/**
* become another user
* @param string $userid
* @UseSession
* @return JSONResponse
*/
public function impersonate($userid)
{
$oldUserId = $this->userSession->getUser()->getUID();
$this->logger->warning("User {$oldUserId} trying to impersonate user {$userid}", ['app' => 'impersonate']);
$user = $this->userManager->get($userid);
if ($user === null) {
return new JSONResponse("No user found for {$userid}", Http::STATUS_NOT_FOUND);
} else {
$this->logger->warning("changing to user {$userid}", ['app' => 'impersonate']);
$this->userSession->setUser($user);
}
return new JSONResponse();
}
/**
* check if new encryption is ready
*
* @return boolean
*/
public function isReady()
{
// check if we are still in transit between the old and the new encryption
$oldEncryption = $this->config->getAppValue('files_encryption', 'installed_version');
if (!empty($oldEncryption)) {
$warning = 'Installation is in transit between the old Encryption (ownCloud <= 8.0)
and the new encryption. Please enable the "Default encryption module"
and run \'occ encryption:migrate\'';
$this->logger->warning($warning);
return false;
}
return true;
}
/**
* rename file keys
*
* @param string $user
* @param string $path
* @param bool $trash
*/
private function renameFileKeys($user, $path, $trash = false)
{
if ($this->view->is_dir($user . '/' . $path) === false) {
$this->logger->info('Skip dir /' . $user . '/' . $path . ': does not exist');
return;
}
$dh = $this->view->opendir($user . '/' . $path);
if (is_resource($dh)) {
while (($file = readdir($dh)) !== false) {
if (!\OC\Files\Filesystem::isIgnoredDir($file)) {
if ($this->view->is_dir($user . '/' . $path . '/' . $file)) {
$this->renameFileKeys($user, $path . '/' . $file, $trash);
} else {
$target = $this->getTargetDir($user, $path, $file, $trash);
if ($target) {
$this->createPathForKeys(dirname($target));
$this->view->rename($user . '/' . $path . '/' . $file, $target);
} else {
$this->logger->warning('did not move key "' . $file . '" could not find the corresponding file in /data/' . $user . '/files.' . 'Most likely the key was already moved in a previous migration run and is already on the right place.');
}
}
}
}
closedir($dh);
}
}
/**
* @param string $path
* @param int $type self::LOCK_SHARED or self::LOCK_EXCLUSIVE
* @throws \OCP\Lock\LockedException
*/
public function acquireLock($path, $type)
{
if ($this->connection->inTransaction()) {
$this->logger->warning("Trying to acquire a lock for '{$path}' while inside a transition");
}
$this->connection->beginTransaction();
$this->initLockField($path);
if ($type === self::LOCK_SHARED) {
$result = $this->connection->executeUpdate('UPDATE `*PREFIX*file_locks` SET `lock` = `lock` + 1 WHERE `key` = ? AND `lock` >= 0', [$path]);
} else {
$result = $this->connection->executeUpdate('UPDATE `*PREFIX*file_locks` SET `lock` = -1 WHERE `key` = ? AND `lock` = 0', [$path]);
}
$this->connection->commit();
if ($result !== 1) {
throw new LockedException($path);
}
$this->markAcquire($path, $type);
}
/**
* return Cipher either from config.php or the default cipher defined in
* this class
*
* @return string
*/
public function getCipher()
{
$cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
if ($cipher !== 'AES-256-CFB' && $cipher !== 'AES-128-CFB') {
$this->logger->warning('Wrong cipher defined in config.php only AES-128-CFB and AES-256-CFB are supported. Fall back' . self::DEFAULT_CIPHER, ['app' => 'encryption']);
$cipher = self::DEFAULT_CIPHER;
}
return $cipher;
}
/**
* return Cipher either from config.php or the default cipher defined in
* this class
*
* @return string
*/
public function getCipher()
{
$cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
$this->logger->warning(sprintf('Unsupported cipher (%s) defined in config.php supported. Falling back to %s', $cipher, self::DEFAULT_CIPHER), ['app' => 'encryption']);
$cipher = self::DEFAULT_CIPHER;
}
return $cipher;
}
/**
* @param string[] $files
*/
