rootView = new View(); } protected function configure(): void { $this ->setName('encryption:drop-legacy-filekey') ->setDescription('Scan the files for the legacy filekey format using RC4 and get rid of it (if master key is enabled)'); } protected function execute(InputInterface $input, OutputInterface $output): int { $result = true; $output->writeln('Scanning all files for legacy filekey'); foreach ($this->userManager->getBackends() as $backend) { $limit = 500; $offset = 0; do { $users = $backend->getUsers('', $limit, $offset); foreach ($users as $user) { $output->writeln('Scanning all files for ' . $user); $this->setupUserFS($user); $result = $result && $this->scanFolder($output, '/' . $user); } $offset += $limit; } while (count($users) >= $limit); } if ($result) { $output->writeln('All scanned files are properly encrypted.'); return 0; } return 1; } private function scanFolder(OutputInterface $output, string $folder): bool { $clean = true; foreach ($this->rootView->getDirectoryContent($folder) as $item) { $path = $folder . '/' . $item['name']; if ($this->rootView->is_dir($path)) { if ($this->scanFolder($output, $path) === false) { $clean = false; } } else { if (!$item->isEncrypted()) { // ignore continue; } $stats = $this->rootView->stat($path); if (!isset($stats['hasHeader']) || $stats['hasHeader'] === false) { $clean = false; $output->writeln('' . $path . ' does not have a proper header'); } else { try { $legacyFileKey = $this->keyManager->getFileKey($path, null, true); if ($legacyFileKey === '') { $output->writeln('Got an empty legacy filekey for ' . $path . ', continuing', OutputInterface::VERBOSITY_VERBOSE); continue; } } catch (GenericEncryptionException $e) { $output->writeln('Got a decryption error for legacy filekey for ' . $path . ', continuing', OutputInterface::VERBOSITY_VERBOSE); continue; } /* If that did not throw and filekey is not empty, a legacy filekey is used */ $clean = false; $output->writeln($path . ' is using a legacy filekey, migrating'); $this->migrateSinglefile($path, $item, $output); } } } return $clean; } private function migrateSinglefile(string $path, FileInfo $fileInfo, OutputInterface $output): void { $source = $path; $target = $path . '.reencrypted.' . time(); try { $this->rootView->copy($source, $target); $copyResource = $this->rootView->fopen($target, 'r'); $sourceResource = $this->rootView->fopen($source, 'w'); if ($copyResource === false || $sourceResource === false) { throw new DecryptionFailedException('Failed to open '.$source.' or '.$target); } if (stream_copy_to_stream($copyResource, $sourceResource) === false) { $output->writeln('Failed to copy '.$target.' data into '.$source.''); $output->writeln('Leaving both files in there to avoid data loss'); return; } $this->rootView->touch($source, $fileInfo->getMTime()); $this->rootView->unlink($target); $output->writeln('Migrated ' . $source . '', OutputInterface::VERBOSITY_VERBOSE); } catch (DecryptionFailedException $e) { if ($this->rootView->file_exists($target)) { $this->rootView->unlink($target); } $output->writeln('Failed to migrate ' . $path . ''); $output->writeln('' . $e . '', OutputInterface::VERBOSITY_VERBOSE); } finally { if (is_resource($copyResource)) { fclose($copyResource); } if (is_resource($sourceResource)) { fclose($sourceResource); } } } /** * setup user file system */ protected function setupUserFS(string $uid): void { \OC_Util::tearDownFS(); \OC_Util::setupFS($uid); } }