72c8187cbb
When calling `\OC\Files\View::copy` we should also keep the version to ensure that the file will always have the correct version attached and can be successfully decrypted.
To test this the following steps are necessary (from https://github.com/owncloud/core/issues/22781#issuecomment-191328982):
1. setup a new ownCloud 9.0 beta2
2. enable encryption
2. upload a docx (5.7MB large)
3. upload the same file again and overwrite the existing file
4. I can download the original file and the first version
5. I restore the first version
6. restored version can no longer be downloaded with the error described above
The manual cache operation in `\OCA\Files_Versions\Storage` is unfortunately necessary since `\OCA\Files_Versions\Storage::copyFileContents` is not using `\OCP\Files\Storage::moveFromStorage` in the case when an object storage is used. Due to the workaround added in 54cea05271
the stream is directly copied and thus bypassing the FS.
956 lines
28 KiB
PHP
956 lines
28 KiB
PHP
<?php
|
|
/**
|
|
* @author Björn Schießle <schiessle@owncloud.com>
|
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
|
* @author Lukas Reschke <lukas@owncloud.com>
|
|
* @author Robin Appelman <icewind@owncloud.com>
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
|
*
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
* @license AGPL-3.0
|
|
*
|
|
* This code is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
*
|
|
*/
|
|
|
|
namespace OC\Files\Storage\Wrapper;
|
|
|
|
use OC\Encryption\Exceptions\ModuleDoesNotExistsException;
|
|
use OC\Encryption\Update;
|
|
use OC\Encryption\Util;
|
|
use OC\Files\Cache\CacheEntry;
|
|
use OC\Files\Filesystem;
|
|
use OC\Files\Mount\Manager;
|
|
use OC\Files\Storage\LocalTempFileTrait;
|
|
use OCP\Encryption\Exceptions\GenericEncryptionException;
|
|
use OCP\Encryption\IFile;
|
|
use OCP\Encryption\IManager;
|
|
use OCP\Encryption\Keys\IStorage;
|
|
use OCP\Files\Mount\IMountPoint;
|
|
use OCP\Files\Storage;
|
|
use OCP\ILogger;
|
|
use OCP\Files\Cache\ICacheEntry;
|
|
|
|
class Encryption extends Wrapper {
|
|
|
|
use LocalTempFileTrait;
|
|
|
|
/** @var string */
|
|
private $mountPoint;
|
|
|
|
/** @var \OC\Encryption\Util */
|
|
private $util;
|
|
|
|
/** @var \OCP\Encryption\IManager */
|
|
private $encryptionManager;
|
|
|
|
/** @var \OCP\ILogger */
|
|
private $logger;
|
|
|
|
/** @var string */
|
|
private $uid;
|
|
|
|
/** @var array */
|
|
protected $unencryptedSize;
|
|
|
|
/** @var \OCP\Encryption\IFile */
|
|
private $fileHelper;
|
|
|
|
/** @var IMountPoint */
|
|
private $mount;
|
|
|
|
/** @var IStorage */
|
|
private $keyStorage;
|
|
|
|
/** @var Update */
|
|
private $update;
|
|
|
|
/** @var Manager */
|
|
private $mountManager;
|
|
|
|
/** @var array remember for which path we execute the repair step to avoid recursions */
|
|
private $fixUnencryptedSizeOf = array();
|
|
|
|
/**
|
|
* @param array $parameters
|
|
* @param IManager $encryptionManager
|
|
* @param Util $util
|
|
* @param ILogger $logger
|
|
* @param IFile $fileHelper
|
|
* @param string $uid
|
|
* @param IStorage $keyStorage
|
|
* @param Update $update
|
|
* @param Manager $mountManager
|
|
*/
|
|
public function __construct(
|
|
$parameters,
|
|
IManager $encryptionManager = null,
|
|
Util $util = null,
|
|
ILogger $logger = null,
|
|
IFile $fileHelper = null,
|
|
$uid = null,
|
|
IStorage $keyStorage = null,
|
|
Update $update = null,
|
|
Manager $mountManager = null
|
|
) {
|
|
|
|
$this->mountPoint = $parameters['mountPoint'];
|
|
$this->mount = $parameters['mount'];
|
|
$this->encryptionManager = $encryptionManager;
|
|
$this->util = $util;
