search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.36k stars 2.06k forks source link

[External Storage] Not possible to access via webdav to an account with a external storage mountpoint with wrong credentials #11759

Closed rperezb closed 9 years ago

rperezb commented 9 years ago

Steps to reproduce

  1. Log in on ownCloud (oc1) as admin
  2. Enable external storage app
  3. Add a folder
  4. For instance select ownCloud as external storage
  5. Fill in the nedded, url (oc2), id and password. I have left empty the remote subfolder
  6. Check that it is correctly mounted, green point
  7. Connect to the second ownCloud instance, oc2, and modify the user password
  8. Check that on oc1 the mount point has an error, red point
  9. Using the tool poster, do a propfind to the root

    Expected behaviour

I can access to the ownCloud instance

Actual behaviour

Http 500 is return, this means that there are errors on the mobile and desktop clients

Server configuration

ubuntu, apache,mysql*

ownCloud version: (see ownCloud admin page) 7.0.3 RC1

Updated from an older ownCloud or fresh install: Fresh

List of activated apps: External storage The content of config/config.php:

Insert your config.php content here
(Without the database password and passwordsalt)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Client configuration

Browser:

Operating system:

Logs

Web server error log

HTTP 500
<!DOCTYPE html>
<!--[if lt IE 7]><html class="ng-csp ie ie6 lte9 lte8 lte7" data-placeholder-focus="false"><![endif]-->
<!--[if IE 7]><html class="ng-csp ie ie7 lte9 lte8 lte7" data-placeholder-focus="false"><![endif]-->
<!--[if IE 8]><html class="ng-csp ie ie8 lte9 lte8" data-placeholder-focus="false"><![endif]-->
<!--[if IE 9]><html class="ng-csp ie ie9 lte9" data-placeholder-focus="false"><![endif]-->
<!--[if gt IE 9]><html class="ng-csp ie" data-placeholder-focus="false"><![endif]-->
<!--[if !IE]><!--><html class="ng-csp" data-placeholder-focus="false"><!--<![endif]-->

    <head data-requesttoken="032b1f9ce86a7f8fd672">
        <title>
        ownCloud Enterprise Edition     </title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
        <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0">
        <meta name="apple-itunes-app" content="app-id=543672169">
        <link rel="shortcut icon" href="/themes/default/core/img/favicon.png" />
        <link rel="apple-touch-icon-precomposed" href="/themes/default/core/img/favicon-touch.png" />
                    <link rel="stylesheet" href="/core/css/styles.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/header.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/mobile.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/icons.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/fonts.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/apps.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/fixes.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/multiselect.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/jquery-ui-1.10.0.custom.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/jquery-tipsy.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/jquery.ocdialog.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/core/css/share.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/apps/files_versions/css/versions.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                    <link rel="stylesheet" href="/themes/default/core/css/styles.css?v=b25b911ffc2b76a647454e5a53edf8b5" type="text/css" media="screen" />
                            <script type="text/javascript" src="/core/js/jquery-1.10.0.min.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/jquery-migrate-1.2.1.min.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/jquery-ui-1.10.0.custom.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/jquery-showpassword.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/placeholders.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/jquery-tipsy.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/compatibility.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/underscore.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/jquery.ocdialog.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/oc-dialogs.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/js.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/octemplate.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/eventsource.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/config.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/search/js/result.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/oc-requesttoken.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/apps.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/snap.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/placeholder.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/3rdparty/js/md5/md5.min.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/jquery.avatar.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/avatar.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/backgroundjobs.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/enterprise_key/js/notice.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/core/js/share.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/files_sharing/js/share.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/files_sharing/js/external.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/files_versions/js/versions.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/sharepoint/js/app.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/sharepoint/js/sharepointUtils.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/sharepoint/js/rollingQueue.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/sharepoint/js/connectivity_check.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/windows_network_drive/js/wndutils.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/windows_network_drive/js/mountManager.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/windows_network_drive/js/wndfs.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>
                    <script type="text/javascript" src="/apps/windows_network_drive/js/rollingQueue.js?v=b25b911ffc2b76a647454e5a53edf8b5"></script>

            </head>
    <body id="body-login">
        <noscript><div id="nojavascript"><div>This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank">enable JavaScript</a> and reload the page.</div></div></noscript>
        <div class="wrapper"><!-- for sticky footer -->
            <div class="v-align"><!-- vertically centred box -->
                <header><div id="header">
                    <div class="logo svg"></div>
                    <div id="logo-claim" style="display:none;">Enterprise Edition</div>
                </div></header>

                <ul class="error-wide">
            <li class='error'>
            <br/>
            <p class='hint'></p>
        </li>
    </ul>
            <div class="push"></div><!-- for sticky footer -->
            </div>
        </div>

        <footer>
            <p class="info">
                © 2014 <a href="https://owncloud.com" target="_blank">ownCloud Inc.</a><br/>Your Cloud, Your Data, Your Way!           </p>
        </footer>
    </body>
</html>

ownCloud log (data/owncloud.log)

Error   PHP     apc_store(): GC cache entry 'oce806035661/AutoloaderPatchwork\Utf8\Bootup' was on gc-list for 3630 seconds at /opt/owncloud-ee-7.0.3RC1/lib/private/memcache/apc.php#21     2014-10-24T09:19:46+00:00
Fatal   webdav  Sabre\DAV\Exception\Forbidden:
rperezb commented 9 years ago

cc @jnfrmarks

PVince81 commented 9 years ago

@rperezb can you post the contents of "owncloud.log" ?

jnfrmarks commented 9 years ago

@craigpg @MTRichards @PVince81 @rperezb

This sounds to me like we need to fix this before releasing - should this be marked as gold?

