Example #1
0
 /**
  * @brief Startup encryption backend upon user login
  * @note This method should never be called for users using client side encryption
  */
 public static function login($params)
 {
     $l = new \OC_L10N('files_encryption');
     //check if all requirements are met
     if (!Helper::checkRequirements()) {
         $error_msg = $l->t("Missing requirements.");
         $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that the OpenSSL PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
         \OC_App::disable('files_encryption');
         \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
         \OCP\Template::printErrorPage($error_msg, $hint);
     }
     $view = new \OC_FilesystemView('/');
     // ensure filesystem is loaded
     if (!\OC\Files\Filesystem::$loaded) {
         \OC_Util::setupFS($params['uid']);
     }
     $util = new Util($view, $params['uid']);
     // setup user, if user not ready force relogin
     if (Helper::setupUser($util, $params['password']) === false) {
         return false;
     }
     $encryptedKey = Keymanager::getPrivateKey($view, $params['uid']);
     $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
     if ($privateKey === false) {
         \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
     }
     $session = new \OCA\Encryption\Session($view);
     $session->setPrivateKey($privateKey);
     // Check if first-run file migration has already been performed
     $ready = false;
     if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
         $ready = $util->beginMigration();
     }
     // If migration not yet done
     if ($ready) {
         $userView = new \OC_FilesystemView('/' . $params['uid']);
         // Set legacy encryption key if it exists, to support
         // depreciated encryption system
         if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) {
             $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
             $session->setLegacyKey($plainLegacyKey);
         }
         // Encrypt existing user files:
         // This serves to upgrade old versions of the encryption
         // app (see appinfo/spec.txt)
         if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) {
             \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
         }
         // Register successful migration in DB
         $util->finishMigration();
     }
     return true;
 }
Example #2
0
 /**
  * @brief Startup encryption backend upon user login
  * @note This method should never be called for users using client side encryption
  */
 public static function login($params)
 {
     if (\OCP\App::isEnabled('files_encryption') === false) {
         return true;
     }
     $l = new \OC_L10N('files_encryption');
     $view = new \OC_FilesystemView('/');
     // ensure filesystem is loaded
     if (!\OC\Files\Filesystem::$loaded) {
         \OC_Util::setupFS($params['uid']);
     }
     $privateKey = \OCA\Encryption\Keymanager::getPrivateKey($view, $params['uid']);
     // if no private key exists, check server configuration
     if (!$privateKey) {
         //check if all requirements are met
         if (!Helper::checkRequirements() || !Helper::checkConfiguration()) {
             $error_msg = $l->t("Missing requirements.");
             $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
             \OC_App::disable('files_encryption');
             \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
             \OCP\Template::printErrorPage($error_msg, $hint);
         }
     }
     $util = new Util($view, $params['uid']);
     // setup user, if user not ready force relogin
     if (Helper::setupUser($util, $params['password']) === false) {
         return false;
     }
     $session = $util->initEncryption($params);
     // Check if first-run file migration has already been performed
     $ready = false;
     if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
         $ready = $util->beginMigration();
     }
     // If migration not yet done
     if ($ready) {
         $userView = new \OC_FilesystemView('/' . $params['uid']);
         // Set legacy encryption key if it exists, to support
         // depreciated encryption system
         if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) {
             $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
             $session->setLegacyKey($plainLegacyKey);
         }
         // Encrypt existing user files:
         if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) {
             \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
         }
         // Register successful migration in DB
         $util->finishMigration();
     }
     return true;
 }
Example #3
0
 /**
  * Startup encryption backend upon user login
  * @note This method should never be called for users using client side encryption
  */
 public static function login($params)
 {
     if (\OCP\App::isEnabled('files_encryption') === false) {
         return true;
     }
     $l = new \OC_L10N('files_encryption');
     $view = new \OC\Files\View('/');
     // ensure filesystem is loaded
     if (!\OC\Files\Filesystem::$loaded) {
         \OC_Util::setupFS($params['uid']);
     }
     $privateKey = \OCA\Encryption\Keymanager::getPrivateKey($view, $params['uid']);
     // if no private key exists, check server configuration
     if (!$privateKey) {
         //check if all requirements are met
         if (!Helper::checkRequirements() || !Helper::checkConfiguration()) {
             $error_msg = $l->t("Missing requirements.");
             $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
             \OC_App::disable('files_encryption');
             \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
             \OCP\Template::printErrorPage($error_msg, $hint);
         }
     }
     $util = new Util($view, $params['uid']);
     // setup user, if user not ready force relogin
     if (Helper::setupUser($util, $params['password']) === false) {
         return false;
     }
     $session = $util->initEncryption($params);
     // Check if first-run file migration has already been performed
     $ready = false;
     $migrationStatus = $util->getMigrationStatus();
     if ($migrationStatus === Util::MIGRATION_OPEN && $session !== false) {
         $ready = $util->beginMigration();
     } elseif ($migrationStatus === Util::MIGRATION_IN_PROGRESS) {
         // refuse login as long as the initial encryption is running
         sleep(5);
         \OCP\User::logout();
         return false;
     }
     $result = true;
     // If migration not yet done
     if ($ready) {
         // Encrypt existing user files
         try {
             $result = $util->encryptAll('/' . $params['uid'] . '/' . 'files');
         } catch (\Exception $ex) {
             \OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL);
             $result = false;
         }
         if ($result) {
             \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
             // Register successful migration in DB
             $util->finishMigration();
         } else {
             \OCP\Util::writeLog('Encryption library', 'Initial encryption failed!', \OCP\Util::FATAL);
             $util->resetMigrationStatus();
             \OCP\User::logout();
         }
     }
     return $result;
 }