Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
RISCI_ATOM
/
nextcloud-server
-ын хуулбар https://github.com/nextcloud/server.git
1
0
Салаа 0
Файлууд Асуудлууд 23 Мэдлэгийн сан
Салаа: stable12
Салаанууд Тагууд
nextcloud-serve...
/
settings
/
Controller
/
CheckSetupController.php

CheckSetupController.php 12 KB
Байнгын холболт Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.
    4. 

  4.  *
    5. 

  5.  * @author Joas Schilling <coding@schilljs.com>
    6. 

  6.  * @author Lukas Reschke <lukas@statuscode.ch>
    7. 

  7.  * @author Morris Jobke <hey@morrisjobke.de>
    8. 

  8.  * @author Robin McCorkell <robin@mccorkell.me.uk>
    9. 

  9.  * @author Roeland Jago Douma <roeland@famdouma.nl>
    10. 

  10.  *
    11. 

  11.  * @license AGPL-3.0
    12. 

  12.  *
    13. 

  13.  * This code is free software: you can redistribute it and/or modify
    14. 

  14.  * it under the terms of the GNU Affero General Public License, version 3,
    15. 

  15.  * as published by the Free Software Foundation.
    16. 

  16.  *
    17. 

  17.  * This program is distributed in the hope that it will be useful,
    18. 

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    19. 

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    20. 

  20.  * GNU Affero General Public License for more details.
    21. 

  21.  *
    22. 

  22.  * You should have received a copy of the GNU Affero General Public License, version 3,
    23. 

  23.  * along with this program.  If not, see <http://www.gnu.org/licenses/>
    24. 

  24.  *
    25. 

  25.  */
    26. 

  26. 

  27. namespace OC\Settings\Controller;
    28. 

  28. 

  29. use bantu\IniGetWrapper\IniGetWrapper;
    30. 

  30. use GuzzleHttp\Exception\ClientException;
    31. 

  31. use OC\AppFramework\Http;
    32. 

  32. use OC\IntegrityCheck\Checker;
    33. 

  33. use OCP\AppFramework\Controller;
    34. 

  34. use OCP\AppFramework\Http\DataDisplayResponse;
    35. 

  35. use OCP\AppFramework\Http\DataResponse;
    36. 

  36. use OCP\AppFramework\Http\RedirectResponse;
    37. 

  37. use OCP\Http\Client\IClientService;
    38. 

  38. use OCP\IConfig;
    39. 

  39. use OCP\IL10N;
    40. 

  40. use OCP\ILogger;
    41. 

  41. use OCP\IRequest;
    42. 

  42. use OC_Util;
    43. 

  43. use OCP\IURLGenerator;
    44. 

  44. 

  45. /**
    46. 

  46.  * @package OC\Settings\Controller
    47. 

  47.  */
    48. 

  48. class CheckSetupController extends Controller {
    49. 

  49. 	/** @var IConfig */
    50. 

  50. 	private $config;
    51. 

  51. 	/** @var IClientService */
    52. 

  52. 	private $clientService;
    53. 

  53. 	/** @var \OC_Util */
    54. 

  54. 	private $util;
    55. 

  55. 	/** @var IURLGenerator */
    56. 

  56. 	private $urlGenerator;
    57. 

  57. 	/** @var IL10N */
    58. 

  58. 	private $l10n;
    59. 

  59. 	/** @var Checker */
    60. 

  60. 	private $checker;
    61. 

  61. 	/** @var ILogger */
    62. 

  62. 	private $logger;
    63. 

  63. 

  64. 	/**
    65. 

  65. 	 * @param string $AppName
    66. 

  66. 	 * @param IRequest $request
    67. 

  67. 	 * @param IConfig $config
    68. 

  68. 	 * @param IClientService $clientService
    69. 

  69. 	 * @param IURLGenerator $urlGenerator
    70. 

  70. 	 * @param \OC_Util $util
    71. 

  71. 	 * @param IL10N $l10n
    72. 

  72. 	 * @param Checker $checker
    73. 

  73. 	 * @param ILogger $logger
    74. 

  74. 	 */
    75. 

  75. 	public function __construct($AppName,
    76. 

