Creating a new file from the web interface in an external SMB storage causes all external SMB storages to be unavailable

[cheneraie]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

The attempt to create a file with the "Add file" button in a smb external storage folder causes an error. We get an alert "Unable to create new file from template".

After this, all SMB external storage on the instance are unavalaible ("Storage with mount id ## is not available" or "External storage not available: Storage unauthorized").

The SMB external storage go back after few minutes. And we can see the file was created anyway.

Steps to reproduce

1. Mount SMB external storage for certains users
2. In Web UI, go to folder inside smb external storage
3. Click on plus button and choose "new text document"

Expected behavior

Just the possibility to create new files without crashing samba mounts.

Installation method

Manual installation

Operating system

Debian/Ubuntu

PHP engine version

PHP 7.4

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Updated to a major version (ex. 22.2.3 to 23.0.1)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• [X] Default user-backend (database)
• [X] LDAP/ Active Directory
• [X] SSO - SAML
• [ ] Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "brad.cheneraie",
            "brad.lacheneraie.dna"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "allow_local_remote_servers": true,
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "23.0.6.1",
        "overwrite.cli.url": "https:\/\/brad.cheneraie",
        "htaccess.RewriteBase": "\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "share_folder": "\/PARTAGES RE\u00c7US",
        "skeletondirectory": "\/var\/data\/brad\/default\/",
        "default_language": "fr",
        "force_language": "fr",
        "default_locale": "fr_FR",
        "force_locale": "fr_FR",
        "default_phone_region": "FR",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distribued": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0
        },
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "simpleSignUpLink.shown": false,
        "theme": "",
        "loglevel": 2,
        "app_install_overwrite": [
            "keeweb"
        ],
        "updater.release.channel": "stable",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "2526",
        "enable_previews": false,
        "activity_use_cached_mountpoints": true,
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - accessibility: 1.9.0
  - activity: 2.15.0
  - bruteforcesettings: 2.4.0
  - cfg_share_links: 2.0.0
  - cloud_federation_api: 1.6.0
  - comments: 1.13.0
  - contactsinteraction: 1.4.0
  - dav: 1.21.0
  - federatedfilesharing: 1.13.0
  - files: 1.18.0
  - files_accesscontrol: 1.13.0
  - files_external: 1.15.0
  - files_pdfviewer: 2.4.0
  - files_readmemd: 1.2.2
  - files_rightclick: 1.2.0
  - files_sharing: 1.15.0
  - files_trashbin: 1.13.0
  - files_versions: 1.16.0
  - files_videoplayer: 1.12.0
  - groupfolders: 11.1.5
  - impersonate: 1.10.0
  - login_notes: 1.0.4
  - logreader: 2.8.0
  - lookup_server_connector: 1.11.0
  - notifications: 2.11.1
  - notify_push: 0.4.0
  - oauth2: 1.11.0
  - onlyoffice: 7.4.2
  - password_policy: 1.13.0
  - privacy: 1.7.0
  - provisioning_api: 1.13.0
  - recommendations: 1.2.0
  - settings: 1.5.0
  - systemtags: 1.13.0
  - tasks: 0.14.4
  - text: 3.4.1
  - theming: 1.14.0
  - theming_customcss: 1.11.0
  - twofactor_backupcodes: 1.12.0
  - updatenotification: 1.13.0
  - user_ldap: 1.13.1
  - user_saml: 5.0.2
  - viewer: 1.7.0
  - workflowengine: 2.5.0
Disabled:
  - admin_audit
  - circles: 22.3.0
  - dashboard: 7.0.0
  - deck: 1.6.3
  - encryption
  - federation: 1.12.0
  - files_fulltextsearch: 23.0.1
  - firstrunwizard: 2.6.0
  - fulltextsearch: 23.0.0
  - fulltextsearch_elasticsearch: 23.0.0
  - nextcloud_announcements: 1.6.0
  - photos: 1.1.0
  - serverinfo: 1.7.0
  - sharebymail: 1.7.0
  - spreed: 13.0.6
  - support: 1.0.1
  - survey_client: 1.5.0
  - user_status: 1.0.1
  - weather_status: 1.0.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"3dVsMBpDXPbBKypgfUCM","level":3,"time":"2022-07-05T15:00:26+00:00","remoteAddr":"10.0.5.106","user":"simon.jacques","app":"no app in context","method":"POST","url":"/ocs/v2.php/apps/files/api/v1/templates/create","message":"Error while getting file info","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"23.0.6.1","exception":{"Exception":"Icewind\\SMB\\Exception\\TimedOutException","Message":"/Equipe%20Encadrement/ASTREINTE/test06.md","Code":110,"Trace":[{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":75,"function":"fromMap","class":"Icewind\\SMB\\Exception\\Exception","type":"::"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":92,"function":"handleError","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":351,"function":"testResult","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php","line":305,"function":"getxattr","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php","line":43,"function":"getAttribute","class":"Icewind\\SMB\\Native\\NativeShare","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php","line":69,"function":"stat","class":"Icewind\\SMB\\Native\\NativeFileInfo","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php","line":114,"function":"getSize","class":"Icewind\\SMB\\Native\\NativeFileInfo","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":189,"function":"stat","class":"Icewind\\SMB\\Native\\NativeShare","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":561,"function":"getFileInfo","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":599,"function":"getMetaData","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Availability.php","line":447,"function":"getMetaData","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":599,"function":"getMetaData","class":"OC\\Files\\Storage\\Wrapper\\Availability","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":599,"function":"getMetaData","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Cache/Scanner.php","line":117,"function":"getMetaData","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Cache/Scanner.php","line":155,"function":"getData","class":"OC\\Files\\Cache\\Scanner","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Cache/Scanner.php","line":341,"function":"scanFile","class":"OC\\Files\\Cache\\Scanner","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Cache/Updater.php","line":125,"function":"scan","class":"OC\\Files\\Cache\\Scanner","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":323,"function":"update","class":"OC\\Files\\Cache\\Updater","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1189,"function":"writeUpdate","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":575,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Folder.php","line":200,"function":"touch","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Template/TemplateManager.php","line":162,"function":"newFile","class":"OC\\Files\\Node\\Folder","type":"->"},{"file":"/var/www/nextcloud/apps/files/lib/Controller/TemplateController.php","line":57,"function":"createFromTemplate","class":"OC\\Files\\Template\\TemplateManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"create","class":"OCA\\Files\\Controller\\TemplateController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/ocs/v1.php","line":62,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/ocs/v2.php","line":23,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Exception/Exception.php","Line":44,"CustomMessage":"Error while getting file info"},"id":"62c4592406032"}

Additional info

No response

[cheneraie]

The bug is still here after upgrade to 23.0.8.

[szaimen]

Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!

My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!

If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+

[cheneraie]

Hi, tanks for your reply.

I'm now on 24.0.9 version and the bug persists.

[pbuchholz123]

Hi, we are running on version 25.0.3 and we are facing the same issue as described above.

I can see my subfolders and files of my smb share using the SMB-Test app but after creating a new file in that smb share i can see the same errors in my log as cheneraie mentioned above. My SMB-Test runs into an TimedOutException and i am unable to open my smb shares anymore. Even the "Click to recheck the configuration" button went from green to red. After a few minutes everything is "normal" again..

[pbuchholz123]

@szaimen We are on version 25.0.4 now and still having trouble with SMB external storages. I can move local files into the share, delete/rename files in the share, create folders as much as i want, but when creating a file my logs gets flooded with this stuff...

Warning | no app in context | OCP\Files\StorageAuthException: Storage unauthorized. / Error | no app in context | Icewind\SMB\Exception\TimedOutException: / Error | webdav | Sabre\DAV\Exception\ServiceUnavailable: Storage with mount id 2 is not available Error | no app in context | OCP\Files\StorageAuthException: Storage unauthorized. /Test/UUU.docx

After that i cannot access any of my shares anymore, but the file was created. What could be the issue here? Cheers

[lollo0296]

Hi @szaimen, this bug is making NC practically unusable for our business. Is there an ETA for the remediation of this bug?

TL;DR I believe mounting SMB shares is a core feature of NC and also essential for our company. Just a smaller group of remote users uses Nextcloud from different devices in order to access the files that are stored within our Windows Fileserver. For this reason using the Sharing function of NC is not an option for us, SMB ist needed so that insiders and remote users can work on the same files.

