Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Share keys not updated when group members change #20146

Open
J0WI opened this issue Mar 24, 2020 · 6 comments
Open

Share keys not updated when group members change #20146

J0WI opened this issue Mar 24, 2020 · 6 comments
Assignees
@come-nc
Labels
1. to develop Accepted and waiting to be taken care of 25-feedback bug feature: encryption (server-side) feature: sharing

Comments

@J0WI
Copy link
Contributor

J0WI commented Mar 24, 2020

I run into a critical bug when a folder is shared with a group and group members are updated afterwards.

Steps to reproduce

  1. disable master key
  2. enable encryption
  3. add a new group and at least two additional users
  4. add yourself and one user to the new group
  5. share a folder with some stuff with this group
    Note: *nextcloud data root*/*user*/files_encryption/keys/files/*folder*/*file*/OC_DEFAULT_MODULE/ contains the keys of all group members and data/admin/files/keys/files/*folder*/*file* is encrypted
  6. add the second user to the group
  7. remove the first user from the group or delete it

Expected behaviour

After step 7 and 8 the key files should have been updated.

Actual behaviour

The key files are not updated and users that have been added to the group after the folder has been shared are not able to access its content. If a user is removed from the group or deleted, its key file is not cleaned up. This results in a very confusing situation, that after deleting a user and creating a new one with the exact same name, you re not able to share any files again.
This does also happen if you reset the password of a user.

Workaround

The owner of the files has to unsahre all folders and reshare them again after groups memebers have been changed. This is a really bad behavior and not practicable. It's also potential insecure that obsolete keys are not removed.

@nextcloud/encryption is it save to remove any obsolete user.shareKey by hand?

Server configuration

Operating system: any

Web server: any

Database: any

PHP version: 7.3

Nextcloud version: 18

Updated from an older Nextcloud/ownCloud or fresh install: fresh (just for this testcase))

Where did you install Nextcloud from: source

Are you using encryption: yes
@J0WI J0WI added bug feature: encryption (server-side) 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Mar 24, 2020
@J0WI J0WI mentioned this issue Mar 24, 2020
Closed
@yahesh
Copy link
Member

yahesh commented Mar 26, 2020

We ran into this problem back in 2017 when we evaluated server-side-encryption but thought that this had to do with using an LDAP backend for the group definitions. I guess this problem stems from the fact that Nextcloud uses openssl_seal() internally to encrypt the file key. Thus, whenever a file/folder is shared, the file key is sealed for all recipient. When the file/folder is unshared, the corresponding file keys would have to be re-sealed which is quite CPU-intensive due to the RSA encryptions taking place underneath. Back then, using the user-key encryption proved to not be practical due to this problem.

@J0WI J0WI mentioned this issue Mar 26, 2020
Closed
@J0WI J0WI mentioned this issue Apr 10, 2020
Open
@szaimen

This comment was marked as resolved.

Sign in to view
@J0WI

This comment was marked as resolved.

Sign in to view
@szaimen szaimen added 1. to develop Accepted and waiting to be taken care of and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap needs info labels Jun 1, 2021
@szaimen

This comment was marked as resolved.

Sign in to view
@szaimen szaimen added needs info 0. Needs triage Pending check for reproducibility or if it fits our roadmap and removed 1. to develop Accepted and waiting to be taken care of labels Jan 9, 2023
@J0WI

This comment was marked as resolved.

Sign in to view
@J0WI J0WI added 1. to develop Accepted and waiting to be taken care of 26-feedback 25-feedback and removed needs info 0. Needs triage Pending check for reproducibility or if it fits our roadmap 26-feedback labels Jan 28, 2023
@pabzm
Copy link
Contributor

pabzm commented Feb 11, 2025

This problem still exists on v29 and v30.

@come-nc come-nc self-assigned this Feb 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@come-nc come-nc

Labels
1. to develop Accepted and waiting to be taken care of 25-feedback bug feature: encryption (server-side) feature: sharing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yahesh @joshtrichards @J0WI @szaimen @pabzm @come-nc