/** * become another user * @param string $userid * @UseSession * @return JSONResponse */ public function impersonate($userid) { $oldUserId = $this->userSession->getUser()->getUID(); $this->logger->warning("User {$oldUserId} trying to impersonate user {$userid}", ['app' => 'impersonate']); $user = $this->userManager->get($userid); if ($user === null) { return new JSONResponse("No user found for {$userid}", Http::STATUS_NOT_FOUND); } else { $this->logger->warning("changing to user {$userid}", ['app' => 'impersonate']); $this->userSession->setUser($user); } return new JSONResponse(); }
/** * check if new encryption is ready * * @return boolean */ public function isReady() { // check if we are still in transit between the old and the new encryption $oldEncryption = $this->config->getAppValue('files_encryption', 'installed_version'); if (!empty($oldEncryption)) { $warning = 'Installation is in transit between the old Encryption (ownCloud <= 8.0) and the new encryption. Please enable the "Default encryption module" and run \'occ encryption:migrate\''; $this->logger->warning($warning); return false; } return true; }
/** * rename file keys * * @param string $user * @param string $path * @param bool $trash */ private function renameFileKeys($user, $path, $trash = false) { if ($this->view->is_dir($user . '/' . $path) === false) { $this->logger->info('Skip dir /' . $user . '/' . $path . ': does not exist'); return; } $dh = $this->view->opendir($user . '/' . $path); if (is_resource($dh)) { while (($file = readdir($dh)) !== false) { if (!\OC\Files\Filesystem::isIgnoredDir($file)) { if ($this->view->is_dir($user . '/' . $path . '/' . $file)) { $this->renameFileKeys($user, $path . '/' . $file, $trash); } else { $target = $this->getTargetDir($user, $path, $file, $trash); if ($target) { $this->createPathForKeys(dirname($target)); $this->view->rename($user . '/' . $path . '/' . $file, $target); } else { $this->logger->warning('did not move key "' . $file . '" could not find the corresponding file in /data/' . $user . '/files.' . 'Most likely the key was already moved in a previous migration run and is already on the right place.'); } } } } closedir($dh); } }
/** * @param string $path * @param int $type self::LOCK_SHARED or self::LOCK_EXCLUSIVE * @throws \OCP\Lock\LockedException */ public function acquireLock($path, $type) { if ($this->connection->inTransaction()) { $this->logger->warning("Trying to acquire a lock for '{$path}' while inside a transition"); } $this->connection->beginTransaction(); $this->initLockField($path); if ($type === self::LOCK_SHARED) { $result = $this->connection->executeUpdate('UPDATE `*PREFIX*file_locks` SET `lock` = `lock` + 1 WHERE `key` = ? AND `lock` >= 0', [$path]); } else { $result = $this->connection->executeUpdate('UPDATE `*PREFIX*file_locks` SET `lock` = -1 WHERE `key` = ? AND `lock` = 0', [$path]); } $this->connection->commit(); if ($result !== 1) { throw new LockedException($path); } $this->markAcquire($path, $type); }
/** * return Cipher either from config.php or the default cipher defined in * this class * * @return string */ public function getCipher() { $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER); if ($cipher !== 'AES-256-CFB' && $cipher !== 'AES-128-CFB') { $this->logger->warning('Wrong cipher defined in config.php only AES-128-CFB and AES-256-CFB are supported. Fall back' . self::DEFAULT_CIPHER, ['app' => 'encryption']); $cipher = self::DEFAULT_CIPHER; } return $cipher; }
/** * return Cipher either from config.php or the default cipher defined in * this class * * @return string */ public function getCipher() { $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER); if (!isset($this->supportedCiphersAndKeySize[$cipher])) { $this->logger->warning(sprintf('Unsupported cipher (%s) defined in config.php supported. Falling back to %s', $cipher, self::DEFAULT_CIPHER), ['app' => 'encryption']); $cipher = self::DEFAULT_CIPHER; } return $cipher; }