[pbuchholz123]

Hi @szaimen, any news for us?

Cheers

[szaimen]

I fear I dont have knowledge about this part of the code.

If you are an enterprise customer you can speed things up by creating a ticket at support.nextcloud.com

[pbuchholz123]

Hello @icewind1991,

we can reproduce this "bug" with a fresh installation of NextCloud and with the NextCloud development version (27.0.0-dev) aswell. We tried a different external storage like SFTP and this works perfectly.

If you need further information just tell me. Cheers

[lollo0296]

Hey @icewind1991,

have you already been able to take a look at this Issue?

[pbuchholz123]

Hello @icewind1991

do you have any information for me/us? We still have trouble with SMB-Shares.

Cheers

[joshtrichards]

When trying to get to the bottom of SMB related issues the following details are highly relevant and therefore needed:

• version of smbclient (from Samba)
• version of libsmbclient (from Samba)
• version of libsmbclient-php if being used (from OS or PECL)
• type and version of SMB server (if not Windows of Samba otherwise of Windows)
• if SMB server is Samba then install method (e.g. OS package) and any non-default options set in smb.conf

Sometimes there are clues on the SMB server side as well in the logs - or with extended logs that can be enabled.

For good measure the following are also useful since sometimes they turn out to be relevant:

• credential saving method configured for the External Storage mount (in NC)
• the mount options for the External Storage mount (in NC)

The TimeoutException gets triggered from not getting a response after waiting 20*1000ms (20s). In case of @cheneraie (I can't speak to the others which may or may not be the same issue) this suggests the underlying libsmbclient and/or libsmbclient-php is timing out when we ask for some extended attributes for the target file from the SMB server.

I'm particularly suspicious since this is coming from getxattr() which is just a wrapper from smb*_getxattr. There have been incompatibilities and bugs in between the underlying upstream libraries revolving around this attribute. And these libraries are sourced from the installed system not from Nextcloud (though we have wrapper over the top of them so I'm not saying there aren't possibility issues introduced there).

[pbuchholz123]

Hello @joshtrichards,

thanks for your reply. I can provide the following information for you, hope this helps.

Nextcloud: 26.0.3 Nextcloud AIO: 6.2.1

smbclient: 4.18.3 libsmbclient: 4.18.3-r0

We are using for our external storage our fileserver which is a Windows Server 2016.

Our configuration looks like this:

After saving or "rechecking the configuration" it states green everytime. Even with the SMB-Test plugin i can access the server and list files from the remote directory.

It just breaks somehow after we start creating files in that specific share. But then it breaks every share we have configured.

If you need more just let me know. Cheers

[pbuchholz123]

Hey @joshtrichards

do you have any updates for me/us? Were you able to reproduce the issue?

Cheers

[joshtrichards]

No.

Might be worth capturing some more about the SMB transaction from the Windows server-side when reproducing this behavior:

https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/troubleshooting-smb

[rfx77]

This issue is still present and reproducable in latest stable 27

[pbuchholz123]

Hey @joshtrichards,

for testing purposes i created a debian virtual machine and configured it as a samba file server. I was able to list the files within the shared folder via the SMB-Test plugin. Furthermore i was able to create a file on that share, i did it exactly the same way i did it on our windows shares. So is this problem related to that we use a Windows Server and not Samba as a file server?

Cheers

[lollo0296]

Hello @joshtrichards,

I am a co-worker of @pbuchholz123. I managed to capture network traffic from our WindowsServer2016 file server while trying to create a new file in the SMB share through the Nextcloud GUI. I used netsh to do it.

The SMB share is \\filejm01.meeth.de\it and I tried to create the file test.txt within the folder SMB_Issue. The absolute path of the file is \\filejm01.meeth.de\it\SMB_Issue\test.txt.

The file is indeed being created at the desired location, but after a short waiting time the previously mentioned error pops up and the share is disabled for 10 minutes.

See .pcapng file attached. Hopefully a big 💡 will light up on your head looking at the packets.

winserver2016_smb-create-file_from-nextcloud.zip

[pbuchholz123]

Hey @joshtrichards

any news for us 👉👈

Cheers

[pbuchholz123]

Anyone?

[cheneraie]

I can only confirm that the bug is still present in Nextcloud 25.0.12. I've just tested it.

Debian 11, php8.1-smbclient

[cheneraie]

I can only confirm that the bug is still present in Nextcloud 25.0.12. I've just tested it.

Debian 11, php8.1-smbclient

I've just tested this by uninstalling php-smbclient. Nextcloud then uses the system's smbclient backend. In this case, the problem no longer appears.

But without the php-smbclient module, performance for samba mounts is much lower.

[lollo0296]

I've just tested this by uninstalling php-smbclient. Nextcloud then uses the system's smbclient backend. In this case, the problem no longer appears.

@cheneraie I guess this certainly narrows down the issue to the package php-smbclient, doesn't it?

It may be worth to do some research about the behavior of php-smbclient when connecting to a Windows Server based SMB-Server. But with absolutely no knowledge (on my side) about the complicated code infrastructure of Nextcloud (NC-Server, External storage plugin, @icewind1991 's stuff), how to be sure the issue is indeed related to php-smbclient itself and not to the way NC is using it? (e.g. poor exception handling, a call to the wrong function, perhaps due to the lack of a check whether there is Samba or Windows-SMB behind a given share)

@joshtrichards What is your opinion about it? I'm just trying to think about some possible scenarios behind this extremely annoying bug...

[cheneraie]

It may be worth to do some research about the behavior of php-smbclient when connecting to a Windows Server based SMB-Server.

In our case, SMB mounts are performed from a Windows Server 2016 file server.

[pbuchholz123]

Hello,

are there any news/updates?

Cheers

[rglowicki]

Hi, I managed to check what is the reason for this behavior and I slightly modified the @icewind1991 library - I hope he won't be offended by me ;-)

in the directory: /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/apps/files_external/3rdparty/icewind/smb/src/Native

in the file: NativeState.php

on line 299 find: $result = @smbclient_write($this->state, $file, $data, $length); and replace with:

if(strlen($data)) $result = @smbclient_write($this->state, $file, $data, $length);
else return 0;

The whole function should look like this:

public function write($file, string $data, string $path, ?int $length = null): int {
   /** @var int $result */
   if(strlen($data)) $result = @smbclient_write($this->state, $file, $data, $length);
   else return 0;

   $this->testResult($result, $path);
   return $result;
}

In my case it helped.

The configuration I use:

• ldap server (windows AD on Microsoft Server 2019 + Eset Server Security) - at the address 192.168.x.x
• nextcloud 28.0.3 (installed from the nextcloud-AIO package on Linux Debian 11.8) - at the address 172.30.x.x.
• routing between these subnets without NAT enabled

I noticed that when creating a new file, the connection to the LDAP server is lost. After entering the server, I found information in the antivirus system logs that there was an attempt to exploit the SMB.CVE-2011-1267 security vulnerability and the connection was blocked. In the nextcloud manual, in the SMB section, there is information that the built-in library "smbclient" and the optional php module "libsmbclient-php" which I had installed are used to connect to shares. Analyzing further, I discovered that when creating a file, the system tries to perform the same action of creating a new empty file twice, which is recognized by the systems as a DoS attack described in the above-mentioned security vulnerability. I found the function that creates a new file in the @icewind1991 library and for testing I commented out the smbclient_write command (the command not only writes to an already open file, but also creates a new file if it does not exist). It helped! - new files were created correctly and an attempt to create them was called only once. But since the command, in addition to creating a new file, can also write to an existing file, it means that the attempt to create a file with content will probably fail. And in fact - no file could be uploaded to the server. Therefore, I added a simple condition that checks whether the "$data" argument has been passed to the function - if it is empty, it skips the execution of this command.

You must remember that this is not an official nextcloud solution and with some updates, the @icewind1991 library will be replaced with the official version, so the changes will no longer work. You can always add a script ;-)

When I have some time, I will try to analyze whether it is a problem of the library itself and write to its author, or maybe how the library is used by the nextcloud backend.

Let me know if it worked for you.