[encryption] Recovery key feature doesn't work when a not default "User Home Folder Naming Rule" is used #23632

Closed
rogerfv1 opened this Issue Mar 29, 2016 · 4 comments

Projects

None yet

3 participants

@rogerfv1

Steps to reproduce

  1. Enable password recovery for a user
  2. Configure "User Home Folder Naming Rule" in LDAP plugin (define a different home folder value as default)
  3. Login in the web admin interface and execute a recovery password for a user.

Expected behaviour

The admin change/update new keys in the correct home folder and re-encrypt file keys for a user.

Actual behaviour

The admin change/update new keys in a wrong user home folder (default).

Server configuration

Operating system: Debian 7.8

Web server: Apache 2.2

Database: Postgres 9.4

PHP version: 5.4.45-0+deb7u2

ownCloud version: (see ownCloud admin page) 9.0.0

Updated from an older ownCloud or fresh install: updated from 8.2

Where did you install ownCloud from: .deb

Signing status (ownCloud 9.0 and above):

No errors have been found.

List of activated apps:
owncloud$ php occ app:list
Enabled:

  • activity: 2.2.1
  • comments: 0.2
  • dav: 0.1.5
  • encryption: 1.2.0
  • federatedfilesharing: 0.1.0
  • federation: 0.0.4
  • files: 1.4.4
  • files_pdfviewer: 0.8
  • files_sharing: 0.9.1
  • files_texteditor: 2.1
  • files_trashbin: 0.8.0
  • files_versions: 1.2.0
  • files_videoplayer: 0.9.8
  • notifications: 0.2.3
  • provisioning_api: 0.4.1
  • systemtags: 0.2
  • templateeditor: 0.1
  • updatenotification: 0.1.0
  • user_ldap: 0.8.0
    Disabled:
  • external
  • files_external
  • firstrunwizard
  • gallery
  • user_external