|
|
$this->logger = $logger;
|
|
$this->uid = $uid;
|
|
$this->fileHelper = $fileHelper;
|
|
$this->keyStorage = $keyStorage;
|
|
$this->unencryptedSize = array();
|
|
$this->update = $update;
|
|
$this->mountManager = $mountManager;
|
|
parent::__construct($parameters);
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.filesize.php
|
|
* The result for filesize when called on a folder is required to be 0
|
|
*
|
|
* @param string $path
|
|
* @return int
|
|
*/
|
|
public function filesize($path) {
|
|
$fullPath = $this->getFullPath($path);
|
|
|
|
/** @var CacheEntry $info */
|
|
$info = $this->getCache()->get($path);
|
|
if (isset($this->unencryptedSize[$fullPath])) {
|
|
$size = $this->unencryptedSize[$fullPath];
|
|
// update file cache
|
|
if ($info instanceof ICacheEntry) {
|
|
$info = $info->getData();
|
|
$info['encrypted'] = $info['encryptedVersion'];
|
|
} else {
|
|
if (!is_array($info)) {
|
|
$info = [];
|
|
}
|
|
$info['encrypted'] = true;
|
|
}
|
|
|
|
$info['size'] = $size;
|
|
$this->getCache()->put($path, $info);
|
|
|
|
return $size;
|
|
}
|
|
|
|
if (isset($info['fileid']) && $info['encrypted']) {
|
|
return $this->verifyUnencryptedSize($path, $info['size']);
|
|
}
|
|
|
|
return $this->storage->filesize($path);
|
|
}
|
|
|
|
/**
|
|
* @param string $path
|
|
* @return array
|
|
*/
|
|
public function getMetaData($path) {
|
|
$data = $this->storage->getMetaData($path);
|
|
if (is_null($data)) {
|
|
return null;
|
|
}
|
|
$fullPath = $this->getFullPath($path);
|
|
|
|
if (isset($this->unencryptedSize[$fullPath])) {
|
|
$data['encrypted'] = true;
|
|
$data['size'] = $this->unencryptedSize[$fullPath];
|
|
} else {
|
|
$info = $this->getCache()->get($path);
|
|
if (isset($info['fileid']) && $info['encrypted']) {
|
|
$data['size'] = $this->verifyUnencryptedSize($path, $info['size']);
|
|
$data['encrypted'] = true;
|
|
}
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
/**
|
|
* see http://php.net/manual/en/function.file_get_contents.php
|
|
*
|
|
* @param string $path
|
|
* @return string
|
|
*/
|
|
public function file_get_contents($path) {
|
|
|
|
$encryptionModule = $this->getEncryptionModule($path);
|
|
|
|
if ($encryptionModule) {
|
|
$handle = $this->fopen($path, "r");
|
|
if (!$handle) {
|
|
return false;
|
|
}
|
|
$data = stream_get_contents($handle);
|
|
fclose($handle);
|
|
return $data;
|
|
}
|
|
return $this->storage->file_get_contents($path);
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.file_put_contents.php
|
|
*
|
|
* @param string $path
|
|
* @param string $data
|
|
* @return bool
|
|
*/
|
|
public function file_put_contents($path, $data) {
|
|
// file put content will always be translated to a stream write
|
|
$handle = $this->fopen($path, 'w');
|
|
if (is_resource($handle)) {
|
|
$written = fwrite($handle, $data);
|
|
fclose($handle);
|
|
return $written;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.unlink.php
|
|
*
|
|
* @param string $path
|
|
* @return bool
|
|
*/
|
|
public function unlink($path) {
|
|
$fullPath = $this->getFullPath($path);
|
|
if ($this->util->isExcluded($fullPath)) {
|
|
return $this->storage->unlink($path);
|
|
}
|
|
|
|
$encryptionModule = $this->getEncryptionModule($path);
|
|
if ($encryptionModule) {
|
|
$this->keyStorage->deleteAllFileKeys($this->getFullPath($path));
|
|
}
|
|
|
|
return $this->storage->unlink($path);
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.rename.php
|
|
*
|
|
* @param string $path1
|
|
* @param string $path2
|
|
* @return bool
|
|
*/
|
|
public function rename($path1, $path2) {
|
|
|
|
$result = $this->storage->rename($path1, $path2);
