Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server-side encryption: issue after moving key storage root, validation missing #27660

Closed
pako81 opened this issue Apr 18, 2017 · 15 comments
Closed

Server-side encryption: issue after moving key storage root, validation missing #27660

pako81 opened this issue Apr 18, 2017 · 15 comments
Labels
sev3-medium Type:Bug
Milestone
maybe some day

Comments

@pako81
Copy link

pako81 commented Apr 18, 2017
edited
Loading

Steps to reproduce

  1. Move keys to a different folder after server-side encryption has been enabled: 
       chown -R root:www-data /etc/keys
   chmod -R 0770 /etc/keys
   occ encryption:change-key-storage-root ../../../etc/keys
  2. The above command runs successfully
  3. However after that the /etc/keys folder is empty (?)
  4. Existing files cannot be opened anymore with the following error message:
    image
  5. New files are created unencrypted

Expected behaviour

Existing files should be accessible after moving the key storage root

Actual behaviour

See above

Server configuration

Operating system:
Ubuntu 16.04

Web server:
Apache 2.4

Database:
MariaDB 5.5

PHP version:
7.0.8

ownCloud version: (see ownCloud admin page)
10.0.0 beta2 (daily)

Updated from an older ownCloud or fresh install:
Fresh install

Are you using encryption: yes/no
yes

ownCloud log (data/owncloud.log)