owncloud$ php occ config:list
{
"system": {
"instanceid": "ocgh7p9w8qdx",
"passwordsalt": "_REMOVED SENSITIVE VALUE",
"secret": "_REMOVED SENSITIVE VALUE
",
"enable_avatars": false,
"trusted_domains": [
"lab1.drive.pae",
"10.31.80.248"
],
"datadirectory": "/opt/data/d_07275_drive",
"3rdpartyroot": "/var/www/owncloud",
"memcache.local": "\OC\Memcache\APC",
"overwrite.cli.url": "https://lab1.drive.pae",
"dbtype": "pgsql",
"version": "9.0.0.19",
"dbname": "dbl_07275_drive_lab1",
"dbhost": "10.31.80.236",
"dbtableprefix": "oc_",
"dbuser": "_REMOVED SENSITIVE VALUE",
"dbpassword": "_REMOVED SENSITIVE VALUE
",
"installed": true,
"overwriteprotocol": "https",
"loglevel": 0,
"logfile": "/var/log/owncloud/owncloud.log",
"logtimezone": "America/Sao_Paulo",
"asset-pipeline.enabled": false,
"ldapIgnoreNamingRules": false,
"ldapUserCleanupInterval": 0,
"mail_smtpmode": "smtp",
"mail_from_address": "drive",
"mail_domain": "xx.xx.xx",
"mail_smtphost": "10.31.80.216",
"mail_smtpport": "25",
"has_internet_connection": false,
"trashbin_retention_obligation": "30, auto",
"versions_retention_obligation": "30, auto",
"activity_expire_days": 30,
"check_for_working_htaccess": true,
"enable_previews": false,
"log_rotate_size": 104857600,
"tempdirectory": "/tmp",
"debug": true,
"maintenance": false,
"updatechecker": false,
"cron_log": true
},
"apps": {
"activity": {
"types": "filesystem",
"enabled": "yes",
"installed_version": "2.2.1"
},
"backgroundjob": {
"lastjob": "48"
},
"comments": {
"installed_version": "0.2",
"types": "logging",
"enabled": "yes"
},
"core": {
"installedat": "1446654589.8394",
"public_gallery": "gallery/public.php",
"public_files": "files_sharing/public.php",
"global_cache_gc_lastrun": "1447361101",
"lastupdateResult": "{"version":{},"versionstring":{},"url":{},"web":{}}",
"backgroundjobs_mode": "cron",
"shareapi_allow_public_upload": "no",
"repairlegacystoragesdone": "yes",
"outgoing_server2server_share_enabled": "yes",
"incoming_server2server_share_enabled": "yes",
"shareapi_allow_public_notification": "yes",
"shareapi_allow_mail_notification": "yes",
"lastupdatedat": "0",
"remote_files": "dav/appinfo/v1/webdav.php",
"remote_webdav": "dav/appinfo/v1/webdav.php",
"remote_dav": "dav/appinfo/v2/remote.php",
"remote_contacts": "dav/appinfo/v1/carddav.php",
"remote_carddav": "dav/appinfo/v1/carddav.php",
"umgmt_show_email": "true",
"remote_calendar": "dav/appinfo/v1/caldav.php",
"remote_caldav": "dav/appinfo/v1/caldav.php",
"public_webdav": "dav/appinfo/v1/publicwebdav.php",
"oc.integritycheck.checker": "[]",
"default_encryption_module": "OC_DEFAULT_MODULE",
"encryption_enabled": "yes",
"umgmt_send_email": "true",
"umgmt_show_backend": "true",
"umgmt_show_last_login": "true",
"umgmt_show_storage_location": "true",
"lastcron": "1459276304"
},
"dav": {
"installed_version": "0.1.5",
"types": "filesystem",
"enabled": "no"
},
"encryption": {
"installed_version": "1.2.0",
"types": "filesystem",
"enabled": "yes",
"recoveryKeyId": "recoveryKey_c9c8a6b6",
"publicShareKeyId": "pubShare_c9c8a6b6",
"masterKeyId": "master_c9c8a6b6",
"recoveryAdminEnabled": "1"
},
"federatedfilesharing": {
"installed_version": "0.1.0",
"types": "",
"enabled": "no"
},
"federation": {
"installed_version": "0.0.4",
"types": "authentication",
"enabled": "yes"
},
"files": {
"types": "filesystem",
"enabled": "yes",
"installed_version": "1.4.4",
"cronjob_scan_files": "8000"
},
"files_locking": {
"installed_version": "",
"types": "filesystem",
"enabled": "no"
},
"files_pdfviewer": {
"ocsid": "166049",
"types": "",
"enabled": "yes",
"installed_version": "0.8"
},
"files_sharing": {
"types": "filesystem",
"enabled": "yes",
"outgoing_server2server_share_enabled": "yes",
"incoming_server2server_share_enabled": "yes",
"installed_version": "0.9.1"
},
"files_texteditor": {
"ocsid": "166051",
"types": "",
"enabled": "yes",
"installed_version": "2.1"
},
"files_trashbin": {
"types": "filesystem",
"enabled": "yes",
"installed_version": "0.8.0"
},
"files_versions": {
"types": "filesystem",
"enabled": "yes",
"installed_version": "1.2.0"
},
"files_videoplayer": {
"installed_version": "0.9.8",
"types": "",
"enabled": "yes"
},
"files_videoviewer": {
"installed_version": "0.1.3",
"ocsid": "166054",
"types": "",
"enabled": "no"
},
"firstrunwizard": {
"installed_version": "1.1",
"ocsid": "166055",
"types": "",
"enabled": "no"
},
"gallery": {
"installed_version": "0.6.1",
"types": "",
"enabled": "no"
},
"notifications": {
"installed_version": "0.2.3",
"types": "logging",
"enabled": "yes"
},
"provisioning_api": {
"enabled": "yes",
"types": "prevent_group_restriction",
"installed_version": "0.4.1"
},
"systemtags": {
"installed_version": "0.2",
"types": "logging",
"enabled": "yes"
},
"templateeditor": {
"installed_version": "0.1",
"types": "",
"enabled": "yes"
},
"updatenotification": {
"installed_version": "0.1.0",
"types": "",
"enabled": "yes"
},
"user_ldap": {
"s01ldap_dn": "uid=usr_07275_jatai,ou=Servicos,ou=corp,dc=xx,dc=xx,dc=xx",
"s01ldap_experienced_admin": "1",
"s01ldap_port": "389",
"s01ldap_userlist_filter": "(&(objectclass=jataiobject)(objectClass=person)(jdirectory=domain_))",
"s01ldap_login_filter": "(&(&(objectclass=jataiobject)(objectClass=person)(jdirectory=domain_))(|(mail=%uid)(jmail=%uid)))",
"s01ldap_group_filter": "(&(objectclass=jataiobject)(objectClass=posixGroup))",
"s01ldap_display_name": "cn",
"s01ldap_attributes_for_user_search": "mail\nsn\ngivenName\njmail",
"s01ldap_quota_attr": "jquota",
"types": "authentication",
"s01ldap_quota_def": "1 GB",
"s01ldap_email_attr": "mail",
"s01ldap_configuration_active": "1",
"s01ldap_agent_password": "c2VycHJv",
"enabled": "yes",
"s01ldap_backup_host": "",
"s01ldap_backup_port": "",
"s01ldap_tls": "0",
"s01ldap_turn_off_cert_check": "0",
"s01ldap_userfilter_objectclass": "",
"s01ldap_userfilter_groups": "",
"s01ldap_user_filter_mode": "0",
"s01ldap_group_filter_mode": "0",
"s01ldap_groupfilter_objectclass": "",
"s01ldap_groupfilter_groups": "",
"s01ldap_group_display_name": "cn",
"s01ldap_group_member_assoc_attribute": "uniqueMember",
"s01ldap_login_filter_mode": "0",
"s01ldap_loginfilter_email": "0",
"s01ldap_loginfilter_username": "1",
"s01ldap_loginfilter_attributes": "",
"s01ldap_cache_ttl": "600",
"s01ldap_override_main_server": "",
"s01ldap_attributes_for_group_search": "",
"s01has_memberof_filter_support": "0",
"s01use_memberof_to_detect_membership": "1",
"s01ldap_expert_username_attr": "",
"s01ldap_expert_uuid_user_attr": "",
"s01ldap_expert_uuid_group_attr": "",
"s01last_jpegPhoto_lookup": "0",
"s01ldap_nested_groups": "0",
"s01ldap_paging_size": "500",
"s01ldap_host": "10.39.17.103",
"s01home_folder_naming_rule": "attr:jdirectory",
"installed_version": "0.8.0",
"s01ldap_base_users": "dc=xx,dc=xx,dc=xx",
"s01ldap_base_groups": "dc=xx,dc=xx,dc=xx",
"s01ldap_user_display_name_2": "",
"s01ldap_dynamic_group_member_url": "",
"s01ldap_base": "dc=xx,dc=xx,dc=xx"
}
}
}

