Fix and enhance GPG encryption/decryption in File Manager

Author: iliajie

authentic-funcs.pl

@@ -350,19 +350,27 @@ sub get_theme_language
 
 sub get_user_allowed_gpg_keys
 {
-    my ($switch_to_user, $list_avoided_system_keys) = @_;
+    my ($switch_to_user, $list_avoided_system_keys, $self) = @_;
+    my %keys_;
+
+    # Also get the keys for the root user, when operating on virtual server
+    # so the master admin will see all root keys, plus the keys from given
+    # virtual server
+    my ($user_level) = get_user_level();
+    if (!$user_level && !$self) {
+        my ($root_keys) = get_user_allowed_gpg_keys($remote_user, $list_avoided_system_keys, 'self');
+        %keys_ = %{$root_keys};
+    }
 
     # Switch to remove user first
-    switch_to_given_unix_user($switch_to_user);
+    my ($switched_user) = switch_to_given_unix_user($switch_to_user);
 
     # GNUPG lib target
     # For Usermin `gnupg` for Webmin `webmin`
-    my $target = foreign_available('gnupg') ? 'gnupg' : 'webmin';
+    my $target = foreign_exists('gnupg') ? 'gnupg' : 'webmin';
 
     # As we call it not from the module set it manually
     # to bypass init_config() call leading to an error
-    # Although, the module itself must be available for
-    # the given user to work in Usermin
     $module_name = $target;
 
     my $gpglib = $root_directory . "/$target/gnupg-lib.pl";
@@ -375,31 +383,21 @@ sub get_user_allowed_gpg_keys
         # may be available, it would be possible to list the keys on dropdown too,
         # as those keys are distributed and should never be displayed to the users.
         # If one of us needs the keys to be displayed on the dropdown we need to hold
-        # Alt key before clicking Encrypt/Decrypt entry on File Manager context menu
+        # Alt key before clicking Encrypt entry on File Manager context menu
         my @keys_avoided = ('11F63C51', 'F9232D77', 'D9C821AB');
         my @keys         = list_keys_sorted();
         my @keys_secret  = sort {lc($a->{'name'}->[0]) cmp lc($b->{'name'}->[0])} list_secret_keys();
-        my %keys_;
-        my %keys_secret_;
 
         foreach my $k (@keys) {
             my $key  = substr($k->{'key'}, -8, 8);
             my $name = $k->{'name'}->[0];
             $name =~ s/\(.*?\)//gs;
             if ($list_avoided_system_keys || (!$list_avoided_system_keys && !grep(/^$key$/, @keys_avoided))) {
-                $keys_{ $k->{'key'} } = trim($name) . " ($k->{'email'}->[0] [$key/$k->{'size'}, $k->{'date'}])";
-            }
-        }
-        foreach my $k (@keys_secret) {
-            my $key  = substr($k->{'key'}, -8, 8);
-            my $name = $k->{'name'}->[0];
-            $name =~ s/\(.*?\)//gs;
-            if ($list_avoided_system_keys || (!$list_avoided_system_keys && !grep(/^$k->{'key'}$/, @keys_avoided))) {
-                $keys_secret_{ $k->{'key'} } =
-                  trim($name) . " ($k->{'email'}->[0] [$key/$k->{'size'}, $k->{'date'}])";
+                $keys_{ $k->{'key'} } =
+                  trim($name) . " ($k->{'email'}->[0] [$switched_user] [$key/$k->{'size'}, $k->{'date'}])";
             }
         }
-        return (\%keys_, \%keys_secret_, $gpgpath);
+        return (\%keys_, $gpgpath);
     }
 }
 