|
|
|
|
if ($result &&
|
|
// versions always use the keys from the original file, so we can skip
|
|
// this step for versions
|
|
$this->isVersion($path2) === false &&
|
|
$this->encryptionManager->isEnabled()) {
|
|
$source = $this->getFullPath($path1);
|
|
if (!$this->util->isExcluded($source)) {
|
|
$target = $this->getFullPath($path2);
|
|
if (isset($this->unencryptedSize[$source])) {
|
|
$this->unencryptedSize[$target] = $this->unencryptedSize[$source];
|
|
}
|
|
$this->keyStorage->renameKeys($source, $target);
|
|
$module = $this->getEncryptionModule($path2);
|
|
if ($module) {
|
|
$module->update($target, $this->uid, []);
|
|
}
|
|
}
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.rmdir.php
|
|
*
|
|
* @param string $path
|
|
* @return bool
|
|
*/
|
|
public function rmdir($path) {
|
|
$result = $this->storage->rmdir($path);
|
|
$fullPath = $this->getFullPath($path);
|
|
if ($result &&
|
|
$this->util->isExcluded($fullPath) === false &&
|
|
$this->encryptionManager->isEnabled()
|
|
) {
|
|
$this->keyStorage->deleteAllFileKeys($fullPath);
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* check if a file can be read
|
|
*
|
|
* @param string $path
|
|
* @return bool
|
|
*/
|
|
public function isReadable($path) {
|
|
|
|
$isReadable = true;
|
|
|
|
$metaData = $this->getMetaData($path);
|
|
if (
|
|
!$this->is_dir($path) &&
|
|
isset($metaData['encrypted']) &&
|
|
$metaData['encrypted'] === true
|
|
) {
|
|
$fullPath = $this->getFullPath($path);
|
|
$module = $this->getEncryptionModule($path);
|
|
$isReadable = $module->isReadable($fullPath, $this->uid);
|
|
}
|
|
|
|
return $this->storage->isReadable($path) && $isReadable;
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.copy.php
|
|
*
|
|
* @param string $path1
|
|
* @param string $path2
|
|
* @return bool
|
|
*/
|
|
public function copy($path1, $path2) {
|
|
|
|
$source = $this->getFullPath($path1);
|
|
|
|
if ($this->util->isExcluded($source)) {
|
|
return $this->storage->copy($path1, $path2);
|
|
}
|
|
|
|
// need to stream copy file by file in case we copy between a encrypted
|
|
// and a unencrypted storage
|
|
$this->unlink($path2);
|
|
$result = $this->copyFromStorage($this, $path1, $path2);
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.fopen.php
|
|
*
|
|
* @param string $path
|
|
* @param string $mode
|
|
* @return resource|bool
|
|
* @throws GenericEncryptionException
|
|
* @throws ModuleDoesNotExistsException
|
|
*/
|
|
public function fopen($path, $mode) {
|
|
|
|
$encryptionEnabled = $this->encryptionManager->isEnabled();
|
|
$shouldEncrypt = false;
|
|
$encryptionModule = null;
|
|
$header = $this->getHeader($path);
|
|
$signed = (isset($header['signed']) && $header['signed'] === 'true') ? true : false;
|
|
$fullPath = $this->getFullPath($path);
|
|
$encryptionModuleId = $this->util->getEncryptionModuleId($header);
|
|
|
|
if ($this->util->isExcluded($fullPath) === false) {
|
|
|
|
$size = $unencryptedSize = 0;
|
|
$realFile = $this->util->stripPartialFileExtension($path);
|
|
$targetExists = $this->file_exists($realFile) || $this->file_exists($path);
|
|
$targetIsEncrypted = false;
|
|
if ($targetExists) {
|
|
// in case the file exists we require the explicit module as
|
|
// specified in the file header - otherwise we need to fail hard to
|
|
// prevent data loss on client side
|
|
if (!empty($encryptionModuleId)) {
|
|
$targetIsEncrypted = true;
|
|
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
|
|
}
|
|
|
|
if ($this->file_exists($path)) {
|
|
$size = $this->storage->filesize($path);
|
|
$unencryptedSize = $this->filesize($path);
|
|
} else {
|
|
