/** * decrypt private key and add it to the current session * @param array $params with 'uid' and 'password' * @return mixed session or false */ public function initEncryption($params) { $session = new \OCA\Encryption\Session($this->view); // we tried to initialize the encryption app for this session $session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED); $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); return false; } $session->setPrivateKey($privateKey); $session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL); return $session; }
/** * Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ public static function login($params) { if (\OCP\App::isEnabled('files_encryption') === false) { return true; } $l = new \OC_L10N('files_encryption'); $view = new \OC\Files\View('/'); // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS($params['uid']); } $privateKey = Keymanager::getPrivateKey($view, $params['uid']); // if no private key exists, check server configuration if (!$privateKey) { //check if all requirements are met if (!Helper::checkRequirements() || !Helper::checkConfiguration()) { $error_msg = $l->t("Missing requirements."); $hint = $l->t('Please make sure that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.'); \OC_App::disable('files_encryption'); \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR); \OCP\Template::printErrorPage($error_msg, $hint); } } $util = new Util($view, $params['uid']); // setup user, if user not ready force relogin if (Helper::setupUser($util, $params['password']) === false) { return false; } $session = $util->initEncryption($params); // Check if first-run file migration has already been performed $ready = false; $migrationStatus = $util->getMigrationStatus(); if ($migrationStatus === Util::MIGRATION_OPEN && $session !== false) { $ready = $util->beginMigration(); } elseif ($migrationStatus === Util::MIGRATION_IN_PROGRESS) { // refuse login as long as the initial encryption is running sleep(5); \OCP\User::logout(); return false; } $result = true; // If migration not yet done if ($ready) { // Encrypt existing user files try { $result = $util->encryptAll('/' . $params['uid'] . '/' . 'files'); } catch (\Exception $ex) { \OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL); $result = false; } if ($result) { \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO); // Register successful migration in DB $util->finishMigration(); } else { \OCP\Util::writeLog('Encryption library', 'Initial encryption failed!', \OCP\Util::FATAL); $util->resetMigrationStatus(); \OCP\User::logout(); } } return $result; }