Fatal webdav error when syncing shared files and encryption activated

[godfuture]

Hi folks,
unfortunately I can't sync my files to server. I have some strange error in log, saying that the encryption messed up somehow. I activated the encryption only for external storage.

Steps to reproduce

1. Share some files between at least two persons (both used a client to sync -> one windows and one linux).
2. Activate server encryption (only for external storage)
3. Log into webconsole and logoff
4. Try to update already shared files

Expected behaviour

Shared data is not changed or encrypted. Sharing is still possible.

Actual behaviour

Some files show "internal server error" and do not get synced.

Server configuration

Operating system: Ubuntu 16.04

Web server: Apache 2.4

Database: MySQL 5.7

PHP version: 7.0

Nextcloud version: 10.0

Updated from an older Nextcloud/ownCloud or fresh install: updated

Where did you install Nextcloud from:

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - activity: 2.3.2
  - admin_audit: 1.0.0
  - apporder: 0.3.2
  - calendar: 1.4.0
  - comments: 1.0.0
  - contacts: 1.4.0.0
  - dav: 1.0.1
  - direct_menu: 0.9.2
  - documents: 0.13.1
  - encryption: 1.3.1
  - federatedfilesharing: 1.0.1
  - federation: 1.0.1
  - files: 1.5.2
  - files_accesscontrol: 1.1.2
  - files_automatedtagging: 1.1.1
  - files_clipboard: 0.4.1
  - files_external: 1.0.2
  - files_pdfviewer: 0.8.1
  - files_retention: 1.0.0
  - files_sharing: 1.0.0
  - files_texteditor: 2.1
  - files_trashbin: 1.0.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - html5_videoplayer: 1.0
  - mozilla_sync: 1.4
  - news: 9.0.4
  - notifications: 0.3.0
  - password_policy: 1.0.0
  - provisioning_api: 1.0.0
  - serverinfo: 1.1.1
  - sharelinks: 1.0.1
  - survey_client: 0.1.5
  - systemtags: 1.0.2
  - tasks: 0.9.3
  - templateeditor: 0.1
  - theming: 1.0.1
  - updatenotification: 1.0.1
  - workflowengine: 1.0.1
Disabled:
  - external
  - files_mv
  - galleryplus
  - ownnote
  - user_external
  - user_ldap
  - user_saml

The content of config/config.php:

Config report

{
    "system": {
        "instanceid": "oclo0wchh5q0",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "192.168.10.99",
            "mydomain.de"
        ],
        "datadirectory": "\/var\/owncloud_data",
        "overwrite.cli.url": "http:\/\/192.168.10.99\/owncloud",
        "dbtype": "mysql",
        "version": "9.1.1.5",
        "dbname": "owncloud",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "forcessl": false,
        "forceSSLforSubdomains": false,
        "loglevel": 3,
        "log_rotate_size": 104857600,
        "logfile": "\/var\/log\/nextcloud.log",
        "logtimezone": "Europe\/Berlin",
        "has_internet_connection": true,
        "check_for_working_webdav": true,
        "check_for_working_htaccess": true,
        "maintenance": false,
        "theme": "",
        "preview_max_scale_factor": 1,
        "asset-pipeline.enabled": false,
        "trashbin_retention_obligation": "auto",
        "apps_paths": [
            {
                "path": "\/var\/www\/nextcloud\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/nextcloud\/apps2",
                "url": "\/apps2",
                "writable": true
            }
        ],
        "updatechecker": false,
        "mail_smtpdebug": false,
        "mail_smtpmode": "php",
        "mail_smtphost": "mailserver.de",
        "mail_smtpport": "587",
        "mail_smtptimeout": 10,
        "mail_smtpsecure": "tls",
        "mail_domain": "mailserver.de",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_from_address": "nextcloud",
        "htaccess.RewriteBase": "\/owncloud",
        "singleuser": false
    }
}