{"reqId":"jT3WHOnDJ0qqWNQ0UGfR","level":3,"time":"2017-04-18T12:49:56+00:00","remoteAddr":"127.0.0.1","user":"--","app":"mysql.setup","method":"POST","url":"\/owncloud_daily\/index.php","message":"Specific user creation failed: An exception occurred while executing 'SELECT user FROM mysql.user WHERE user=?' with params [\"oc_pastripodi\"]:\n\nSQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user 'pastripodi'@'localhost' for table 'user'"}
{"reqId":"RSjGoei90JJVnZanalTn","level":2,"time":"2017-04-18T13:00:38+00:00","remoteAddr":"127.0.0.1","user":"--","app":"core","method":"POST","url":"\/owncloud_daily\/index.php\/login","message":"Login failed: 'test' (Remote IP: '127.0.0.1')"}
{"reqId":"tgXfek6yoz1seZjGHZLb","level":3,"time":"2017-04-18T13:03:25+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"PHP","method":"POST","url":"\/owncloud_daily\/index.php\/settings\/users\/changepassword","message":"Undefined offset: 1 at \/var\/www\/owncloud_daily\/lib\/private\/Mail\/Message.php#59"}
{"reqId":"tgXfek6yoz1seZjGHZLb","level":3,"time":"2017-04-18T13:03:25+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"index","method":"POST","url":"\/owncloud_daily\/index.php\/settings\/users\/changepassword","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"Couldn't send reset email. Please contact your administrator.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud_daily\\\/settings\\\/ChangePassword\\\/Controller.php(158): OC\\\\Settings\\\\ChangePassword\\\\Controller::sendNotificationMail('test')\\n#1 [internal function]: OC\\\\Settings\\\\ChangePassword\\\\Controller::changeUserPassword(Array)\\n#2 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/private\\\/Route\\\/Router.php(299): call_user_func(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/base.php(910): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#4 \\\/var\\\/www\\\/owncloud_daily\\\/index.php(49): OC::handleRequest()\\n#5 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud_daily\\\/settings\\\/ChangePassword\\\/Controller.php\",\"Line\":193}"}
{"reqId":"WuG7x1fARJ7CsiQf1Zk3","level":3,"time":"2017-04-18T13:03:57+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"PHP","method":"POST","url":"\/owncloud_daily\/index.php\/settings\/users\/changepassword","message":"Undefined offset: 1 at \/var\/www\/owncloud_daily\/lib\/private\/Mail\/Message.php#59"}
{"reqId":"WuG7x1fARJ7CsiQf1Zk3","level":3,"time":"2017-04-18T13:03:57+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"index","method":"POST","url":"\/owncloud_daily\/index.php\/settings\/users\/changepassword","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"Couldn't send reset email. Please contact your administrator.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud_daily\\\/settings\\\/ChangePassword\\\/Controller.php(158): OC\\\\Settings\\\\ChangePassword\\\\Controller::sendNotificationMail('test')\\n#1 [internal function]: OC\\\\Settings\\\\ChangePassword\\\\Controller::changeUserPassword(Array)\\n#2 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/private\\\/Route\\\/Router.php(299): call_user_func(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/base.php(910): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#4 \\\/var\\\/www\\\/owncloud_daily\\\/index.php(49): OC::handleRequest()\\n#5 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud_daily\\\/settings\\\/ChangePassword\\\/Controller.php\",\"Line\":193}"}
{"reqId":"kjgSnVVL8SCm9UowOyh7","level":2,"time":"2017-04-18T13:04:21+00:00","remoteAddr":"127.0.0.1","user":"--","app":"core","method":"POST","url":"\/owncloud_daily\/index.php\/login","message":"Login failed: 'test' (Remote IP: '127.0.0.1')"}
{"reqId":"Umzln7dEM2dQ0ISl2FRZ","level":3,"time":"2017-04-18T13:15:11+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"no app in context","method":"GET","url":"\/owncloud_daily\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"Exception: {\"Exception\":\"OC\\\\ServiceUnavailableException\",\"Message\":\"Key Storage is not ready\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/encryption\\\/appinfo\\\/app.php(28): OC\\\\Encryption\\\\Manager->isReady()\\n#1 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/private\\\/legacy\\\/app.php(211): require_once('\\\/var\\\/www\\\/ownclo...')\\n#2 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/private\\\/legacy\\\/app.php(162): OC_App::requireAppFile('encryption')\\n#3 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/private\\\/legacy\\\/app.php(120): OC_App::loadApp('encryption')\\n#4 \\\/var\\\/www\\\/owncloud_daily\\\/ocs\\\/v1.php(58): OC_App::loadApps()\\n#5 \\\/var\\\/www\\\/owncloud_daily\\\/ocs\\\/v2.php(23): require_once('\\\/var\\\/www\\\/ownclo...')\\n#6 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/private\\\/Encryption\\\/Manager.php\",\"Line\":113}"}
{"reqId":"3VhoX8dbYKS7jRiXpnVF","level":4,"time":"2017-04-18T13:17:19+00:00","remoteAddr":"127.0.0.1","user":"test","app":"webdav","method":"GET","url":"\/owncloud_daily\/remote.php\/webdav\/ownCloud%20Manual.pdf","message":"Exception: {\"Message\":\"HTTP\\\/1.1 503 Encryption not ready: Module with id: OC_DEFAULT_MODULE does not exist.\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(85): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\File->get()\\n#1 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpGet(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:GET', Array)\\n#4 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud_daily\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/File.php\",\"Line\":324,\"User\":\"test\"}"}
{"reqId":"T063XdKP04nqAvsXqx3u","level":4,"time":"2017-04-18T13:17:28+00:00","remoteAddr":"127.0.0.1","user":"test","app":"webdav","method":"GET","url":"\/owncloud_daily\/remote.php\/webdav\/Documents\/Example.odt","message":"Exception: {\"Message\":\"HTTP\\\/1.1 503 Encryption not ready: Module with id: OC_DEFAULT_MODULE does not exist.\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(85): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\File->get()\\n#1 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpGet(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:GET', Array)\\n#4 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud_daily\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/File.php\",\"Line\":324,\"User\":\"test\"}"}
{"reqId":"TmtfbcmEBziWhyEvPv3b","level":2,"time":"2017-04-18T13:17:39+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"PUT","url":"\/owncloud_daily\/remote.php\/webdav\/test.txt","message":"Encryption module \"\" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"YuXLymuOWYfSOPqGbVo6","level":2,"time":"2017-04-18T13:17:43+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"PUT","url":"\/owncloud_daily\/index.php\/apps\/files_texteditor\/ajax\/savefile","message":"Encryption module \"\" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"vfoPkNf5FtfdCuS9BzOp","level":2,"time":"2017-04-18T13:17:43+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"GET","url":"\/owncloud_daily\/index.php\/core\/preview.png?file=%2Ftest.txt&c=1492521549&x=32&y=32&forceIcon=0","message":"Encryption module \"\" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"vfoPkNf5FtfdCuS9BzOp","level":2,"time":"2017-04-18T13:17:43+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"GET","url":"\/owncloud_daily\/index.php\/core\/preview.png?file=%2Ftest.txt&c=1492521549&x=32&y=32&forceIcon=0","message":"Encryption module \"\" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"TcI4kNApnH9lOYD88h6l","level":2,"time":"2017-04-18T13:20:12+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"no app in context","method":"GET","url":"\/owncloud_daily\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","message":"Encryption module \"\" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"3HE0DkkJk6NAeOMBODg4","level":4,"time":"2017-04-18T13:34:49+00:00","remoteAddr":"127.0.0.1","user":"test","app":"webdav","method":"GET","url":"\/owncloud_daily\/remote.php\/webdav\/ownCloud%20Manual.pdf","message":"Exception: {\"Message\":\"HTTP\\\/1.1 503 Encryption not ready: Module with id: OC_DEFAULT_MODULE does not exist.\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(85): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\File->get()\\n#1 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpGet(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:GET', Array)\\n#4 \\\/var\\\/www\\\/owncloud_daily\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud_daily\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud_daily\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/File.php\",\"Line\":324,\"User\":\"test\"}"}
@pako81 pako81 added this to the 10.0 milestone Apr 18, 2017
@pako81 pako81 mentioned this issue Apr 18, 2017
Closed
@PVince81
Copy link
Contributor

