Inspection of "don't try to encrypt/decrypt the certificate bundl..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#5361)

by Björn

created 2017-06-13 07:52 UTC

Status

Indentation +366 added lines, -366 removed lines patch added patch discarded remove patch

@@ -35,371 +35,371 @@
 block discarded – undo
 
 class Util {
 
-	const HEADER_START = 'HBEGIN';
-	const HEADER_END = 'HEND';
-	const HEADER_PADDING_CHAR = '-';
-
-	const HEADER_ENCRYPTION_MODULE_KEY = 'oc_encryption_module';
-
-	/**
-	 * block size will always be 8192 for a PHP stream
-	 * @see https://bugs.php.net/bug.php?id=21641
-	 * @var integer
-	 */
-	protected $headerSize = 8192;
-
-	/**
-	 * block size will always be 8192 for a PHP stream
-	 * @see https://bugs.php.net/bug.php?id=21641
-	 * @var integer
-	 */
-	protected $blockSize = 8192;
-
-	/** @var View */
-	protected $rootView;
-
-	/** @var array */
-	protected $ocHeaderKeys;
-
-	/** @var \OC\User\Manager */
-	protected $userManager;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var array paths excluded from encryption */
-	protected $excludedPaths;
-
-	/** @var \OC\Group\Manager $manager */
-	protected $groupManager;
-
-	/**
-	 *
-	 * @param View $rootView
-	 * @param \OC\User\Manager $userManager
-	 * @param \OC\Group\Manager $groupManager
-	 * @param IConfig $config
-	 */
-	public function __construct(
-		View $rootView,
-		\OC\User\Manager $userManager,
-		\OC\Group\Manager $groupManager,
-		IConfig $config) {
-
-		$this->ocHeaderKeys = [
-			self::HEADER_ENCRYPTION_MODULE_KEY
-		];
-
-		$this->rootView = $rootView;
-		$this->userManager = $userManager;
-		$this->groupManager = $groupManager;
-		$this->config = $config;
-
-		$this->excludedPaths[] = 'files_encryption';
-		$this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
-		$this->excludedPaths[] = 'files_external';
-	}
-
-	/**
-	 * read encryption module ID from header
-	 *
-	 * @param array $header
-	 * @return string
-	 * @throws ModuleDoesNotExistsException
-	 */
-	public function getEncryptionModuleId(array $header = null) {
-		$id = '';
-		$encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY;
-
-		if (isset($header[$encryptionModuleKey])) {
-			$id = $header[$encryptionModuleKey];
-		} elseif (isset($header['cipher'])) {
-			if (class_exists('\OCA\Encryption\Crypto\Encryption')) {
-				// fall back to default encryption if the user migrated from
-				// ownCloud <= 8.0 with the old encryption
-				$id = \OCA\Encryption\Crypto\Encryption::ID;
-			} else {
-				throw new ModuleDoesNotExistsException('Default encryption module missing');
-			}
-		}
-
-		return $id;
-	}
-
-	/**
-	 * create header for encrypted file
-	 *
-	 * @param array $headerData
-	 * @param IEncryptionModule $encryptionModule
-	 * @return string
-	 * @throws EncryptionHeaderToLargeException if header has to many arguments
-	 * @throws EncryptionHeaderKeyExistsException if header key is already in use
-	 */
-	public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
-		$header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
-		foreach ($headerData as $key => $value) {
-			if (in_array($key, $this->ocHeaderKeys)) {
-				throw new EncryptionHeaderKeyExistsException($key);
-			}
-			$header .= $key . ':' . $value . ':';
-		}
-		$header .= self::HEADER_END;
-
-		if (strlen($header) > $this->getHeaderSize()) {
-			throw new EncryptionHeaderToLargeException();
-		}
-
-		$paddedHeader = str_pad($header, $this->headerSize, self::HEADER_PADDING_CHAR, STR_PAD_RIGHT);
-
-		return $paddedHeader;
-	}
-
-	/**
-	 * go recursively through a dir and collect all files and sub files.
-	 *
-	 * @param string $dir relative to the users files folder
-	 * @return array with list of files relative to the users files folder
-	 */
-	public function getAllFiles($dir) {
-		$result = array();
-		$dirList = array($dir);
-
-		while ($dirList) {
-			$dir = array_pop($dirList);
-			$content = $this->rootView->getDirectoryContent($dir);
-
-			foreach ($content as $c) {
-				if ($c->getType() === 'dir') {
-					$dirList[] = $c->getPath();
-				} else {
-					$result[] =  $c->getPath();
-				}
-			}
-
-		}
-
-		return $result;
-	}
-
-	/**
-	 * check if it is a file uploaded by the user stored in data/user/files
-	 * or a metadata file
-	 *
-	 * @param string $path relative to the data/ folder
-	 * @return boolean
-	 */
-	public function isFile($path) {
-		$parts = explode('/', Filesystem::normalizePath($path), 4);
-		if (isset($parts[2]) && $parts[2] === 'files') {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * return size of encryption header
-	 *
-	 * @return integer
-	 */
-	public function getHeaderSize() {
-		return $this->headerSize;
-	}
-
-	/**
-	 * return size of block read by a PHP stream
-	 *
-	 * @return integer
-	 */
-	public function getBlockSize() {
-		return $this->blockSize;
-	}
-
-	/**
-	 * get the owner and the path for the file relative to the owners files folder
-	 *
-	 * @param string $path
-	 * @return array
-	 * @throws \BadMethodCallException
-	 */
-	public function getUidAndFilename($path) {
-
-		$parts = explode('/', $path);
-		$uid = '';
-		if (count($parts) > 2) {
-			$uid = $parts[1];
-		}
-		if (!$this->userManager->userExists($uid)) {
-			throw new \BadMethodCallException(
-				'path needs to be relative to the system wide data folder and point to a user specific file'
-			);
-		}
-
-		$ownerPath = implode('/', array_slice($parts, 2));
-
-		return array($uid, Filesystem::normalizePath($ownerPath));
-
-	}
-
-	/**
-	 * Remove .path extension from a file path
-	 * @param string $path Path that may identify a .part file
-	 * @return string File path without .part extension
-	 * @note this is needed for reusing keys
-	 */
-	public function stripPartialFileExtension($path) {
-		$extension = pathinfo($path, PATHINFO_EXTENSION);
-
-		if ( $extension === 'part') {
-
-			$newLength = strlen($path) - 5; // 5 = strlen(".part")
-			$fPath = substr($path, 0, $newLength);
-
-			// if path also contains a transaction id, we remove it too
-			$extension = pathinfo($fPath, PATHINFO_EXTENSION);
-			if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
-				$newLength = strlen($fPath) - strlen($extension) -1;
-				$fPath = substr($fPath, 0, $newLength);
-			}
-			return $fPath;
-
-		} else {
-			return $path;
-		}
-	}
-
-	public function getUserWithAccessToMountPoint($users, $groups) {
-		$result = array();
-		if (in_array('all', $users)) {
-			$result = \OCP\User::getUsers();
-		} else {
-			$result = array_merge($result, $users);
-
-			$groupManager = \OC::$server->getGroupManager();
-			foreach ($groups as $group) {
-				$groupObject = $groupManager->get($group);
-				if ($groupObject) {
-					$foundUsers = $groupObject->searchUsers('', -1, 0);
-					$userIds = [];
-					foreach ($foundUsers as $user) {
-						$userIds[] = $user->getUID();
-					}
-					$result = array_merge($result, $userIds);
-				}