Are you using external storage, if yes which one: -

Are you using encryption: yes

Are you using an external user-backend, if yes which one: -

Client configuration

Browser: Firefox

Operating system: Windows 10

Logs

Web server error log

Web server error log

``` ```

Nextcloud log (data/nextcloud.log)

Nextcloud log

``` Fatal webdav Exception: {"Message":"Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.","Exception":"OC\Encryption\Exceptions\DecryptionFailedException","Code":0,"Trace":"#0 \/var\/www\/nextcloud\/lib\/private\/Files\/Stream\/Encryption.php(460): OCA\Encryption\Crypto\Encryption->decrypt('Je l\xC3\xA4nger ich ...', '0end')\n#1 \/var\/www\/nextcloud\/lib\/private\/Files\/Stream\/Encryption.php(291): OC\Files\Stream\Encryption->readCache()\n#2 [internal function]: OC\Files\Stream\Encryption->stream_read(228)\n#3 \/var\/www\/nextcloud\/apps\/files_external\/3rdparty\/icewind\/streams\/src\/Wrapper.php(83): fread(Resource id #169, 8192)\n#4 \/var\/www\/nextcloud\/apps\/files_external\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php(91): Icewind\Streams\Wrapper->stream_read(8192)\n#5 [internal function]: Icewind\Streams\CallbackWrapper->stream_read(8192)\n#6 \/var\/www\/nextcloud\/3rdparty\/sabre\/http\/lib\/Sapi.php(78): stream_copy_to_stream(Resource id #172, Resource id #174, '228')\n#7 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(470): Sabre\HTTP\Sapi::sendResponse(Object(Sabre\HTTP\Response))\n#8 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(248): Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#9 \/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php(60): Sabre\DAV\Server->exec()\n#10 \/var\/www\/nextcloud\/remote.php(165): require_once('\/var\/www\/nextcl...')\n#11 {main}","File":"\/var\/www\/nextcloud\/apps\/encryption\/lib\/Crypto\/Encryption.php","Line":361,"User":"myUser"} 2016-10-19T12:53:46+02:00 myUser

Error no app in context Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you. 2016-10-19T12:53:46+02:00 myUser

Error PHP fread(): Length parameter must be greater than 0 at /var/www/nextcloud/apps/files_external/3rdparty/icewind/streams/src/Wrapper.php#83 2016-10-19T12:53:46+02:00 myUser

Error no app in context Exception: {"Exception":"OC\Encryption\Exceptions\DecryptionFailedException","Message":"Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.","Code":0,"Trace":"#0 /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php(574): OCA\Encryption\Crypto\Encryption->decrypt(*** sensitive parameters replaced ***)\n#1 /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php(493): OC\Files\Storage\Wrapper\Encryption->fixUnencryptedSize('files/Dokumente...', 228, 228)\n#2 /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php(162): OC\Files\Storage\Wrapper\Encryption->verifyUnencryptedSize('files/Dokumente...', 228)\n#3 /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php(401): OC\Files\Storage\Wrapper\Encryption->filesize('files/Dokumente...')\n#4 /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php(294): OC\Files\Storage\Wrapper\Encryption->fopen('files/Dokumente...', 'rb')\n#5 /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php(294): OC\Files\Storage\Wrapper\Wrapper->fopen('files/Dokumente...', 'rb')\n#6 /var/www/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php(292): OC\Files\Storage\Wrapper\Wrapper->fopen('files/Dokumente...', 'rb')\n#7 /var/www/nextcloud/lib/private/Files/View.php(1118): OCA\FilesAccessControl\StorageWrapper->fopen('files/Dokumente...', 'rb')\n#8 /var/www/nextcloud/lib/private/Files/View.php(963): OC\Files\View->basicOperation('fopen', '/Dokumente/Note...', Array, 'rb')\n#9 /var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php(305): OC\Files\View->fopen('Dokumente/Notes...', 'rb')\n#10 /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php(83): OCA\DAV\Connector\Sabre\File->get()\n#11 [internal function]: Sabre\DAV\CorePlugin->httpGet(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#12 /var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#13 /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php(459): Sabre\Event\EventEmitter->emit('method:GET', Array)\n#14 /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php(248): Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#15 /var/www/nextcloud/apps/dav/appinfo/v1/webdav.php(60): Sabre\DAV\Server->exec()\n#16 /var/www/nextcloud/remote.php(165): require_once('/var/www/nextcl...')\n#17 {main}","File":"/var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php","Line":361} 2016-10-19T12:53:46+02:00 myUser

