Sharing Files with Owncloud 9.1.2 fails

[starguy]

Same as here

#26406

Steps to reproduce

1.  User uploaded file
2. Shared this file
3. Shared file cannot be opened or downloaded by another (in the shared group) user -> encryption module exception

Expected behaviour

Download or File Open should work

Actual behaviour

Exception

Server configuration

Operating system:
Debian 8 Jessie
Kernel Version 3.16.04 AMD 64

Web server:
nginx (actual version)
also
apache 2
Database:
mysql

PHP version:
5.6

ownCloud version: (see ownCloud admin page)
9.1.2

Updated from an older ownCloud or fresh install:
updated from 9.1.1

Where did you install ownCloud from:
Owncloud Webpage

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:
LDAP
Encryption

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder

The content of config/config.php:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

or 

Insert your config.php content here
(Without the database password, passwordsalt and secret)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

{"reqId":"uR2+l9tqRtB5AB1\/42jN","remoteAddr":"***","app":"no app in context","message":"Encryption module \"Default encryption module\" is not able to read \/0602E5A3-A70C-4662-B0CE-F0A4B00021A3\/files\/test-share\/server_performance.png","level":2,"time":"2016-11-14T09:32:28+00:00","method":"GET","url":"\/owncloud\/index.php\/apps\/files\/ajax\/download.php?dir=%2Ftest-share&files=server_performance.png&downloadStartSecret=jrgvyvptpzr","user":"2D6083F7-CF1A-49F3-8A6A-8B37A0C1B27E"}
{"reqId":"uR2+l9tqRtB5AB1\/42jN","remoteAddr":"***","app":"no app in context","message":"Exception: {\"Exception\":\"OC\\\\Encryption\\\\Exceptions\\\\DecryptionFailedException\",\"Message\":\"Encryption module \\\"Default encryption module\\\" is not able to read \\\/0602E5A3-A70C-4662-B0CE-F0A4B00021A3\\\/files\\\/test-share\\\/server_performance.png\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(327): OCA\\\\Encryption\\\\Crypto\\\\Encryption->isReadable('\\\/0602E5A3-A70C-...', '2D6083F7-CF1A-4...')\\n#1 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(168): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->isReadable('files\\\/test-shar...')\\n#2 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/files_sharing\\\/lib\\\/sharedstorage.php(181): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->isReadable('files\\\/test-shar...')\\n#3 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(168): OC\\\\Files\\\\Storage\\\\Shared->isReadable('server_performa...')\\n#4 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(1119): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->isReadable('server_performa...')\\n#5 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(484): OC\\\\Files\\\\View->basicOperation('isReadable', '\\\/test-share\\\/ser...')\\n#6 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(672): OC\\\\Files\\\\View->isReadable('\\\/test-share\\\/ser...')\\n#7 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/files.php(259): OC\\\\Files\\\\Filesystem::isReadable('\\\/test-share\\\/ser...')\\n#8 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/files.php(119): OC_Files::getSingleFile(Object(OC\\\\Files\\\\View), '\\\/test-share', 'server_performa...', Array)\\n#9 \\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/files\\\/ajax\\\/download.php(62): OC_Files::get('\\\/test-share', Array, Array)\\n#10 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Route.php(154) : runtime-created function(1): require_once('\\\/var\\\/www\\\/html\\\/o...')\\n#11 [internal function]: __lambda_func(Array)\\n#12 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(280): call_user_func('\\\\x00lambda_914', Array)\\n#13 \\\/var\\\/www\\\/html\\\/owncloud\\\/lib\\\/base.php(891): OC\\\\Route\\\\Router->match('\\\/apps\\\/files\\\/aja...')\\n#14 \\\/var\\\/www\\\/html\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#15 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Encryption.php\",\"Line\":487}","level":3,"time":"2016-11-14T09:32:28+00:00","method":"GET","url":"\/owncloud\/index.php\/apps\/files\/ajax\/download.php?dir=%2Ftest-share&files=server_performance.png&downloadStartSecret=jrgvyvptpzr","user":"2D6083F7-CF1A-49F3-8A6A-8B37A0C1B27E"}
{"reqId":"PshdlkmlvxDusOB0x30w","remoteAddr":"***","app":"PHP","message":"Module 'pdo_pgsql' already loaded at Unknown#0","level":3,"time":"2016-11-14T09:32:30+00:00","method":"GET","url":"\/owncloud\/index.php\/apps\/files\/","user":"2D6083F7-CF1A-49F3-8A6A-8B37A0C1B27E"}
{"reqId":"L5l4mcrIsUokHi+djGOT","remoteAddr":"***","app":"PHP","message":"Module 'pdo_pgsql' already loaded at Unknown#0","level":3,"time":"2016-11-14T09:32:39+00:00","method":"POST","url":"\/owncloud\/index.php\/apps\/user_ldap\/ajax\/testConfiguration.php","user":"2D6083F7-CF1A-49F3-8A6A-8B37A0C1B27E"}

