Cant share encrypted file with external user #27261
Comments
|
I did a local test with openLDAP and encrypted files, and sharing a file or folder with link from a LDAP user works fine for me. Is this problem repeatable ? Does it happen for any user ? I assume that you use the "Link share" feature and when opening the link share in a separate browser, the file cannot be downloaded ? |
|
Hey, thanks for your fast response. We're using Active Directory for User auth, not sure if this is may be the cause of the problem. The problem is repeatable. I tested it with at least 4 legacy users (already created) and also created a new user. Yes, i use the Share with Link feature and then i try to download the shared file with the link in another browser session (not logged in to owncloud). I just get that error message. If i login to owncloud and a session is created, i can download the shared file just fine. |
|
Can you test with local users ? create a local dummy user (not LDAP) and share a file with link from that user. Can the file from the link be downloaded ? This is to find out whether it's LDAP-related. |
|
@PVince81 |
|
So far I still can't reproduce this or understand why it is happening unfortunately. Do you have the full stack trace from the error ? The one you posted in the original post is truncated and is missing the three first items: |
|
These are the last lines of my owncloud log: |
|
Here we go, expanded version of the last entry: |
|
Can you do this: |
|
Sure: |
|
This is what I get with a fresh OC 9.1.4 install and a local "otest4" user: Your user is somehow missing the folder "data/otest4/files_encryption/OC_DEFAULT_MODULE" which contains the public and private keys. Try Are files actually encrypted on-disk ? Can you try opening "/mnt/infocloud/otest4/files/Photos/Squirrel.jpg" directly with an image viewer ? Are you using encryption with master key mode or did you ever try switching to an alternative key location ? |
|
Thanks for your input! The sql statement returns A test file seems to be encrypted: I can't open the Squirrel.jpg in a file viewer, it also seems to be encrypted. Yes, I'm using a master passwort but i never tried to switch to an alternative key location. |
|
Okay, got it. I was testing with the regular non-master-key mode. In master key mode, users do not receive a private key. Everything uses the master key. Let me test again. |
Steps:
Expected resultFile is downloaded. Actual resultI'll have a look... |
This was referenced Feb 27, 2017
|
@Isotop7 this quick patch fixes it: #27265 (download as patch https://github.com/owncloud/core/pull/27265.patch) |
|
If i apply this patch and try to download the file i get: Falsche Signatur = wrong signature |
|
@Isotop7 hmm, that patch worked for me, so there is probably more. Can you post the matching stack trace from the log ? |
|
@PVince81 I hope i copied all the needed stuff: EDIT: Should i try another new user? A new file? |
|
Reformatting your signature exception: |
Yes, please. If all of them fail with Bad Signature that might be a clue... So far I can't reproduce this issue. |
|
I tried a new clean user and it failed with the same error message. Can i temporarily disable the signature check to test if the fix is working on my end? |
|
What I don't understand is that the signature check fails when verifying the private key on your env, not even the file itself. To disable signature check, comment out this line: https://github.com/owncloud/core/blob/v9.1.4/apps/encryption/lib/Crypto/Crypt.php#L463 |
|
@PVince81: If I disable the signature check everything works!! Is there anything i can pass you to troubleshoot the sig check problem? EDIT: It only works when creating new files and share them. When I share a file that is already there i get: Translation: Sharing the file again doesnt seem to solve the problem. The connected lines of the owncloud log are: |
|
Expanded last exception: @Isotop7 you are still talking about link shares in your last post, right ? Not user to user shares ? |
|
@PVince81 : How do i manually expand the exception so you dont have to do it? Regarding my issue: |
It's a tedious manual work, don't bother. Thanks anyway. I use some vim shortcuts. From what I saw in the encryption code there are actually two keys to choose for for public links: the master key and the public link key. I'm not sure why public link keys are still created/used even though we have master keys. Maybe the signature issue is related to that. Otherwise debugging the signature issue would require looking into the bytes of the signature of the private key to find out why it is wrong and in what way it is different. This goes already very deep and I'm not ready to go that deep just yet. |
|
@Isotop7 I changed the PR to now use the master key instead of the public share key when accessing public links. This also works for me. With a bit of luck it might solve your issue too ? See #27265. |
|
@PVince81 Thank you very much. I'm having my users verify that it is fully working but in the first tests everything worked flawlessly and all errors are gone. I'll keep you updated. EDIT: It works!!! Thank you again. Should i close this issue now? |
9 tasks
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Steps to reproduce
Expected behaviour
User B should be able to download the shared file
Actual behaviour
User B gets the error message
when trying to download the file.
If I share the same file with a owncloud user, he can download it when being logged on.
Server configuration
Operating system:
Ubuntu 14.04
Web server:
Apache 2.4.7
Database:
MySQL 5.6.33
PHP version:
PHP 5.5.9
ownCloud version: (see ownCloud admin page)
9.1.4
Updated from an older ownCloud or fresh install:
updated all the way from version 8 in the past
Where did you install ownCloud from:
Official owncloud repo
Signing status (ownCloud 9.0 and above):
List of activated apps:
The content of config/config.php:
Are you using external storage, if yes which one: local/smb/sftp/...
local storage (ESXi-LUN on a DELL EQL)
Are you using encryption: yes/no
yes
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP
LDAP configuration (delete this part if not used)
Client configuration
Browser:
Chrome 56.0.2924.87 (tested with several others)
Operating system:
Windows 10 1607
Logs
Web server error log
ownCloud log (data/owncloud.log)
Browser log
Chrome js:
The text was updated successfully, but these errors were encountered: