public static function init($login, $password) { $view = new OC_FilesystemView('/'); if (!$view->file_exists('/' . $login)) { $view->mkdir('/' . $login); } OC_FileProxy::$enabled = false; if (!$view->file_exists('/' . $login . '/encryption.key')) { // does key exist? OC_Crypt::createkey($login, $password); } $key = $view->file_get_contents('/' . $login . '/encryption.key'); OC_FileProxy::$enabled = true; $_SESSION['enckey'] = OC_Crypt::decrypt($key, $password); }
/** * @medium */ function testRecursiveDelShareKeys() { // generate filename $filename = '/tmp-' . time() . '.txt'; // create folder structure $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1'); $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder'); $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder/subsubfolder'); // enable encryption proxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = true; // save file with content $cryptedFile = file_put_contents('crypt:///' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder/subsubfolder' . $filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // change encryption proxy to previous state \OC_FileProxy::$enabled = $proxyStatus; // recursive delete keys Encryption\Keymanager::delShareKey($this->view, array('admin'), '/folder1/'); // check if share key not exists $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/folder1/subfolder/subsubfolder/' . $filename . '.admin.shareKey')); // enable encryption proxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = true; // cleanup $this->view->unlink('/admin/files/folder1'); // change encryption proxy to previous state \OC_FileProxy::$enabled = $proxyStatus; }
/** * @brief test moving a shared file out of the Shared folder */ function testRename() { // login as admin \Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1); // save file with content $cryptedFile = file_put_contents('crypt:///' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // get the file info from previous created file $fileInfo = $this->view->getFileInfo('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info $this->assertTrue(is_array($fileInfo)); // share the file \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2, OCP\PERMISSION_ALL); // check if share key for user2exists $this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey')); // login as user2 \Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2); $this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/Shared/' . $this->filename)); // get file contents $retrievedCryptedFile = $this->view->file_get_contents('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/Shared/' . $this->filename); // check if data is the same as we previously written $this->assertEquals($this->dataShort, $retrievedCryptedFile); // move the file out of the shared folder $this->view->rename('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/Shared/' . $this->filename, '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename); // check if we can read the moved file $retrievedRenamedFile = $this->view->file_get_contents('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename); // check if data is the same as we previously written $this->assertEquals($this->dataShort, $retrievedRenamedFile); // the owners file should be deleted $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename)); // cleanup $this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename); }
/** * store a new version of a file. */ public function store($filename) { if (\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED) == 'true') { list($uid, $filename) = self::getUidAndFilename($filename); $files_view = new \OC_FilesystemView('/' . $uid . '/files'); $users_view = new \OC_FilesystemView('/' . $uid); //check if source file already exist as version to avoid recursions. // todo does this check work? if ($users_view->file_exists($filename)) { return false; } // check if filename is a directory if ($files_view->is_dir($filename)) { return false; } // check filetype blacklist $blacklist = explode(' ', \OCP\Config::getSystemValue('files_versionsblacklist', Storage::DEFAULTBLACKLIST)); foreach ($blacklist as $bl) { $parts = explode('.', $filename); $ext = end($parts); if (strtolower($ext) == $bl) { return false; } } // we should have a source file to work with if (!$files_view->file_exists($filename)) { return false; } // check filesize if ($files_view->filesize($filename) > \OCP\Config::getSystemValue('files_versionsmaxfilesize', Storage::DEFAULTMAXFILESIZE)) { return false; } // check mininterval if the file is being modified by the owner (all shared files should be versioned despite mininterval) if ($uid == \OCP\User::getUser()) { $versions_fileview = new \OC_FilesystemView('/' . $uid . '/files_versions'); $versionsName = \OCP\Config::getSystemValue('datadirectory') . $versions_fileview->getAbsolutePath($filename); $versionsFolderName = \OCP\Config::getSystemValue('datadirectory') . $versions_fileview->getAbsolutePath(''); $matches = glob($versionsName . '.v*'); sort($matches); $parts = explode('.v', end($matches)); if (end($parts) + Storage::DEFAULTMININTERVAL > time()) { return false; } } // create all parent folders $info = pathinfo($filename); if (!file_exists($versionsFolderName . '/' . $info['dirname'])) { mkdir($versionsFolderName . '/' . $info['dirname'], 0750, true); } // store a new version of a file $users_view->copy('files' . $filename, 'files_versions' . $filename . '.v' . time()); // expire old revisions if necessary Storage::expire($filename); } }