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * check if the file is stored on a system wide mount point
-	 * @param string $path relative to /data/user with leading '/'
-	 * @param string $uid
-	 * @return boolean
-	 */
-	public function isSystemWideMountPoint($path, $uid) {
-		if (\OCP\App::isEnabled("files_external")) {
-			$mounts = \OC_Mount_Config::getSystemMountPoints();
-			foreach ($mounts as $mount) {
-				if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
-					if ($this->isMountPointApplicableToUser($mount, $uid)) {
-						return true;
-					}
-				}
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * check if mount point is applicable to user
-	 *
-	 * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
-	 * @param string $uid
-	 * @return boolean
-	 */
-	private function isMountPointApplicableToUser($mount, $uid) {
-		$acceptedUids = array('all', $uid);
-		// check if mount point is applicable for the user
-		$intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
-		if (!empty($intersection)) {
-			return true;
-		}
-		// check if mount point is applicable for group where the user is a member
-		foreach ($mount['applicable']['groups'] as $gid) {
-			if ($this->groupManager->isInGroup($uid, $gid)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * check if it is a path which is excluded by ownCloud from encryption
-	 *
-	 * @param string $path
-	 * @return boolean
-	 */
-	public function isExcluded($path) {
-		$normalizedPath = Filesystem::normalizePath($path);
-		$root = explode('/', $normalizedPath, 4);
-		if (count($root) > 1) {
-
-			// detect alternative key storage root
-			$rootDir = $this->getKeyStorageRoot();
-			if ($rootDir !== '' &&
-				0 === strpos(
-					Filesystem::normalizePath($path),
-					Filesystem::normalizePath($rootDir)
-				)
-			) {
-				return true;
-			}
-
-
-			//detect system wide folders
-			if (in_array($root[1], $this->excludedPaths)) {
-				return true;
-			}
-
-			// detect user specific folders
-			if ($this->userManager->userExists($root[1])
-				&& in_array($root[2], $this->excludedPaths)) {
-
-				return true;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * check if recovery key is enabled for user
-	 *
-	 * @param string $uid
-	 * @return boolean
-	 */
-	public function recoveryEnabled($uid) {
-		$enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
-
-		return ($enabled === '1') ? true : false;
-	}
-
-	/**
-	 * set new key storage root
-	 *
-	 * @param string $root new key store root relative to the data folder
-	 */
-	public function setKeyStorageRoot($root) {
-		$this->config->setAppValue('core', 'encryption_key_storage_root', $root);
-	}
-
-	/**
-	 * get key storage root
-	 *
-	 * @return string key storage root
-	 */
-	public function getKeyStorageRoot() {
-		return $this->config->getAppValue('core', 'encryption_key_storage_root', '');
-	}
+    const HEADER_START = 'HBEGIN';
+    const HEADER_END = 'HEND';
+    const HEADER_PADDING_CHAR = '-';
+
+    const HEADER_ENCRYPTION_MODULE_KEY = 'oc_encryption_module';
+
+    /**
+     * block size will always be 8192 for a PHP stream
+     * @see https://bugs.php.net/bug.php?id=21641
+     * @var integer
+     */
+    protected $headerSize = 8192;
+
+    /**
+     * block size will always be 8192 for a PHP stream
+     * @see https://bugs.php.net/bug.php?id=21641
+     * @var integer
+     */
+    protected $blockSize = 8192;
+
+    /** @var View */
+    protected $rootView;
+
+    /** @var array */
+    protected $ocHeaderKeys;
+
+    /** @var \OC\User\Manager */
+    protected $userManager;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var array paths excluded from encryption */
+    protected $excludedPaths;
+
+    /** @var \OC\Group\Manager $manager */
+    protected $groupManager;
+
+    /**
+     *
+     * @param View $rootView
+     * @param \OC\User\Manager $userManager
+     * @param \OC\Group\Manager $groupManager
+     * @param IConfig $config
+     */
+    public function __construct(
+        View $rootView,
+        \OC\User\Manager $userManager,
+        \OC\Group\Manager $groupManager,
+        IConfig $config) {
+
+        $this->ocHeaderKeys = [
+            self::HEADER_ENCRYPTION_MODULE_KEY
+        ];
+
+        $this->rootView = $rootView;
+        $this->userManager = $userManager;
+        $this->groupManager = $groupManager;
+        $this->config = $config;
+
+        $this->excludedPaths[] = 'files_encryption';
+        $this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
+        $this->excludedPaths[] = 'files_external';
+    }
+
+    /**
+     * read encryption module ID from header
+     *
+     * @param array $header
+     * @return string
+     * @throws ModuleDoesNotExistsException
+     */
+    public function getEncryptionModuleId(array $header = null) {
+        $id = '';
+        $encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY;
+
+        if (isset($header[$encryptionModuleKey])) {
+            $id = $header[$encryptionModuleKey];
+        } elseif (isset($header['cipher'])) {
+            if (class_exists('\OCA\Encryption\Crypto\Encryption')) {
+                // fall back to default encryption if the user migrated from
+                // ownCloud <= 8.0 with the old encryption
+                $id = \OCA\Encryption\Crypto\Encryption::ID;
+            } else {
+                throw new ModuleDoesNotExistsException('Default encryption module missing');
+            }
+        }
+
+        return $id;
+    }
+
+    /**
+     * create header for encrypted file
+     *
+     * @param array $headerData
+     * @param IEncryptionModule $encryptionModule
+     * @return string
+     * @throws EncryptionHeaderToLargeException if header has to many arguments
+     * @throws EncryptionHeaderKeyExistsException if header key is already in use
+     */
+    public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
+        $header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
+        foreach ($headerData as $key => $value) {
+            if (in_array($key, $this->ocHeaderKeys)) {
+                throw new EncryptionHeaderKeyExistsException($key);
+            }
+            $header .= $key . ':' . $value . ':';
+        }
+        $header .= self::HEADER_END;
+
+        if (strlen($header) > $this->getHeaderSize()) {
+            throw new EncryptionHeaderToLargeException();
+        }
+
+        $paddedHeader = str_pad($header, $this->headerSize, self::HEADER_PADDING_CHAR, STR_PAD_RIGHT);
+
+        return $paddedHeader;
+    }
+
+    /**
+     * go recursively through a dir and collect all files and sub files.
+     *
+     * @param string $dir relative to the users files folder
+     * @return array with list of files relative to the users files folder
+     */
+    public function getAllFiles($dir) {
+        $result = array();
+        $dirList = array($dir);
+
+        while ($dirList) {
+            $dir = array_pop($dirList);
+            $content = $this->rootView->getDirectoryContent($dir);
+
+            foreach ($content as $c) {
+                if ($c->getType() === 'dir') {
+                    $dirList[] = $c->getPath();
+                } else {
+                    $result[] =  $c->getPath();
+                }
+            }
+
+        }
+
+        return $result;
+    }
+
+    /**
+     * check if it is a file uploaded by the user stored in data/user/files
+     * or a metadata file
+     *
+     * @param string $path relative to the data/ folder
+     * @return boolean
+     */
+    public function isFile($path) {
+        $parts = explode('/', Filesystem::normalizePath($path), 4);
+        if (isset($parts[2]) && $parts[2] === 'files') {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * return size of encryption header
+     *
+     * @return integer
+     */
+    public function getHeaderSize() {
+        return $this->headerSize;
+    }
+
+    /**
+     * return size of block read by a PHP stream
+     *
+     * @return integer
+     */
+    public function getBlockSize() {
+        return $this->blockSize;
+    }
+
+    /**
+     * get the owner and the path for the file relative to the owners files folder
+     *
+     * @param string $path
+     * @return array
+     * @throws \BadMethodCallException
+     */
+    public function getUidAndFilename($path) {
+
+        $parts = explode('/', $path);
+        $uid = '';
+        if (count($parts) > 2) {
+            $uid = $parts[1];
+        }
+        if (!$this->userManager->userExists($uid)) {
+            throw new \BadMethodCallException(
+                'path needs to be relative to the system wide data folder and point to a user specific file'
+            );
+        }
+
+        $ownerPath = implode('/', array_slice($parts, 2));
+
+        return array($uid, Filesystem::normalizePath($ownerPath));
+
+    }
+
+    /**
+     * Remove .path extension from a file path
+     * @param string $path Path that may identify a .part file
+     * @return string File path without .part extension
+     * @note this is needed for reusing keys
+     */
+    public function stripPartialFileExtension($path) {
+        $extension = pathinfo($path, PATHINFO_EXTENSION);
+
+        if ( $extension === 'part') {
+
+            $newLength = strlen($path) - 5; // 5 = strlen(".part")
+            $fPath = substr($path, 0, $newLength);
+
+            // if path also contains a transaction id, we remove it too
+            $extension = pathinfo($fPath, PATHINFO_EXTENSION);
+            if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
+                $newLength = strlen($fPath) - strlen($extension) -1;
+                $fPath = substr($fPath, 0, $newLength);
+            }
+            return $fPath;
+
+        } else {
+            return $path;
+        }
+    }
+
+    public function getUserWithAccessToMountPoint($users, $groups) {
+        $result = array();
+        if (in_array('all', $users)) {
+            $result = \OCP\User::getUsers();
+        } else {
+            $result = array_merge($result, $users);
+
+            $groupManager = \OC::$server->getGroupManager();
+            foreach ($groups as $group) {
+                $groupObject = $groupManager->get($group);
+                if ($groupObject) {
+                    $foundUsers = $groupObject->searchUsers('', -1, 0);
+                    $userIds = [];
+                    foreach ($foundUsers as $user) {
+                        $userIds[] = $user->getUID();
+                    }
+                    $result = array_merge($result, $userIds);
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * check if the file is stored on a system wide mount point
+     * @param string $path relative to /data/user with leading '/'
+     * @param string $uid
+     * @return boolean
+     */
+    public function isSystemWideMountPoint($path, $uid) {
+        if (\OCP\App::isEnabled("files_external")) {
+            $mounts = \OC_Mount_Config::getSystemMountPoints();
+            foreach ($mounts as $mount) {
+                if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
+                    if ($this->isMountPointApplicableToUser($mount, $uid)) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+    /**
+     * check if mount point is applicable to user
+     *
+     * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
+     * @param string $uid
+     * @return boolean
+     */
+    private function isMountPointApplicableToUser($mount, $uid) {
+        $acceptedUids = array('all', $uid);
+        // check if mount point is applicable for the user
+        $intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
+        if (!empty($intersection)) {
+            return true;
+        }
+        // check if mount point is applicable for group where the user is a member
+        foreach ($mount['applicable']['groups'] as $gid) {
+            if ($this->groupManager->isInGroup($uid, $gid)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * check if it is a path which is excluded by ownCloud from encryption
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public function isExcluded($path) {
+        $normalizedPath = Filesystem::normalizePath($path);
+        $root = explode('/', $normalizedPath, 4);
+        if (count($root) > 1) {
+
+            // detect alternative key storage root
+            $rootDir = $this->getKeyStorageRoot();
+            if ($rootDir !== '' &&
+                0 === strpos(
+                    Filesystem::normalizePath($path),
+                    Filesystem::normalizePath($rootDir)
+                )
+            ) {
+                return true;
+            }
+
+
+            //detect system wide folders
+            if (in_array($root[1], $this->excludedPaths)) {
+                return true;
+            }
+
+            // detect user specific folders
+            if ($this->userManager->userExists($root[1])
+                && in_array($root[2], $this->excludedPaths)) {
+
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * check if recovery key is enabled for user
+     *
+     * @param string $uid
+     * @return boolean
+     */
+    public function recoveryEnabled($uid) {
+        $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
+
+        return ($enabled === '1') ? true : false;
+    }
+
+    /**
+     * set new key storage root
+     *
+     * @param string $root new key store root relative to the data folder
+     */
+    public function setKeyStorageRoot($root) {
+        $this->config->setAppValue('core', 'encryption_key_storage_root', $root);
+    }
+
+    /**
+     * get key storage root
+     *
+     * @return string key storage root
+     */
+    public function getKeyStorageRoot() {
+        return $this->config->getAppValue('core', 'encryption_key_storage_root', '');
+    }
 