protected function cleanFiles($files)
{
foreach ($files as $file) {
if (file_exists($file)) {
try {
\OC_Helper::rmdirr($file);
} catch (\UnexpectedValueException $ex) {
$this->log->warning("Error deleting temporary file/folder: {file} - Reason: {error}", ['file' => $file, 'error' => $ex->getMessage()]);
}
}
}
}
/**
* Check if a temporary directory is ready for use
*
* @param mixed $directory
* @return bool
*/
private function checkTemporaryDirectory($directory)
{
// suppress any possible errors caused by is_writable
// checks missing or invalid path or characters, wrong permissions etc
try {
if (is_writeable($directory)) {
return true;
}
} catch (\Exception $e) {
}
$this->log->warning('Temporary directory {dir} is not present or writable', ['dir' => $directory]);
return false;
}
/**
* return Cipher either from config.php or the default cipher defined in
* this class
*
* @return string
*/
public function getCipher()
{
$cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
$this->logger->warning(sprintf('Unsupported cipher (%s) defined in config.php supported. Falling back to %s', $cipher, self::DEFAULT_CIPHER), ['app' => 'encryption']);
$cipher = self::DEFAULT_CIPHER;
}
// Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
if (OPENSSL_VERSION_NUMBER < 0x1000101f) {
if ($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
$cipher = self::LEGACY_CIPHER;
}
}
return $cipher;
}
/**
* check if the encryption module is able to read the file,
* e.g. if all encryption keys exists
*
* @param string $path
* @param string $uid user for whom we want to check if he can read the file
* @return bool
* @throws DecryptionFailedException
*/
public function isReadable($path, $uid)
{
$fileKey = $this->keyManager->getFileKey($path, $uid);
if (empty($fileKey)) {
$owner = $this->util->getOwner($path);
if ($owner !== $uid) {
// if it is a shared file we throw a exception with a useful
// error message because in this case it means that the file was
// shared with the user at a point where the user didn't had a
// valid private/public key
$msg = 'Encryption module "' . $this->getDisplayName() . '" is not able to read ' . $path;
$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
$this->logger->warning($msg);
throw new DecryptionFailedException($msg, $hint);
}
return false;
}
return true;
}
public function __construct(AppConfig $appConfig, ILogger $logger)
{
$this->appConfig = $appConfig;
$this->logger = $logger;
try {
$avMode = $appConfig->getAvMode();
switch ($avMode) {
case 'daemon':
case 'socket':
$this->scannerClass = 'OCA\\Files_Antivirus\\Scanner\\External';
break;
case 'executable':
$this->scannerClass = 'OCA\\Files_Antivirus\\Scanner\\Local';
break;
default:
$this->logger->warning('Application is misconfigured. Please check the settings at the admin page. Invalid mode: ' . $avMode);
break;
}
} catch (\Exception $e) {
$message = implode(' ', [__CLASS__, __METHOD__, $e->getMessage()]);
$logger->warning($message);
}
}
/**
* see http://php.net/manual/en/function.fopen.php
*
* @param string $path
* @param string $mode
* @return resource
* @throws GenericEncryptionException
* @throws ModuleDoesNotExistsException
*/
public function fopen($path, $mode)
{
$encryptionEnabled = $this->encryptionManager->isEnabled();
$shouldEncrypt = false;
$encryptionModule = null;
$header = $this->getHeader($path);
$fullPath = $this->getFullPath($path);
$encryptionModuleId = $this->util->getEncryptionModuleId($header);
if ($this->util->isExcluded($fullPath) === false) {
$size = $unencryptedSize = 0;
$realFile = $this->util->stripPartialFileExtension($path);
$targetExists = $this->file_exists($realFile) || $this->file_exists($path);
$targetIsEncrypted = false;
if ($targetExists) {
// in case the file exists we require the explicit module as
// specified in the file header - otherwise we need to fail hard to
// prevent data loss on client side
if (!empty($encryptionModuleId)) {
$targetIsEncrypted = true;