@@ -454,6 +452,7 @@ sub switch_to_given_unix_user
               if ($username ne $remote_user);
             $ENV{'USER'} = $ENV{'LOGNAME'} = $username;
             $ENV{'HOME'} = $uinfo[7];
+            return ($username, $uinfo[7]);
         }
     }
 }

authentic-lib.pl

@@ -1878,11 +1878,10 @@ sub get_xhr_request
             my $module = 'filemin';    # $in{'xhr-get_gpg_keys_cmodule'};
             exit if (!foreign_available($module));
             my $jailed_user = get_fm_jailed_user($module, 1);
-            my ($public, $secret, $gpgpath) =
+            my ($public, $gpgpath) =
                 get_user_allowed_gpg_keys($jailed_user, $in{'xhr-get_gpg_keys_all'});
             my %keys;
             $keys{'public'}  = $public;
-            $keys{'secret'}  = $secret;
             $keys{'gpgpath'} = $gpgpath;
             print convert_to_json(\%keys);
         } elsif ($in{'xhr-get_user_level'} eq '1') {

extensions/file-manager/file-manager.min.js

@@ -14,58 +14,78 @@ do("$ENV{'THEME_ROOT'}/extensions/file-manager/file-manager-lib.pl");
 my @entries_list = get_entries_list();
 my %errors;
 my $status;
-my $action      = $in{'action'};
-my $action_name = $action eq 'encrypt' ? 'encrypted' : 'decrypted';
-my $delete      = $in{'delete'};
-my $passphrase  = $in{'passphrase'};
-my $safe_mode   = $config{'config_portable_module_filemanager_files_safe_mode'} ne 'false';
+my $action     = $in{'action'};
+my $key        = quotemeta($in{'key'});
+my $delete     = $in{'delete'};
+my $passphrase = $in{'passphrase'};
+my $keyuser    = $in{'keyuser'};
+my $homeuser   = $in{'homeuser'};
+my $safe_mode  = $config{'config_portable_module_filemanager_files_safe_mode'} ne 'false';
 
 my $gpgpath = get_gpg_path();
 my $no_command;
 
+# Get user level
+my ($user_level) = get_user_level();
+
+# In case this is a master admin login,
+# and the key to encrypt data belonging
+# to /root, do not switch to the current
+# home directory user and use that instead
+my $forceuser;
+if (!$user_level && $keyuser) {
+    $forceuser = $keyuser;
+}
+
 # Set user env and switch to remote user first
-switch_to_given_unix_user();
+switch_to_given_unix_user($forceuser);
 
 foreach my $name (@entries_list) {
-    my ($iname, $fname, $fext);
+    my ($iname);
     my $gpg;
 
     $iname = $name;
+    $iname .= ($key ? ("_" . substr($key, 0, 6)) : '');
 
-    # Clean name when decrypting
+    # Clean extension name when decrypting
     if ($action eq "decrypt") {
-        $iname =~ s/\.(gpg|pgp)$//;
-        $iname =~ s/(?|(_encrypted\(\d+\))|(_encrypted))//;
+        $iname =~ s/(_[a-h0-9]+\.gpg|pgp)$//i;
     }
-    ($fname, $fext) = file_name_extension_splitter($iname);
-    $fext  = ".$fext" if ($fext);
-    $iname = $fname . "_" . $action_name;
+
     my $ffext;
     $ffext = ".gpg" if ($action eq "encrypt");
 
     # Check if file exist
-    if ($safe_mode && -e "$cwd/$iname$fext$ffext") {
-        my $__ = 1;
+    if ($safe_mode && -e "$cwd/$iname$ffext") {
+        my $__ = 0;
         for (;;) {
-            my $niname = "$iname(" . $__++ . ")";
-            if (!-e "$cwd/$niname$fext$ffext") {
-                $iname = "$niname$fext";
+            $__++;
+            my $niname = "$iname(" . $__ . ")";
+            if ($action eq 'decrypt') {
+                my ($fname, $fext) = file_name_extension_splitter($iname);
+                $niname = "$fname(" . $__ . ")" . ($fext ? ".$fext" : '');
+            }
+            if (!-e "$cwd/$niname$ffext") {
+                $iname = "$niname$ffext";
                 last;
             }
         }
     } else {
-        $iname .= $fext;
+        $iname = "$iname$ffext";
         unlink_file("$cwd/$iname$ffext") if (-e "$cwd/$iname$ffext");
     }
     $status = 0;
 