/** * @brief test webdav delete random file * @depends testWebdavGET */ function testWebdavDELETE($filename) { // set server vars $_SERVER['REQUEST_METHOD'] = 'DELETE'; $_SERVER['REQUEST_URI'] = '/remote.php/webdav' . $filename; $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dGVzdC13ZWJkYXYtdXNlcjE6dGVzdC13ZWJkYXYtdXNlcjE='; $_SERVER['PATH_INFO'] = '/webdav' . $filename; // handle webdav request $content = $this->handleWebdavRequest(); // check if file was removed $this->assertFalse($this->view->file_exists('/' . $this->userId . '/files' . $filename)); // check if key-file was removed $this->assertFalse($this->view->file_exists('/' . $this->userId . '/files_encryption/keyfiles' . $filename . '.key')); // check if shareKey-file was removed $this->assertFalse($this->view->file_exists('/' . $this->userId . '/files_encryption/share-keys' . $filename . '.' . $this->userId . '.shareKey')); }
/** * @medium */ function testFailShareFile() { // login as admin \Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1); // save file with content $cryptedFile = file_put_contents('crypt:///' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // get the file info from previous created file $fileInfo = $this->view->getFileInfo('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info $this->assertTrue(is_array($fileInfo)); // check if the unencrypted file size is stored $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); // break users public key $this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key', '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup'); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; // share the file try { \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_GROUP1, OCP\PERMISSION_ALL); } catch (Exception $e) { $this->assertEquals(0, strpos($e->getMessage(), "Following users are not set up for encryption")); } // login as admin \Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1); // check if share key for user1 not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey')); // disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // break user1 public key $this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup', '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key'); // remove share file $this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey'); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; // unshare the file with user1 \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_GROUP1); // check if share key not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey')); // cleanup $this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); }
protected function getStorage() { if (isset($this->storage)) { return $this->storage; } if (OC_User::isLoggedIn()) { $subdir = 'cache'; $view = new OC_FilesystemView('/' . OC_User::getUser()); if (!$view->file_exists($subdir)) { $view->mkdir($subdir); } $this->storage = new OC_FilesystemView('/' . OC_User::getUser() . '/' . $subdir); return $this->storage; } else { OC_Log::write('core', 'Can\'t get cache storage, user not logged in', OC_Log::ERROR); return false; } }
/** * @medium * @brief test delete file forever */ function testPermanentDeleteFile() { // generate filename $filename = 'tmp-' . time() . '.txt'; // save file with content $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // check if key for admin exists $this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/keyfiles/' . $filename . '.key')); // check if share key for admin exists $this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey')); // delete file \OC\FIles\Filesystem::unlink($filename); // check if file not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files/' . $filename)); // check if key for admin not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/keyfiles/' . $filename . '.key')); // check if share key for admin not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey')); // find created file with timestamp $query = \OC_DB::prepare('SELECT `timestamp`,`type` FROM `*PREFIX*files_trash`' . ' WHERE `id`=?'); $result = $query->execute(array($filename))->fetchRow(); $this->assertTrue(is_array($result)); // build suffix $trashFileSuffix = 'd' . $result['timestamp']; // check if key for admin exists $this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/keyfiles/' . $filename . '.key.' . $trashFileSuffix)); // check if share key for admin exists $this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey.' . $trashFileSuffix)); // get timestamp from file $timestamp = str_replace('d', '', $trashFileSuffix); // delete file forever $this->assertGreaterThan(0, \OCA\Files_Trashbin\Trashbin::delete($filename, $timestamp)); // check if key for admin not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/files/' . $filename . '.' . $trashFileSuffix)); // check if key for admin not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/keyfiles/' . $filename . '.key.' . $trashFileSuffix)); // check if share key for admin not exists $this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey.' . $trashFileSuffix)); }
/** * delete non existing files from the cache */ public static function cleanFolder($path, $root = false) { if ($root === false) { $view = OC_Filesystem::getView(); } else { $view = new OC_FilesystemView($root); } $cachedContent = OC_FileCache_Cached::getFolderContent($path, $root); foreach ($cachedContent as $fileData) { $path = $fileData['path']; $file = $view->getRelativePath($path); if (!$view->file_exists($file)) { if ($root === false) { //filesystem hooks are only valid for the default root OC_Hook::emit('OC_Filesystem', 'post_delete', array('path' => $file)); } else { self::delete($file, $root); } } } }
/** * test if all keys get moved to the backup folder correctly */ function testBackupAllKeys() { self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1); // create some dummy key files $encPath = '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '/files_encryption'; $this->view->file_put_contents($encPath . '/keyfiles/foo.key', 'key'); $this->view->file_put_contents($encPath . '/share-keys/foo.user1.shareKey', 'share key'); $this->view->mkdir($encPath . '/keyfiles/subfolder/'); $this->view->mkdir($encPath . '/share-keys/subfolder/'); $this->view->file_put_contents($encPath . '/keyfiles/subfolder/foo.key', 'key'); $this->view->file_put_contents($encPath . '/share-keys/subfolder/foo.user1.shareKey', 'share key'); $util = new \OCA\Encryption\Util($this->view, self::TEST_ENCRYPTION_UTIL_USER1); $util->backupAllKeys('testing'); $encFolderContent = $this->view->getDirectoryContent($encPath); $backupPath = ''; foreach ($encFolderContent as $c) { $name = $c['name']; if (substr($name, 0, strlen('backup')) === 'backup') { $backupPath = $encPath . '/' . $c['name']; break; } } $this->assertTrue($backupPath !== ''); // check backupDir Content $this->assertTrue($this->view->is_dir($backupPath . '/keyfiles')); $this->assertTrue($this->view->is_dir($backupPath . '/share-keys')); $this->assertTrue($this->view->file_exists($backupPath . '/keyfiles/foo.key')); $this->assertTrue($this->view->file_exists($backupPath . '/share-keys/foo.user1.shareKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keyfiles/subfolder/foo.key')); $this->assertTrue($this->view->file_exists($backupPath . '/share-keys/subfolder/foo.user1.shareKey')); $this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.private.key')); $this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.public.key')); //cleanup $this->view->deleteAll($backupPath); $this->view->unlink($encPath . '/keyfiles/foo.key', 'key'); $this->view->unlink($encPath . '/share-keys/foo.user1.shareKey', 'share key'); }
function testDelAllShareKeysFile() { $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/existingFile.txt', 'data'); // create folder structure for some dummy share key files $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1'); // create some dummy share keys for the existing file $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); // create some dummy share keys for a non-existing file $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user1.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user2.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user3.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); // try to del all share keys from a existing file, should fail because the file still exists $result = Encryption\Keymanager::delAllShareKeys($this->view, Test_Encryption_Keymanager::TEST_USER, 'folder1/existingFile.txt'); $this->assertFalse($result); // check if share keys still exists $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey')); $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey')); $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey')); // try to del all share keys from file, should succeed because the does not exist any more $result2 = Encryption\Keymanager::delAllShareKeys($this->view, Test_Encryption_Keymanager::TEST_USER, 'folder1/nonexistingFile.txt'); $this->assertTrue($result2); // check if share keys are really gone $this->assertFalse($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); // check that it only deleted keys or users who had access, others remain $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user1.shareKey')); $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user2.shareKey')); $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user3.shareKey')); // cleanup $this->view->deleteAll('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1'); }
OCA\Encryption\Helper::registerAppHooks(); stream_wrapper_register('crypt', 'OCA\\Encryption\\Stream'); // check if we are logged in if (OCP\User::isLoggedIn()) { // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS(); } $view = new OC_FilesystemView('/'); $sessionReady = OCA\Encryption\Helper::checkRequirements(); if ($sessionReady) { $session = new \OCA\Encryption\Session($view); } $user = \OCP\USER::getUser(); // check if user has a private key if ($sessionReady === false || !$view->file_exists('/' . $user . '/files_encryption/' . $user . '.private.key') && OCA\Encryption\Crypt::mode() === 'server') { // Force the user to log-in again if the encryption key isn't unlocked // (happens when a user is logged in before the encryption app is // enabled) OCP\User::logout(); header("Location: " . OC::$WEBROOT . '/'); exit; } } } else { // logout user if we are in maintenance to force re-login OCP\User::logout(); } // Register settings scripts OCP\App::registerAdmin('files_encryption', 'settings-admin'); OCP\App::registerPersonal('files_encryption', 'settings-personal');
<?php OCP\JSON::checkAppEnabled('files_external'); if (!($filename = $_FILES['rootcert_import']['name'])) { header("Location: settings/personal.php"); exit; } $fh = fopen($_FILES['rootcert_import']['tmp_name'], 'r'); $data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name'])); fclose($fh); $filename = $_FILES['rootcert_import']['name']; $view = new \OC_FilesystemView('/' . \OCP\User::getUser() . '/files_external/uploads'); if (!$view->file_exists('')) { $view->mkdir(''); } $isValid = openssl_pkey_get_public($data); //maybe it was just the wrong file format, try to convert it... if ($isValid == false) { $data = chunk_split(base64_encode($data), 64, "\n"); $data = "-----BEGIN CERTIFICATE-----\n" . $data . "-----END CERTIFICATE-----\n"; $isValid = openssl_pkey_get_public($data); } // add the certificate if it could be verified if ($isValid) { $view->file_put_contents($filename, $data); OC_Mount_Config::createCertificateBundle(); } else { OCP\Util::writeLog("files_external", "Couldn't import SSL root certificate ({$filename}), allowed formats: PEM and DER", OCP\Util::WARN); } header("Location: settings/personal.php"); exit;
/** * @brief Make preparations to vars and filesystem for saving a keyfile */ public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId) { $targetPath = ltrim($path, '/'); $path_parts = pathinfo($targetPath); // If the file resides within a subdirectory, create it if (isset($path_parts['dirname']) && !$view->file_exists($basePath . '/' . $path_parts['dirname'])) { $sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']); $dir = ''; foreach ($sub_dirs as $sub_dir) { $dir .= '/' . $sub_dir; if (!$view->is_dir($dir)) { $view->mkdir($dir); } } } return $targetPath; }
/** * @param string $appid * @return OC_FilesystemView */ public static function getStorage($appid) { if (OC_App::isEnabled($appid)) { //sanity check if (OC_User::isLoggedIn()) { $view = new OC_FilesystemView('/' . OC_User::getUser()); if (!$view->file_exists($appid)) { $view->mkdir($appid); } return new OC_FilesystemView('/' . OC_User::getUser() . '/' . $appid); } else { OC_Log::write('core', 'Can\'t get app storage, app, user not logged in', OC_Log::ERROR); return false; } } else { OC_Log::write('core', 'Can\'t get app storage, app ' . $appid . ' not enabled', OC_Log::ERROR); return false; } }
* version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ // Check if we are a user OCP\User::checkLoggedIn(); $filename = $_GET["file"]; $view = new OC_FilesystemView('/' . \OCP\User::getUser() . '/files_trashbin/files'); if (!$view->file_exists($filename)) { header("HTTP/1.0 404 Not Found"); $tmpl = new OCP\Template('', '404', 'guest'); $tmpl->assign('file', $filename); $tmpl->printPage(); exit; } $ftype = $view->getMimeType($filename); header('Content-Type:' . $ftype); if (preg_match("/MSIE/", $_SERVER["HTTP_USER_AGENT"])) { header('Content-Disposition: attachment; filename="' . rawurlencode(basename($filename)) . '"'); } else { header('Content-Disposition: attachment; filename*=UTF-8\'\'' . rawurlencode(basename($filename)) . '; filename="' . rawurlencode(basename($filename)) . '"'); } OCP\Response::disableCaching(); header('Content-Length: ' . $view->filesize($filename));
/** * delete non existing files from the cache */ private static function cleanFolder($path, $root = '') { if (!$root) { $view = OC_Filesystem::getView(); } else { $view = new OC_FilesystemView($root == '/' ? '' : $root); } //check for removed files, not using getFolderContent to prevent loops $parent = self::getFileId($view->getRoot() . $path); $query = OC_DB::prepare('SELECT name FROM *PREFIX*fscache WHERE parent=?'); $result = $query->execute(array($parent)); while ($row = $result->fetchRow()) { $file = $path . '/' . $row['name']; if (!$view->file_exists($file)) { if (!$root) { //filesystem hooks are only valid for the default root OC_Hook::emit('OC_Filesystem', 'post_delete', array('path' => $file)); } else { self::fileSystemWatcherDelete(array('path' => $file), $root); } } } }
/** * @brief Change a user's encryption passphrase * @param array $params keys: uid, password */ public static function setPassphrase($params) { if (\OCP\App::isEnabled('files_encryption') === false) { return true; } // Only attempt to change passphrase if server-side encryption // is in use (client-side encryption does not have access to // the necessary keys) if (Crypt::mode() === 'server') { $view = new \OC_FilesystemView('/'); $session = new \OCA\Encryption\Session($view); // Get existing decrypted private key $privateKey = $session->getPrivateKey(); if ($params['uid'] === \OCP\User::getUser() && $privateKey) { // Encrypt private key with new user pwd as passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']); // Save private key if ($encryptedPrivateKey) { Keymanager::setPrivateKey($encryptedPrivateKey); } else { \OCP\Util::writeLog('files_encryption', 'Could not update users encryption password', \OCP\Util::ERROR); } // NOTE: Session does not need to be updated as the // private key has not changed, only the passphrase // used to decrypt it has changed } else { // admin changed the password for a different user, create new keys and reencrypt file keys $user = $params['uid']; $util = new Util($view, $user); $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null; // we generate new keys if... // ...we have a recovery password and the user enabled the recovery key // ...encryption was activated for the first time (no keys exists) // ...the user doesn't have any files if ($util->recoveryEnabledForUser() && $recoveryPassword || !$util->userKeysExists() || !$view->file_exists($user . '/files')) { // backup old keys $util->backupAllKeys('recovery'); $newUserPassword = $params['password']; // make sure that the users home is mounted \OC\Files\Filesystem::initMountPoints($user); $keypair = Crypt::createKeypair(); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Save public key $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']); // Encrypt private key empty passphrase $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword); // Save private key $view->file_put_contents('/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey); if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files $util = new Util($view, $user); $util->recoverUsersFiles($recoveryPassword); } \OC_FileProxy::$enabled = $proxyStatus; } } } }
/** * @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing * @param array with oldpath and newpath * * This function is connected to the rename signal of OC_Filesystem and adjust the name and location * of the stored versions along the actual file */ public static function postRename($params) { if (\OCP\App::isEnabled('files_encryption') === false) { return true; } // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $view = new \OC_FilesystemView('/'); $session = new \OCA\Encryption\Session($view); $userId = \OCP\User::getUser(); $util = new Util($view, $userId); // Format paths to be relative to user files dir if ($util->isSystemWideMountPoint($params['oldpath'])) { $baseDir = 'files_encryption/'; $oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath']; } else { $baseDir = $userId . '/' . 'files_encryption/'; $oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath']; } if ($util->isSystemWideMountPoint($params['newpath'])) { $newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath']; } else { $newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath']; } // add key ext if this is not an folder if (!$view->is_dir($oldKeyfilePath)) { $oldKeyfilePath .= '.key'; $newKeyfilePath .= '.key'; // handle share-keys $localKeyPath = $view->getLocalFile($baseDir . 'share-keys/' . $params['oldpath']); $escapedPath = Helper::escapeGlobPattern($localKeyPath); $matches = glob($escapedPath . '*.shareKey'); foreach ($matches as $src) { $dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src)); // create destination folder if not exists if (!file_exists(dirname($dst))) { mkdir(dirname($dst), 0750, true); } rename($src, $dst); } } else { // handle share-keys folders $oldShareKeyfilePath = $baseDir . 'share-keys/' . $params['oldpath']; $newShareKeyfilePath = $baseDir . 'share-keys/' . $params['newpath']; // create destination folder if not exists if (!$view->file_exists(dirname($newShareKeyfilePath))) { $view->mkdir(dirname($newShareKeyfilePath), 0750, true); } $view->rename($oldShareKeyfilePath, $newShareKeyfilePath); } // Rename keyfile so it isn't orphaned if ($view->file_exists($oldKeyfilePath)) { // create destination folder if not exists if (!$view->file_exists(dirname($newKeyfilePath))) { $view->mkdir(dirname($newKeyfilePath), 0750, true); } $view->rename($oldKeyfilePath, $newKeyfilePath); } // build the path to the file $newPath = '/' . $userId . '/files' . $params['newpath']; $newPathRelative = $params['newpath']; if ($util->fixFileSize($newPath)) { // get sharing app state $sharingEnabled = \OCP\Share::isEnabled(); // get users $usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative); // update sharing-keys $util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative); } \OC_FileProxy::$enabled = $proxyStatus; }