diff --git a/apps/files_versions/lib/storage.php b/apps/files_versions/lib/storage.php
index 3c23f2f730a0e..a1069410e7048 100644
--- a/apps/files_versions/lib/storage.php
+++ b/apps/files_versions/lib/storage.php
@@ -532,13 +532,15 @@ private static function getAllVersions($uid) {
$files = $view->getDirectoryContent($dir);
foreach ($files as $file) {
+ $fileData = $file->getData();
+ $filePath = $dir . '/' . $fileData['name'];
if ($file['type'] === 'dir') {
- array_push($dirs, $file['path']);
+ array_push($dirs, $filePath);
} else {
- $versionsBegin = strrpos($file['path'], '.v');
+ $versionsBegin = strrpos($filePath, '.v');
$relPathStart = strlen(self::VERSIONS_ROOT);
- $version = substr($file['path'], $versionsBegin + 2);
- $relpath = substr($file['path'], $relPathStart, $versionsBegin - $relPathStart);
+ $version = substr($filePath, $versionsBegin + 2);
+ $relpath = substr($filePath, $relPathStart, $versionsBegin - $relPathStart);
$key = $version . '#' . $relpath;
$versions[$key] = array('path' => $relpath, 'timestamp' => $version);
}
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 891c807cd7476..5d0fb4c5acfec 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -473,16 +473,17 @@ public function getUserGroups($uid) {
// apply filter via ldap search to see if this user is in this
// dynamic group
$userMatch = $this->access->readAttribute(
- $uid,
+ $userDN,
$this->access->connection->ldapUserDisplayName,
$memberUrlFilter
);
if ($userMatch !== false) {
// match found so this user is in this group
- $pos = strpos($dynamicGroup['dn'][0], ',');
- if ($pos !== false) {
- $membershipGroup = substr($dynamicGroup['dn'][0],3,$pos-3);
- $groups[] = $membershipGroup;
+ $groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]);
+ if(is_string($groupName)) {
+ // be sure to never return false if the dn could not be
+ // resolved to a name, for whatever reason.
+ $groups[] = $groupName;
}
}
} else {
@@ -534,11 +535,12 @@ public function getUserGroups($uid) {
}
if(isset($this->cachedGroupsByMember[$uid])) {
- $groups = $this->cachedGroupsByMember[$uid];
+ $groups = array_merge($groups, $this->cachedGroupsByMember[$uid]);
} else {
- $groups = array_values($this->getGroupsByMember($uid));
- $groups = $this->access->ownCloudGroupNames($groups);
- $this->cachedGroupsByMember[$uid] = $groups;
+ $groupsByMember = array_values($this->getGroupsByMember($uid));
+ $groupsByMember = $this->access->ownCloudGroupNames($groupsByMember);
+ $this->cachedGroupsByMember[$uid] = $groupsByMember;
+ $groups = array_merge($groups, $groupsByMember);
}
if($primaryGroup !== false) {
diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php
index 51bb1d84732a6..a81bf70f54a76 100644
--- a/apps/user_ldap/tests/group_ldap.php
+++ b/apps/user_ldap/tests/group_ldap.php
@@ -455,4 +455,57 @@ public function testGetUserGroupsMemberOfDisabled() {
$groupBackend->getUserGroups('userX');
}
+ public function testGetGroupsByMember() {
+ $access = $this->getAccessMock();
+
+ $access->connection->expects($this->any())
+ ->method('__get')
+ ->will($this->returnCallback(function($name) {
+ if($name === 'useMemberOfToDetectMembership') {
+ return 0;
+ } else if($name === 'ldapDynamicGroupMemberURL') {
+ return '';
+ } else if($name === 'ldapNestedGroups') {
+ return false;
+ }
+ return 1;
+ }));
+
+ $dn = 'cn=userX,dc=foobar';
+
+ $access->connection->hasPrimaryGroups = false;
+
+ $access->expects($this->exactly(2))
+ ->method('username2dn')
+ ->will($this->returnValue($dn));
+
+ $access->expects($this->never())
+ ->method('readAttribute')
+ ->with($dn, 'memberOf');
+
+ $group1 = [
+ 'cn' => 'group1',
+ 'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'],
+ ];
+ $group2 = [
+ 'cn' => 'group2',