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
}
if ($this->file_exists($path)) {
$size = $this->storage->filesize($path);
$unencryptedSize = $this->filesize($path);
} else {
$size = $unencryptedSize = 0;
}
}
try {
if ($mode === 'w' || $mode === 'w+' || $mode === 'wb' || $mode === 'wb+') {
// don't overwrite encrypted files if encyption is not enabled
if ($targetIsEncrypted && $encryptionEnabled === false) {
throw new GenericEncryptionException('Tried to access encrypted file but encryption is not enabled');
}
if ($encryptionEnabled) {
// if $encryptionModuleId is empty, the default module will be used
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
$shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath);
}
} else {
$info = $this->getCache()->get($path);
// only get encryption module if we found one in the header
// or if file should be encrypted according to the file cache
if (!empty($encryptionModuleId)) {
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
$shouldEncrypt = true;
} else {
if (empty($encryptionModuleId) && $info['encrypted'] === true) {
// we come from a old installation. No header and/or no module defined
// but the file is encrypted. In this case we need to use the
// OC_DEFAULT_MODULE to read the file
$encryptionModule = $this->encryptionManager->getEncryptionModule('OC_DEFAULT_MODULE');
$shouldEncrypt = true;
$targetIsEncrypted = true;
}
}
}
} catch (ModuleDoesNotExistsException $e) {
$this->logger->warning('Encryption module "' . $encryptionModuleId . '" not found, file will be stored unencrypted (' . $e->getMessage() . ')');
}
// encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
if (!$encryptionEnabled || !$this->mount->getOption('encrypt', true)) {
if (!$targetExists || !$targetIsEncrypted) {
$shouldEncrypt = false;
}
}
if ($shouldEncrypt === true && $encryptionModule !== null) {
$headerSize = $this->getHeaderSize($path);
$source = $this->storage->fopen($path, $mode);
$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header, $this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode, $size, $unencryptedSize, $headerSize);
return $handle;
}
}
return $this->storage->fopen($path, $mode);
}
/**
* Create a new image from file or URL
*
* @link http://www.programmierer-forum.de/function-imagecreatefrombmp-laeuft-mit-allen-bitraten-t143137.htm
* @version 1.00
* @param string $fileName <p>
* Path to the BMP image.
* </p>
* @return bool|resource an image resource identifier on success, <b>FALSE</b> on errors.
*/
private function imagecreatefrombmp($fileName)
{
if (!($fh = fopen($fileName, 'rb'))) {
$this->logger->warning('imagecreatefrombmp: Can not open ' . $fileName, array('app' => 'core'));
return false;
}
// read file header
$meta = unpack('vtype/Vfilesize/Vreserved/Voffset', fread($fh, 14));
// check for bitmap
if ($meta['type'] != 19778) {
fclose($fh);
$this->logger->warning('imagecreatefrombmp: Can not open ' . $fileName . ' is not a bitmap!', array('app' => 'core'));
return false;
}
// read image header
$meta += unpack('Vheadersize/Vwidth/Vheight/vplanes/vbits/Vcompression/Vimagesize/Vxres/Vyres/Vcolors/Vimportant', fread($fh, 40));
// read additional 16bit header
if ($meta['bits'] == 16) {
$meta += unpack('VrMask/VgMask/VbMask', fread($fh, 12));
}
// set bytes and padding
$meta['bytes'] = $meta['bits'] / 8;
$this->bitDepth = $meta['bits'];
//remember the bit depth for the imagebmp call
$meta['decal'] = 4 - 4 * ($meta['width'] * $meta['bytes'] / 4 - floor($meta['width'] * $meta['bytes'] / 4));
if ($meta['decal'] == 4) {
$meta['decal'] = 0;
}
// obtain imagesize
if ($meta['imagesize'] < 1) {
$meta['imagesize'] = $meta['filesize'] - $meta['offset'];
// in rare cases filesize is equal to offset so we need to read physical size
if ($meta['imagesize'] < 1) {
$meta['imagesize'] = @filesize($fileName) - $meta['offset'];
if ($meta['imagesize'] < 1) {
fclose($fh);
$this->logger->warning('imagecreatefrombmp: Can not obtain file size of ' . $fileName . ' is not a bitmap!', array('app' => 'core'));
return false;
}
}
}
// calculate colors
$meta['colors'] = !$meta['colors'] ? pow(2, $meta['bits']) : $meta['colors'];
// read color palette
$palette = array();
if ($meta['bits'] < 16) {
$palette = unpack('l' . $meta['colors'], fread($fh, $meta['colors'] * 4));
// in rare cases the color value is signed
if ($palette[1] < 0) {
foreach ($palette as $i => $color) {
$palette[$i] = $color + 16777216;
}
}
}
// create gd image
$im = imagecreatetruecolor($meta['width'], $meta['height']);
if ($im == false) {
fclose($fh);
$this->logger->warning('imagecreatefrombmp: imagecreatetruecolor failed for file "' . $fileName . '" with dimensions ' . $meta['width'] . 'x' . $meta['height'], array('app' => 'core'));
return false;
}
$data = fread($fh, $meta['imagesize']);
$p = 0;
$vide = chr(0);
$y = $meta['height'] - 1;
$error = 'imagecreatefrombmp: ' . $fileName . ' has not enough data!';
// loop through the image data beginning with the lower left corner
while ($y >= 0) {
$x = 0;
while ($x < $meta['width']) {
switch ($meta['bits']) {
case 32:
case 24:
if (!($part = substr($data, $p, 3))) {
$this->logger->warning($error, array('app' => 'core'));
return $im;
}
$color = unpack('V', $part . $vide);
break;
case 16:
if (!($part = substr($data, $p, 2))) {
fclose($fh);
$this->logger->warning($error, array('app' => 'core'));
return $im;
}
$color = unpack('v', $part);
$color[1] = (($color[1] & 0xf800) >> 8) * 65536 + (($color[1] & 0x7e0) >> 3) * 256 + (($color[1] & 0x1f) << 3);
break;
case 8:
$color = unpack('n', $vide . substr($data, $p, 1));
$color[1] = $palette[$color[1] + 1];
break;
case 4:
$color = unpack('n', $vide . substr($data, floor($p), 1));
$color[1] = $p * 2 % 2 == 0 ? $color[1] >> 4 : $color[1] & 0xf;
$color[1] = $palette[$color[1] + 1];
break;
case 1:
$color = unpack('n', $vide . substr($data, floor($p), 1));
switch ($p * 8 % 8) {
case 0:
$color[1] = $color[1] >> 7;
break;
case 1:
$color[1] = ($color[1] & 0x40) >> 6;
break;
case 2:
$color[1] = ($color[1] & 0x20) >> 5;
break;
case 3:
$color[1] = ($color[1] & 0x10) >> 4;
break;
case 4:
$color[1] = ($color[1] & 0x8) >> 3;
break;
case 5:
$color[1] = ($color[1] & 0x4) >> 2;
break;
case 6:
$color[1] = ($color[1] & 0x2) >> 1;
break;
case 7:
$color[1] = $color[1] & 0x1;
break;
}
$color[1] = $palette[$color[1] + 1];
break;
default:
fclose($fh);
$this->logger->warning('imagecreatefrombmp: ' . $fileName . ' has ' . $meta['bits'] . ' bits and this is not supported!', array('app' => 'core'));
return false;
}
imagesetpixel($im, $x, $y, $color[1]);
$x++;
$p += $meta['bytes'];
}
$y--;
$p += $meta['decal'];
}
fclose($fh);
return $im;
}
/**
* @inheritdoc
*/
public function warning($message, array $context = [])
{
$this->logger->warning($message, array_merge($this->context, $context));
}
/**
* @inheritdoc
*/
public function warning($message, array $context = array())
{
$this->logger->warning($message, $this->context);
}
/**
* Decrypt private key and store it
*
* @param string $uid user id
* @param string $passPhrase users password
* @return boolean
*/
public function init($uid, $passPhrase)
{
$this->session->setStatus(Session::INIT_EXECUTED);
try {
if ($this->util->isMasterKeyEnabled()) {
$uid = $this->getMasterKeyId();
$passPhrase = $this->getMasterKeyPassword();
$privateKey = $this->getSystemPrivateKey($uid);
} else {
$privateKey = $this->getPrivateKey($uid);
}
$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
} catch (PrivateKeyMissingException $e) {
return false;
} catch (DecryptionFailedException $e) {
return false;
} catch (\Exception $e) {
$this->log->warning('Could not decrypt the private key from user "' . $uid . '"" during login. ' . 'Assume password change on the user back-end. Error message: ' . $e->getMessage());
return false;
}
if ($privateKey) {
$this->session->setPrivateKey($privateKey);
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return true;
}
return false;
}