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

[PVince81]

@starguy did you add people to the group after sharing or were the people already in the group ?
What is the exception ? Please post owncloud.log

[PVince81]

also: are there people in the group who have never logged in before. Normally encryption should skip these users as they might not have keys yet but other users should work

[PVince81]

My steps:

1. Setup OC v9.1.2
2. Enable encryption module app + enable encryption in admin page
3. Log out and login again as admin
4. Setup LDAP server (using the zombies from https://github.com/owncloud/administration/tree/master/ldap-testing)
5. Add a few zombies in LDAP group "Box10" (I used "memberUid" mode). I added "zombie400", "zombie480" and "zombie484" in that group
6. Setup LDAP in OC
7. Go to users page and see the LDAP users
8. Login as "zombie400", this will create a keypair for that user
9. Login as "zombie300" (a user outside the group)
10. Create a folder "test" and put some files in it
11. Share "test" with the group "Box10"
12. Login as "zombie400" again
13. Download and check the received file => works for me
14. Login as "zombie480", that user never logged in before and had no encryption keys at the time of the share
15. Download and check the received file => broken

Log:

{"reqId":"2xHC2U7G7dH3vrb1f3xZ","remoteAddr":"127.0.0.1","app":"webdav","message":"Exception: {\"Message\":\"Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.\",\"Exception\":\"OC\\\\Encryption\\\\Exceptions\\\\DecryptionFailedException\",\"Code\":0,\"Trace\":\"#0 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Stream\\\/Encryption.php(459): OCA\\\\Encryption\\\\Crypto\\\\Encryption->decrypt('7iTI2rWpagF\\\/WzW...', 0)\\n#1 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Stream\\\/Encryption.php(290): OC\\\\Files\\\\Stream\\\\Encryption->readCache()\\n#2 [internal function]: OC\\\\Files\\\\Stream\\\\Encryption->stream_read(8192)\\n#3 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/3rdparty\\\/icewind\\\/streams\\\/src\\\/Wrapper.php(83): fread(Resource id #604, 8192)\\n#4 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/3rdparty\\\/icewind\\\/streams\\\/src\\\/CallbackWrapper.php(91): Icewind\\\\Streams\\\\Wrapper->stream_read(8192)\\n#5 [internal function]: Icewind\\\\Streams\\\\CallbackWrapper->stream_read(8192)\\n#6 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Sapi.php(78): stream_copy_to_stream(Resource id #608, Resource id #618, '2204330')\\n#7 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(470): Sabre\\\\HTTP\\\\Sapi::sendResponse(Object(Sabre\\\\HTTP\\\\Response))\\n#8 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#9 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(56): Sabre\\\\DAV\\\\Server->exec()\\n#10 \\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/remote.php(164): require_once('\\\/srv\\\/www\\\/htdocs...')\\n#11 {main}\",\"File\":\"\\\/srv\\\/www\\\/htdocs\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Encryption.php\",\"Line\":360,\"User\":\"12ea3b8a-3c3e-1036-90d4-b32c90a1c338\"}","level":4,"time":"2016-11-11T09:43:02+00:00","method":"GET","url":"\/owncloud\/remote.php\/webdav\/test\/P1070118.JPG?downloadStartSecret=7r9u72uqhs200uusmcsweidx6r","user":"12ea3b8a-3c3e-1036-90d4-b32c90a1c338"}

If that's the same scenario as yours, then please note that this is a limitation of the security model of the encryption app. Users who have never logged in cannot have keypairs because their passwords are not known beforehand and the password is needed to create the keypair. This would be a duplicate of: #16332

[starguy]

Hello @PVince81 ,
thx for your fast response! I attached the owncloud.log File to the bug. And i reproduced it the following way:

1. LDAP was setup
2. Reactivated encryption module
3. Logged in user A and user B
4. Created share by user A
5. Added file by user A
6. Logged in as user B
7. Tried to download file posted by user A -> exception occurs

Any help appreciated,

Greez
c

[PVince81]

Are you using the "homeDirectory" feature of LDAP where LDAP tells OC where the data of each user is ? If yes, this could be related to #26820

[starguy]

Hey @PVince81,

if u mean the ldap home connector -> i didnt activate it. Only thing that is activated is in the LDAP configuration the naming rule for the home directory. Do u mean that?

[PVince81]

Only thing that is activated is in the LDAP configuration the naming rule for the home directory. Do u mean that?

Yes.

[starguy]

than it might be related..

[PVince81]

Please try with this patch #26824 and let us know if it worked.

[PVince81]

Closing due to lack of feedback, I assume that this was the issue you were having. Please reopen if applying the patch did not fix the issue for you.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.