 }

Please login to merge, or discard this patch.

Spacing +8 added lines, -8 removed lines patch added patch discarded remove patch

@@ -96,7 +96,7 @@  discard block
 block discarded – undo
 		$this->config = $config;
 
 		$this->excludedPaths[] = 'files_encryption';
-		$this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
+		$this->excludedPaths[] = 'appdata_'.$config->getSystemValue('instanceid', null);
 		$this->excludedPaths[] = 'files_external';
 	}
 
@@ -136,12 +136,12 @@  discard block
 block discarded – undo
 	 * @throws EncryptionHeaderKeyExistsException if header key is already in use
 	 */
 	public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
-		$header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
+		$header = self::HEADER_START.':'.self::HEADER_ENCRYPTION_MODULE_KEY.':'.$encryptionModule->getId().':';
 		foreach ($headerData as $key => $value) {
 			if (in_array($key, $this->ocHeaderKeys)) {
 				throw new EncryptionHeaderKeyExistsException($key);
 			}
-			$header .= $key . ':' . $value . ':';
+			$header .= $key.':'.$value.':';
 		}
 		$header .= self::HEADER_END;
 
@@ -172,7 +172,7 @@  discard block
 block discarded – undo
 				if ($c->getType() === 'dir') {
 					$dirList[] = $c->getPath();
 				} else {
-					$result[] =  $c->getPath();
+					$result[] = $c->getPath();
 				}
 			}
 
@@ -249,15 +249,15 @@  discard block
 block discarded – undo
 	public function stripPartialFileExtension($path) {
 		$extension = pathinfo($path, PATHINFO_EXTENSION);
 
-		if ( $extension === 'part') {
+		if ($extension === 'part') {
 
 			$newLength = strlen($path) - 5; // 5 = strlen(".part")
 			$fPath = substr($path, 0, $newLength);
 
 			// if path also contains a transaction id, we remove it too
 			$extension = pathinfo($fPath, PATHINFO_EXTENSION);
-			if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
-				$newLength = strlen($fPath) - strlen($extension) -1;
+			if (substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
+				$newLength = strlen($fPath) - strlen($extension) - 1;
 				$fPath = substr($fPath, 0, $newLength);
 			}
 			return $fPath;
@@ -301,7 +301,7 @@  discard block
 block discarded – undo
 		if (\OCP\App::isEnabled("files_external")) {
 			$mounts = \OC_Mount_Config::getSystemMountPoints();
 			foreach ($mounts as $mount) {
-				if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
+				if (strpos($path, '/files/'.$mount['mountpoint']) === 0) {
 					if ($this->isMountPointApplicableToUser($mount, $uid)) {
 						return true;
 					}

Please login to merge, or discard this patch.

		@@ -96,7 +96,7 @@ discard block
		block discarded – undo
96	96	$this->config = $config;
97	97
98	98	$this->excludedPaths[] = 'files_encryption';
99		- $this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
	99	+ $this->excludedPaths[] = 'appdata_'.$config->getSystemValue('instanceid', null);
100	100	$this->excludedPaths[] = 'files_external';
101	101	}
102	102
		@@ -136,12 +136,12 @@ discard block
		block discarded – undo
136	136	* @throws EncryptionHeaderKeyExistsException if header key is already in use
137	137	*/
138	138	public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
139		- $header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
	139	+ $header = self::HEADER_START.':'.self::HEADER_ENCRYPTION_MODULE_KEY.':'.$encryptionModule->getId().':';
140	140	foreach ($headerData as $key => $value) {
141	141	if (in_array($key, $this->ocHeaderKeys)) {
142	142	throw new EncryptionHeaderKeyExistsException($key);
143	143	}
144		- $header .= $key . ':' . $value . ':';
	144	+ $header .= $key.':'.$value.':';
145	145	}
146	146	$header .= self::HEADER_END;
147	147
		@@ -172,7 +172,7 @@ discard block
		block discarded – undo
172	172	if ($c->getType() === 'dir') {
173	173	$dirList[] = $c->getPath();
174	174	} else {
175		- $result[] = $c->getPath();
	175	+ $result[] = $c->getPath();
176	176	}
177	177	}
178	178
		@@ -249,15 +249,15 @@ discard block
		block discarded – undo
249	249	public function stripPartialFileExtension($path) {
250	250	$extension = pathinfo($path, PATHINFO_EXTENSION);
251	251
252		- if ( $extension === 'part') {
	252	+ if ($extension === 'part') {
253	253
254	254	$newLength = strlen($path) - 5; // 5 = strlen(".part")
255	255	$fPath = substr($path, 0, $newLength);
256	256
257	257	// if path also contains a transaction id, we remove it too
258	258	$extension = pathinfo($fPath, PATHINFO_EXTENSION);
259		- if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
260		- $newLength = strlen($fPath) - strlen($extension) -1;
	259	+ if (substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
	260	+ $newLength = strlen($fPath) - strlen($extension) - 1;
261	261	$fPath = substr($fPath, 0, $newLength);
262	262	}
263	263	return $fPath;
		@@ -301,7 +301,7 @@ discard block
		block discarded – undo
301	301	if (\OCP\App::isEnabled("files_external")) {
302	302	$mounts = \OC_Mount_Config::getSystemMountPoints();
303	303	foreach ($mounts as $mount) {
304		- if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
	304	+ if (strpos($path, '/files/'.$mount['mountpoint']) === 0) {
305	305	if ($this->isMountPointApplicableToUser($mount, $uid)) {
306	306	return true;
307	307	}