+ 'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'],
+ ];
+
+ $access->expects($this->once())
+ ->method('ownCloudGroupNames')
+ ->with([$group1, $group2])
+ ->will($this->returnValue(['group1', 'group2']));
+
+ $access->expects($this->once())
+ ->method('fetchListOfGroups')
+ ->will($this->returnValue([$group1, $group2]));
+
+ $groupBackend = new GroupLDAP($access);
+ $groups = $groupBackend->getUserGroups('userX');
+ $this->assertEquals(['group1', 'group2'], $groups);
+
+ $groupsAgain = $groupBackend->getUserGroups('userX');
+ $this->assertEquals(['group1', 'group2'], $groupsAgain);
+ }
}
diff --git a/core/js/js.js b/core/js/js.js
index b74775a935f8e..be913c6f04c55 100644
--- a/core/js/js.js
+++ b/core/js/js.js
@@ -752,7 +752,8 @@ var OC={
// sometimes "beforeunload" happens later, so need to defer the reload a bit
setTimeout(function() {
if (!self._userIsNavigatingAway && !self._reloadCalled) {
- OC.reload();
+ OC.Notification.show(t('core', 'Problem loading page, reloading in 5 seconds'));
+ setTimeout(OC.reload, 5000);
// only call reload once
self._reloadCalled = true;
}
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 41f6a6e07b685..ee93781b07434 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -197,7 +197,7 @@
}
var afterCall = function(xhr) {
var messages = [];
- if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText === '') {
+ if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') {
messages.push({
msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
@@ -208,7 +208,7 @@
$.ajax({
type: 'GET',
- url: OC.linkTo('', oc_dataURL+'/.ocdata'),
+ url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()),
complete: afterCall
});
return deferred.promise();
diff --git a/core/js/tests/specs/coreSpec.js b/core/js/tests/specs/coreSpec.js
index f18ecbc1a448c..0296a3675a3b7 100644
--- a/core/js/tests/specs/coreSpec.js
+++ b/core/js/tests/specs/coreSpec.js
@@ -935,10 +935,13 @@ describe('Core base tests', function() {
});
describe('global ajax errors', function() {
var reloadStub, ajaxErrorStub, clock;
+ var notificationStub;
+ var waitTimeMs = 6000;
beforeEach(function() {
clock = sinon.useFakeTimers();
reloadStub = sinon.stub(OC, 'reload');
+ notificationStub = sinon.stub(OC.Notification, 'show');
// unstub the error processing method
ajaxErrorStub = OC._processAjaxError;
ajaxErrorStub.restore();
@@ -946,6 +949,7 @@ describe('Core base tests', function() {
});
afterEach(function() {
reloadStub.restore();
+ notificationStub.restore();
clock.restore();
});
@@ -970,7 +974,7 @@ describe('Core base tests', function() {
$(document).trigger(new $.Event('ajaxError'), xhr);
// trigger timers
- clock.tick(1000);
+ clock.tick(waitTimeMs);
if (expectedCall) {
expect(reloadStub.calledOnce).toEqual(true);
@@ -986,7 +990,7 @@ describe('Core base tests', function() {
$(document).trigger(new $.Event('ajaxError'), xhr);
// trigger timers
- clock.tick(1000);
+ clock.tick(waitTimeMs);
expect(reloadStub.calledOnce).toEqual(true);
});
@@ -997,9 +1001,17 @@ describe('Core base tests', function() {
$(document).trigger(new $.Event('ajaxError'), xhr);
- clock.tick(1000);
+ clock.tick(waitTimeMs);
expect(reloadStub.notCalled).toEqual(true);
});
+ it('displays notification', function() {
+ var xhr = { status: 401 };
+
+ $(document).trigger(new $.Event('ajaxError'), xhr);
+
+ clock.tick(waitTimeMs);
+ expect(notificationStub.calledOnce).toEqual(true);
+ });
});
});
diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js
index 05be46781d6cf..9e2f0f490103e 100644
--- a/core/js/tests/specs/setupchecksSpec.js
+++ b/core/js/tests/specs/setupchecksSpec.js
@@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() {
it('should return an error if data directory is not protected', function(done) {