  76. 								IRequest $request,
    77. 

  77. 								IConfig $config,
    78. 

  78. 								IClientService $clientService,
    79. 

  79. 								IURLGenerator $urlGenerator,
    80. 

  80. 								\OC_Util $util,
    81. 

  81. 								IL10N $l10n,
    82. 

  82. 								Checker $checker,
    83. 

  83. 								ILogger $logger) {
    84. 

  84. 		parent::__construct($AppName, $request);
    85. 

  85. 		$this->config = $config;
    86. 

  86. 		$this->clientService = $clientService;
    87. 

  87. 		$this->util = $util;
    88. 

  88. 		$this->urlGenerator = $urlGenerator;
    89. 

  89. 		$this->l10n = $l10n;
    90. 

  90. 		$this->checker = $checker;
    91. 

  91. 		$this->logger = $logger;
    92. 

  92. 	}
    93. 

  93. 

  94. 	/**
    95. 

  95. 	 * Checks if the ownCloud server can connect to the internet using HTTPS and HTTP
    96. 

  96. 	 * @return bool
    97. 

  97. 	 */
    98. 

  98. 	private function isInternetConnectionWorking() {
    99. 

  99. 		if ($this->config->getSystemValue('has_internet_connection', true) === false) {
    100. 

  100. 			return false;
    101. 

  101. 		}
    102. 

  102. 

  103. 		$siteArray = ['www.nextcloud.com',
    104. 

  104. 						'www.google.com',
    105. 

  105. 						'www.github.com'];
    106. 

  106. 

  107. 		foreach($siteArray as $site) {
    108. 

  108. 			if ($this->isSiteReachable($site)) {
    109. 

  109. 				return true;
    110. 

  110. 			}
    111. 

  111. 		}
    112. 

  112. 		return false;
    113. 

  113. 	}
    114. 

  114. 

  115. 	/**
    116. 

  116. 	* Chceks if the ownCloud server can connect to a specific URL using both HTTPS and HTTP
    117. 

  117. 	* @return bool
    118. 

  118. 	*/
    119. 

  119. 	private function isSiteReachable($sitename) {
    120. 

  120. 		$httpSiteName = 'http://' . $sitename . '/';
    121. 

  121. 		$httpsSiteName = 'https://' . $sitename . '/';
    122. 

  122. 

  123. 		try {
    124. 

  124. 			$client = $this->clientService->newClient();
    125. 

  125. 			$client->get($httpSiteName);
    126. 

  126. 			$client->get($httpsSiteName);
    127. 

  127. 		} catch (\Exception $e) {
    128. 

  128. 			$this->logger->logException($e, ['app' => 'internet_connection_check']);
    129. 

  129. 			return false;
    130. 

  130. 		}
    131. 

  131. 		return true;
    132. 

  132. 	}
    133. 

  133. 

  134. 	/**
    135. 

  135. 	 * Checks whether a local memcache is installed or not
    136. 

  136. 	 * @return bool
    137. 

  137. 	 */
    138. 

  138. 	private function isMemcacheConfigured() {
    139. 

  139. 		return $this->config->getSystemValue('memcache.local', null) !== null;
    140. 

  140. 	}
    141. 

  141. 

  142. 	/**
    143. 

  143. 	 * Whether /dev/urandom is available to the PHP controller
    144. 

  144. 	 *
    145. 

  145. 	 * @return bool
    146. 

  146. 	 */
    147. 

  147. 	private function isUrandomAvailable() {
    148. 

  148. 		if(@file_exists('/dev/urandom')) {
    149. 

  149. 			$file = fopen('/dev/urandom', 'rb');
    150. 

  150. 			if($file) {
    151. 

  151. 				fclose($file);
    152. 

  152. 				return true;
    153. 

  153. 			}
    154. 

  154. 		}
    155. 

  155. 

  156. 		return false;
    157. 

  157. 	}
    158. 

  158. 

  159. 	/**
    160. 

  160. 	 * Public for the sake of unit-testing
    161. 

  161. 	 *
    162. 

  162. 	 * @return array
    163. 

  163. 	 */
    164. 

  164. 	protected function getCurlVersion() {
    165. 

  165. 		return curl_version();
    166. 

  166. 	}
    167. 

  167. 

  168. 	/**
    169. 

  169. 	 * Check if the used  SSL lib is outdated. Older OpenSSL and NSS versions do
    170. 