     if ($action eq "encrypt") {
-        my $key   = quotemeta($in{'key'});
         my $fpath = "$cwd/$name";
         $gpg =
-"cd @{[quotemeta($cwd)]} && $gpgpath --encrypt --always-trust --output @{[quotemeta($iname)]}.gpg --recipient $key @{[quotemeta($fpath)]}";
+"cd @{[quotemeta($cwd)]} && $gpgpath --encrypt --always-trust --output @{[quotemeta($iname)]} --recipient $key @{[quotemeta($fpath)]}";
         $status = system($gpg);
 
+        # Set file owner in case was encrypted usign master admin keys
+        system("chown --reference=" . quotemeta($cwd) . " " . quotemeta("$cwd/$iname"))
+          if (!$status && $homeuser && !$user_level);
+
     } elsif ($action eq "decrypt") {
         my $extra;
         if ($passphrase) {
@@ -83,6 +103,10 @@ foreach my $name (@entries_list) {
         print $fh $passphrase;
         close $fh;
         $status = $?;
+
+        # Set file owner in case was decrypted usign master admin keys
+        system("chown --reference=" . quotemeta($cwd) . " " . quotemeta("$cwd/$iname"))
+          if (!$status && $homeuser && !$user_level);
     }
 
     if ($delete && $status == 0) {

extensions/file-manager/file-manager.min.js.gz

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Dien ondersteuningskaartjie in met aangehegte
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Dwing om stelselinligting te verfris
 theme_xhred_disk_quota_error_title=Buite kwota
 theme_xhred_disk_quota_error_message=geen spasie oor op die toestel nie
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Gebruik hoofadministrateursleutel vir dekripsie

extensions/file-manager/gpg.cgi

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=إرسال تذكرة دعم مع معلوم
 theme_xhred_tooltip_side_slider_refresh_sysinfo=القوة لتحديث معلومات النظام
 theme_xhred_disk_quota_error_title=خارج الحصة
 theme_xhred_disk_quota_error_message=لم يتبقى مساحة في الجهاز
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=استخدم مفتاح المسؤول الرئيسي لفك التشفير

lang/af.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Адправіць білет у службу
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Прымусова абнавіць сістэмную інфармацыю
 theme_xhred_disk_quota_error_title=Па-за квоты
 theme_xhred_disk_quota_error_message=На прыладзе не засталося месца
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Выкарыстоўвайце галоўны ключ адміністратара для расшыфроўкі

lang/ar.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Изпратете билет за поддр
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Принудително обновяване на системната информация
 theme_xhred_disk_quota_error_title=Извън квотата
 theme_xhred_disk_quota_error_message=Няма повече свободно място на устройството
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Използвайте главния администраторски ключ за декриптиране

lang/be.auto

@@ -583,3 +583,4 @@ theme_xhred_tooltip_support_ticket=Envieu el bitllet de suport amb la informaci
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Força per actualitzar la informació del sistema
 theme_xhred_disk_quota_error_title=Fora de quota
 theme_xhred_disk_quota_error_message=no queda espai lliure al dispositiu
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Utilitzeu la clau mestra d'administrador per al desxifrat

lang/bg.auto

@@ -1110,3 +1110,4 @@ theme_xhred_tooltip_support_ticket=Odešlete lístek podpory s připojenými inf
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Vynutit aktualizaci systémových informací
 theme_xhred_disk_quota_error_title=Mimo kvótu
 theme_xhred_disk_quota_error_message=Na zařízení nezbývá místo
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=K dešifrování použijte hlavní klíč správce

lang/ca.auto

@@ -1180,3 +1180,4 @@ theme_xhred_tooltip_support_ticket=Indsend supportbillet med vedhæftede systemo
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Tving til at opdatere systemoplysninger
 theme_xhred_disk_quota_error_title=Uden for kvote
 theme_xhred_disk_quota_error_message=Ikke mere plads på enheden
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Brug hovedadministratornøgle til dekryptering

lang/cs.auto

@@ -167,3 +167,4 @@ theme_xhred_tooltip_support_ticket=Senden Sie ein Support-Ticket mit angehängte
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Erzwingen Sie die Aktualisierung der Systeminformationen
 theme_xhred_disk_quota_error_title=Außerhalb der Quote
 theme_xhred_disk_quota_error_message=Kein Speicherplatz auf Gerät
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Verwenden Sie den Hauptadministratorschlüssel für die Entschlüsselung

lang/da.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Υποβάλετε δελτίο υποστή
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Αναγκαστική ανανέωση πληροφοριών συστήματος
 theme_xhred_disk_quota_error_title=Εκτός ποσόστωσης
 theme_xhred_disk_quota_error_message=Δεν υπάρχει χώρος στην συσκευή
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Χρησιμοποιήστε το κύριο κλειδί διαχειριστή για αποκρυπτογράφηση

lang/de.auto

@@ -1327,4 +1327,5 @@ theme_sysinfo_vmforum=Virtualmin Community
 theme_xhred_tooltip_support_ticket=Submit support ticket with attached system information; hold ⎇ key to copy support link to clipboard
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Force to refresh system information
 theme_xhred_disk_quota_error_title=Out of quota
-theme_xhred_disk_quota_error_message=No space left on device
+theme_xhred_disk_quota_error_message=No space left on device
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Use master administrator key for decryption

lang/el.auto

@@ -1179,3 +1179,4 @@ theme_xhred_tooltip_support_ticket=Envíe un ticket de soporte con la informaci
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Forzar la actualización de la información del sistema
 theme_xhred_disk_quota_error_title=Fuera de cuota
 theme_xhred_disk_quota_error_message=no queda espacio en el dispositivo
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Use la clave de administrador maestro para el descifrado

lang/en

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Bidali laguntza-txartela erantsita sistemaren
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Behartu sistemaren informazioa freskatzera
 theme_xhred_disk_quota_error_title=Kupotik kanpo
 theme_xhred_disk_quota_error_message=Ez da lekurik geratzen gailuan
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Erabili administratzaile-gako nagusia deszifratzeko

lang/es.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=ارسال تیکت پشتیبانی با ا
 theme_xhred_tooltip_side_slider_refresh_sysinfo=اجباری برای تازه کردن اطلاعات سیستم
 theme_xhred_disk_quota_error_title=خارج از سهمیه
 theme_xhred_disk_quota_error_message=هیچ فضایی در دستگاه باقی نمانده است
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=برای رمزگشایی از کلید مدیر اصلی استفاده کنید

lang/eu.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Lähetä tukilippu ja liitteenä olevat järj
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Pakota päivittämään järjestelmätiedot
 theme_xhred_disk_quota_error_title=Kiintiö loppu
 theme_xhred_disk_quota_error_message=laitteessa ei ole tilaa jäljellä
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Käytä pääjärjestelmänvalvojan avainta salauksen purkamiseen

lang/fa.auto

@@ -134,3 +134,4 @@ theme_xhred_tooltip_support_ticket=Soumettre un ticket d'assistance avec les inf
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Forcer à actualiser les informations système
 theme_xhred_disk_quota_error_title=Hors quota
 theme_xhred_disk_quota_error_message=Pas d'espace disponible sur le périphérique
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Utiliser la clé d'administrateur principal pour le déchiffrement

lang/fi.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=שלח כרטיס תמיכה עם מידע מ
 theme_xhred_tooltip_side_slider_refresh_sysinfo=הכריח לרענן את מידע המערכת
 theme_xhred_disk_quota_error_title=מחוץ למכסה
 theme_xhred_disk_quota_error_message=אין עוד מקום במכשיר
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=השתמש במפתח מנהל ראשי לפענוח

lang/fr.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Pošaljite ulaznicu za podršku s priloženim
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Prisilno osvježavanje informacija o sustavu
 theme_xhred_disk_quota_error_title=Izvan kvote
 theme_xhred_disk_quota_error_message=Nema više mjesta na uređaju
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Za dešifriranje koristite glavni administratorski ključ