/** * @param string[] $files */ protected function cleanFiles($files) { foreach ($files as $file) { if (file_exists($file)) { try { \OC_Helper::rmdirr($file); } catch (\UnexpectedValueException $ex) { $this->log->warning("Error deleting temporary file/folder: {file} - Reason: {error}", ['file' => $file, 'error' => $ex->getMessage()]); } } } }
/** * Check if a temporary directory is ready for use * * @param mixed $directory * @return bool */ private function checkTemporaryDirectory($directory) { // suppress any possible errors caused by is_writable // checks missing or invalid path or characters, wrong permissions etc try { if (is_writeable($directory)) { return true; } } catch (\Exception $e) { } $this->log->warning('Temporary directory {dir} is not present or writable', ['dir' => $directory]); return false; }
/** * return Cipher either from config.php or the default cipher defined in * this class * * @return string */ public function getCipher() { $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER); if (!isset($this->supportedCiphersAndKeySize[$cipher])) { $this->logger->warning(sprintf('Unsupported cipher (%s) defined in config.php supported. Falling back to %s', $cipher, self::DEFAULT_CIPHER), ['app' => 'encryption']); $cipher = self::DEFAULT_CIPHER; } // Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work. if (OPENSSL_VERSION_NUMBER < 0x1000101f) { if ($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') { $cipher = self::LEGACY_CIPHER; } } return $cipher; }
/** * check if the encryption module is able to read the file, * e.g. if all encryption keys exists * * @param string $path * @param string $uid user for whom we want to check if he can read the file * @return bool * @throws DecryptionFailedException */ public function isReadable($path, $uid) { $fileKey = $this->keyManager->getFileKey($path, $uid); if (empty($fileKey)) { $owner = $this->util->getOwner($path); if ($owner !== $uid) { // if it is a shared file we throw a exception with a useful // error message because in this case it means that the file was // shared with the user at a point where the user didn't had a // valid private/public key $msg = 'Encryption module "' . $this->getDisplayName() . '" is not able to read ' . $path; $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.'); $this->logger->warning($msg); throw new DecryptionFailedException($msg, $hint); } return false; } return true; }
public function __construct(AppConfig $appConfig, ILogger $logger) { $this->appConfig = $appConfig; $this->logger = $logger; try { $avMode = $appConfig->getAvMode(); switch ($avMode) { case 'daemon': case 'socket': $this->scannerClass = 'OCA\\Files_Antivirus\\Scanner\\External'; break; case 'executable': $this->scannerClass = 'OCA\\Files_Antivirus\\Scanner\\Local'; break; default: $this->logger->warning('Application is misconfigured. Please check the settings at the admin page. Invalid mode: ' . $avMode); break; } } catch (\Exception $e) { $message = implode(' ', [__CLASS__, __METHOD__, $e->getMessage()]); $logger->warning($message); } }
/** * see http://php.net/manual/en/function.fopen.php * * @param string $path * @param string $mode * @return resource * @throws GenericEncryptionException * @throws ModuleDoesNotExistsException */ public function fopen($path, $mode) { $encryptionEnabled = $this->encryptionManager->isEnabled(); $shouldEncrypt = false; $encryptionModule = null; $header = $this->getHeader($path); $fullPath = $this->getFullPath($path); $encryptionModuleId = $this->util->getEncryptionModuleId($header); if ($this->util->isExcluded($fullPath) === false) { $size = $unencryptedSize = 0; $realFile = $this->util->stripPartialFileExtension($path); $targetExists = $this->file_exists($realFile) || $this->file_exists($path); $targetIsEncrypted = false; if ($targetExists) { // in case the file exists we require the explicit module as // specified in the file header - otherwise we need to fail hard to // prevent data loss on client side if (!empty($encryptionModuleId)) { $targetIsEncrypted = true; $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId); } if ($this->file_exists($path)) { $size = $this->storage->filesize($path); $unencryptedSize = $this->filesize($path); } else { $size = $unencryptedSize = 0; } } try { if ($mode === 'w' || $mode === 'w+' || $mode === 'wb' || $mode === 'wb+') { // don't overwrite encrypted files if encyption is not enabled if ($targetIsEncrypted && $encryptionEnabled === false) { throw new GenericEncryptionException('Tried to access encrypted file but encryption is not enabled'); } if ($encryptionEnabled) { // if $encryptionModuleId is empty, the default module will be used $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId); $shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath); } } else { $info = $this->getCache()->get($path); // only get encryption module if we found one in the header // or if file should be encrypted according to the file cache if (!empty($encryptionModuleId)) { $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId); $shouldEncrypt = true; } else { if (empty($encryptionModuleId) && $info['encrypted'] === true) { // we come from a old installation. No header and/or no module defined // but the file is encrypted. In this case we need to use the // OC_DEFAULT_MODULE to read the file $encryptionModule = $this->encryptionManager->getEncryptionModule('OC_DEFAULT_MODULE'); $shouldEncrypt = true; $targetIsEncrypted = true; } } } } catch (ModuleDoesNotExistsException $e) { $this->logger->warning('Encryption module "' . $encryptionModuleId . '" not found, file will be stored unencrypted (' . $e->getMessage() . ')'); } // encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt if (!$encryptionEnabled || !$this->mount->getOption('encrypt', true)) { if (!$targetExists || !$targetIsEncrypted) { $shouldEncrypt = false; } } if ($shouldEncrypt === true && $encryptionModule !== null) { $headerSize = $this->getHeaderSize($path); $source = $this->storage->fopen($path, $mode); $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header, $this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode, $size, $unencryptedSize, $headerSize); return $handle; } } return $this->storage->fopen($path, $mode); }
/** * Create a new image from file or URL * * @link http://www.programmierer-forum.de/function-imagecreatefrombmp-laeuft-mit-allen-bitraten-t143137.htm * @version 1.00 * @param string $fileName <p> * Path to the BMP image. * </p> * @return bool|resource an image resource identifier on success, <b>FALSE</b> on errors. */ private function imagecreatefrombmp($fileName) { if (!($fh = fopen($fileName, 'rb'))) { $this->logger->warning('imagecreatefrombmp: Can not open ' . $fileName, array('app' => 'core')); return false; } // read file header $meta = unpack('vtype/Vfilesize/Vreserved/Voffset', fread($fh, 14)); // check for bitmap if ($meta['type'] != 19778) { fclose($fh); $this->logger->warning('imagecreatefrombmp: Can not open ' . $fileName . ' is not a bitmap!', array('app' => 'core')); return false; } // read image header $meta += unpack('Vheadersize/Vwidth/Vheight/vplanes/vbits/Vcompression/Vimagesize/Vxres/Vyres/Vcolors/Vimportant', fread($fh, 40)); // read additional 16bit header if ($meta['bits'] == 16) { $meta += unpack('VrMask/VgMask/VbMask', fread($fh, 12)); } // set bytes and padding $meta['bytes'] = $meta['bits'] / 8; $this->bitDepth = $meta['bits']; //remember the bit depth for the imagebmp call $meta['decal'] = 4 - 4 * ($meta['width'] * $meta['bytes'] / 4 - floor($meta['width'] * $meta['bytes'] / 4)); if ($meta['decal'] == 4) { $meta['decal'] = 0; } // obtain imagesize if ($meta['imagesize'] < 1) { $meta['imagesize'] = $meta['filesize'] - $meta['offset']; // in rare cases filesize is equal to offset so we need to read physical size if ($meta['imagesize'] < 1) { $meta['imagesize'] = @filesize($fileName) - $meta['offset']; if ($meta['imagesize'] < 1) { fclose($fh); $this->logger->warning('imagecreatefrombmp: Can not obtain file size of ' . $fileName . ' is not a bitmap!', array('app' => 'core')); return false; } } } // calculate colors $meta['colors'] = !