  170. 	 * have multiple bugs which likely lead to problems in combination with
    171. 

  171. 	 * functionality required by ownCloud such as SNI.
    172. 

  172. 	 *
    173. 

  173. 	 * @link https://github.com/owncloud/core/issues/17446#issuecomment-122877546
    174. 

  174. 	 * @link https://bugzilla.redhat.com/show_bug.cgi?id=1241172
    175. 

  175. 	 * @return string
    176. 

  176. 	 */
    177. 

  177. 	private function isUsedTlsLibOutdated() {
    178. 

  178. 		// Don't run check when:
    179. 

  179. 		// 1. Server has `has_internet_connection` set to false
    180. 

  180. 		// 2. AppStore AND S2S is disabled
    181. 

  181. 		if(!$this->config->getSystemValue('has_internet_connection', true)) {
    182. 

  182. 			return '';
    183. 

  183. 		}
    184. 

  184. 		if(!$this->config->getSystemValue('appstoreenabled', true)
    185. 

  185. 			&& $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'
    186. 

  186. 			&& $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {
    187. 

  187. 			return '';
    188. 

  188. 		}
    189. 

  189. 

  190. 		$versionString = $this->getCurlVersion();
    191. 

  191. 		if(isset($versionString['ssl_version'])) {
    192. 

  192. 			$versionString = $versionString['ssl_version'];
    193. 

  193. 		} else {
    194. 

  194. 			return '';
    195. 

  195. 		}
    196. 

  196. 

  197. 		$features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
    198. 

  198. 		if(!$this->config->getSystemValue('appstoreenabled', true)) {
    199. 

  199. 			$features = (string)$this->l10n->t('Federated Cloud Sharing');
    200. 

  200. 		}
    201. 

  201. 

  202. 		// Check if at least OpenSSL after 1.01d or 1.0.2b
    203. 

  203. 		if(strpos($versionString, 'OpenSSL/') === 0) {
    204. 

  204. 			$majorVersion = substr($versionString, 8, 5);
    205. 

  205. 			$patchRelease = substr($versionString, 13, 6);
    206. 

  206. 

  207. 			if(($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
    208. 

  208. 				($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {
    209. 

  209. 				return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['OpenSSL', $versionString, $features]);
    210. 

  210. 			}
    211. 

  211. 		}
    212. 

  212. 

  213. 		// Check if NSS and perform heuristic check
    214. 

  214. 		if(strpos($versionString, 'NSS/') === 0) {
    215. 

  215. 			try {
    216. 

  216. 				$firstClient = $this->clientService->newClient();
    217. 

  217. 				$firstClient->get('https://nextcloud.com/');
    218. 

  218. 

  219. 				$secondClient = $this->clientService->newClient();
    220. 

  220. 				$secondClient->get('https://nextcloud.com/');
    221. 

  221. 			} catch (ClientException $e) {
    222. 

  222. 				if($e->getResponse()->getStatusCode() === 400) {
    223. 

  223. 					return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['NSS', $versionString, $features]);
    224. 

  224. 				}
    225. 

  225. 			}
    226. 

  226. 		}
    227. 

  227. 

  228. 		return '';
    229. 

  229. 	}
    230. 

  230. 

  231. 	/**
    232. 

  232. 	 * Whether the version is outdated
    233. 

  233. 	 *
    234. 

  234. 	 * @return bool
    235. 

  235. 	 */
    236. 

  236. 	protected function isPhpOutdated() {
    237. 

  237. 		if (version_compare(PHP_VERSION, '5.5.0') === -1) {
    238. 

  238. 			return true;
    239. 

  239. 		}
    240. 

  240. 

  241. 		return false;
    242. 

  242. 	}
    243. 

  243. 

  244. 	/**
    245. 

  245. 	 * Whether the php version is still supported (at time of release)
    246. 

  246. 	 * according to: https://secure.php.net/supported-versions.php
    247. 

  247. 	 *
    248. 

  248. 	 * @return array
    249. 

  249. 	 */
    250. 

  250. 	private function isPhpSupported() {
    251. 

  251. 		return ['eol' => $this->isPhpOutdated(), 'version' => PHP_VERSION];
    252. 

  252. 	}
    253. 

  253. 

  254. 	/**
    255. 

  255. 	 * Check if the reverse proxy configuration is working as expected
    256. 

  256. 	 *
    257. 

  257. 	 * @return bool
    258. 

  258. 	 */
    259. 

  259. 	private function forwardedForHeadersWorking() {
    260. 

  260. 		$trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
    261. 

  261. 		$remoteAddress = $this->request->getRemoteAddress();
    262. 

  262. 

  263. 		if (is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {
    264. 

  264. 			return false;
    265. 

  265. 		}
    266. 

  266. 

  267. 		// either not enabled or working correctly
    268. 

  268. 		return true;
    269. 

  269. 	}
    270. 

  270. 

  271. 	/**
    272. 

  272. 	 * Checks if the correct memcache module for PHP is installed. Only
    273. 

  273. 	 * fails if memcached is configured and the working module is not installed.
    274. 

  274. 	 *
    275. 

  275. 	 * @return bool
    276. 

  276. 	 */
    277. 

  277. 	private function isCorrectMemcachedPHPModuleInstalled() {
    278. 

  278. 		if ($this->config->getSystemValue('memcache.distributed', null) !== '\OC\Memcache\Memcached') {
    279. 

  279. 			return true;
    280. 

  280. 		}
    281. 

  281. 

  282. 		// there are two different memcached modules for PHP
    283. 

  283. 		// we only support memcached and not memcache
    284. 

  284. 		// https://code.google.com/p/memcached/wiki/PHPClientComparison
    285. 

  285. 		return !(!extension_loaded('memcached') && extension_loaded('memcache'));
    286. 

  286. 	}
    287. 

  287. 

  288. 	/**
    289. 

  289. 	 * Checks if set_time_limit is not disabled.
    290. 

  290. 	 *
    291. 

  291. 	 * @return bool
    292. 

  292. 	 */
    293. 

  293. 	private function isSettimelimitAvailable() {
    294. 

  294. 		if (function_exists('set_time_limit')
    295. 

  295. 			&& strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
    296. 

  296. 			return true;
    297. 

  297. 		}
    298. 

  298. 

  299. 		return false;
    300. 

  300. 	}
    301. 

  301. 

  302. 	/**
    303. 

  303. 	 * @return RedirectResponse
    304. 

  304. 	 */
    305. 

  305. 	public function rescanFailedIntegrityCheck() {
    306. 

  306. 		$this->checker->runInstanceVerification();
    307. 

  307. 		return new RedirectResponse(
    308. 

  308. 			$this->urlGenerator->linkToRoute('settings.AdminSettings.index')
    309. 

  309. 		);
    310. 

  310. 	}
    311. 

  311. 

  312. 	/**
    313. 

  313. 	 * @NoCSRFRequired
    314. 

  314. 	 * @return DataResponse
    315. 

  315. 	 */
    316. 

  316. 	public function getFailedIntegrityCheckFiles() {
    317. 

  317. 		if(!$this->checker->isCodeCheckEnforced()) {
    318. 

  318. 			return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
    319. 

  319. 		}
    320. 

  320. 

  321. 		$completeResults = $this->checker->getResults();
    322. 

  322. 

  323. 		if(!empty($completeResults)) {
    324. 

  324. 			$formattedTextResponse = 'Technical information
    325. 

  325. =====================
    326. 

  326. The following list covers which files have failed the integrity check. Please read
    327. 

  327. the previous linked documentation to learn more about the errors and how to fix
    328. 

  328. them.
    329. 

  329. 

  330. Results
    331. 

  331. =======
    332. 

  332. ';
    333. 

  333. 			foreach($completeResults as $context => $contextResult) {
    334. 

  334. 				$formattedTextResponse .= "- $context\n";
    335. 

  335. 

  336. 				foreach($contextResult as $category => $result) {
    337. 

  337. 					$formattedTextResponse .= "\t- $category\n";
    338. 

  338. 					if($category !== 'EXCEPTION') {
    339. 

  339. 						foreach ($result as $key => $results) {
    340. 

  340. 							$formattedTextResponse .= "\t\t- $key\n";
    341. 

  341. 						}
    342. 

  342. 					} else {
    343. 

  343. 						foreach ($result as $key => $results) {
    344. 

  344. 							$formattedTextResponse .= "\t\t- $results\n";
    345. 

  345. 						}
    346. 

  346. 					}
    347. 

  347. 

  348. 				}
    349. 

  349. 			}
    350. 

  350. 

  351. 			$formattedTextResponse .= '
    352. 

  352. Raw output
    353. 

  353. ==========
    354. 

  354. ';
    355. 

  355. 			$formattedTextResponse .= print_r($completeResults, true);
    356. 

  356. 		} else {
    357. 

  357. 			$formattedTextResponse = 'No errors have been found.';
    358. 

  358. 		}
    359. 

  359. 

  360. 

  361. 		$response = new DataDisplayResponse(
    362. 

  362. 			$formattedTextResponse,
    363. 

  363. 			Http::STATUS_OK,
    364. 

  364. 			[
    365. 

  365. 				'Content-Type' => 'text/plain',
    366. 

  366. 			]
    367. 

  367. 		);
    368. 

  368. 

  369. 		return $response;
    370. 

  370. 	}
    371. 

  371. 

  372. 	/**
    373. 

  373. 	 * Checks whether a PHP opcache is properly set up
    374. 

  374. 	 * @return bool
    375. 

  375. 	 */
    376. 

  376. 	protected function isOpcacheProperlySetup() {
    377. 

  377. 		$iniWrapper = new IniGetWrapper();
    378. 

  378. 

  379. 		$isOpcacheProperlySetUp = true;
    380. 

  380. 

  381. 		if(!$iniWrapper->getBool('opcache.enable')) {
    382. 

  382. 			$isOpcacheProperlySetUp = false;
    383. 

  383. 		}
    384. 

  384. 

  385. 		if(!$iniWrapper->getBool('opcache.save_comments')) {
    386. 

  386. 			$isOpcacheProperlySetUp = false;
    387. 

  387. 		}
    388. 

  388. 

  389. 		if(!$iniWrapper->getBool('opcache.enable_cli')) {
    390. 

  390. 			$isOpcacheProperlySetUp = false;
    391. 

  391. 		}
    392. 

  392. 

  393. 		if($iniWrapper->getNumeric('opcache.max_accelerated_files') < 10000) {
    394. 

  394. 			$isOpcacheProperlySetUp = false;
    395. 

  395. 		}
    396. 

  396. 

  397. 		if($iniWrapper->getNumeric('opcache.memory_consumption') < 128) {
    398. 

  398. 			$isOpcacheProperlySetUp = false;
    399. 

  399. 		}
    400. 

  400. 

  401. 		if($iniWrapper->getNumeric('opcache.interned_strings_buffer') < 8) {
    402. 

  402. 			$isOpcacheProperlySetUp = false;
    403. 

  403. 		}
    404. 

  404. 

  405. 		return $isOpcacheProperlySetUp;
    406. 

  406. 	}
    407. 

  407. 

  408. 	/**
    409. 

  409. 	 * @return DataResponse
    410. 

  410. 	 */
    411. 

  411. 	public function check() {
    412. 

  412. 		return new DataResponse(
    413. 

  413. 			[
    414. 

  414. 				'serverHasInternetConnection' => $this->isInternetConnectionWorking(),
    415. 

  415. 				'isMemcacheConfigured' => $this->isMemcacheConfigured(),
    416. 

  416. 				'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
    417. 

  417. 				'isUrandomAvailable' => $this->isUrandomAvailable(),
    418. 

  418. 				'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),
    419. 

  419. 				'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),
    420. 

  420. 				'phpSupported' => $this->isPhpSupported(),
    421. 

  421. 				'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(),
    422. 

  422. 				'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),
    423. 

  423. 				'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),
    424. 

  424. 				'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),
    425. 

  425. 				'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),
    426. 

  426. 				'isOpcacheProperlySetup' => $this->isOpcacheProperlySetup(),
    427. 

  427. 				'phpOpcacheDocumentation' => $this->urlGenerator->linkToDocs('admin-php-opcache'),
    428. 

  428. 				'isSettimelimitAvailable' => $this->isSettimelimitAvailable(),
    429. 

  429. 			]
    430. 

  430. 		);
    431. 

  431. 	}
    432. 

  432. }
    433.