var async = OC.SetupChecks.checkDataProtected();
- suite.server.requests[0].respond(200);
+ suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents');
async.done(function( data, s, x ){
expect(data).toEqual([
diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php
index f05805fe94a73..cf85ff4c997e7 100644
--- a/lib/private/files/utils/scanner.php
+++ b/lib/private/files/utils/scanner.php
@@ -148,7 +148,12 @@ public function scan($dir = '') {
if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
(!$storage->isCreatable('') or !$storage->isCreatable('files'))
) {
- throw new ForbiddenException();
+ if ($storage->file_exists('') or $storage->getCache()->inCache('')) {
+ throw new ForbiddenException();
+ } else {// if the root exists in neither the cache nor the storage the user isn't setup yet
+ break;
+ }
+
}
$relativePath = $mount->getInternalPath($dir);
$scanner = $storage->getScanner();
diff --git a/lib/private/repair.php b/lib/private/repair.php
index c1f94562de581..b62ba20b49c50 100644
--- a/lib/private/repair.php
+++ b/lib/private/repair.php
@@ -35,6 +35,7 @@
use OC\Repair\Collation;
use OC\Repair\CopyRewriteBaseToConfig;
use OC\Repair\DropOldJobs;
+use OC\Repair\EncryptionCompatibility;
use OC\Repair\OldGroupMembershipShares;
use OC\Repair\RemoveGetETagEntries;
use OC\Repair\SqliteAutoincrement;
@@ -139,6 +140,7 @@ public static function getExpensiveRepairSteps() {
public static function getBeforeUpgradeRepairSteps() {
$connection = \OC::$server->getDatabaseConnection();
$steps = [
+ new EncryptionCompatibility(),
new InnoDB(),
new Collation(\OC::$server->getConfig(), $connection),
new SqliteAutoincrement($connection),
diff --git a/lib/private/repair/encryptioncompatibility.php b/lib/private/repair/encryptioncompatibility.php
new file mode 100644
index 0000000000000..e470674f6d552
--- /dev/null
+++ b/lib/private/repair/encryptioncompatibility.php
@@ -0,0 +1,63 @@
+
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see
+ *
+ */
+
+namespace OC\Repair;
+
+use OC\Hooks\BasicEmitter;
+use OC\RepairStep;
+use OCP\App;
+
+
+class EncryptionCompatibility extends BasicEmitter implements RepairStep {
+ private $affectedMd5 = ['19efc6cf053d0248e45407e7cc39b39b', '6752909b79ffe71237a5db5d1f8f1b65'];
+ private $targetPath = 'encryption/lib/crypto/encryption.php';
+
+ public function getName() {
+ return 'Repair encryption app incompatibility';
+ }
+
+ public function run() {
+ $filePath = \OC::$SERVERROOT . '/__apps/' . $this->targetPath;
+ if ($this->isAffected($filePath)){
+ $resourceDir = __DIR__ . '/../../../resources/updater-fixes/apps/';
+ $isCopied = copy($resourceDir . $this->targetPath, $filePath);
+ if ($isCopied){
+ $this->emit('\OC\Repair', 'info', ['Successfully replaced ' . $filePath . ' with new version.']);
+ } else {
+ $this->emit('\OC\Repair', 'warning', ['Could not replace ' . $filePath . ' with new version.']);
+ }
+ } else {
+ $this->emit('\OC\Repair', 'info', ['No repair necessary']);
+ }
+ }
+
+ /**
+ * @param string $filePath
+ * Checks whether encryption is enabled and target revisions exist
+ * @return bool
+ */
+ protected function isAffected($filePath){
+ return App::isEnabled('encryption')
+ && file_exists($filePath)
+ && in_array(md5_file($filePath), $this->affectedMd5)
+ ;
+ }
+}
diff --git a/lib/private/util.php b/lib/private/util.php
index 488eb8facfd59..e4d1ebabc7b59 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1160,19 +1160,8 @@ public static function encodePath($component) {
return $encoded;
}
- /**
- * Check if the .htaccess file is working
- * @param \OCP\IConfig $config
- * @return bool
- * @throws Exception
- * @throws \OC\HintException If the test file can't get written.
- */
- public function isHtaccessWorking(\OCP\IConfig $config) {
-
- if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
- return true;
- }
+ public function createHtaccessTestFile(\OCP\IConfig $config) {
// php dev server does not support htaccess
if (php_sapi_name() === 'cli-server') {
return false;
@@ -1180,7 +1169,7 @@ public function isHtaccessWorking(\OCP\IConfig $config) {
// testdata
$fileName = '/htaccesstest.txt';
- $testContent = 'testcontent';
+ $testContent = 'This is used for testing whether htaccess is properly enabled to disallow access from the outside. This file can be safely removed.';
// creating a test file
$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
@@ -1196,6 +1185,28 @@ public function isHtaccessWorking(\OCP\IConfig $config) {
}
fwrite($fp, $testContent);
fclose($fp);
+ }
+
+ /**
+ * Check if the .htaccess file is working
+ * @param \OCP\IConfig $config
+ * @return bool
+ * @throws Exception
+ * @throws \OC\HintException If the test file can't get written.
+ */
+ public function isHtaccessWorking(\OCP\IConfig $config) {
+
+ if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
+ return true;
+ }
+
+ $testContent = $this->createHtaccessTestFile($config);
+ if ($testContent === false) {
+ return false;
+ }
+
+ $fileName = '/htaccesstest.txt';
+ $testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
// accessing the file via http
$url = \OC::$server->getURLGenerator()->getAbsoluteURL(OC::$WEBROOT . '/data' . $fileName);
diff --git a/resources/updater-fixes/apps/encryption/lib/crypto/encryption.php b/resources/updater-fixes/apps/encryption/lib/crypto/encryption.php
new file mode 100644
index 0000000000000..6eff66e72beab
--- /dev/null
+++ b/resources/updater-fixes/apps/encryption/lib/crypto/encryption.php
@@ -0,0 +1,563 @@
+
+ * @author Clark Tomlinson
+ * @author Jan-Christoph Borchardt
+ * @author Joas Schilling
+ * @author Lukas Reschke
+ * @author Thomas Müller
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see
+ *
+ */
+
+namespace OCA\Encryption\Crypto;
+
+
+use OC\Encryption\Exceptions\DecryptionFailedException;
+use OC\Files\Cache\Scanner;
+use OC\Files\View;
+use OCA\Encryption\Exceptions\PublicKeyMissingException;
+use OCA\Encryption\Session;
+use OCA\Encryption\Util;
+use OCP\Encryption\IEncryptionModule;
+use OCA\Encryption\KeyManager;
+use OCP\IL10N;
+use OCP\ILogger;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class Encryption implements IEncryptionModule {
+
+ const ID = 'OC_DEFAULT_MODULE';
+ const DISPLAY_NAME = 'Default encryption module';
+
+ /**
+ * @var Crypt
+ */
+ private $crypt;
+
+ /** @var string */
+ private $cipher;
+
+ /** @var string */
+ private $path;
+
+ /** @var string */
+ private $user;
+
+ /** @var string */
+ private $fileKey;
+
+ /** @var string */
+ private $writeCache;
+
+ /** @var KeyManager */
+ private $keyManager;
+
+ /** @var array */
+ private $accessList;
+
+ /** @var boolean */
+ private $isWriteOperation;
+
+ /** @var Util */
+ private $util;
+
+ /** @var Session */
+ private $session;
+
+ /** @var ILogger */
+ private $logger;
+
+ /** @var IL10N */
+ private $l;
+
+ /** @var EncryptAll */
+ private $encryptAll;
+
+ /** @var bool */
+ private $useMasterPassword;
+
+ /** @var DecryptAll */
+ private $decryptAll;
+
+ /** @var int unencrypted block size if block contains signature */
+ private $unencryptedBlockSizeSigned = 6072;
+
+ /** @var int unencrypted block size */
+ private $unencryptedBlockSize = 6126;
+
+ /** @var int Current version of the file */
+ private $version = 0;
+
+ /** @var array remember encryption signature version */
+ private static $rememberVersion = [];
+
+
+ /**
+ *
+ * @param Crypt $crypt
+ * @param KeyManager $keyManager
+ * @param Util $util
+ * @param Session $session
+ * @param EncryptAll $encryptAll
+ * @param DecryptAll $decryptAll
+ * @param ILogger $logger
+ * @param IL10N $il10n