PVince81 commented 9 years ago

Works for me:

dav:/owncloud/remote.php/webdav/> ls
Listing collection `/owncloud/remote.php/webdav/': succeeded.
Coll:   ownCloud                               0  Oct 15 18:41
        welcome.txt                          163  Oct 27 12:33
dav:/owncloud/remote.php/webdav/> propget ownCloud
Fetching properties for `ownCloud': failed:
503 Service Unavailable

A propfind on the mount point returns "503 Service unavailable" when the connection could not be established.

@rperezb can you post the part of "owncloud.log" with the 500 error you are getting ?

MTRichards commented 9 years ago

If external storage is blocking the entire account for some reason, this is bad. Lets investigate - if it is in fact happening like this, we need to fix.

PVince81 commented 9 years ago

Please note that so far that most external storage backend have different behaviors if the remote password was changed. For example I tried with SFTP and got this: https://github.com/owncloud/core/issues/11785

The ownCloud backend is the only one that is able to return 503 Service unavailable when the connection becomes unavailable. (this was added as part of server to server sharing)

rperezb commented 9 years ago

From the access.log

127.0.0.1 - - [27/Oct/2014:14:38:01 +0100] "GET /remote.php/brander/ready/1413893125?password=DefinedPassphrase HTTP/1.0" 403 0 "-" "-"
10.40.40.191 - - [27/Oct/2014:14:38:10 +0100] "\x16\x03\x01\x00\xAF\x01\x00\x00\xAB\x03\x03\xF6Z\xE3\xF0\x0F\xBE\xA0\x9AGE$BW\xDC\xC2\x984\xDE\xBD9u\xA8\x07\x83]\xADS\xA1A\x11\xB5\x07\x00\x00.\xC0+\xC0/\xC0" 400 181 "-" "-"
127.0.0.1 - - [27/Oct/2014:14:38:19 +0100] "PROPFIND //remote.php/webdav/ HTTP/1.1" 401 303 "-" "-"
127.0.0.1 - raquel [27/Oct/2014:14:38:19 +0100] "PROPFIND //remote.php/webdav/ HTTP/1.1" 401 296 "-" "-"
10.40.40.191 - - [27/Oct/2014:14:38:19 +0100] "PROPFIND /remote.php/webdav HTTP/1.1" 500 8042 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0"
``
PVince81 commented 9 years ago

@rperezb how about "owncloud.log" ?

rperezb commented 9 years ago

owncloud.log

{"reqId":"544e4ddfcc015","app":"remote","message":"","level":4,"time":"2014-10-27T13:51:27+00:00","method":"PROPFIND","url":"\/remote.php\/webdav"}
rperezb commented 9 years ago

@PVince81 I have reproduced it with another instance, having one 1 external storage registered, another ownCloud 6 instance.


Error   webdav client   Not authenticated   2014-10-27T14:14:03+00:00
Fatal   remote      2014-10-27T14:13:20+00:00
Error   PHP Session has been closed - no further changes to the session as allowed at /srv/www/daily/stable7/owncloud/lib/private/session/memory.php#80 2014-10-27T14:13:20+00:00
Fatal   remote      2014-10-27T14:13:20+00:00
Error   PHP Session has been closed - no further changes to the session as allowed at /srv/www/daily/stable7/owncloud/lib/private/session/memory.php#80 2014-10-27T14:12:59+00:00
Fatal   remote      2014-10-27T14:12:59+00:00
Fatal   core    Unable to parse OCS content for app files_external  2014-10-27T14:09:16+00:00
Fatal   core    Unable to parse OCS content for app 166055  2014-10-27T14:09:02+00:00
Fatal   core    Unable to parse OCS content for app 166054  2014-10-27T14:09:02+00:00
Fatal   core    Unable to parse OCS content for app 166051  2014-10-27T14:09:02+00:00
Fatal   core    Unable to parse OCS content for app 166057  2014-10-27T14:09:02+00:00
Fatal   core    Unable to parse OCS content for app 166050  2014-10-27T14:09:02+00:00
Fatal   core    Unable to parse OCS content for app 166056  2014-10-27T14:09:02+00:00
PVince81 commented 9 years ago

I tried connecting stable7 to stable6 and I'm also getting the expected 503 Service not available.

Here are my steps:

  1. Setup OC 6 stable6 from scratch, call it "server2"
  2. Setup OC 7 stable7 from scarcth, call it "server1"
  3. On server1, enable external storage app
  4. On server1, setup a mount "oc" with type "ownCloud" and enter "http://server2/owncloud/", and also user name and password of the admin user from server2
  5. Wait for the green light to appear
  6. Start cadaver and run "propget oc" and get correct results.
  7. On server2, login as admin and change the password
  8. With the cadaver instance, run "propget oc" again: here I get 503
  9. On server1, go to the web UI and try and enter "oc": get an error that it is not available.
PVince81 commented 9 years ago

Ok, I tried PROPFIND on root with curl and I am able to reproduce the issue. For some reason cadaver never propfinds root (ls or propget . all succeed)

PVince81 commented 9 years ago

The issue appears in $node->getQuotaInfo() where it tries to retrieve storage info about the unavailable folder.

PVince81 commented 9 years ago

Fix for the 500 error is here: https://github.com/owncloud/core/pull/11791