mirror of
https://github.com/nextcloud/server.git
synced 2026-05-22 10:06:37 -04:00
cf867ea5fb
Injecting IAppConfig as a constructor parameter into Encryption\Manager (and
through it into EncryptionWrapper) caused IDBConnection to be eagerly resolved
during OC::init() on PHP <8.4 (no lazy ghost objects). This happened before
maintenance:install's Sqlite::initialize() wrote dbname to config.php, so the
connection latched onto the default database name ('owncloud') instead of the
configured one ('nextcloud'). All migrations then ran against owncloud.db, and
the subsequent enable_all.php process opened an empty nextcloud.db — crashing
with "no such table: oc_appconfig".
Remove IAppConfig from Manager's constructor and Server.php's factory closure.
Resolve it lazily via Server::get(IAppConfig::class) inside
EncryptionWrapper::wrapStorage(), which is only called after the filesystem is
set up, never during bootstrap.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
106 lines
2.7 KiB
PHP
106 lines
2.7 KiB
PHP
<?php
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
namespace OC\Encryption;
|
|
|
|
use OC\Files\Filesystem;
|
|
use OC\Files\Mount\HomeMountPoint;
|
|
use OC\Files\Storage\Wrapper\Encryption;
|
|
use OC\Files\View;
|
|
use OC\Memcache\ArrayCache;
|
|
use OCP\Encryption\IFile;
|
|
use OCP\Encryption\Keys\IStorage as EncryptionKeysStorage;
|
|
use OCP\Files\Mount\IMountPoint;
|
|
use OCP\Files\Storage\IDisableEncryptionStorage;
|
|
use OCP\Files\Storage\IStorage;
|
|
use OCP\IAppConfig;
|
|
use OCP\IConfig;
|
|
use OCP\IGroupManager;
|
|
use OCP\IUserManager;
|
|
use OCP\IUserSession;
|
|
use OCP\Server;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
/**
|
|
* Class EncryptionWrapper
|
|
*
|
|
* applies the encryption storage wrapper
|
|
*
|
|
* @package OC\Encryption
|
|
*/
|
|
class EncryptionWrapper {
|
|
/**
|
|
* EncryptionWrapper constructor.
|
|
*/
|
|
public function __construct(
|
|
private ArrayCache $arrayCache,
|
|
private Manager $manager,
|
|
private LoggerInterface $logger,
|
|
) {
|
|
}
|
|
|
|
/**
|
|
* Wraps the given storage when it is not a shared storage
|
|
*
|
|
* @param string $mountPoint
|
|
* @param IStorage $storage
|
|
* @param IMountPoint $mount
|
|
* @param bool $force apply the wrapper even if the storage normally has encryption disabled, helpful for repair steps
|
|
* @return Encryption|IStorage
|
|
*/
|
|
public function wrapStorage(string $mountPoint, IStorage $storage, IMountPoint $mount, bool $force = false) {
|
|
$parameters = [
|
|
'storage' => $storage,
|
|
'mountPoint' => $mountPoint,
|
|
'mount' => $mount
|
|
];
|
|
|
|
// Only evaluate other conditions if not forced
|
|
if (!$force) {
|
|
// If a disabled storage medium, return basic storage
|
|
if ($storage->instanceOfStorage(IDisableEncryptionStorage::class)) {
|
|
return $storage;
|
|
}
|
|
|
|
// Root mount point handling: skip encryption wrapper
|
|
if ($mountPoint === '/') {
|
|
return $storage;
|
|
}
|
|
|
|
// Skip encryption for home mounts if encryptHomeStorage is disabled
|
|
if ($mount instanceof HomeMountPoint
|
|
&& !Server::get(IAppConfig::class)->getValueBool('encryption', 'encryptHomeStorage', true)) {
|
|
return $storage;
|
|
}
|
|
}
|
|
|
|
// Apply encryption wrapper
|
|
$user = Server::get(IUserSession::class)->getUser();
|
|
$mountManager = Filesystem::getMountManager();
|
|
$uid = $user ? $user->getUID() : null;
|
|
$fileHelper = Server::get(IFile::class);
|
|
$keyStorage = Server::get(EncryptionKeysStorage::class);
|
|
|
|
$util = new Util(
|
|
new View(),
|
|
Server::get(IUserManager::class),
|
|
Server::get(IGroupManager::class),
|
|
Server::get(IConfig::class)
|
|
);
|
|
return new Encryption(
|
|
$parameters,
|
|
$this->manager,
|
|
$util,
|
|
$this->logger,
|
|
$fileHelper,
|
|
$uid,
|
|
$keyStorage,
|
|
$mountManager,
|
|
$this->arrayCache
|
|
);
|
|
}
|
|
}
|