$size = $unencryptedSize = 0;
|
|
}
|
|
}
|
|
|
|
try {
|
|
|
|
if (
|
|
$mode === 'w'
|
|
|| $mode === 'w+'
|
|
|| $mode === 'wb'
|
|
|| $mode === 'wb+'
|
|
) {
|
|
// don't overwrite encrypted files if encryption is not enabled
|
|
if ($targetIsEncrypted && $encryptionEnabled === false) {
|
|
throw new GenericEncryptionException('Tried to access encrypted file but encryption is not enabled');
|
|
}
|
|
if ($encryptionEnabled) {
|
|
// if $encryptionModuleId is empty, the default module will be used
|
|
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
|
|
$shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath);
|
|
$signed = true;
|
|
}
|
|
} else {
|
|
$info = $this->getCache()->get($path);
|
|
// only get encryption module if we found one in the header
|
|
// or if file should be encrypted according to the file cache
|
|
if (!empty($encryptionModuleId)) {
|
|
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
|
|
$shouldEncrypt = true;
|
|
} else if (empty($encryptionModuleId) && $info['encrypted'] === true) {
|
|
// we come from a old installation. No header and/or no module defined
|
|
// but the file is encrypted. In this case we need to use the
|
|
// OC_DEFAULT_MODULE to read the file
|
|
$encryptionModule = $this->encryptionManager->getEncryptionModule('OC_DEFAULT_MODULE');
|
|
$shouldEncrypt = true;
|
|
$targetIsEncrypted = true;
|
|
}
|
|
}
|
|
} catch (ModuleDoesNotExistsException $e) {
|
|
$this->logger->warning('Encryption module "' . $encryptionModuleId .
|
|
'" not found, file will be stored unencrypted (' . $e->getMessage() . ')');
|
|
}
|
|
|
|
// encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
|
|
if (!$encryptionEnabled || !$this->mount->getOption('encrypt', true)) {
|
|
if (!$targetExists || !$targetIsEncrypted) {
|
|
$shouldEncrypt = false;
|
|
}
|
|
}
|
|
|
|
if ($shouldEncrypt === true && $encryptionModule !== null) {
|
|
$headerSize = $this->getHeaderSize($path);
|
|
$source = $this->storage->fopen($path, $mode);
|
|
if (!is_resource($source)) {
|
|
return false;
|
|
}
|
|
$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
|
|
$this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode,
|
|
$size, $unencryptedSize, $headerSize, $signed);
|
|
return $handle;
|
|
}
|
|
|
|
}
|
|
|
|
return $this->storage->fopen($path, $mode);
|
|
}
|
|
|
|
|
|
/**
|
|
* perform some plausibility checks if the the unencrypted size is correct.
|
|
* If not, we calculate the correct unencrypted size and return it
|
|
*
|
|
* @param string $path internal path relative to the storage root
|
|
* @param int $unencryptedSize size of the unencrypted file
|
|
*
|
|
* @return int unencrypted size
|
|
*/
|
|
protected function verifyUnencryptedSize($path, $unencryptedSize) {
|
|
|
|
$size = $this->storage->filesize($path);
|
|
$result = $unencryptedSize;
|
|
|
|
if ($unencryptedSize < 0 ||
|
|
($size > 0 && $unencryptedSize === $size)
|
|
) {
|
|
// check if we already calculate the unencrypted size for the
|
|
// given path to avoid recursions
|
|
if (isset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]) === false) {
|
|
$this->fixUnencryptedSizeOf[$this->getFullPath($path)] = true;
|
|
try {
|
|
$result = $this->fixUnencryptedSize($path, $size, $unencryptedSize);
|
|
} catch (\Exception $e) {
|
|
$this->logger->error('Couldn\'t re-calculate unencrypted size for '. $path);
|
|
$this->logger->logException($e);
|
|
}
|
|
unset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]);
|
|
}
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* calculate the unencrypted size
|
|
*
|
|
* @param string $path internal path relative to the storage root
|
|
* @param int $size size of the physical file
|
|
* @param int $unencryptedSize size of the unencrypted file
|
|
*
|
|
* @return int calculated unencrypted size
|
|
*/
|
|
protected function fixUnencryptedSize($path, $size, $unencryptedSize) {
|
|
|
|
$headerSize = $this->getHeaderSize($path);
|
|
$header = $this->getHeader($path);
|
|
$encryptionModule = $this->getEncryptionModule($path);
|
|
|
|
$stream = $this->storage->fopen($path, 'r');
|
|
|
|
// if we couldn't open the file we return the old unencrypted size
|
|
if (!is_resource($stream)) {
|
|
$this->logger->error('Could not open ' . $path . '. Recalculation of unencrypted size aborted.');
|
|
return $unencryptedSize;
|
|
}
|
|
|
|
$newUnencryptedSize = 0;
|
|
$size -= $headerSize;
|
|
$blockSize = $this->util->getBlockSize();
|
|
|
|
// if a header exists we skip it
|
|
if ($headerSize > 0) {
|
|
fread($stream, $headerSize);
|
|
}
|
|
|
|
// fast path, else the calculation for $lastChunkNr is bogus
|
|
if ($size === 0) {
|
|
return 0;
|
|
}
|
|
|
|
$signed = (isset($header['signed']) && $header['signed'] === 'true') ? true : false;
|
|
$unencryptedBlockSize = $encryptionModule->getUnencryptedBlockSize($signed);
|
|
|
|
// calculate last chunk nr
|
|
// next highest is end of chunks, one subtracted is last one
|
|
// we have to read the last chunk, we can't just calculate it (because of padding etc)
|
|
|
|
$lastChunkNr = ceil($size/ $blockSize)-1;
|
|
// calculate last chunk position
|
|
$lastChunkPos = ($lastChunkNr * $blockSize);
|
|
// try to fseek to the last chunk, if it fails we have to read the whole file
|
|
if (@fseek($stream, $lastChunkPos, SEEK_CUR) === 0) {
|
|
$newUnencryptedSize += $lastChunkNr * $unencryptedBlockSize;
|
|
}
|
|
|
|
$lastChunkContentEncrypted='';
|
|
$count = $blockSize;
|
|
|
|
while ($count > 0) {
|
|
$data=fread($stream, $blockSize);
|
|
$count=strlen($data);
|
|
$lastChunkContentEncrypted .= $data;
|
|
if(strlen($lastChunkContentEncrypted) > $blockSize) {
|
|
$newUnencryptedSize += $unencryptedBlockSize;
|
|
$lastChunkContentEncrypted=substr($lastChunkContentEncrypted, $blockSize);
|
|
}
|
|
}
|
|
|
|
fclose($stream);
|
|
|
|
// we have to decrypt the last chunk to get it actual size
|
|
$encryptionModule->begin($this->getFullPath($path), $this->uid, 'r', $header, []);
|
|
$decryptedLastChunk = $encryptionModule->decrypt($lastChunkContentEncrypted, $lastChunkNr . 'end');
|
|
$decryptedLastChunk .= $encryptionModule->end($this->getFullPath($path), $lastChunkNr . 'end');
|
|
|
|
// calc the real file size with the size of the last chunk
|
|
$newUnencryptedSize += strlen($decryptedLastChunk);
|
|
|
|
$this->updateUnencryptedSize($this->getFullPath($path), $newUnencryptedSize);
|
|
|
|
// write to cache if applicable
|
|
$cache = $this->storage->getCache();
|
|
if ($cache) {
|
|
$entry = $cache->get($path);
|
|
$cache->update($entry['fileid'], ['size' => $newUnencryptedSize]);
|
|
}
|
|
|
|
return $newUnencryptedSize;
|
|
}
|
|
|
|
/**
|
|
* @param Storage $sourceStorage
|
|
* @param string $sourceInternalPath
|
|
* @param string $targetInternalPath
|
|
* @param bool $preserveMtime
|
|
* @return bool
|
|
*/
|
|
public function moveFromStorage(Storage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = true) {
|
|
if ($sourceStorage === $this) {
|
|
return $this->rename($sourceInternalPath, $targetInternalPath);
|
|
}
|
|
|
|
// TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
|
|
// - call $this->storage->moveFromStorage() instead of $this->copyBetweenStorage
|
|
// - copy the file cache update from $this->copyBetweenStorage to this method
|
|