+ */
+ public function __construct(Crypt $crypt,
+ KeyManager $keyManager,
+ Util $util,
+ Session $session,
+ EncryptAll $encryptAll,
+ DecryptAll $decryptAll,
+ ILogger $logger,
+ IL10N $il10n) {
+ $this->crypt = $crypt;
+ $this->keyManager = $keyManager;
+ $this->util = $util;
+ $this->session = $session;
+ $this->encryptAll = $encryptAll;
+ $this->decryptAll = $decryptAll;
+ $this->logger = $logger;
+ $this->l = $il10n;
+ $this->useMasterPassword = $util->isMasterKeyEnabled();
+ }
+
+ /**
+ * @return string defining the technical unique id
+ */
+ public function getId() {
+ return self::ID;
+ }
+
+ /**
+ * In comparison to getKey() this function returns a human readable (maybe translated) name
+ *
+ * @return string
+ */
+ public function getDisplayName() {
+ return self::DISPLAY_NAME;
+ }
+
+ /**
+ * start receiving chunks from a file. This is the place where you can
+ * perform some initial step before starting encrypting/decrypting the
+ * chunks
+ *
+ * @param string $path to the file
+ * @param string $user who read/write the file
+ * @param string $mode php stream open mode
+ * @param array $header contains the header data read from the file
+ * @param array $accessList who has access to the file contains the key 'users' and 'public'
+ *
+ * @return array $header contain data as key-value pairs which should be
+ * written to the header, in case of a write operation
+ * or if no additional data is needed return a empty array
+ */
+ public function begin($path, $user, $mode, array $header, array $accessList) {
+ $this->path = $this->getPathToRealFile($path);
+ $this->accessList = $accessList;
+ $this->user = $user;
+ $this->isWriteOperation = false;
+ $this->writeCache = '';
+
+ if ($this->session->decryptAllModeActivated()) {
+ $encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
+ $shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
+ $this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+ $shareKey,
+ $this->session->getDecryptAllKey());
+ } else {
+ $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
+ }
+
+ // always use the version from the original file, also part files
+ // need to have a correct version number if they get moved over to the
+ // final location
+ $this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
+
+ if (
+ $mode === 'w'
+ || $mode === 'w+'
+ || $mode === 'wb'
+ || $mode === 'wb+'
+ ) {
+ $this->isWriteOperation = true;
+ if (empty($this->fileKey)) {
+ $this->fileKey = $this->crypt->generateFileKey();
+ }
+ } else {
+ // if we read a part file we need to increase the version by 1
+ // because the version number was also increased by writing
+ // the part file
+ if(Scanner::isPartialFile($path)) {
+ $this->version = $this->version + 1;
+ }
+ }
+
+ if ($this->isWriteOperation) {
+ $this->cipher = $this->crypt->getCipher();
+ } elseif (isset($header['cipher'])) {
+ $this->cipher = $header['cipher'];
+ } else {
+ // if we read a file without a header we fall-back to the legacy cipher
+ // which was used in <=oC6
+ $this->cipher = $this->crypt->getLegacyCipher();
+ }
+
+ return array('cipher' => $this->cipher, 'signed' => 'true');
+ }
+
+ /**
+ * last chunk received. This is the place where you can perform some final
+ * operation and return some remaining data if something is left in your
+ * buffer.
+ *
+ * @param string $path to the file
+ * @param int $position
+ * @return string remained data which should be written to the file in case
+ * of a write operation
+ * @throws PublicKeyMissingException
+ * @throws \Exception
+ * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
+ */
+ public function end($path, $position = 0) {
+ $result = '';
+ if ($this->isWriteOperation) {
+ $this->keyManager->setVersion($path, $this->version + 1, new View());
+ // in case of a part file we remember the new signature versions
+ // the version will be set later on update.