You can't move keys outside of the data folder, only into another subdir of the data folder. Not sure why...

Maybe the bug is that command shouldn't allow that, but you somehow tricked it using "..".

@pako81 Can you retest with "data/keys" ?

The idea is that the admin can do a mount --bind /etc/keys $datadir/keys if they want to store the keys outside.

@PVince81
Copy link
Contributor

looks like the doc is wrong https://doc.owncloud.org/server/10.0/admin_manual/configuration_server/occ_command.html#encryption

@PVince81
Copy link
Contributor

raised https://github.com/owncloud/documentation/issues/3007

would still be good to confirm that it does work inside the data dir

@pako81
Copy link
Author

pako81 commented Apr 19, 2017
edited by cdamken
Loading

Tested with moving keys to "data/keys": existing files can now be accessed (no "Module with id: OC_DEFAULT_MODULE does not exist" error anymore), however:

  1. folder ~/data/keys is empty even if the command encryption:show-key-storage-root shows the new location for the keys
  2. after this it seems files are unencrypted: their content is accessible by the admin via CLI
  3. when clicking on "Encryption" on the admin dialog, you get an Internal Server Error:
    image
{"reqId":"njD5I6cwG6FdqNUWPJRH","level":3,"time":"2017-04-19T10:15:04+00:00","remoteAddr":"127.0.0.1","user":"--","app":"mysql.setup","method":"POST","url":"/owncloud_daily/index.php","message":"Specific user creation failed: An exception occurred while executing 'SELECT user FROM mysql.user WHERE user=?' with params ["oc_pastripodi"]:

SQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user 'pastripodi'@'localhost' for table 'user'"}
{"reqId":"RdJCYtPKmMEz339mniyM","level":3,"time":"2017-04-19T10:21:03+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"GET","url":"/owncloud_daily/ocs/v2.php/apps/notifications/api/v1/notifications?format=json","message":"Exception: {"Exception":"OC\ServiceUnavailableException","Message":"Key Storage is not ready","Code":0,"Trace":"
#0 /var/www/owncloud_daily/apps/encryption/appinfo/app.php(28): OC\Encryption\Manager->isReady()
#1 /var/www/owncloud_daily/lib/private/legacy/app.php(211): require_once('/var/www/ownclo...')
#2 /var/www/owncloud_daily/lib/private/legacy/app.php(162): OC_App::requireAppFile('encryption')
#3 /var/www/owncloud_daily/lib/private/legacy/app.php(120): OC_App::loadApp('encryption')
#4 /var/www/owncloud_daily/ocs/v1.php(58): OC_App::loadApps()
#5 /var/www/owncloud_daily/ocs/v2.php(23): require_once('/var/www/ownclo...')
#6 {main}","File":"/var/www/owncloud_daily/lib/private/Encryption/Manager.php","Line":113}"}
{"reqId":"EoDrT5tQA53SPLxLcE2g","level":2,"time":"2017-04-19T10:21:40+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"PUT","url":"/owncloud_daily/remote.php/webdav/test3.txt","message":"Encryption module "" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"3IiveV3lSzcDiANLQWmx","level":2,"time":"2017-04-19T10:21:44+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"PUT","url":"/owncloud_daily/index.php/apps/files_texteditor/ajax/savefile","message":"Encryption module "" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"bd3cJjqItQyYh4zXz25d","level":2,"time":"2017-04-19T10:21:44+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"GET","url":"/owncloud_daily/index.php/core/preview.png?file=%2Ftest3.txt&c=1492597353&x=32&y=32&forceIcon=0","message":"Encryption module "" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"bd3cJjqItQyYh4zXz25d","level":2,"time":"2017-04-19T10:21:45+00:00","remoteAddr":"127.0.0.1","user":"test","app":"no app in context","method":"GET","url":"/owncloud_daily/index.php/core/preview.png?file=%2Ftest3.txt&c=1492597353&x=32&y=32&forceIcon=0","message":"Encryption module "" not found, file will be stored unencrypted (Default encryption module not loaded)"}
{"reqId":"75OGxFLDZDTIFATGKrVT","level":3,"time":"2017-04-19T10:25:41+00:00","remoteAddr":"127.0.0.1","user":"pastripodi","app":"index","method":"GET","url":"/owncloud_daily/index.php/settings/admin?sectionid=encryption","message":"Exception: {"Exception":"OC\ServiceUnavailableException","Message":"Key Storage is not ready","Code":0,"Trace":"
#0 /var/www/owncloud_daily/settings/Panels/Admin/Encryption.php(36): OC\Encryption\Manager->isReady()
#1 /var/www/owncloud_daily/settings/Controller/SettingsPageController.php(142): OC\Settings\Panels\Admin\Encryption->getPanel()
#2 /var/www/owncloud_daily/settings/Controller/SettingsPageController.php(104): OC\Settings\Controller\SettingsPageController->getPanelsData(Array)
#3 [internal function]: OC\Settings\Controller\SettingsPageController->getAdmin('encryption')
#4 /var/www/owncloud_daily/lib/private/AppFramework/Http/Dispatcher.php(159): call_user_func_array(Array, Array)
#5 /var/www/owncloud_daily/lib/private/AppFramework/Http/Dispatcher.php(89): OC\AppFramework\Http\Dispatcher->executeController(Object(OC\Settings\Controller\SettingsPageController), 'getAdmin')
#6 /var/www/owncloud_daily/lib/private/AppFramework/App.php(98): OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Settings\Controller\SettingsPageController), 'getAdmin')
#7 /var/www/owncloud_daily/lib/private/AppFramework/Routing/RouteActionHandler.php(46): OC\AppFramework\App::main('SettingsPageCon...', 'getAdmin', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#8 [internal function]: OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
#9 /var/www/owncloud_daily/lib/private/Route/Router.php(299): call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
#10 /var/www/owncloud_daily/lib/base.php(910): OC\Route\Router->match('/settings/admin')
#11 /var/www/owncloud_daily/index.php(49): OC::handleRequest()
#12 {main}","File":"/var/www/owncloud_daily/lib/private/Encryption/Manager.php","Line":113}"}
{"reqId":"1hhwevqcArQGOLQOu1gs","level":2,"time":"2017-04-19T10:47:17+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"GET","url":"/owncloud_daily/index.php","message":"Trusted domain error. "172.18.16.170" tried to access using "172.18.16.128" as host."}
{"reqId":"TlQl4WVUzB2vA0UmQDUP","level":2,"time":"2017-04-19T10:47:18+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"GET","url":"/owncloud_daily/index.php/core/js/oc.js?v=5f55ac12122225f94199a41674d28f5c","message":"Trusted domain error. "172.18.16.170" tried to access using "172.18.16.128" as host."}
{"reqId":"427NvrGthKqRRzty9Bw0","level":2,"time":"2017-04-19T10:47:19+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"GET","url":"/owncloud_daily/cron.php","message":"Trusted domain error. "172.18.16.170" tried to access using "172.18.16.128" as host."}
{"reqId":"wLEh2NNnhzNixT0XBzE7","level":2,"time":"2017-04-19T10:47:34+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"GET","url":"/owncloud_daily/index.php","message":"Trusted domain error. "172.18.16.170" tried to access using "172.18.16.128" as host."}
{"reqId":"VZg9QEbb8LoZ4f9ernxP","level":2,"time":"2017-04-19T10:47:35+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"GET","url":"/owncloud_daily/index.php/core/js/oc.js?v=5f55ac12122225f94199a41674d28f5c","message":"Trusted domain error. "172.18.16.170" tried to access using "172.18.16.128" as host."}
{"reqId":"At0sBgs72idYN9l3lLmf","level":2,"time":"2017-04-19T10:47:35+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"GET","url":"/owncloud_daily/cron.php","message":"Trusted domain error. "172.18.16.170" tried to access using "172.18.16.128" as host."}
{"reqId":"HOw5RkAsQfyaKRQOlypJ","level":2,"time":"2017-04-19T10:48:21+00:00","remoteAddr":"172.18.16.170","user":"--","app":"core","method":"POST","url":"/owncloud_daily/index.php/login","message":"Login failed: 'pastripodi' (Remote IP: '172.18.16.170')"}
{"reqId":"3xs8GlZMF32mQiyUTCSm","level":2,"time":"2017-04-19T10:48:25+00:00","remoteAddr":"172.18.16.170","user":"pastripodi","app":"no app in context","method":"GET","url":"/owncloud_daily/index.php/apps/files/","message":"Encryption module "" not found, file will be stored unencrypted (Default encryption module not loaded)"}