// - copy the copyKeys() call from $this->copyBetweenStorage to this method
|
|
// - remove $this->copyBetweenStorage
|
|
|
|
if (!$sourceStorage->isDeletable($sourceInternalPath)) {
|
|
return false;
|
|
}
|
|
|
|
$result = $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, true);
|
|
if ($result) {
|
|
if ($sourceStorage->is_dir($sourceInternalPath)) {
|
|
$result &= $sourceStorage->rmdir($sourceInternalPath);
|
|
} else {
|
|
$result &= $sourceStorage->unlink($sourceInternalPath);
|
|
}
|
|
}
|
|
return $result;
|
|
}
|
|
|
|
|
|
/**
|
|
* @param Storage $sourceStorage
|
|
* @param string $sourceInternalPath
|
|
* @param string $targetInternalPath
|
|
* @param bool $preserveMtime
|
|
* @return bool
|
|
*/
|
|
public function copyFromStorage(Storage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) {
|
|
|
|
// TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
|
|
// - call $this->storage->copyFromStorage() instead of $this->copyBetweenStorage
|
|
// - copy the file cache update from $this->copyBetweenStorage to this method
|
|
// - copy the copyKeys() call from $this->copyBetweenStorage to this method
|
|
// - remove $this->copyBetweenStorage
|
|
|
|
return $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, false);
|
|
}
|
|
|
|
/**
|
|
* Update the encrypted cache version in the database
|
|
*
|
|
* @param Storage $sourceStorage
|
|
* @param string $sourceInternalPath
|
|
* @param string $targetInternalPath
|
|
* @param bool $isRename
|
|
*/
|
|
private function updateEncryptedVersion(Storage $sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename) {
|
|
$isEncrypted = $this->encryptionManager->isEnabled() && $this->mount->getOption('encrypt', true) ? 1 : 0;
|
|
$cacheInformation = [
|
|
'encrypted' => (bool)$isEncrypted,
|
|
];
|
|
if($isEncrypted === 1) {
|
|
$cacheInformation['encryptedVersion'] = $sourceStorage->getCache()->get($sourceInternalPath)['encryptedVersion'];
|
|
}
|
|
|
|
// in case of a rename we need to manipulate the source cache because
|
|
// this information will be kept for the new target
|
|
if ($isRename) {
|
|
$sourceStorage->getCache()->put($sourceInternalPath, $cacheInformation);
|
|
} else {
|
|
$this->getCache()->put($targetInternalPath, $cacheInformation);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* copy file between two storages
|
|
*
|
|
* @param Storage $sourceStorage
|
|
* @param string $sourceInternalPath
|
|
* @param string $targetInternalPath
|
|
* @param bool $preserveMtime
|
|
* @param bool $isRename
|
|
* @return bool
|
|
* @throws \Exception
|
|
*/
|
|
private function copyBetweenStorage(Storage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename) {
|
|
|
|
// for versions we have nothing to do, because versions should always use the
|
|
// key from the original file. Just create a 1:1 copy and done
|
|
if ($this->isVersion($targetInternalPath) ||
|
|
$this->isVersion($sourceInternalPath)) {
|
|
$result = $this->storage->copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath);
|
|
if ($result) {
|
|
$info = $this->getCache('', $sourceStorage)->get($sourceInternalPath);
|
|
// make sure that we update the unencrypted size for the version
|
|
if (isset($info['encrypted']) && $info['encrypted'] === true) {
|
|
$this->updateUnencryptedSize(
|
|
$this->getFullPath($targetInternalPath),
|
|
$info['size']
|
|
);
|
|
}
|
|
$this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename);
|
|
}
|
|
return $result;
|
|
}
|
|
|
|
// first copy the keys that we reuse the existing file key on the target location
|
|
// and don't create a new one which would break versions for example.
|
|
$mount = $this->mountManager->findByStorageId($sourceStorage->getId());
|
|
if (count($mount) === 1) {
|
|
$mountPoint = $mount[0]->getMountPoint();
|
|
$source = $mountPoint . '/' . $sourceInternalPath;
|
|
$target = $this->getFullPath($targetInternalPath);
|
|
$this->copyKeys($source, $target);
|
|
} else {
|
|
$this->logger->error('Could not find mount point, can\'t keep encryption keys');
|
|
}
|
|
|
|
if ($sourceStorage->is_dir($sourceInternalPath)) {
|
|
$dh = $sourceStorage->opendir($sourceInternalPath);
|
|
$result = $this->mkdir($targetInternalPath);
|
|
if (is_resource($dh)) {
|
|
while ($result and ($file = readdir($dh)) !== false) {
|
|
if (!Filesystem::isIgnoredDir($file)) {
|
|
$result &= $this->copyFromStorage($sourceStorage, $sourceInternalPath . '/' . $file, $targetInternalPath . '/' . $file);
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
try {
|
|
$source = $sourceStorage->fopen($sourceInternalPath, 'r');
|
|
$target = $this->fopen($targetInternalPath, 'w');
|
|
list(, $result) = \OC_Helper::streamCopy($source, $target);
|
|
fclose($source);
|
|
fclose($target);
|
|
} catch (\Exception $e) {
|
|
fclose($source);
|
|
fclose($target);
|
|
throw $e;
|
|
}
|
|
if($result) {
|
|
if ($preserveMtime) {
|
|
$this->touch($targetInternalPath, $sourceStorage->filemtime($sourceInternalPath));
|
|
}
|
|
$this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename);
|
|
} else {
|
|
// delete partially written target file
|
|
$this->unlink($targetInternalPath);
|
|
// delete cache entry that was created by fopen
|
|
$this->getCache()->remove($targetInternalPath);
|
|
}
|
|
}
|
|
return (bool)$result;
|
|
|
|
}
|
|
|
|
/**
|
|
* get the path to a local version of the file.
|
|
* The local version of the file can be temporary and doesn't have to be persistent across requests
|
|
*
|
|
* @param string $path
|
|
* @return string
|
|
*/
|
|
public function getLocalFile($path) {
|
|
if ($this->encryptionManager->isEnabled()) {
|
|
$cachedFile = $this->getCachedFile($path);
|
|
if (is_string($cachedFile)) {
|
|
return $cachedFile;
|
|
}
|
|
}
|
|
return $this->storage->getLocalFile($path);
|
|
}
|
|
|
|
/**
|
|
* Returns the wrapped storage's value for isLocal()
|
|
*
|
|
* @return bool wrapped storage's isLocal() value
|
|
*/
|
|
public function isLocal() {
|
|
if ($this->encryptionManager->isEnabled()) {
|
|
return false;
|
|
}
|
|
return $this->storage->isLocal();
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.stat.php
|
|
* only the following keys are required in the result: size and mtime
|
|
*
|
|
* @param string $path
|
|
* @return array
|
|
*/
|
|
public function stat($path) {
|
|
$stat = $this->storage->stat($path);
|
|
$fileSize = $this->filesize($path);
|
|
$stat['size'] = $fileSize;
|
|
$stat[7] = $fileSize;
|
|
return $stat;
|
|
}
|
|
|
|
/**
|
|
* see http://php.net/manual/en/function.hash.php
|
|
*
|
|
* @param string $type
|
|
* @param string $path
|
|
* @param bool $raw
|
|
* @return string
|
|
*/
|
|
public function hash($type, $path, $raw = false) {
|
|
$fh = $this->fopen($path, 'rb');
|
|
$ctx = hash_init($type);
|
|
hash_update_stream($ctx, $fh);
|
|
fclose($fh);
|
|
return hash_final($ctx, $raw);
|
|
}
|
|
|
|
/**
|
|
* return full path, including mount point
|
|
*
|
|
* @param string $path relative to mount point
|
|
* @return string full path including mount point
|
|
*/
|
|
protected function getFullPath($path) {
|
|
return Filesystem::normalizePath($this->mountPoint . '/' . $path);
|
|
}
|
|
|
|
/**
|
|
* read first block of encrypted file, typically this will contain the
|
|
* encryption header
|
|
*
|
|
* @param string $path
|
|
* @return string
|
|
*/
|
|
protected function readFirstBlock($path) {
|
|
$firstBlock = '';
|
|
if ($this->storage->file_exists($path)) {
|
|
$handle = $this->storage->fopen($path, 'r');
|
|
$firstBlock = fread($handle, $this->util->getHeaderSize());
|
|
fclose($handle);
|
|
}
|
|
return $firstBlock;
|
|
}
|
|
|
|
/**
|
|
* return header size of given file
|
|
*
|
|
* @param string $path
|
|
* @return int
|
|
*/
|
|
protected function getHeaderSize($path) {
|
|
$headerSize = 0;
|
|
$realFile = $this->util->stripPartialFileExtension($path);
|
|
if ($this->storage->file_exists($realFile)) {
|
|
$path = $realFile;
|
|
}
|
|
$firstBlock = $this->readFirstBlock($path);
|
|
|
|
if (substr($firstBlock, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
|
|
$headerSize = strlen($firstBlock);
|
|
}
|
|
|
|
return $headerSize;
|
|
}
|
|
|
|
/**
|
|
* parse raw header to array
|
|
*
|
|
* @param string $rawHeader
|
|
* @return array
|
|
*/
|
|
protected function parseRawHeader($rawHeader) {
|
|
$result = array();
|
|
if (substr($rawHeader, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
|
|
$header = $rawHeader;
|
|
$endAt = strpos($header, Util::HEADER_END);
|
|
if ($endAt !== false) {
|
|
$header = substr($header, 0, $endAt + strlen(Util::HEADER_END));
|
|
|
|
// +1 to not start with an ':' which would result in empty element at the beginning
|
|
$exploded = explode(':', substr($header, strlen(Util::HEADER_START)+1));
|
|
|
|
$element = array_shift($exploded);
|
|
while ($element !== Util::HEADER_END) {
|
|
$result[$element] = array_shift($exploded);
|
|
$element = array_shift($exploded);
|
|
}
|
|
}
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* read header from file
|
|
*
|
|
* @param string $path
|
|
* @return array
|
|
*/
|
|
protected function getHeader($path) {
|
|
$realFile = $this->util->stripPartialFileExtension($path);
|
|
if ($this->storage->file_exists($realFile)) {
|
|
$path = $realFile;
|
|
}
|
|
|
|
$firstBlock = $this->readFirstBlock($path);
|
|
$result = $this->parseRawHeader($firstBlock);
|
|
|
|
// if the header doesn't contain a encryption module we check if it is a
|
|
// legacy file. If true, we add the default encryption module
|
|
if (!isset($result[Util::HEADER_ENCRYPTION_MODULE_KEY])) {
|
|
if (!empty($result)) {
|
|
$result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
|
|
} else {
|
|
// if the header was empty we have to check first if it is a encrypted file at all
|
|
$info = $this->getCache()->get($path);
|
|
if (isset($info['encrypted']) && $info['encrypted'] === true) {
|
|
$result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
|
|
}
|
|
}
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* read encryption module needed to read/write the file located at $path
|
|
*
|
|
* @param string $path
|
|
* @return null|\OCP\Encryption\IEncryptionModule
|
|
* @throws ModuleDoesNotExistsException
|
|
* @throws \Exception
|
|
*/
|
|
protected function getEncryptionModule($path) {
|
|
$encryptionModule = null;
|
|
$header = $this->getHeader($path);
|
|
$encryptionModuleId = $this->util->getEncryptionModuleId($header);
|
|
if (!empty($encryptionModuleId)) {
|
|
try {
|
|
$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
|
|
} catch (ModuleDoesNotExistsException $e) {
|
|
$this->logger->critical('Encryption module defined in "' . $path . '" not loaded!');
|
|
throw $e;
|
|
}
|
|
}
|
|
return $encryptionModule;
|
|
}
|
|
|
|
/**
|
|
* @param string $path
|
|
* @param int $unencryptedSize
|
|
*/
|
|
public function updateUnencryptedSize($path, $unencryptedSize) {
|
|
$this->unencryptedSize[$path] = $unencryptedSize;
|
|
}
|
|
|
|
/**
|
|
* copy keys to new location
|
|
*
|
|
* @param string $source path relative to data/
|
|
* @param string $target path relative to data/
|
|
* @return bool
|
|
*/
|
|
protected function copyKeys($source, $target) {
|
|
if (!$this->util->isExcluded($source)) {
|
|
return $this->keyStorage->copyKeys($source, $target);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* check if path points to a files version
|
|
*
|
|
* @param $path
|
|
* @return bool
|
|
*/
|
|
protected function isVersion($path) {
|
|
$normalized = Filesystem::normalizePath($path);
|
|
return substr($normalized, 0, strlen('/files_versions/')) === '/files_versions/';
|
|
}
|
|
|
|
}
|