+ // This way we make sure that other apps listening to the pre-hooks
+ // still get the old version which should be the correct value for them
+ if (Scanner::isPartialFile($path)) {
+ self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
+ }
+ if (!empty($this->writeCache)) {
+ $result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
+ $this->writeCache = '';
+ }
+ $publicKeys = array();
+ if ($this->useMasterPassword === true) {
+ $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+ } else {
+ foreach ($this->accessList['users'] as $uid) {
+ try {
+ $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+ } catch (PublicKeyMissingException $e) {
+ $this->logger->warning(
+ 'no public key found for user "{uid}", user will not be able to read the file',
+ ['app' => 'encryption', 'uid' => $uid]
+ );
+ // if the public key of the owner is missing we should fail
+ if ($uid === $this->user) {
+ throw $e;
+ }
+ }
+ }
+ }
+
+ $publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user);
+ $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
+ $this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
+ }
+ return $result;
+ }
+
+ /**
+ * encrypt data
+ *
+ * @param string $data you want to encrypt
+ * @param int $position
+ * @return string encrypted data
+ */
+ public function encrypt($data, $position = 0) {
+ // If extra data is left over from the last round, make sure it
+ // is integrated into the next block
+ if ($this->writeCache) {
+
+ // Concat writeCache to start of $data
+ $data = $this->writeCache . $data;
+
+ // Clear the write cache, ready for reuse - it has been
+ // flushed and its old contents processed
+ $this->writeCache = '';
+
+ }
+
+ $encrypted = '';
+ // While there still remains some data to be processed & written
+ while (strlen($data) > 0) {
+
+ // Remaining length for this iteration, not of the
+ // entire file (may be greater than 8192 bytes)
+ $remainingLength = strlen($data);
+
+ // If data remaining to be written is less than the
+ // size of 1 6126 byte block
+ if ($remainingLength < $this->unencryptedBlockSizeSigned) {
+
+ // Set writeCache to contents of $data
+ // The writeCache will be carried over to the
+ // next write round, and added to the start of
+ // $data to ensure that written blocks are
+ // always the correct length. If there is still
+ // data in writeCache after the writing round
+ // has finished, then the data will be written
+ // to disk by $this->flush().
+ $this->writeCache = $data;
+
+ // Clear $data ready for next round
+ $data = '';
+
+ } else {
+
+ // Read the chunk from the start of $data
+ $chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
+
+ $encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
+
+ // Remove the chunk we just processed from
+ // $data, leaving only unprocessed data in $data
+ // var, for handling on the next round
+ $data = substr($data, $this->unencryptedBlockSizeSigned);
+
+ }
+
+ }
+
+ return $encrypted;
+ }
+
+ /**
+ * decrypt data
+ *
+ * @param string $data you want to decrypt
+ * @param int $position
+ * @return string decrypted data
+ * @throws DecryptionFailedException
+ */
+ public function decrypt($data, $position = 0) {
+ if (empty($this->fileKey)) {
+ $msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
+ $hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+ $this->logger->error($msg);
+
+ throw new DecryptionFailedException($msg, $hint);
+ }
+
+ return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
+ }
+
+ /**
+ * update encrypted file, e.g. give additional users access to the file
+ *
+ * @param string $path path to the file which should be updated
+ * @param string $uid of the user who performs the operation
+ * @param array $accessList who has access to the file contains the key 'users' and 'public'
+ * @return boolean
+ */
+ public function update($path, $uid, array $accessList) {
+
+ if (empty($accessList)) {
+ if (isset(self::$rememberVersion[$path])) {
+ $this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
+ unset(self::$rememberVersion[$path]);
+ }
+ return;
+ }
+
+ $fileKey = $this->keyManager->getFileKey($path, $uid);
+
+ if (!empty($fileKey)) {
+
+ $publicKeys = array();
+ if ($this->useMasterPassword === true) {
+ $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+ } else {
+ foreach ($accessList['users'] as $user) {
+ try {
+ $publicKeys[$user] = $this->keyManager->getPublicKey($user);
+ } catch (PublicKeyMissingException $e) {
+ $this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
+ }
+ }
+ }
+
+ $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
+
+ $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+
+ $this->keyManager->deleteAllFileKeys($path);
+
+ $this->keyManager->setAllFileKeys($path, $encryptedFileKey);
+
+ } else {
+ $this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
+ array('file' => $path, 'app' => 'encryption'));
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * should the file be encrypted or not
+ *
+ * @param string $path
+ * @return boolean
+ */
+ public function shouldEncrypt($path) {
+ if ($this->util->shouldEncryptHomeStorage() === false) {
+ $storage = $this->util->getStorage($path);
+ if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
+ return false;
+ }
+ }
+ $parts = explode('/', $path);
+ if (count($parts) < 4) {
+ return false;
+ }
+
+ if ($parts[2] == 'files') {
+ return true;
+ }
+ if ($parts[2] == 'files_versions') {
+ return true;
+ }
+ if ($parts[2] == 'files_trashbin') {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * get size of the unencrypted payload per block.