		@@ -35,371 +35,371 @@
		block discarded – undo
35	35
36	36	class Util {
37	37
38		- const HEADER_START = 'HBEGIN';
39		- const HEADER_END = 'HEND';
40		- const HEADER_PADDING_CHAR = '-';
41		-
42		- const HEADER_ENCRYPTION_MODULE_KEY = 'oc_encryption_module';
43		-
44		- /**
45		- * block size will always be 8192 for a PHP stream
46		- * @see https://bugs.php.net/bug.php?id=21641
47		- * @var integer
48		- */
49		- protected $headerSize = 8192;
50		-
51		- /**
52		- * block size will always be 8192 for a PHP stream
53		- * @see https://bugs.php.net/bug.php?id=21641
54		- * @var integer
55		- */
56		- protected $blockSize = 8192;
57		-
58		- /** @var View */
59		- protected $rootView;
60		-
61		- /** @var array */
62		- protected $ocHeaderKeys;
63		-
64		- /** @var \OC\User\Manager */
65		- protected $userManager;
66		-
67		- /** @var IConfig */
68		- protected $config;
69		-
70		- /** @var array paths excluded from encryption */
71		- protected $excludedPaths;
72		-
73		- /** @var \OC\Group\Manager $manager */
74		- protected $groupManager;
75		-
76		- /**
77		- *
78		- * @param View $rootView
79		- * @param \OC\User\Manager $userManager
80		- * @param \OC\Group\Manager $groupManager
81		- * @param IConfig $config
82		- */
83		- public function __construct(
84		- View $rootView,
85		- \OC\User\Manager $userManager,
86		- \OC\Group\Manager $groupManager,
87		- IConfig $config) {
88		-
89		- $this->ocHeaderKeys = [
90		- self::HEADER_ENCRYPTION_MODULE_KEY
91		- ];
92		-
93		- $this->rootView = $rootView;
94		- $this->userManager = $userManager;
95		- $this->groupManager = $groupManager;
96		- $this->config = $config;
97		-
98		- $this->excludedPaths[] = 'files_encryption';
99		- $this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
100		- $this->excludedPaths[] = 'files_external';
101		- }
102		-
103		- /**
104		- * read encryption module ID from header
105		- *
106		- * @param array $header
107		- * @return string
108		- * @throws ModuleDoesNotExistsException
109		- */
110		- public function getEncryptionModuleId(array $header = null) {
111		- $id = '';
112		- $encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY;
113		-
114		- if (isset($header[$encryptionModuleKey])) {
115		- $id = $header[$encryptionModuleKey];
116		- } elseif (isset($header['cipher'])) {
117		- if (class_exists('\OCA\Encryption\Crypto\Encryption')) {
118		- // fall back to default encryption if the user migrated from
119		- // ownCloud <= 8.0 with the old encryption
120		- $id = \OCA\Encryption\Crypto\Encryption::ID;
121		- } else {
122		- throw new ModuleDoesNotExistsException('Default encryption module missing');
123		- }
124		- }
125		-
126		- return $id;
127		- }
128		-
129		- /**
130		- * create header for encrypted file
131		- *
132		- * @param array $headerData
133		- * @param IEncryptionModule $encryptionModule
134		- * @return string
135		- * @throws EncryptionHeaderToLargeException if header has to many arguments
136		- * @throws EncryptionHeaderKeyExistsException if header key is already in use
137		- */
138		- public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
139		- $header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
140		- foreach ($headerData as $key => $value) {
141		- if (in_array($key, $this->ocHeaderKeys)) {
142		- throw new EncryptionHeaderKeyExistsException($key);
143		- }
144		- $header .= $key . ':' . $value . ':';
145		- }
146		- $header .= self::HEADER_END;
147		-
148		- if (strlen($header) > $this->getHeaderSize()) {
149		- throw new EncryptionHeaderToLargeException();
150		- }
151		-
152		- $paddedHeader = str_pad($header, $this->headerSize, self::HEADER_PADDING_CHAR, STR_PAD_RIGHT);
153		-
154		- return $paddedHeader;
155		- }
156		-
157		- /**
158		- * go recursively through a dir and collect all files and sub files.
159		- *
160		- * @param string $dir relative to the users files folder
161		- * @return array with list of files relative to the users files folder
162		- */
163		- public function getAllFiles($dir) {
164		- $result = array();
165		- $dirList = array($dir);
166		-
167		- while ($dirList) {
168		- $dir = array_pop($dirList);
169		- $content = $this->rootView->getDirectoryContent($dir);
170		-
171		- foreach ($content as $c) {
172		- if ($c->getType() === 'dir') {
173		- $dirList[] = $c->getPath();
174		- } else {
175		- $result[] = $c->getPath();
176		- }
177		- }
178		-
179		- }
180		-
181		- return $result;
182		- }
183		-
184		- /**
185		- * check if it is a file uploaded by the user stored in data/user/files
186		- * or a metadata file
187		- *
188		- * @param string $path relative to the data/ folder
189		- * @return boolean
190		- */
191		- public function isFile($path) {
192		- $parts = explode('/', Filesystem::normalizePath($path), 4);
193		- if (isset($parts[2]) && $parts[2] === 'files') {
194		- return true;
195		- }
196		- return false;
197		- }
198		-
199		- /**
200		- * return size of encryption header
201		- *
202		- * @return integer
203		- */
204		- public function getHeaderSize() {
205		- return $this->headerSize;
206		- }
207		-
208		- /**
209		- * return size of block read by a PHP stream
210		- *
211		- * @return integer
212		- */
213		- public function getBlockSize() {
214		- return $this->blockSize;
215		- }
216		-
217		- /**
218		- * get the owner and the path for the file relative to the owners files folder
219		- *
220		- * @param string $path
221		- * @return array
222		- * @throws \BadMethodCallException
223		- */
224		- public function getUidAndFilename($path) {
225		-
226		- $parts = explode('/', $path);
227		- $uid = '';
228		- if (count($parts) > 2) {
229		- $uid = $parts[1];
230		- }
231		- if (!$this->userManager->userExists($uid)) {
232		- throw new \BadMethodCallException(
233		- 'path needs to be relative to the system wide data folder and point to a user specific file'
234		- );
235		- }
236		-
237		- $ownerPath = implode('/', array_slice($parts, 2));
238		-
239		- return array($uid, Filesystem::normalizePath($ownerPath));
240		-
241		- }
242		-
243		- /**
244		- * Remove .path extension from a file path
245		- * @param string $path Path that may identify a .part file
246		- * @return string File path without .part extension
247		- * @note this is needed for reusing keys
248		- */
249		- public function stripPartialFileExtension($path) {
250		- $extension = pathinfo($path, PATHINFO_EXTENSION);
251		-
252		- if ( $extension === 'part') {
253		-
254		- $newLength = strlen($path) - 5; // 5 = strlen(".part")
255		- $fPath = substr($path, 0, $newLength);
256		-
257		- // if path also contains a transaction id, we remove it too
258		- $extension = pathinfo($fPath, PATHINFO_EXTENSION);
259		- if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
260		- $newLength = strlen($fPath) - strlen($extension) -1;
261		- $fPath = substr($fPath, 0, $newLength);
262		- }
263		- return $fPath;
264		-
265		- } else {
266		- return $path;
267		- }
268		- }
269		-
270		- public function getUserWithAccessToMountPoint($users, $groups) {
271		- $result = array();
272		- if (in_array('all', $users)) {
273		- $result = \OCP\User::getUsers();
274		- } else {
275		- $result = array_merge($result, $users);
276		-
277		- $groupManager = \OC::$server->getGroupManager();
278		- foreach ($groups as $group) {
279		- $groupObject = $groupManager->get($group);
280		- if ($groupObject) {
281		- $foundUsers = $groupObject->searchUsers('', -1, 0);
282		- $userIds = [];
283		- foreach ($foundUsers as $user) {
284		- $userIds[] = $user->getUID();
285		- }
286		- $result = array_merge($result, $userIds);
287		- }
288		- }
289		- }
290		-
291		- return $result;
292		- }
293		-
294		- /**
295		- * check if the file is stored on a system wide mount point
296		- * @param string $path relative to /data/user with leading '/'
297		- * @param string $uid
298		- * @return boolean
299		- */
300		- public function isSystemWideMountPoint($path, $uid) {
301		- if (\OCP\App::isEnabled("files_external")) {
302		- $mounts = \OC_Mount_Config::getSystemMountPoints();
303		- foreach ($mounts as $mount) {
304		- if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
305		- if ($this->isMountPointApplicableToUser($mount, $uid)) {
306		- return true;
307		- }
308		- }
309		- }
310		- }
311		- return false;
312		- }
313		-
314		- /**
315		- * check if mount point is applicable to user
316		- *
317		- * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
318		- * @param string $uid
319		- * @return boolean
320		- */
321		- private function isMountPointApplicableToUser($mount, $uid) {
322		- $acceptedUids = array('all', $uid);
323		- // check if mount point is applicable for the user
324		- $intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
325		- if (!empty($intersection)) {
326		- return true;
327		- }
328		- // check if mount point is applicable for group where the user is a member
329		- foreach ($mount['applicable']['groups'] as $gid) {
330		- if ($this->groupManager->isInGroup($uid, $gid)) {
331		- return true;
332		- }
333		- }
334		- return false;
335		- }
336		-
337		- /**
338		- * check if it is a path which is excluded by ownCloud from encryption
339		- *
340		- * @param string $path
341		- * @return boolean
342		- */
343		- public function isExcluded($path) {
344		- $normalizedPath = Filesystem::normalizePath($path);
345		- $root = explode('/', $normalizedPath, 4);
346		- if (count($root) > 1) {
347		-
348		- // detect alternative key storage root
349		- $rootDir = $this->getKeyStorageRoot();
350		- if ($rootDir !== '' &&
351		- 0 === strpos(
352		- Filesystem::normalizePath($path),
353		- Filesystem::normalizePath($rootDir)
354		- )
355		- ) {
356		- return true;
357		- }
358		-
359		-
360		- //detect system wide folders
361		- if (in_array($root[1], $this->excludedPaths)) {
362		- return true;
363		- }
364		-
365		- // detect user specific folders
366		- if ($this->userManager->userExists($root[1])
367		- && in_array($root[2], $this->excludedPaths)) {
368		-
369		- return true;
370		- }
371		- }
372		- return false;
373		- }
374		-
375		- /**
376		- * check if recovery key is enabled for user
377		- *
378		- * @param string $uid
379		- * @return boolean
380		- */
381		- public function recoveryEnabled($uid) {
382		- $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
383		-
384		- return ($enabled === '1') ? true : false;
385		- }
386		-
387		- /**
388		- * set new key storage root
389		- *
390		- * @param string $root new key store root relative to the data folder
391		- */
392		- public function setKeyStorageRoot($root) {
393		- $this->config->setAppValue('core', 'encryption_key_storage_root', $root);
394		- }
395		-
396		- /**
397		- * get key storage root
398		- *
399		- * @return string key storage root
400		- */
401		- public function getKeyStorageRoot() {
402		- return $this->config->getAppValue('core', 'encryption_key_storage_root', '');
403		- }
	38	+ const HEADER_START = 'HBEGIN';
	39	+ const HEADER_END = 'HEND';
	40	+ const HEADER_PADDING_CHAR = '-';
	41	+
	42	+ const HEADER_ENCRYPTION_MODULE_KEY = 'oc_encryption_module';
