search

cryptomator / ios

Cryptomator for iOS
https://cryptomator.org
GNU General Public License v3.0
214 stars 27 forks source link

Content Unavailable Error with (single) MS OneDrive Accounts and multiple Vaults #345

Closed RceMBEdIxiCl closed 5 months ago

RceMBEdIxiCl commented 6 months ago

Please agree to the following

Summary

Unable to access multiple mounted vaults with (single) MS OneDrive Accounts

System Setup

Cloud Type

OneDrive

Steps to Reproduce

  1. open Vault 1 (located on MS OneDrive) within iOS / iPad OS File app, authenticate successfully, access encrypted data
  2. open Vault 2 (located on MS OneDrive) within iOS / iPad OS File app, authenticate successfully, content unavailable error occurs
  3. created successfully a new Cryptomator Vault (located on MS OneDrive), tried to open Vault 3, authentication successful, content unavailable error occurs.

Expected Behavior

access both Vaults within iOS / iPad OS File app, to save, open and change data within encrypted Cryptomator Vaults

Actual Behavior

by accessing more than one encrypted Cryptomator Vault within iOS / iPad OS File app, 2nd or n-Vault won´t be accessible, content unavailable error occurs

Reproducibility

Always

Relevant Log Output

2024/03/16 16:09:10:811  enumerateItems failed with: Error Domain=NSURLErrorDomain Code=-996 "Kommunikation mit Hintergrundübertragungsdienst nicht möglich." UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "BackgroundDataTask <43EEE5C3-8AD5-4095-B15E-FFFDB009214B>.<1>"
), NSLocalizedDescription=Kommunikation mit Hintergrundübertragungsdienst nicht möglich., _NSURLErrorFailingURLSessionTaskErrorKey=BackgroundDataTask <43EEE5C3-8AD5-4095-B15E-FFFDB009214B>.<1>} for identifier: NSFileProviderItemIdentifier(_rawValue: NSFileProviderRootContainerItemIdentifier)
2024/03/16 16:09:12:354  enumerateItems failed with: Error Domain=NSURLErrorDomain Code=-996 "Kommunikation mit Hintergrundübertragungsdienst nicht möglich." UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "BackgroundDataTask <08636979-43FA-4327-8797-F56FEF6085F6>.<2>"
), NSLocalizedDescription=Kommunikation mit Hintergrundübertragungsdienst nicht möglich., _NSURLErrorFailingURLSessionTaskErrorKey=BackgroundDataTask <08636979-43FA-4327-8797-F56FEF6085F6>.<2>} for identifier: NSFileProviderItemIdentifier(_rawValue: NSFileProviderRootContainerItemIdentifier)
2024/03/16 16:09:13:253  enumerateItems failed with: Error Domain=NSURLErrorDomain Code=-996 "Kommunikation mit Hintergrundübertragungsdienst nicht möglich." UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "BackgroundDataTask <FC2DA798-743D-4231-A795-7E423140DD29>.<3>"
), NSLocalizedDescription=Kommunikation mit Hintergrundübertragungsdienst nicht möglich., _NSURLErrorFailingURLSessionTaskErrorKey=BackgroundDataTask <FC2DA798-743D-4231-A795-7E423140DD29>.<3>} for identifier: NSFileProviderItemIdentifier(_rawValue: NSFileProviderRootContainerItemIdentifier)
2024/03/16 16:09:15:719  enumerateItems failed with: Error Domain=NSURLErrorDomain Code=-996 "Kommunikation mit Hintergrundübertragungsdienst nicht möglich." UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "BackgroundDataTask <84EFCC2D-F2B9-4896-A337-734FC825148B>.<4>"
), NSLocalizedDescription=Kommunikation mit Hintergrundübertragungsdienst nicht möglich., _NSURLErrorFailingURLSessionTaskErrorKey=BackgroundDataTask <84EFCC2D-F2B9-4896-A337-734FC825148B>.<4>} for identifier: NSFileProviderItemIdentifier(_rawValue: NSFileProviderRootContainerItemIdentifier)
2024/03/16 16:09:16:881  enumerateItems failed with: Error Domain=NSURLErrorDomain Code=-996 "Kommunikation mit Hintergrundübertragungsdienst nicht möglich." UserInfo={_NSURLErrorRelatedURLSessionTaskErrorKey=(
    "BackgroundDataTask <0839F4ED-4250-4934-ACF8-E5756DEEE9D7>.<5>"
), NSLocalizedDescription=Kommunikation mit Hintergrundübertragungsdienst nicht möglich., _NSURLErrorFailingURLSessionTaskErrorKey=BackgroundDataTask <0839F4ED-4250-4934-ACF8-E5756DEEE9D7>.<5>} for identifier: NSFileProviderItemIdentifier(_rawValue: NSFileProviderRootContainerItemIdentifier)

Anything else?

No response

phil1995 commented 6 months ago

Hi @RceMBEdIxiCl,

I think I found the issue which is rather interesting and should be actually hold true for all cloud providers (except iCloud drive). It seems like since iOS 17 Apple uses a different process per FileProviderExtension Domain. This means in particular each vault has a separate process which is in general really nice! However, we construct our background URLSessions right now under the assumption that all vaults share the same process and since we need to reconstruct the background URLSessions with the same identifier in the future we derive the identifier from a credential id. Which means right now: having multiple vaults with the same account should always lead to this issue since we then construct more than one background URLSession with the same identifier (Note: the identifier needs to be unique otherwise one gets the error we can see in your logs).

Anyway I think I've already know how to fix this but please give us some more time to investigate this a bit further.

RceMBEdIxiCl commented 6 months ago

Hello @phil1995, thanks for investigating my report issue so quick!

Great you and team identified the new structure of URLSession handling.

Hope you will release a fix asap, Cryptomator is one of my daily drivers on my iOS devices.

Thx!

BR

infosecguard commented 6 months ago

@phil1995

Is this the same issue identified in bug #342? Consider that the issue described in #342 was first noticed in iPadOS 17.4; earlier versions of iPadOS 17.x were not seemingly affected.

phil1995 commented 6 months ago

@phil1995

Is this the same issue identified in bug #342? Consider that the issue described in #342 was first noticed in iPadOS 17.4; earlier versions of iPadOS 17.x were not seemingly affected.

Related to the same thing (re-use of the same background URLSession identifier) but not exactly the same cause. In the case of Google Drive we actually never had the ability to generate unique identifier due to some typo which slipped through. Therefore, you correctly reported that it's an issue with multiple accounts. But it turned out that our assumption regarding having one and the same background identifier for a cloud account was now challenged since it's now possible that the cache which we used to re-use the already instantiated cloud provider for the same account does not work as expected due a potential change in the behavior of the FileProviderExtension, i.e. having a separate process per vault / File Provider Domain.

But still interesting that it even worked on previous iOS versions tbh. 🤔

RceMBEdIxiCl commented 6 months ago

@phil1995 any estimate date when a bug fix version will be released? Thanks and have a great day!