[stable9] Setupfs before access a users keys #26820
Conversation
|
original issue confirmed with your hack and also LDAP + homeDirectory on stable9 |
|
This PR works for newly created shared files. Old files don't have the correct keys and can't be repaired without recreating or resharing (there is no other way). I think |
| } | ||
| $path = $this->constructUserKeyPath($encryptionModuleId, $keyId, $uid); | ||
| $key = $this->getKey($path); | ||
| if (!empty($uid) && $uid !== $currentUser) { | ||
| \OC_Util::tearDownFS(); | ||
| \OC_Util::setupFS($currentUser); | ||
| \OC\Files\Filesystem::initMountPoints($uid); |
There was a problem hiding this comment.
Hmm, really? The FS of the current user is usually already setup.
What we need is setup the FS for the target user $uid. Strangely this fix works for me.
There was a problem hiding this comment.
To put it into perspective: let's say "user1" is logged in, so usually setupFS("user1") was already called early on. But "user1" shares a file with "user2" (or creates a file in a shared folder), so we also need to mount the home folder of "user2" to have proper access to the keys and files.
I suspect that the mounting already happens later in the sharing code, but if this enc code runs earlier than the sharing code then we need to do it too.
There was a problem hiding this comment.
wrong turn in my brain
I guess we don't need the second block - this was used for teardowns
There was a problem hiding this comment.
I'll also replace empty($uid), remember that empty("0") evaluates to true...
|
@DeepDiver1975 I redid a test run with folder shares, file shares and also creating a file inside an already shared folder and this fix as per my modification does work. This is with LDAP and an alternative home folder. |
|
Also retested with the hash folder hack, my fix makes it work too. |
PVince81
force-pushed
the
setupfs-before-access-a-users-keys-stable9
branch
from
0f85d39
to
bdfe726
Compare
|
Fixed and retested with the md5 hack variant, still works. Squash ? |
|
Yes. Squash, merge at will and port it all around :party: |
DeepDiver1975
force-pushed
the
setupfs-before-access-a-users-keys-stable9
branch
from
bdfe726
to
af1d6dd
Compare
|
@PVince81 squashed - merge now or later? Your call. |
|
Rebase to resurrect Jenkins then squash+merge now and keep the "backport-request" label |
|
👻 |
| @@ -70,6 +70,10 @@ public function __construct(View $view, Util $util) { | |||
| * @inheritdoc | |||
| */ | |||
| public function getUserKey($uid, $keyId, $encryptionModuleId) { | |||
| $currentUser = \OC_User::getUser(); | |||
| if (!is_null($uid) && $uid !== '' && $uid !== $currentUser) { | |||
| \OC\Files\Filesystem::initMountPoints($uid); | |||
There was a problem hiding this comment.
@PVince81 I guess we should apply this patch to all other methods which call constructUserKeyPath with a user ....
There was a problem hiding this comment.
I looked at the other code path within that class and it seems it would indeed be needed there.
It is not clear whether initMountPoints was already called from outside there, it's not a guarantee.
I'll add something in all the methods.
|
|
@DeepDiver1975 I've added the init mount points in the other code paths, please check it out: 4b602f6 A quick manual test with LDAP + homeDirectory shows that it still works. Now I don't feel comfortable merging this without having automated tests... this would require to finish/solve #26586 and also introduce a new user backend that md5's the user home to simulate this situation. Maybe that backend could be part of the "testing" app ? Or do we make it an official feature configurable in config.php ? |
|
For now I made this PR with the md5 hack to see if the current test coverage would catch the issue: #26844 |
|
Let's first get the automated tests sorted out, I want proper coverage for this: #26844 |
|
@PVince81 please provide this patch for 9.1 |
|
@felixboehm here you go: #26824 (updated with the latest commit). |
PVince81
force-pushed
the
setupfs-before-access-a-users-keys-stable9
branch
from
7312623
to
5554dc4
Compare
|
Jenkins passed. Since most of the code is now modified by me, need review from someone else please @jvillafanez @DeepDiver1975 @VicDeo @butonic |
|
Same comments as #26917 |
|
Cherry-picked the test from master and replace @jvillafanez please re-review. Thanks |
PVince81
force-pushed
the
setupfs-before-access-a-users-keys-stable9
branch
from
08c45c7
to
76b1b79
Compare
|
forgot to NOW it should be ok |
|
👍 |
|
Let's wait before merging. Need to investigate this (not-so-critical-but-still) regression #26935 |
|
Yeah, syntax error in PHP 5.4. |
|
PVince81
force-pushed
the
setupfs-before-access-a-users-keys-stable9
branch
from
76b1b79
to
a7882b0
Compare
|
Need rereview, I cherry-picked backports of master to fix a regression and incomplete cases. |
When encryption keys are stored outside the user's homes, there is no need to mount said homes.
Whenever a user was deleted for encryption where the keys are stored in the home, we can ignore user existence exceptions because it means the keys are already gone.
PVince81
force-pushed
the
setupfs-before-access-a-users-keys-stable9
branch
from
a7882b0
to
2ed1bc7
Compare
|
Rebased and removed the "preDelete" commit and cherry-picked the better fix from #26968 After all these additions, let's retest this:
|
|
|
Integratin tests backport pending to be merged: #26985 |
|
Changes look good 👍 |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
alternative approach for #26818
@PVince81 @felixboehm
Description
Related Issue
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist:
…he keys