	43	+
	44	+ /**
	45	+ * block size will always be 8192 for a PHP stream
	46	+ * @see https://bugs.php.net/bug.php?id=21641
	47	+ * @var integer
	48	+ */
	49	+ protected $headerSize = 8192;
	50	+
	51	+ /**
	52	+ * block size will always be 8192 for a PHP stream
	53	+ * @see https://bugs.php.net/bug.php?id=21641
	54	+ * @var integer
	55	+ */
	56	+ protected $blockSize = 8192;
	57	+
	58	+ /** @var View */
	59	+ protected $rootView;
	60	+
	61	+ /** @var array */
	62	+ protected $ocHeaderKeys;
	63	+
	64	+ /** @var \OC\User\Manager */
	65	+ protected $userManager;
	66	+
	67	+ /** @var IConfig */
	68	+ protected $config;
	69	+
	70	+ /** @var array paths excluded from encryption */
	71	+ protected $excludedPaths;
	72	+
	73	+ /** @var \OC\Group\Manager $manager */
	74	+ protected $groupManager;
	75	+
	76	+ /**
	77	+ *
	78	+ * @param View $rootView
	79	+ * @param \OC\User\Manager $userManager
	80	+ * @param \OC\Group\Manager $groupManager
	81	+ * @param IConfig $config
	82	+ */
	83	+ public function __construct(
	84	+ View $rootView,
	85	+ \OC\User\Manager $userManager,
	86	+ \OC\Group\Manager $groupManager,
	87	+ IConfig $config) {
	88	+
	89	+ $this->ocHeaderKeys = [
	90	+ self::HEADER_ENCRYPTION_MODULE_KEY
	91	+ ];
	92	+
	93	+ $this->rootView = $rootView;
	94	+ $this->userManager = $userManager;
	95	+ $this->groupManager = $groupManager;
	96	+ $this->config = $config;
	97	+
	98	+ $this->excludedPaths[] = 'files_encryption';
	99	+ $this->excludedPaths[] = 'appdata_' . $config->getSystemValue('instanceid', null);
	100	+ $this->excludedPaths[] = 'files_external';
	101	+ }
	102	+
	103	+ /**
	104	+ * read encryption module ID from header
	105	+ *
	106	+ * @param array $header
	107	+ * @return string
	108	+ * @throws ModuleDoesNotExistsException
	109	+ */
	110	+ public function getEncryptionModuleId(array $header = null) {
	111	+ $id = '';
	112	+ $encryptionModuleKey = self::HEADER_ENCRYPTION_MODULE_KEY;
	113	+
	114	+ if (isset($header[$encryptionModuleKey])) {
	115	+ $id = $header[$encryptionModuleKey];
	116	+ } elseif (isset($header['cipher'])) {
	117	+ if (class_exists('\OCA\Encryption\Crypto\Encryption')) {
	118	+ // fall back to default encryption if the user migrated from
	119	+ // ownCloud <= 8.0 with the old encryption
	120	+ $id = \OCA\Encryption\Crypto\Encryption::ID;
	121	+ } else {
	122	+ throw new ModuleDoesNotExistsException('Default encryption module missing');
	123	+ }
	124	+ }
	125	+
	126	+ return $id;
	127	+ }
	128	+
	129	+ /**
	130	+ * create header for encrypted file
	131	+ *
	132	+ * @param array $headerData
	133	+ * @param IEncryptionModule $encryptionModule
	134	+ * @return string
	135	+ * @throws EncryptionHeaderToLargeException if header has to many arguments
	136	+ * @throws EncryptionHeaderKeyExistsException if header key is already in use
	137	+ */
	138	+ public function createHeader(array $headerData, IEncryptionModule $encryptionModule) {
	139	+ $header = self::HEADER_START . ':' . self::HEADER_ENCRYPTION_MODULE_KEY . ':' . $encryptionModule->getId() . ':';
	140	+ foreach ($headerData as $key => $value) {
	141	+ if (in_array($key, $this->ocHeaderKeys)) {
	142	+ throw new EncryptionHeaderKeyExistsException($key);
	143	+ }
	144	+ $header .= $key . ':' . $value . ':';
	145	+ }
	146	+ $header .= self::HEADER_END;
	147	+
	148	+ if (strlen($header) > $this->getHeaderSize()) {
	149	+ throw new EncryptionHeaderToLargeException();
	150	+ }
	151	+
	152	+ $paddedHeader = str_pad($header, $this->headerSize, self::HEADER_PADDING_CHAR, STR_PAD_RIGHT);
	153	+
	154	+ return $paddedHeader;
	155	+ }
	156	+
	157	+ /**
	158	+ * go recursively through a dir and collect all files and sub files.
	159	+ *
	160	+ * @param string $dir relative to the users files folder
	161	+ * @return array with list of files relative to the users files folder
	162	+ */
	163	+ public function getAllFiles($dir) {
	164	+ $result = array();
	165	+ $dirList = array($dir);
	166	+
	167	+ while ($dirList) {
	168	+ $dir = array_pop($dirList);
	169	+ $content = $this->rootView->getDirectoryContent($dir);
	170	+
	171	+ foreach ($content as $c) {
	172	+ if ($c->getType() === 'dir') {
	173	+ $dirList[] = $c->getPath();
	174	+ } else {
	175	+ $result[] = $c->getPath();
	176	+ }
	177	+ }
	178	+
	179	+ }
	180	+
	181	+ return $result;
	182	+ }
	183	+
	184	+ /**
	185	+ * check if it is a file uploaded by the user stored in data/user/files
	186	+ * or a metadata file
	187	+ *
	188	+ * @param string $path relative to the data/ folder
	189	+ * @return boolean
	190	+ */
	191	+ public function isFile($path) {
	192	+ $parts = explode('/', Filesystem::normalizePath($path), 4);
	193	+ if (isset($parts[2]) && $parts[2] === 'files') {
	194	+ return true;
	195	+ }
	196	+ return false;
	197	+ }
	198	+
	199	+ /**
	200	+ * return size of encryption header
	201	+ *
	202	+ * @return integer
	203	+ */
	204	+ public function getHeaderSize() {
	205	+ return $this->headerSize;
	206	+ }
	207	+
	208	+ /**
	209	+ * return size of block read by a PHP stream
	210	+ *
	211	+ * @return integer
	212	+ */
	213	+ public function getBlockSize() {
	214	+ return $this->blockSize;
	215	+ }
	216	+
	217	+ /**
	218	+ * get the owner and the path for the file relative to the owners files folder
	219	+ *
	220	+ * @param string $path
	221	+ * @return array
	222	+ * @throws \BadMethodCallException
	223	+ */
	224	+ public function getUidAndFilename($path) {
	225	+
	226	+ $parts = explode('/', $path);
	227	+ $uid = '';
	228	+ if (count($parts) > 2) {
	229	+ $uid = $parts[1];
	230	+ }
	231	+ if (!$this->userManager->userExists($uid)) {
	232	+ throw new \BadMethodCallException(
	233	+ 'path needs to be relative to the system wide data folder and point to a user specific file'
	234	+ );
	235	+ }
	236	+
	237	+ $ownerPath = implode('/', array_slice($parts, 2));
	238	+
	239	+ return array($uid, Filesystem::normalizePath($ownerPath));
	240	+
	241	+ }
	242	+
	243	+ /**
	244	+ * Remove .path extension from a file path
	245	+ * @param string $path Path that may identify a .part file
	246	+ * @return string File path without .part extension
	247	+ * @note this is needed for reusing keys
	248	+ */
	249	+ public function stripPartialFileExtension($path) {
	250	+ $extension = pathinfo($path, PATHINFO_EXTENSION);
	251	+
	252	+ if ( $extension === 'part') {
	253	+
	254	+ $newLength = strlen($path) - 5; // 5 = strlen(".part")
	255	+ $fPath = substr($path, 0, $newLength);
	256	+
	257	+ // if path also contains a transaction id, we remove it too
	258	+ $extension = pathinfo($fPath, PATHINFO_EXTENSION);
	259	+ if(substr($extension, 0, 12) === 'ocTransferId') { // 12 = strlen("ocTransferId")
	260	+ $newLength = strlen($fPath) - strlen($extension) -1;
	261	+ $fPath = substr($fPath, 0, $newLength);
	262	+ }
	263	+ return $fPath;
	264	+
	265	+ } else {
	266	+ return $path;
	267	+ }
	268	+ }
	269	+
	270	+ public function getUserWithAccessToMountPoint($users, $groups) {
	271	+ $result = array();
	272	+ if (in_array('all', $users)) {
	273	+ $result = \OCP\User::getUsers();
	274	+ } else {
	275	+ $result = array_merge($result, $users);
	276	+
	277	+ $groupManager = \OC::$server->getGroupManager();
	278	+ foreach ($groups as $group) {
	279	+ $groupObject = $groupManager->get($group);
	280	+ if ($groupObject) {
	281	+ $foundUsers = $groupObject->searchUsers('', -1, 0);
	282	+ $userIds = [];
	283	+ foreach ($foundUsers as $user) {
	284	+ $userIds[] = $user->getUID();
	285	+ }
	286	+ $result = array_merge($result, $userIds);
	287	+ }
	288	+ }
	289	+ }
	290	+
	291	+ return $result;
	292	+ }
	293	+
	294	+ /**
	295	+ * check if the file is stored on a system wide mount point
	296	+ * @param string $path relative to /data/user with leading '/'
	297	+ * @param string $uid
	298	+ * @return boolean
	299	+ */
	300	+ public function isSystemWideMountPoint($path, $uid) {
	301	+ if (\OCP\App::isEnabled("files_external")) {
	302	+ $mounts = \OC_Mount_Config::getSystemMountPoints();
	303	+ foreach ($mounts as $mount) {
	304	+ if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
	305	+ if ($this->isMountPointApplicableToUser($mount, $uid)) {
	306	+ return true;
	307	+ }
	308	+ }
	309	+ }
	310	+ }
	311	+ return false;
	312	+ }
	313	+
	314	+ /**
	315	+ * check if mount point is applicable to user
	316	+ *
	317	+ * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
	318	+ * @param string $uid
	319	+ * @return boolean
	320	+ */
	321	+ private function isMountPointApplicableToUser($mount, $uid) {
	322	+ $acceptedUids = array('all', $uid);
	323	+ // check if mount point is applicable for the user
	324	+ $intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
	325	+ if (!empty($intersection)) {
	326	+ return true;
	327	+ }
	328	+ // check if mount point is applicable for group where the user is a member
	329	+ foreach ($mount['applicable']['groups'] as $gid) {
	330	+ if ($this->groupManager->isInGroup($uid, $gid)) {
	331	+ return true;
	332	+ }
	333	+ }
	334	+ return false;
	335	+ }
	336	+
	337	+ /**
	338	+ * check if it is a path which is excluded by ownCloud from encryption
	339	+ *
	340	+ * @param string $path
	341	+ * @return boolean
	342	+ */
	343	+ public function isExcluded($path) {
	344	+ $normalizedPath = Filesystem::normalizePath($path);
	345	+ $root = explode('/', $normalizedPath, 4);
	346	+ if (count($root) > 1) {
	347	+
	348	+ // detect alternative key storage root
	349	+ $rootDir = $this->getKeyStorageRoot();
	350	+ if ($rootDir !== '' &&
	351	+ 0 === strpos(
	352	+ Filesystem::normalizePath($path),
	353	+ Filesystem::normalizePath($rootDir)
	354	+ )
	355	+ ) {
	356	+ return true;
	357	+ }
	358	+
	359	+
	360	+ //detect system wide folders
	361	+ if (in_array($root[1], $this->excludedPaths)) {
	362	+ return true;
	363	+ }
	364	+
	365	+ // detect user specific folders
	366	+ if ($this->userManager->userExists($root[1])
	367	+ && in_array($root[2], $this->excludedPaths)) {
	368	+
	369	+ return true;
	370	+ }
	371	+ }
	372	+ return false;
	373	+ }
	374	+
	375	+ /**
	376	+ * check if recovery key is enabled for user
	377	+ *
	378	+ * @param string $uid
	379	+ * @return boolean
	380	+ */
	381	+ public function recoveryEnabled($uid) {
	382	+ $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
	383	+
	384	+ return ($enabled === '1') ? true : false;
	385	+ }
	386	+
	387	+ /**
	388	+ * set new key storage root
	389	+ *
	390	+ * @param string $root new key store root relative to the data folder
	391	+ */
	392	+ public function setKeyStorageRoot($root) {
	393	+ $this->config->setAppValue('core', 'encryption_key_storage_root', $root);
	394	+ }
	395	+
	396	+ /**
	397	+ * get key storage root
	398	+ *
	399	+ * @return string key storage root
	400	+ */
	401	+ public function getKeyStorageRoot() {
	402	+ return $this->config->getAppValue('core', 'encryption_key_storage_root', '');
	403	+ }
404	404
405	405	}

nextcloud / server

Pull Request — master (#5361)

Status

Category

Indentation +366 added lines, -366 removed lines patch added patch discarded remove patch

Spacing +8 added lines, -8 removed lines patch added patch discarded remove patch