Error no app in context Couldn't re-calculate unencrypted size for files/somePath/myFile.txt

</details>

#### Browser log
<details>
<summary>Browser log</summary>

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

</details>

[nickvergessen]

@schiessle any idea?

[victorbw]

yep, I can recreate that as well. same system specifications but using only windows (7, 8.1, 10) clients which are part of AD infrastructure running on windows 2008r2. shares are located on windows platform (SMB).

but: you are able to download the files via webui without any problem, so this might be a link limited to webdav and encryption.

and yes, password recovery is activated for every user.

(also happens on ownCloud 9.1.x btw)

[godfuture]

When I try to open the faulty files in webinterface, I get this error:

Es ist ein Fehler aufgetreten!

Diese Datei kann nicht entschlüsselt werden, es handelt sich wahrscheinlich um eine freigegebene Datei. Bitte den Eigentümer der Datei kontaktieren, um die Datei erneut freizugeben.

Other files do work fine.

[schiessle]

I tried it but couldn't reproduce it so far:

My steps:

1. setup nextcloud 10.0
2. create two users, admin and user1
3. setup a external storage for admin
4. enable encryption
5. re-login as admin
6. set encryption to "exernal storage only"
7. upload a file to the root folder and to the external storage
8. file on the external storage is encrypted, the file in the root folder is not -> as expected
9. Share the file in the root folder with user1
10. both can download the file (webdav and webui)
11. both can edit it (webdav and webui)
12. file still unencrypted

Did I miss anything?

If the steps are correct, can you check if the shared file really isn't encrypted on the server side?

[victorbw]

you did everything like i did, except that my users are LDAP-integrated and i've used the syncclient.

the files (in the shared folder) are completely encrypted, as seen from the share-providing server on 2008R2, every single file has the encryption-header when i open it with notepad++.

probably an inconsistency with ldap, encryption and external-smb-drives only in combination?

[godfuture]

Is there a way to reset the file entries in DB? Such that the files seem completely new to nextcloud?

[zigulle]

Hi,
I have exactly the same issue on some encrypted files, which are shared to another user.
Only a few files are effected. As a workaround, i delete the file and upload it a second time. But I think, this couldn´t be the solution. My users are not LDAP-integrated. Maybe it is a timeout problem.

[godfuture]

Hey guys, this issue is a real problem for me. Can someone help? What is the status?

[victorbw]

i guess they're already working on it ;)

@schiessle do you want any lab-environment to test that on?

[godfuture]

@schiessle
Your steps are correct. In my case the files are not encrypted on filesystem. I can read them in shell using nano. But the webinterface and webdav clients cant open the files:
Diese Datei kann nicht entschlüsselt werden, es handelt sich wahrscheinlich um eine freigegebene Datei. Bitte den Eigentümer der Datei kontaktieren, um die Datei erneut freizugeben.

[techc0de]

Hi,

I recently update from 10.0.1 to 10.0.2, and encounter this error.
I'm not use encryption, only local mount share drive.

System info:

Debian Jessie
MySQL
PHP 5.6
Nginx

[godfuture]

Is there any update or lets say "official" comment from NC team?

[schiessle]

As long as we can't reproduce it, it is really hard to do something about it.

Do you still have some files where this happens? Can you check the filecache entry if the encrypted value for the file has a different value than '0'.

[godfuture]

@schiessle well, I have deactivated encryption and no new files got corrupted. But files that got corrupted while encryption was turned on, show exactly the same issues during sync or opening in webinterface. On filesystem it looks all fine though.

I have checked the filecache entries, encrypted is 1 on those files. Could I simply set it to 0?