From 68b8ff50fc6877d9cce309b43c75d1569f53156f Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 23 Jun 2021 16:46:01 +0200 Subject: [PATCH] Downstream encryption:fix-encrypted-version For fixing "Bad signature" errors. Signed-off-by: Vincent Petry --- apps/encryption/appinfo/info.xml | 1 + .../composer/composer/autoload_classmap.php | 1 + .../composer/composer/autoload_static.php | 1 + .../lib/Command/FixEncryptedVersion.php | 244 ++++++++++++++++++ 4 files changed, 247 insertions(+) create mode 100644 apps/encryption/lib/Command/FixEncryptedVersion.php diff --git a/apps/encryption/appinfo/info.xml b/apps/encryption/appinfo/info.xml index c740afda50695..926abbb695995 100644 --- a/apps/encryption/appinfo/info.xml +++ b/apps/encryption/appinfo/info.xml @@ -45,6 +45,7 @@ OCA\Encryption\Command\DisableMasterKey OCA\Encryption\Command\RecoverUser OCA\Encryption\Command\ScanLegacyFormat + OCA\Encryption\Command\FixEncryptedVersion diff --git a/apps/encryption/composer/composer/autoload_classmap.php b/apps/encryption/composer/composer/autoload_classmap.php index 7d5b84f6147e4..00c57e913a3fc 100644 --- a/apps/encryption/composer/composer/autoload_classmap.php +++ b/apps/encryption/composer/composer/autoload_classmap.php @@ -10,6 +10,7 @@ 'OCA\\Encryption\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php', 'OCA\\Encryption\\Command\\DisableMasterKey' => $baseDir . '/../lib/Command/DisableMasterKey.php', 'OCA\\Encryption\\Command\\EnableMasterKey' => $baseDir . '/../lib/Command/EnableMasterKey.php', + 'OCA\\Encryption\\Command\\FixEncryptedVersion' => $baseDir . '/../lib/Command/FixEncryptedVersion.php', 'OCA\\Encryption\\Command\\RecoverUser' => $baseDir . '/../lib/Command/RecoverUser.php', 'OCA\\Encryption\\Command\\ScanLegacyFormat' => $baseDir . '/../lib/Command/ScanLegacyFormat.php', 'OCA\\Encryption\\Controller\\RecoveryController' => $baseDir . '/../lib/Controller/RecoveryController.php', diff --git a/apps/encryption/composer/composer/autoload_static.php b/apps/encryption/composer/composer/autoload_static.php index 64d608a64579f..fc1fcbcf63b4e 100644 --- a/apps/encryption/composer/composer/autoload_static.php +++ b/apps/encryption/composer/composer/autoload_static.php @@ -25,6 +25,7 @@ class ComposerStaticInitEncryption 'OCA\\Encryption\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php', 'OCA\\Encryption\\Command\\DisableMasterKey' => __DIR__ . '/..' . '/../lib/Command/DisableMasterKey.php', 'OCA\\Encryption\\Command\\EnableMasterKey' => __DIR__ . '/..' . '/../lib/Command/EnableMasterKey.php', + 'OCA\\Encryption\\Command\\FixEncryptedVersion' => __DIR__ . '/..' . '/../lib/Command/FixEncryptedVersion.php', 'OCA\\Encryption\\Command\\RecoverUser' => __DIR__ . '/..' . '/../lib/Command/RecoverUser.php', 'OCA\\Encryption\\Command\\ScanLegacyFormat' => __DIR__ . '/..' . '/../lib/Command/ScanLegacyFormat.php', 'OCA\\Encryption\\Controller\\RecoveryController' => __DIR__ . '/..' . '/../lib/Controller/RecoveryController.php', diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php new file mode 100644 index 0000000000000..534ddc4c68993 --- /dev/null +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -0,0 +1,244 @@ + + * @author Ilja Neumann + * + * @copyright Copyright (c) 2019, ownCloud GmbH + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Encryption\Command; + +use OC\Files\View; +use OC\HintException; +use OCP\Files\IRootFolder; +use OCP\IUserManager; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class FixEncryptedVersion extends Command { + /** @var IRootFolder */ + private $rootFolder; + + /** @var IUserManager */ + private $userManager; + + /** @var View */ + private $view; + + public function __construct(IRootFolder $rootFolder, IUserManager $userManager, View $view) { + $this->rootFolder = $rootFolder; + $this->userManager = $userManager; + $this->view = $view; + parent::__construct(); + } + + protected function configure() { + parent::configure(); + + $this + ->setName('encryption:fix-encrypted-version') + ->setDescription('Fix the encrypted version if the encrypted file(s) are not downloadable.') + ->addArgument( + 'user', + InputArgument::REQUIRED, + 'The id of the user whose files need fixing' + )->addOption( + 'path', + 'p', + InputArgument::OPTIONAL, + 'Limit files to fix with path, e.g., --path="/Music/Artist". If path indicates a directory, all the files inside directory will be fixed.' + ); + } + + /** + * @param InputInterface $input + * @param OutputInterface $output + * @return int + */ + protected function execute(InputInterface $input, OutputInterface $output) { + $user = $input->getArgument('user'); + $pathToWalk = "/$user/files"; + + /** + * trim() returns an empty string when the argument is an unset/null + */ + $pathOption = \trim($input->getOption('path'), '/'); + if ($pathOption !== "") { + $pathToWalk = "$pathToWalk/$pathOption"; + } + + if ($user === null) { + $output->writeln("No user id provided.