$meta['colors'] ? pow(2, $meta['bits']) : $meta['colors']; // read color palette $palette = array(); if ($meta['bits'] < 16) { $palette = unpack('l' . $meta['colors'], fread($fh, $meta['colors'] * 4)); // in rare cases the color value is signed if ($palette[1] < 0) { foreach ($palette as $i => $color) { $palette[$i] = $color + 16777216; } } } // create gd image $im = imagecreatetruecolor($meta['width'], $meta['height']); if ($im == false) { fclose($fh); $this->logger->warning('imagecreatefrombmp: imagecreatetruecolor failed for file "' . $fileName . '" with dimensions ' . $meta['width'] . 'x' . $meta['height'], array('app' => 'core')); return false; } $data = fread($fh, $meta['imagesize']); $p = 0; $vide = chr(0); $y = $meta['height'] - 1; $error = 'imagecreatefrombmp: ' . $fileName . ' has not enough data!'; // loop through the image data beginning with the lower left corner while ($y >= 0) { $x = 0; while ($x < $meta['width']) { switch ($meta['bits']) { case 32: case 24: if (!($part = substr($data, $p, 3))) { $this->logger->warning($error, array('app' => 'core')); return $im; } $color = unpack('V', $part . $vide); break; case 16: if (!($part = substr($data, $p, 2))) { fclose($fh); $this->logger->warning($error, array('app' => 'core')); return $im; } $color = unpack('v', $part); $color[1] = (($color[1] & 0xf800) >> 8) * 65536 + (($color[1] & 0x7e0) >> 3) * 256 + (($color[1] & 0x1f) << 3); break; case 8: $color = unpack('n', $vide . substr($data, $p, 1)); $color[1] = $palette[$color[1] + 1]; break; case 4: $color = unpack('n', $vide . substr($data, floor($p), 1)); $color[1] = $p * 2 % 2 == 0 ? $color[1] >> 4 : $color[1] & 0xf; $color[1] = $palette[$color[1] + 1]; break; case 1: $color = unpack('n', $vide . substr($data, floor($p), 1)); switch ($p * 8 % 8) { case 0: $color[1] = $color[1] >> 7; break; case 1: $color[1] = ($color[1] & 0x40) >> 6; break; case 2: $color[1] = ($color[1] & 0x20) >> 5; break; case 3: $color[1] = ($color[1] & 0x10) >> 4; break; case 4: $color[1] = ($color[1] & 0x8) >> 3; break; case 5: $color[1] = ($color[1] & 0x4) >> 2; break; case 6: $color[1] = ($color[1] & 0x2) >> 1; break; case 7: $color[1] = $color[1] & 0x1; break; } $color[1] = $palette[$color[1] + 1]; break; default: fclose($fh); $this->logger->warning('imagecreatefrombmp: ' . $fileName . ' has ' . $meta['bits'] . ' bits and this is not supported!', array('app' => 'core')); return false; } imagesetpixel($im, $x, $y, $color[1]); $x++; $p += $meta['bytes']; } $y--; $p += $meta['decal']; } fclose($fh); return $im; }
/** * @inheritdoc */ public function warning($message, array $context = []) { $this->logger->warning($message, array_merge($this->context, $context)); }
/** * @inheritdoc */ public function warning($message, array $context = array()) { $this->logger->warning($message, $this->context); }
/** * Decrypt private key and store it * * @param string $uid user id * @param string $passPhrase users password * @return boolean */ public function init($uid, $passPhrase) { $this->session->setStatus(Session::INIT_EXECUTED); try { if ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); $passPhrase = $this->getMasterKeyPassword(); $privateKey = $this->getSystemPrivateKey($uid); } else { $privateKey = $this->getPrivateKey($uid); } $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid); } catch (PrivateKeyMissingException $e) { return false; } catch (DecryptionFailedException $e) { return false; } catch (\Exception $e) { $this->log->warning('Could not decrypt the private key from user "' . $uid . '"" during login. ' . 'Assume password change on the user back-end. Error message: ' . $e->getMessage()); return false; } if ($privateKey) { $this->session->setPrivateKey($privateKey); $this->session->setStatus(Session::INIT_SUCCESSFUL); return true; } return false; }