lang/he.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Támogatási jegy benyújtása csatolt rendsz
 theme_xhred_tooltip_side_slider_refresh_sysinfo=A rendszerinformációk frissítésének kényszerítése
 theme_xhred_disk_quota_error_title=Túl a kvótán
 theme_xhred_disk_quota_error_message=Nincs hely az eszközön
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Használja a fő rendszergazdai kulcsot a visszafejtéshez

lang/hr.auto

@@ -64,3 +64,4 @@ theme_xhred_tooltip_support_ticket=Invia un ticket di supporto con le informazio
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Forza l'aggiornamento delle informazioni di sistema
 theme_xhred_disk_quota_error_title=Fuori quota
 theme_xhred_disk_quota_error_message=Nessuno spazio rimasto sul dispositivo
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Utilizzare la chiave dell'amministratore principale per la decrittografia

lang/hu.auto

@@ -176,3 +176,4 @@ theme_xhred_tooltip_support_ticket=システム情報を添付したサポート
 theme_xhred_tooltip_side_slider_refresh_sysinfo=システム情報を強制的に更新する
 theme_xhred_disk_quota_error_title=クォータを超えています
 theme_xhred_disk_quota_error_message=デバイスにスペースが残っていません
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=復号化にマスター管理者キーを使用する

lang/it.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=첨부된 시스템 정보와 함께 지원 
 theme_xhred_tooltip_side_slider_refresh_sysinfo=시스템 정보를 강제로 새로 고침
 theme_xhred_disk_quota_error_title=할당량 부족
 theme_xhred_disk_quota_error_message=기기에 남은 공간이 없습니다
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=복호화에 마스터 관리자 키 사용

lang/ja.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Pateikti palaikymo bilietą su pridedama sist
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Priversti atnaujinti sistemos informaciją
 theme_xhred_disk_quota_error_title=Kvota nepatenka
 theme_xhred_disk_quota_error_message=įrenginyje nebėra vietos
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Iššifravimui naudokite pagrindinį administratoriaus raktą

lang/ko.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Iesniegt atbalsta biļeti ar pievienotu sist
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Piespiest atsvaidzināt sistēmas informāciju
 theme_xhred_disk_quota_error_title=Ārpus kvotas
 theme_xhred_disk_quota_error_message=Ierīcē vairs nav vietas
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Atšifrēšanai izmantojiet galveno administratora atslēgu

lang/lt.auto

@@ -653,3 +653,4 @@ theme_xhred_tooltip_support_ticket=Serahkan tiket sokongan dengan maklumat siste
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Paksa untuk memuat semula maklumat sistem
 theme_xhred_disk_quota_error_title=Habis kuota
 theme_xhred_disk_quota_error_message=Tiada lagi ruang di dalam peranti
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Gunakan kunci pentadbir induk untuk penyahsulitan

lang/lv.auto

@@ -1268,3 +1268,4 @@ theme_xhred_tooltip_support_ticket=Ibgħat biljett ta' appoġġ b'informazzjoni
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Imġiegħel li jġedded l-informazzjoni tas-sistema
 theme_xhred_disk_quota_error_title=Barra mill-kwota
 theme_xhred_disk_quota_error_message=Ma fadalx spazju fuq it-tagħmir
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Uża ċavetta tal-amministratur prinċipali għad-deċifrar

lang/ms.auto

@@ -1155,3 +1155,4 @@ theme_xhred_tooltip_support_ticket=Dien een ondersteuningsticket in met bijgevoe
 theme_xhred_tooltip_side_slider_refresh_sysinfo=Forceer om systeeminformatie te vernieuwen
 theme_xhred_disk_quota_error_title=Buiten quotum
 theme_xhred_disk_quota_error_message=Geen ruimte meer op het apparaat
+theme_xhred_filemanager_decrypt_option_use_master_admin_keys=Gebruik de hoofdbeheerderssleutel voor decodering