**Are you using external storage, if yes which one: No

Are you using encryption: yes

Are you using an external user-backend, if yes which one: LDAP

LDAP configuration (delete this part if not used)

owncloud$ php occ ldap:show-config
+-------------------------------+---------------------------------------------------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+---------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | attr:jdirectory |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | uid=usr_07275_jatai,ou=Servicos,ou=corp,dc=xx,dc=xx,dc=xx |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | mail;sn;givenName;jmail |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=xx,dc=xx,dc=xx |
| ldapBaseGroups | dc=xx,dc=xx,dc=xx |
| ldapBaseUsers | dc=xx,dc=xx,dc=xx |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 1 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(objectclass=jataiobject)(objectClass=posixGroup)) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | 10.39.17.103 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(objectclass=jataiobject)(objectClass=person)(jdirectory=domain_))(|(mail=%uid)(jmail=%uid))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | jquota |
| ldapQuotaDefault | 1 GB |
| ldapTLS | 0 |
| ldapUserDisplayName | cn |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(objectclass=jataiobject)(objectClass=person)(jdirectory=domain_)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+---------------------------------------------------------------------------------------------------+

@rogerfv1 rogerfv1 changed the title from [encryption] Recovery key feature doens't work when a not default "User Home Folder Naming Rule" is use to [encryption] Recovery key feature doens't work when a not default "User Home Folder Naming Rule" is used Mar 29, 2016
@rogerfv1 rogerfv1 changed the title from [encryption] Recovery key feature doens't work when a not default "User Home Folder Naming Rule" is used to [encryption] Recovery key feature doesn't work when a not default "User Home Folder Naming Rule" is used Mar 29, 2016
@PVince81
Collaborator

@schiesbn maybe missing a call to init mount points ? Note that this is the situation where LDAP can specify a physical FS location for the home folder, but OC should still mount it as "/$user" on OC's virtual FS.

@PVince81 PVince81 added this to the 9.0.2-current-maintenance milestone Apr 18, 2016
@schiessle schiessle was assigned by PVince81 Apr 19, 2016
@PVince81 PVince81 added sev1-critical and removed sev2-high labels Apr 19, 2016
@PVince81
Collaborator

@schiesbn can you have a look ?

@schiessle
Member

@rogerfv1 #24097 should fix the issue. Can you give it a try? Thanks!

@rogerfv1

Everything works fine now! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment