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted); // Encrypt plain keyfile to multiple sharefiles $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys); return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); } }