\n"); + return 1; + } + + if ($this->userManager->get($user) === null) { + $output->writeln("User id $user does not exist. Please provide a valid user id"); + return 1; + } + return $this->walkPathOfUser($user, $pathToWalk, $output); + } + + /** + * @param string $user + * @param string $path + * @param OutputInterface $output + * @return int 0 for success, 1 for error + */ + private function walkPathOfUser($user, $path, OutputInterface $output) { + $this->setupUserFs($user); + if (!$this->view->file_exists($path)) { + $output->writeln("Path $path does not exist. Please provide a valid path."); + return 1; + } + + if ($this->view->is_file($path)) { + $output->writeln("Verifying the content of file $path"); + $this->verifyFileContent($path, $output); + return 0; + } + $directories = []; + $directories[] = $path; + while ($root = \array_pop($directories)) { + $directoryContent = $this->view->getDirectoryContent($root); + foreach ($directoryContent as $file) { + $path = $root . '/' . $file['name']; + if ($this->view->is_dir($path)) { + $directories[] = $path; + } else { + $output->writeln("Verifying the content of file $path"); + $this->verifyFileContent($path, $output); + } + } + } + return 0; + } + + /** + * @param string $path + * @param OutputInterface $output + * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion + */ + private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true) { + try { + /** + * In encryption, the files are read in a block size of 8192 bytes + * Read block size of 8192 and a bit more (808 bytes) + * If there is any problem, the first block should throw the signature + * mismatch error. Which as of now, is enough to proceed ahead to + * correct the encrypted version. + */ + $handle = $this->view->fopen($path, 'rb'); + + if (\fread($handle, 9001) !== false) { + $output->writeln("The file $path is: OK"); + } + + \fclose($handle); + + return true; + } catch (HintException $e) { + \OC::$server->getLogger()->warning("Issue: " . $e->getMessage()); + //If allowOnce is set to false, this becomes recursive. + if ($ignoreCorrectEncVersionCall === true) { + //Lets rectify the file by correcting encrypted version + $output->writeln("Attempting to fix the path: $path"); + return $this->correctEncryptedVersion($path, $output); + } + return false; + } + } + + /** + * @param string $path + * @param OutputInterface $output + * @return bool + */ + private function correctEncryptedVersion($path, OutputInterface $output) { + $fileInfo = $this->view->getFileInfo($path); + $fileId = $fileInfo->getId(); + $encryptedVersion = $fileInfo->getEncryptedVersion(); + $wrongEncryptedVersion = $encryptedVersion; + + $storage = $fileInfo->getStorage(); + + $cache = $storage->getCache(); + $fileCache = $cache->get($fileId); + + if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) { + $output->writeln("The file: $path is a share. Hence kindly fix this by running the script for the owner of share"); + return true; + } + + // Save original encrypted version so we can restore it if decryption fails with all version + $originalEncryptedVersion = $encryptedVersion; + if ($encryptedVersion >= 0) { + //test by decrementing the value till 1 and if nothing works try incrementing + $encryptedVersion--; + while ($encryptedVersion > 0) { + $cacheInfo = ['encryptedVersion' => $encryptedVersion, 'encrypted' => $encryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("Decrement the encrypted version to $encryptedVersion"); + if ($this->verifyFileContent($path, $output, false) === true) { + $output->writeln("Fixed the file: $path with version " . $encryptedVersion . ""); + return true; + } + $encryptedVersion--; + } + + //So decrementing did not work. Now lets increment. Max increment is till 5 + $increment = 1; + while ($increment <= 5) { + /** + * The wrongEncryptedVersion would not be incremented so nothing to worry about here. + * Only the newEncryptedVersion is incremented. + * For example if the wrong encrypted version is 4 then + * cycle1 -> newEncryptedVersion = 5 ( 4 + 1) + * cycle2 -> newEncryptedVersion = 6 ( 4 + 2) + * cycle3 -> newEncryptedVersion = 7 ( 4 + 3) + */ + $newEncryptedVersion = $wrongEncryptedVersion + $increment; + + $cacheInfo = ['encryptedVersion' => $newEncryptedVersion, 'encrypted' => $newEncryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("Increment the encrypted version to $newEncryptedVersion"); + if ($this->verifyFileContent($path, $output, false) === true) { + $output->writeln("Fixed the file: $path with version " . $newEncryptedVersion . ""); + return true; + } + $increment++; + } + } + + $cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("No fix found for $path, restored version to original: $originalEncryptedVersion"); + + return false; + } + + /** + * Setup user file system + * @param string $uid + */ + private function setupUserFs($uid) { + \OC_Util::tearDownFS(); + \OC_Util::setupFS($uid); + } +}