+ * ownCloud read/write files with a block size of 8192 byte
+ *
+ * @param bool $signed
+ * @return int
+ */
+ public function getUnencryptedBlockSize($signed = false) {
+ if ($signed === false) {
+ return $this->unencryptedBlockSize;
+ }
+
+ return $this->unencryptedBlockSizeSigned;
+ }
+
+ /**
+ * check if the encryption module is able to read the file,
+ * e.g. if all encryption keys exists
+ *
+ * @param string $path
+ * @param string $uid user for whom we want to check if he can read the file
+ * @return bool
+ * @throws DecryptionFailedException
+ */
+ public function isReadable($path, $uid) {
+ $fileKey = $this->keyManager->getFileKey($path, $uid);
+ if (empty($fileKey)) {
+ $owner = $this->util->getOwner($path);
+ if ($owner !== $uid) {
+ // if it is a shared file we throw a exception with a useful
+ // error message because in this case it means that the file was
+ // shared with the user at a point where the user didn't had a
+ // valid private/public key
+ $msg = 'Encryption module "' . $this->getDisplayName() .
+ '" is not able to read ' . $path;
+ $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+ $this->logger->warning($msg);
+ throw new DecryptionFailedException($msg, $hint);
+ }
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Initial encryption of all files
+ *
+ * @param InputInterface $input
+ * @param OutputInterface $output write some status information to the terminal during encryption
+ */
+ public function encryptAll(InputInterface $input, OutputInterface $output) {
+ $this->encryptAll->encryptAll($input, $output);
+ }
+
+ /**
+ * prepare module to perform decrypt all operation
+ *
+ * @param InputInterface $input
+ * @param OutputInterface $output
+ * @param string $user
+ * @return bool
+ */
+ public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
+ return $this->decryptAll->prepare($input, $output, $user);
+ }
+
+
+ /**
+ * @param string $path
+ * @return string
+ */
+ protected function getPathToRealFile($path) {
+ $realPath = $path;
+ $parts = explode('/', $path);
+ if ($parts[2] === 'files_versions') {
+ $realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
+ $length = strrpos($realPath, '.');
+ $realPath = substr($realPath, 0, $length);
+ }
+
+ return $realPath;
+ }
+
+ /**
+ * remove .part file extension and the ocTransferId from the file to get the
+ * original file name
+ *
+ * @param string $path
+ * @return string
+ */
+ protected function stripPartFileExtension($path) {
+ if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
+ $pos = strrpos($path, '.', -6);
+ $path = substr($path, 0, $pos);
+ }
+
+ return $path;
+ }
+
+ /**
+ * Check if the module is ready to be used by that specific user.
+ * In case a module is not ready - because e.g. key pairs have not been generated
+ * upon login this method can return false before any operation starts and might
+ * cause issues during operations.
+ *
+ * @param string $user
+ * @return boolean
+ * @since 9.1.0
+ */
+ public function isReadyForUser($user) {
+ return $this->keyManager->userHasKeys($user);
+ }
+}
diff --git a/settings/admin.php b/settings/admin.php
index 42ca7e3525fcb..d9746f416338e 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -264,3 +264,7 @@
$template->assign('forms', $formsAndMore);
$template->printPage();
+
+$util = new \OC_Util();
+$util->createHtaccessTestFile(\OC::$server->getConfig());
+