Something seems definitely wrong with this command.

@PVince81
Copy link
Contributor

Argh... ok, thanks for testing.

@PVince81 PVince81 self-assigned this Apr 19, 2017
@PVince81
Copy link
Contributor

~/data/keys ? Did you try the actual data folder of OC ?

My steps:

  1. mkdir data/keys (as root)
  2. sudo chown wwwrun:www data/keys
  3. occ app:enable encryption
  4. occ encryption:enable
  5. occ encryption:change-key-storage-root keys
  6. occ encryption:show-key-storage-root

Then:

± % ll -a data/keys
total 4.0K
drwxr-xr-x 3 wwwrun  www  80 Apr 19 18:02 .
drwxrwx--- 4 vincent www 160 Apr 19 18:02 ..
drwxr-xr-x 3 wwwrun  www  60 Apr 19 18:01 files_encryption
-rw-r--r-- 1 wwwrun  www  77 Apr 19 18:02 .oc_key_storage

Then uploading a file and inspecting its contents on the data folder shows that it's encrypted.

@pako81 seems you caught some invalid use case that isn't properly caught by the command ?

@pako81
Copy link
Author

pako81 commented Apr 19, 2017

yes, I meant the OC data folder. Don't know..I did exactly what you did with the exception to enable encryption over WebUI and not with occ. I will test again tomorrow.

@pako81
Copy link
Author

pako81 commented Apr 20, 2017

Ok following your steps everything works fine. Probably using occ encryption:change-key-storage-root ../../../var/www/owncloud/data/keys instead of occ encryption:change-key-storage-root keys broke something..

@pako81 pako81 closed this as completed Apr 20, 2017
@PVince81
Copy link
Contributor

I'll reopen this to have improved path validation, but not critical.

@PVince81 PVince81 modified the milestones: backlog, 10.0 Apr 20, 2017
@PVince81 PVince81 reopened this Apr 20, 2017
@pako81
Copy link
Author

pako81 commented Apr 20, 2017

I guess however the occ command should return an error instead of saying "key storage root successfully changed"

@PVince81 PVince81 changed the title Server-side encryption: issue after moving key storage root Server-side encryption: issue after moving key storage root, validation missing Apr 20, 2017
@PVince81 PVince81 removed their assignment Apr 20, 2017
@ownclouders
Copy link
Contributor

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

@PVince81 PVince81 reopened this Dec 20, 2017
@sharidas sharidas mentioned this issue Jan 22, 2018
Merged
11 tasks
@ownclouders
Copy link
Contributor

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

@PVince81
Copy link
Contributor

PR #30222

@PVince81 PVince81 reopened this Jan 29, 2018
@ownclouders
Copy link
Contributor

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

@PVince81
Copy link
Contributor

PVince81 commented Mar 9, 2018

Fixed in #30222

@patrickjahns patrickjahns mentioned this issue Apr 13, 2018
Closed
29 tasks
@lock lock bot locked as resolved and limited conversation to collaborators Oct 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
sev3-medium Type:Bug
Projects
None yet
Milestone
maybe some day
Development

No branches or pull requests
3 participants
@PVince81 @pako81 @ownclouders