Transfer ownership work with masterkey #28107
Conversation
e8b352c to
cd0b99a
Compare
cd0b99a to
fdaae0a
Compare
| @@ -944,6 +944,9 @@ public static function getDirectoryContent($directory, $mimetype_filter = '') { | |||
| * @return string | |||
| */ | |||
| public static function getPath($id) { | |||
| if (self::$defaultInstance === null) { | |||
| throw new NotFoundException("defaultInstance is null"); | |||
There was a problem hiding this comment.
This is one solution I found to get rid of the fatal error thrown by symfony. Any suggestions how to improve this?
There was a problem hiding this comment.
thrown by symfony.
when exactly is this happening ? when running CI ?
There was a problem hiding this comment.
when exactly is this happening ? when running CI ?
When integration test is executed.
fdaae0a to
432b6bb
Compare
|
Attaching the integration-test result : |
apps/encryption/lib/Crypto/Crypt.php
Outdated
| @@ -480,7 +480,9 @@ public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $ciph | |||
| private function checkSignature($data, $passPhrase, $expectedSignature) { | |||
| $signature = $this->createSignature($data, $passPhrase); | |||
| if (!hash_equals($expectedSignature, $signature)) { | |||
| throw new HintException('Bad Signature', $this->l->t('Bad Signature')); | |||
| if (\OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', 0) === 0) { | |||
There was a problem hiding this comment.
As far as I know the master key should still use signatures to detect when encrypted files have been tampered with.
Last time there was another bug that led to "Bad signature" which was because something in the encryption code wasn't properly initialized. I suggest you verify that.
There was a problem hiding this comment.
You can read from here #27261 (comment).
My solution was here #27261 (comment) but will probably not apply. Still, having a look there and at my PR might give some potential clues.
| @@ -194,6 +195,10 @@ function (FileInfo $fileInfo) use ($progress, $self) { | |||
| $progress->advance(); | |||
| $this->allFiles[] = $fileInfo; | |||
| if ($fileInfo->isEncrypted()) { | |||
|
|
|||
| if (\OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', 0) !== 0) { | |||
There was a problem hiding this comment.
why not add it to the array if it's encrypted with master key ? answer in a PHPDoc to de-confuse future devs
| try { | ||
| $this->shareManager->deleteShare($share); | ||
| } catch (\OCP\Files\NotFoundException $e) { | ||
| } |
There was a problem hiding this comment.
add error handling or a comment why we don't handle / ignore
172f754 to
f032e9f
Compare
|
Updated the PR by:
|
| * master key. The method getPath from \OC\Files\Filesystem tries | ||
| * to call getPath using defaultInstance variable which | ||
| * is null. Hence this causes our integration tests to break. | ||
| */ |
There was a problem hiding this comment.
Thanks for the explanation. I think we shouldn't catch and ignore an exception like this just because of integration tests.
I was fine with your other workaround in the other method when instance is null but here I think it's a bit too much.
Do you know which test fails ? Maybe there's a setupFS missing somewhere to initialize that default instance ?
From what I see the defaultInstance is created when calling Filesystem::init().
Can you debug and compare why that one is properly set when running OCC manually and not when running integration tests ? There shouldn't be any difference...
There was a problem hiding this comment.
I have updated the PR. This change is not required :( Hence I have removed the code in the latest PR. Here is the output of : OC_TEST_ENCRYPTION_MASTER_KEY_ENABLED=1 ./run.sh features/transfer-ownership.feature &> out.txt ( the out.txt :
out1.txt )
f032e9f to
2c38732
Compare
| @@ -194,6 +195,14 @@ function (FileInfo $fileInfo) use ($progress, $self) { | |||
| $progress->advance(); | |||
| $this->allFiles[] = $fileInfo; | |||
| if ($fileInfo->isEncrypted()) { | |||
| if (\OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', 0) !== 0) { | |||
There was a problem hiding this comment.
Note that in general the transfer ownership app isn't supposed to know about specific encryption implementations.
Some people might implement their own custom encryption schemes, so would need a better abstraction.
But as we likely don't have time for better abstractions let's merge this.
0b55ee0 to
1fb8a88
Compare
|
Updated the PR and the verified the transfer-ownership.feature on my machine: |
| * version will be 1 and the expected version is at 2. And this results in Bad | ||
| * Signature. This change helps to fix the issue. | ||
| */ | ||
| if ($encryptedVersion === 2) { |
There was a problem hiding this comment.
Not able to get any better solution. As per my understanding this version is causing "Bad Signature". The problem is when the expected signature is for version 2 and the signature generated is for version 1.
There was a problem hiding this comment.
Please try creating and overwriting a file multiple times before the transfer. You'll see that the value of encrypted in the database can be higher, so this hard-coded 2 likely will not work.
There was a problem hiding this comment.
I also suggest to add this as an additional integration test ^
1fb8a88 to
1a717b4
Compare
| * Instead of the reusing old version, we stick with version 1. This helps | ||
| * the data viewed in UI and helps resolve "Bad Signature". | ||
| */ | ||
| $encryptedVersion = 1; |
There was a problem hiding this comment.
Yes, that was right. When the data is updated in the file multiple times or file is edited multiple times, old logic fails. So if we make the version 1, then it looks like the data doesn't hit "Bad Signature".
There was a problem hiding this comment.
the "Bad signature" was only observed with transfer ownership or also other cases ?
cc @tomneedham
There was a problem hiding this comment.
One of my observation is that whenever a new file is created the version is set to 0. So when transfer:ownership is called, altogether a new file is being created. Which is resulting in version to set to zero: https://github.com/owncloud/core/blob/master/lib/private/Files/Storage/Wrapper/Encryption.php#L743. Whenever new file is created the version is set: https://github.com/owncloud/encryption/blob/master/lib/Crypto/Encryption.php#L192. Need to figure out how to use the sourceInternalPath's version assigned to targetInternalPath.
There was a problem hiding this comment.
Did another experiment where I had 2 instances community edition(CE) and EE. Shared a folder of EE with CE. Now without my reset change, tried to create a file and moved to EE folder. It caused "Bad Signature". With my change enabled, created another file and moved to same EE folder. I was able to open the text file and read the contents. Moved the working file back to CE. No BadSignature was observed.
1a717b4 to
b985093
Compare
|
@sharidas strange failures, I suggest rebasing |
e79cc5f to
5bd426b
Compare
|
Rebased the branch with current master. |
|
It looks like the transfer-ownership.feature is run as |
|
failing tests, please have a look |
5bd426b to
b8465f2
Compare
|
The test cases were passing without encryption: |
83f79ad to
33db0ff
Compare
33db0ff to
2fa1d6a
Compare
| if($isRename) { | ||
| $absSourcePath = Filesystem::normalizePath($sourceStorage->getOwner($sourceInternalPath). '/' . $sourceInternalPath); | ||
| $absTargetPath = Filesystem::normalizePath($this->getFullPath($targetInternalPath)); | ||
| \OC::$server->getSession()->set('renameFile',[$absSourcePath, $absTargetPath]); |
There was a problem hiding this comment.
One mechanism adopted to give a hint that rename action is taking place.
There was a problem hiding this comment.
And associated changes here: owncloud/encryption#8
| * Instead of the reusing old version, we stick with version 1. This helps | ||
| * the data viewed in UI and helps resolve "Bad Signature". | ||
| */ | ||
| $cacheInformation['encryptedVersion'] += 1; |
There was a problem hiding this comment.
No reset to 1. Instead increment the version.
|
This change works with transfer-ownership. The transfer of files between external storage found problematic :( |
2fa1d6a to
bb7d4c7
Compare
| * | ||
| * $return array $header contain data as key-value pairs which should be | ||
| * written to the header, in case of a write operation | ||
| * or if no additional data is needed return a empty array | ||
| * @since 8.1.0 | ||
| */ | ||
| public function begin($path, $user, $mode, array $header, array $accessList); | ||
| public function begin($path, $user, $mode, array $header, array $accessList, $renameFile); |
There was a problem hiding this comment.
since you are using a string instead of bool I suggest renaming this everywhere to $sourceFileOfRename = null.
efaa8fd to
83e8467
Compare
This change helps users to get transfer-ownership command work when masterkey is enabled as mode of encryption. Signed-off-by: Sujith H <sharidasan@owncloud.com>
83e8467 to
9602182
Compare
| * Rename is a process of creating a new file. Here we try to use the | ||
| * incremented version of source file, for the destination file. | ||
| */ | ||
| $encryptedVersion = $sourceStorage->getCache()->get($sourceInternalPath)['encryptedVersion']; |
There was a problem hiding this comment.
Modified this change. Trivial change. There was failure in couple of tests : apps/files_trashbin/tests/StorageTest.php and apps/files_trashbin/tests/TrashbinTest.php
|
@sharidas please backport to stable10 |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
This change helps users to get transfer-ownership
command work when masterkey is enabled as mode
of encryption.
Signed-off-by: Sujith H sharidasan@owncloud.com
Description
This change will help users to transfer files using transfer-ownership command when masterkey mode is enabled for encryption.
Related Issue
#27427
Motivation and Context
This change would help user tranfer files between users using transfer-ownership command when masterkey mode is enabled for encryption.
How Has This Been Tested?
Below are the steps executed for testing:
`sujith@sujith-Inspiron-5567 ~/test/owncloud $ ./occ files:transfer-ownership --path transferred\ from\ user1\ on\ 20170608_115804/1 admin user1
Cannot load Xdebug - it was already loaded
Analysing files of admin ...
1 [->--------------------------]
Check if master key enabled 1
1 [============================]
Collecting all share information for files and folder of admin ...
0 [>---------------------------]
Transferring files to user1/files/transferred from admin on 20170608_032359 ...
Restoring shares ...
0 [>---------------------------]
sujith@sujith-Inspiron-5567 ~/test/owncloud $ ./occ files:transfer-ownership --path transferred\ from\ admin\ on\ 20170608_032359/1 user1 admin
Cannot load Xdebug - it was already loaded
Analysing files of user1 ...
1 [============================]
Collecting all share information for files and folder of user1 ...
0 [>---------------------------]
Transferring files to admin/files/transferred from user1 on 20170608_033618 ...
Restoring shares ...
0 [>---------------------------]
sujith@sujith-Inspiron-5567 ~/test/owncloud $
This has also been tested by running the test transfer-ownership.feature`
Screenshots (if appropriate):
Types of changes
Checklist: