search

nextcloud / end_to_end_encryption

:closed_lock_with_key: Server API to support End-to-End Encryption
https://apps.nextcloud.com/apps/end_to_end_encryption
GNU Affero General Public License v3.0
276 stars 34 forks source link

No apparent way to avoid "NotPermittedException: Received counter is not greater than the stored one" once triggered #809

Open makuser opened 3 weeks ago

makuser commented 3 weeks ago

How to use GitHub

Steps to reproduce

  1. Do something with the contents of an encrypted folder (in my case I added a bunch of files to the folder, where some files were identical to existing files, except having an earlier timestamp, which I explicitely used to overwrite existing files, essentially making some of the files inside of encfolder younger), otherwise what exactly triggers this is unknown
  2. Put new file into folder, if new files were already added in 1, that seems to be enough
  3. Wait for upload action of nextcloud-desktop
  4. Server will respond with 403 Forbidden
  5. remove new file, unsync "encfolder", wait for sync action to delete folder locally
  6. add folder back to synced folders and wait for it to fully synchronize
  7. GOTO: 2. and see no change

Expected behaviour

File is uploaded. If any error is related to some client stuff, unsyncing the folder and having it resync again should have cleared that out.

Actual behaviour

File is rejected, as folder seems to be locked no matter what

Server configuration

Operating system: Debian 12 docker container in Debian 12 LXC container on Debian 12/Proxmox 8.2 hypervisor

Web server: Apache 2.4 in docker, Traefik 3.1.7 as proxy

Database: MariaDB 11.4.3

PHP version: 8.2.21

Nextcloud version: 29.0.8.1

Updated from an older Nextcloud/ownCloud or fresh install: Yes

Where did you install Nextcloud from: nextcloud.com, several years ago

Signing status:

Signing status ``` No errors have been found. ```

List of activated apps:

App list ``` Enabled: - activity: 2.21.1 - admin_audit: 1.19.0 - bruteforcesettings: 2.9.0 - calendar: 4.7.16 - circles: 29.0.0-dev - cloud_federation_api: 1.12.0 - cloud_py_api: 0.1.9 - comments: 1.19.0 - contacts: 6.0.0 - contactsinteraction: 1.10.0 - cookbook: 0.11.2 - cospend: 1.6.1 - dashboard: 7.9.0 - dav: 1.30.1 - deck: 1.13.2 - dicomviewer: 2.2.1 - drawio: 3.0.3 - end_to_end_encryption: 1.15.2 - external: 5.4.1 - facerecognition: 0.9.51 - federatedfilesharing: 1.19.0 - federation: 1.19.0 - files: 2.1.1 - files_accesscontrol: 1.19.1 - files_automatedtagging: 1.19.0 - files_downloadactivity: 1.17.0 - files_downloadlimit: 2.0.0 - files_external: 1.21.0 - files_pdfviewer: 2.10.0 - files_reminders: 1.2.0 - files_sharing: 1.21.0 - files_trashbin: 1.19.0 - files_versions: 1.22.0 - firstrunwizard: 2.18.0 - groupfolders: 17.0.5 - health: 2.2.2 - impersonate: 1.16.0 - logreader: 2.14.0 - lookup_server_connector: 1.17.0 - maps: 1.4.0 - mediadc: 0.3.9 - metadata: 0.21.0 - nextcloud_announcements: 1.18.0 - notes: 4.11.0 - notifications: 2.17.0 - oauth2: 1.17.1 - oidc: 1.0.0 - password_policy: 1.19.0 - phonetrack: 0.8.1 - photos: 2.5.0 - previewgenerator: 5.6.0 - privacy: 1.13.0 - provisioning_api: 1.19.0 - recognize: 7.1.0 - recommendations: 2.1.0 - related_resources: 1.4.0 - richdocuments: 8.4.8 - serverinfo: 1.19.0 - settings: 1.12.0 - sharebymail: 1.19.0 - spreed: 19.0.10 - support: 1.12.0 - survey_client: 1.17.0 - suspicious_login: 7.0.0 - systemtags: 1.19.0 - tasks: 0.16.1 - text: 3.10.1 - theming: 2.4.0 - twofactor_backupcodes: 1.18.0 - twofactor_totp: 11.0.0-dev - twofactor_webauthn: 1.4.0 - updatenotification: 1.19.1 - user_status: 1.9.0 - viewer: 2.3.0 - weather_status: 1.9.0 - workflowengine: 2.11.0 Disabled: - encryption: 2.17.0 (installed 2.7.0) - files_mindmap: 0.0.30 (installed 0.0.30) - files_rightclick: 0.15.1 (installed 1.6.0) - ocsms: 2.2.0 (installed 2.2.0) - ransomware_protection: 1.14.0 (installed 1.14.0) - scanner: 0.2.3 (installed 0.2.3) - user_ldap: 1.20.0 ```

Nextcloud configuration:

Config report ``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "default_phone_region": "DE", "default_language": "de", "default_locale": "de_DE", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "cloud.domain.tld1", "cloud.domain.tld2" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/cloud.kolly.eu\/", "htaccess.RewriteBase": "\/", "dbtype": "mysql", "version": "29.0.8.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "3306", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "mail_smtpmode": "smtp", "mail_smtpauthtype": "PLAIN", "mail_smtpsecure": "ssl", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_sendmailmode": "smtp", "filelocking.enabled": true, "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "dbindex": 0 }, "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***", "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***", "enabledPreviewProviders": [ "OC\\Preview\\MP3", "OC\\Preview\\TXT", "OC\\Preview\\MarkDown", "OC\\Preview\\OpenDocument", "OC\\Preview\\Krita", "OC\\Preview\\Imaginary" ], "updater.release.channel": "stable", "maintenance": false, "maintenance_window_start": 4, "theme": "", "loglevel": 1, "log_rotate_size": 104857600, "trusted_proxies": "***REMOVED SENSITIVE VALUE***" } } ```

Are you using external storage, if yes which one: Yes, encrypted folder is local

Are you using encryption: E2EE yes, server-side no

Are you using an external user-backend, if yes which one: No

Client configuration

Browser: Nextcloud Desktop-Client 3.14.2

Operating system: Ubuntu 24.04

Logs

Web server error log

Web server error log ``` gw - - [04/Nov/2024:10:39:04 +0000] "PROPFIND /remote.php/dav/files/marc/Documents/encfolder HTTP/1.1" 207 1903 "-" "-" 427306 "nccontainer@docker" "http://172.18.0.14:80" 444ms gw - - [04/Nov/2024:10:39:04 +0000] "GET /ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/13371337?format=json HTTP/1.1" 200 7530 "-" "-" 427309 "nccontainer@docker" "http://172.18.0.14:80" 546ms ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` { "reqId": "6qtYVlppuCHtzGIxxkyz", "level": 3, "time": "2024-11-04T10:39:06+00:00", "remoteAddr": "gw", "user": "marc", "app": "no app in context", "method": "POST", "url": "/ocs/v2.php/apps/end_to_end_encryption/api/v2/lock/13371337", "message": "Received counter is not greater than the stored one", "userAgent": "Mozilla/5.0 (Linux) mirall/3.14.2-20241021.144050.4eec4f3d3-1.0~noble1 (Nextcloud, ubuntu-6.8.0-48-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)", "version": "29.0.8.1", "exception": { "Exception": "OCP\\Files\\NotPermittedException", "Message": "Received counter is not greater than the stored one", "Code": 0, "Trace": [{ "file": "/var/www/html/apps/end_to_end_encryption/lib/Controller/LockingController.php", "line": 123, "function": "lockFile", "class": "OCA\\EndToEndEncryption\\LockManager", "type": "->", "args": [13371337, "", 1, "marc"] }, { "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "line": 232, "function": "lockFolder", "class": "OCA\\EndToEndEncryption\\Controller\\LockingController", "type": "->", "args": [13371337, null] }, { "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "line": 138, "function": "executeController", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ ["OCA\\EndToEndEncryption\\Controller\\LockingController"], "lockFolder" ] }, { "file": "/var/www/html/lib/private/AppFramework/App.php", "line": 184, "function": "dispatch", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ ["OCA\\EndToEndEncryption\\Controller\\LockingController"], "lockFolder" ] }, { "file": "/var/www/html/lib/private/Route/Router.php", "line": 331, "function": "main", "class": "OC\\AppFramework\\App", "type": "::", "args": ["OCA\\EndToEndEncryption\\Controller\\LockingController", "lockFolder", ["OC\\AppFramework\\DependencyInjection\\DIContainer"], ["13371337", "ocs.end_to_end_encryption.locking.lockfolder"] ] }, { "file": "/var/www/html/ocs/v1.php", "line": 66, "function": "match", "class": "OC\\Route\\Router", "type": "->", "args": ["/ocsapp/apps/end_to_end_encryption/api/v2/lock/13371337"] }, { "file": "/var/www/html/ocs/v2.php", "line": 23, "args": ["/var/www/html/ocs/v1.php"], "function": "require_once" }], "File": "/var/www/html/apps/end_to_end_encryption/lib/LockManager.php", "Line": 84, "message": "Received counter is not greater than the stored one", "exception": {}, "CustomMessage": "Received counter is not greater than the stored one" } } ```

Desktop client log

Desktop client log ``` #=#=#=#=# Propagation starts 2024-11-04T15:19:52Z (last step: 381 msec, total: 381 msec) ||Documents/encfolder/newfile.ext|8|1|1575046243||83901||1|Das Hochladen der verschlĂĽsselten Datei ist fehlgeschlagen.|0|0|0|| #=#=#=# Syncrun finished 2024-11-04T15:19:53Z (last step: 593 msec, total: 974 msec) ```
MrRinkana commented 1 week ago

Wouldnt this be a client issue? I don't see how the server would see any difference between a new file and overwriting an existing with new timestamps