Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCP\Files\NotPermittedException: No delete permission for path logged repeatedly when authenticating against the user_ldap backend #10848

Closed
shtrom opened this issue Aug 25, 2018 · 14 comments
Closed

OCP\Files\NotPermittedException: No delete permission for path logged repeatedly when authenticating against the user_ldap backend #10848

shtrom opened this issue Aug 25, 2018 · 14 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: ldap needs info stale Ticket or PR with no recent activity

Comments

@shtrom
Copy link
Member

shtrom commented Aug 25, 2018

Steps to reproduce

Use the user_ldap backend with a few applications logging in with app passwords.

Expected behaviour

No log message.

Actual behaviour

The following message gets printed in the logs very often

Error no app in context OCP\Files\NotPermittedException: No delete permission for path

/nextcloud/lib/private/Files/SimpleFS/SimpleFolder.php - line 65: OC\Files\Node\Folder->delete()
/nextcloud/apps/dav/lib/CardDAV/PhotoCache.php - line 265: OC\Files\SimpleFS\SimpleFolder->delete()
/nextcloud/apps/dav/lib/AppInfo/Application.php - line 143: OCA\DAV\CardDAV\PhotoCache->delete('5', 'LDAP shtrom.vcf')
[internal function] OCA\DAV\AppInfo\Application->OCA\DAV\AppInfo\{closure}(*** sensitive parameters replaced ***)
/nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 212: call_user_func(Object(Closure), Object(Symfony\Component\EventDispatcher\GenericEvent), '\\OCA\\DAV\\CardDA...', Object(Symfony\Component\EventDispatcher\EventDispatcher))
/nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 44: Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(Array, '\\OCA\\DAV\\CardDA...', Object(Symfony\Component\EventDispatcher\GenericEvent))
/nextcloud/apps/dav/lib/CardDAV/CardDavBackend.php - line 683: Symfony\Component\EventDispatcher\EventDispatcher->dispatch('\\OCA\\DAV\\CardDA...', Object(Symfony\Component\EventDispatcher\GenericEvent))
/nextcloud/apps/dav/lib/CardDAV/SyncService.php - line 285: OCA\DAV\CardDAV\CardDavBackend->updateCard('5', 'LDAP shtrom.vcf', 'BEGIN VCARD\r\nVE...')
/nextcloud/apps/dav/lib/HookManager.php - line 124: OCA\DAV\CardDAV\SyncService->updateUser(Object(OC\User\User))
/nextcloud/lib/private/legacy/hook.php - line 106: OCA\DAV\HookManager->changeUser(Array)
/nextcloud/lib/private/Server.php - line 409: OC_Hook emit('OC_User', 'changeUser', Array)
[internal function] OC\Server->OC\{closure}(*** sensitive parameters replaced ***)
/nextcloud/lib/private/Hooks/EmitterTrait.php - line 99: call_user_func_array(Object(Closure), Array)
/nextcloud/lib/private/Hooks/PublicEmitter.php - line 36: OC\Hooks\BasicEmitter->emit('\\OC\\User', 'changeUser', Array)
/nextcloud/lib/private/User/User.php - line 456: OC\Hooks\PublicEmitter->emit('\\OC\\User', 'changeUser', Array)
/nextcloud/lib/private/Avatar.php - line 149: OC\User\User->triggerChange('avatar', Object(OC\Files\SimpleFS\SimpleFile))
/nextcloud/apps/user_ldap/lib/User/User.php - line 598: OC\Avatar->set('\xFF\xD8\xFF\xE0\x00\x10JFIF\x00\x01\x01\x00\x00...')
/nextcloud/apps/user_ldap/lib/User/User.php - line 573: OCA\User_LDAP\User\User->setOwnCloudAvatar()
/nextcloud/apps/user_ldap/lib/User/User.php - line 553: OCA\User_LDAP\User\User->updateAvatar()
/nextcloud/lib/private/legacy/hook.php - line 106: OCA\User_LDAP\User\User->updateAvatarPostLogin(Array)
/nextcloud/lib/private/Server.php - line 398: OC_Hook emit('OC_User', 'post_login', Array)
[internal function] OC\Server->OC\{closure}(*** sensitive parameters replaced ***)
/nextcloud/lib/private/Hooks/EmitterTrait.php - line 99: call_user_func_array(Object(Closure), Array)
/nextcloud/lib/private/Hooks/PublicEmitter.php - line 36: OC\Hooks\BasicEmitter->emit('\\OC\\User', 'postLogin', Array)
/nextcloud/lib/private/User/Session.php - line 368: OC\Hooks\PublicEmitter->emit('\\OC\\User', 'postLogin', Array)
/nextcloud/lib/private/User/Session.php - line 605: OC\User\Session->completeLogin(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Session.php - line 333: OC\User\Session->loginWithToken(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Session.php - line 411: OC\User\Session->login(*** sensitive parameters replaced ***)
/nextcloud/lib/private/User/Session.php - line 525: OC\User\Session->logClientIn(*** sensitive parameters replaced ***)
/nextcloud/lib/base.php - line 1053: OC\User\Session->tryBasicAuthLogin(Object(OC\AppFramework\Http\Request), Object(OC\Security\Bruteforce\Throttler))
/nextcloud/lib/base.php - line 988: OC handleLogin(Object(OC\AppFramework\Http\Request))
/nextcloud/index.php - line 42: OC handleRequest()
{main}

Server configuration detail

Operating system: OpenBSD 6.3 GENERIC.MP#107 amd64

Webserver: Apache/2.4.29 (Unix) LibreSSL/2.7.2 mod_chroot/0.5 (fpm-fcgi)

Database: mysql 10.0.34

PHP version:

7.0.28
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, bcmath, calendar, ctype, dom, hash, fileinfo, filter, ftp, gettext, SPL, iconv, json, mbstring, session, PDO, pdo_sqlite, bz2, posix, readline, Reflection, standard, SimpleXML, sockets, exif, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xml, xmlreader, xmlwriter, mysqlnd, cgi-fcgi, Phar, curl, gd, intl, ldap, mcrypt, mysqli, pdo_mysql, pspell, redis, zip, Zend OPcache

Nextcloud version: 13.0.5 - 13.0.5.2

Updated from an older Nextcloud/ownCloud or fresh install: updated

Where did you install Nextcloud from: openbsd ports (hence the invalid signature below; expected)

Signing status

Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[.htaccess] => Array
(
[expected] => 60cb065543a840e650166fdb80dae8315e8d62f843947b34e080fbeb5d61780f78d1a875d0320876f6ae5ca607e192d24972a6017bcaa530dd487c7f3cf81f9c
[current] => da8e0075f23227b107fc705aa1b20378107d3a1c195d96ed13e5f4f25c38d6c660aab75be183ae5799a4ff7eae0ea739a14c944430ee8bb9e9a824235aa136eb
)

            )

        [EXTRA_FILE] => Array
            (
                [lib/private/Template/CSSResourceLocator.php.orig] => Array
                    (
                        [expected] => 
                        [current] => 95d89673e1c333e35bc3b42a5b73b7454adfa45d8b7aa9e4e36e97e2be68ade5312ecb9a5a6fc6cb276662d43303c2a0714cec36fe2d0322e1fb1983e2f002af
                    )

                [lib/private/Template/CSSResourceLocator.php.rej] => Array
                    (
                        [expected] => 
                        [current] => aebe6cc7f663a73943488258a0eb555cf2d0a0ea56eddbf96607289ed1db5fb0a8f8369bfa690630b5c97da2d23cacf4c085fec7070e7c3b40ffca97e6c24053
                    )

                [lib/private/Template/ResourceLocator.php.orig] => Array
                    (
                        [expected] => 
                        [current] => 3715844d78d39f609d91323a20128ba747179aacef6659f1577cfab1f9336b78014757d9ee58f2617a1afa1a8b85263ba5efac0211e89396be8716e7130c4240
                    )

                [lib/private/Template/ResourceLocator.php.rej] => Array
                    (
                        [expected] => 
                        [current] => cb0ce9b1423a6f9c51123248c6e535613c4c50e5af2b7e14dcd017ccb307ded02be7289cc31419f708ae7195e8be8662401fa09e290373098bd486fc0fa99d20
                    )

                [lib/private/Template/CSSResourceLocator.php.rej.orig] => Array
                    (
                        [expected] => 
                        [current] => fb2061e5eef60290b420cf9fba972a4a7030007947a9710ef4e3ae263252239ff9ea4fb6a30776a857ec3122792274f7b3cdcf2962817cd59bd360bf761f357e
                    )

                [lib/private/Template/ResourceLocator.php.rej.orig] => Array
                    (
                        [expected] => 
                        [current] => 9d3f2fba9ab1d84f0daf2cab8bc5ddb11083592c1a8646784c39522108c1a651029a2e8cd97c9f99f79368b866d137f19c2aee34beb561ba3ea6bd24bf49684a
                    )

                [lib/private/Template/CSSResourceLocator.php.orig2] => Array
                    (
                        [expected] => 
                        [current] => 7066fa3e4fc775662ba64064db3f5a4bbf91504ecc4d9f5f8fa2c1459aa29b5edd9a1ef84f3340ac542c78f932cdb6869c5aaba4fa249707dda4eab456be5887
                    )

                [7257.patch] => Array
                    (
                        [expected] => 
                        [current] => dd398012951e510ab130993a6b421717ddb018b7d150f11e3fcae4c931991e4484fb72ddbd45674118c8bfd153c23499cd154c42249aa204472608514d24cc3e
                    )

            )

    )

)

List of activated apps 
Enabled:
 - admin_audit: 1.3.0
 - apporder: 0.5.0
 - bookmarks: 0.11.0
 - calendar: 1.6.1
 - contacts: 2.1.5
 - dav: 1.4.7
 - deck: 0.4.1
 - federatedfilesharing: 1.3.1
 - federation: 1.3.0
 - files: 1.8.0
 - files_mv: 0.8.2
 - files_pdfviewer: 1.2.1
 - files_sharing: 1.5.0
 - files_texteditor: 2.5.1
 - files_trashbin: 1.3.0
 - files_versions: 1.6.0
 - files_videoplayer: 1.2.0
 - gallery: 18.0.0
 - issuetemplate: 0.4.0
 - logreader: 2.0.0
 - lookup_server_connector: 1.1.0
 - mail: 0.8.3
 - mozilla_sync: 1
 - news: 12.0.4
 - nextcloud_announcements: 1.2.0
 - notes: 2.4.0
 - notifications: 2.1.2
 - oauth2: 1.1.1
 - ocsms: 1.13.1
 - ojsxc: 3.4.1
 - password_policy: 1.3.0
 - provisioning_api: 1.3.0
 - serverinfo: 1.3.0
 - sharebymail: 1.3.0
 - socialsharing_email: 1.0.3
 - survey_client: 1.1.0
 - tasks: 0.9.6
 - theming: 1.4.5
 - twofactor_backupcodes: 1.2.3
 - twofactor_totp: 1.4.1
 - twofactor_u2f: 1.5.5
 - updatenotification: 1.3.0
 - user_ldap: 1.3.1
 - workflowengine: 1.3.0
Disabled:
 - activity
 - bruteforcesettings
 - comments
 - encryption
 - files_external
 - firstrunwizard
 - ldaporg
 - sensorlogger
 - spreed
 - spreedme
 - systemtags
 - user_external
Configuration (config/config.php) 
{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "cloud.example.net"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "version": "13.0.5.2",
    "logtimezone": "UTC",
    "installed": true,
    "mail_smtpmode": "smtp",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "25",
    "mail_smtptimeout": 10,
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "appstoreenabled": true,
    "apps_paths": [
        {
            "path": "\/sites\/example.net\/cloud\/apps",
            "url": "\/local\/apps",
            "writable": true
        },
        {
            "path": "\/nextcloud\/apps",
            "url": "\/apps",
            "writable": false
        }
    ],
    "ldapIgnoreNamingRules": false,
    "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
    "loglevel": 2,
    "maintenance": false,
    "memcache.local": "\\OC\\Memcache\\Redis",
    "filelocking.enabled": true,
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 6379
    },
    "lost_password_link": "https:\/\/www.example.net\/passwd",
    "overwrite.cli.url": "https:\/\/cloud.example.net",
    "htaccess.RewriteBase": "\/",
    "mysql.utf8mb4": true,
    "theme": "",
    "data-fingerprint": "62dea62b62bf6f74bc4299d6095aba6b"
}

Are you using external storage, if yes which one: no

Are you using encryption: true

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

LDAP configuration (delete this par if not used) 
_lastChange: 1534856843background_sync_interval: 1800background_sync_offset: 0background_sync_prefix: cleanUpJobOffset: 0enabled: yesenforce_home_folder_naming_rule: has_memberof_filter_support: home_folder_naming_rule: attr:uidinstalled_version: 1.3.1last_jpegPhoto_lookup: 0ldap_agent_password: SVdhbnRUb0xvb2t1cA==ldap_attributes_for_group_search: ldap_attributes_for_user_search: ldap_backup_host: ldap_backup_port: ldap_base: ou=people,dc=example,dc=net
ou=people,dc=example,dc=netldap_base_groups: ou=people,dc=example,dc=netldap_base_users: ou=people,dc=example,dc=netldap_cache_ttl: 600ldap_configuration_active: 1ldap_default_ppolicy_dn: ldap_display_name: cnldap_dn: cn=lookup,dc=example,dc=netldap_dynamic_group_member_url: ldap_email_attr: mailldap_experienced_admin: 0ldap_expert_username_attr: uidldap_expert_uuid_group_attr: ldap_expert_uuid_user_attr: ldap_gid_number: gidNumberldap_group_display_name: cnldap_group_filter: (&(|(objectclass=posixGroup)))ldap_group_filter_mode: 1ldap_group_member_assoc_attribute: memberUidldap_groupfilter_groups: ldap_groupfilter_objectclass: posixGroupldap_host: 127.0.0.1ldap_login_filter: (&(|(objectclass=inetOrgPerson))(uid=%uid))ldap_login_filter_mode: 1ldap_loginfilter_attributes: ldap_loginfilter_email: 0ldap_loginfilter_username: 1ldap_nested_groups: 0ldap_override_main_server: 0ldap_paging_size: 0ldap_port: 389ldap_quota_attr: ldap_quota_def: ldap_tls: 0ldap_turn_off_cert_check: 0ldap_turn_on_pwd_change: 0ldap_user_display_name_2: ldap_user_filter_mode: 1ldap_userfilter_groups: ldap_userfilter_objectclass: inetOrgPersonldap_userlist_filter: (|(objectclass=inetOrgPerson))types: authenticationuse_memberof_to_detect_membership: 1

Client configuration

Browser: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

Operating system: ArchLinux

Logs

Browser log 
Not relevant (server issue)
Nextcloud log 
OCP\Files\NotPermittedException: No delete permission for path

    /nextcloud/lib/private/Files/SimpleFS/SimpleFolder.php - line 65: OC\Files\Node\Folder->delete()
    /nextcloud/apps/dav/lib/CardDAV/PhotoCache.php - line 265: OC\Files\SimpleFS\SimpleFolder->delete()
    /nextcloud/apps/dav/lib/AppInfo/Application.php - line 143: OCA\DAV\CardDAV\PhotoCache->delete('5', 'LDAP shtrom.vcf')
    [internal function] OCA\DAV\AppInfo\Application->OCA\DAV\AppInfo\{closure}(*** sensitive parameters replaced ***)
    /nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 212: call_user_func(Object(Closure), Object(Symfony\Component\EventDispatcher\GenericEvent), '\\OCA\\DAV\\CardDA...', Object(Symfony\Component\EventDispatcher\EventDispatcher))
    /nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php - line 44: Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(Array, '\\OCA\\DAV\\CardDA...', Object(Symfony\Component\EventDispatcher\GenericEvent))
    /nextcloud/apps/dav/lib/CardDAV/CardDavBackend.php - line 683: Symfony\Component\EventDispatcher\EventDispatcher->dispatch('\\OCA\\DAV\\CardDA...', Object(Symfony\Component\EventDispatcher\GenericEvent))
    /nextcloud/apps/dav/lib/CardDAV/SyncService.php - line 285: OCA\DAV\CardDAV\CardDavBackend->updateCard('5', 'LDAP shtrom.vcf', 'BEGIN VCARD\r\nVE...')
    /nextcloud/apps/dav/lib/HookManager.php - line 124: OCA\DAV\CardDAV\SyncService->updateUser(Object(OC\User\User))
    /nextcloud/lib/private/legacy/hook.php - line 106: OCA\DAV\HookManager->changeUser(Array)
    /nextcloud/lib/private/Server.php - line 409: OC_Hook emit('OC_User', 'changeUser', Array)
    [internal function] OC\Server->OC\{closure}(*** sensitive parameters replaced ***)
    /nextcloud/lib/private/Hooks/EmitterTrait.php - line 99: call_user_func_array(Object(Closure), Array)
    /nextcloud/lib/private/Hooks/PublicEmitter.php - line 36: OC\Hooks\BasicEmitter->emit('\\OC\\User', 'changeUser', Array)
    /nextcloud/lib/private/User/User.php - line 456: OC\Hooks\PublicEmitter->emit('\\OC\\User', 'changeUser', Array)
    /nextcloud/lib/private/Avatar.php - line 149: OC\User\User->triggerChange('avatar', Object(OC\Files\SimpleFS\SimpleFile))
    /nextcloud/apps/user_ldap/lib/User/User.php - line 598: OC\Avatar->set('\xFF\xD8\xFF\xE0\x00\x10JFIF\x00\x01\x01\x00\x00...')
    /nextcloud/apps/user_ldap/lib/User/User.php - line 573: OCA\User_LDAP\User\User->setOwnCloudAvatar()
    /nextcloud/apps/user_ldap/lib/User/User.php - line 553: OCA\User_LDAP\User\User->updateAvatar()
    /nextcloud/lib/private/legacy/hook.php - line 106: OCA\User_LDAP\User\User->updateAvatarPostLogin(Array)
    /nextcloud/lib/private/Server.php - line 398: OC_Hook emit('OC_User', 'post_login', Array)
    [internal function] OC\Server->OC\{closure}(*** sensitive parameters replaced ***)
    /nextcloud/lib/private/Hooks/EmitterTrait.php - line 99: call_user_func_array(Object(Closure), Array)
    /nextcloud/lib/private/Hooks/PublicEmitter.php - line 36: OC\Hooks\BasicEmitter->emit('\\OC\\User', 'postLogin', Array)
    /nextcloud/lib/private/User/Session.php - line 368: OC\Hooks\PublicEmitter->emit('\\OC\\User', 'postLogin', Array)
    /nextcloud/lib/private/User/Session.php - line 605: OC\User\Session->completeLogin(*** sensitive parameters replaced ***)
    /nextcloud/lib/private/User/Session.php - line 333: OC\User\Session->loginWithToken(*** sensitive parameters replaced ***)
    /nextcloud/lib/private/User/Session.php - line 411: OC\User\Session->login(*** sensitive parameters replaced ***)
    /nextcloud/lib/private/User/Session.php - line 525: OC\User\Session->logClientIn(*** sensitive parameters replaced ***)
    /nextcloud/lib/base.php - line 1053: OC\User\Session->tryBasicAuthLogin(Object(OC\AppFramework\Http\Request), Object(OC\Security\Bruteforce\Throttler))
    /nextcloud/lib/base.php - line 988: OC handleLogin(Object(OC\AppFramework\Http\Request))
    /nextcloud/index.php - line 42: OC handleRequest()
    {main}
Browser log

Not relevant (server issue)
@nextcloud-bot
Copy link
Member

GitMate.io thinks possibly related issues are #2431 (App passwords vanish), #6075 (App Passwords not displayed ), #3873 (Option for more secure app passwords), and #8635 (OCP\Files\NotFoundException related to user's avatar).

@shtrom shtrom changed the title Use the user_ldap backend with a few applications logging in with app passwords. OCP\Files\NotPermittedException: No delete permission for path logged repeatedly when authenticating against the user_ldap Aug 25, 2018
@shtrom shtrom changed the title OCP\Files\NotPermittedException: No delete permission for path logged repeatedly when authenticating against the user_ldap OCP\Files\NotPermittedException: No delete permission for path logged repeatedly when authenticating against the user_ldap backend Aug 25, 2018
@shtrom
Copy link
Member Author

shtrom commented Aug 25, 2018

It seems like the clearPhotoCache closure is the most likely culprit.

server/apps/dav/lib/AppInfo/Application.php

Lines 137 to 148 in 2e36069

$clearPhotoCache = function($event) {
if ($event instanceof GenericEvent) {
/** @var PhotoCache $p */
$p = $this->getContainer()->query(PhotoCache::class);
$p->delete(
$event->getArgument('addressBookId'),
$event->getArgument('cardUri')
);
}
};
$dispatcher->addListener('\OCA\DAV\CardDAV\CardDavBackend::updateCard', $clearPhotoCache);
$dispatcher->addListener('\OCA\DAV\CardDAV\CardDavBackend::deleteCard', $clearPhotoCache);

I'll clear my cache manually, see if that fixes the issue.

@shtrom
Copy link
Member Author

shtrom commented Aug 25, 2018
edited
Loading

Hum, not much luck clearing my cache (not sure how except for occ files:cleanup which did nothing). Any suggestions?

@shtrom
Copy link
Member Author

shtrom commented Aug 25, 2018
edited
Loading

Digging further in PhotoCache, called by the closure, the delete method tries to determine a directory to delete.

server/apps/dav/lib/CardDAV/PhotoCache.php

Lines 259 to 267 in 2e36069

/**
* @param int $addressBookId
* @param string $cardUri
*/
public function delete($addressBookId, $cardUri) {
$folder = $this->getFolder($addressBookId, $cardUri);
$folder->delete();
}
}

This uses the MD5 hash of the arguments to name the directory

server/apps/dav/lib/CardDAV/PhotoCache.php

Lines 156 to 168 in 2e36069

/**
* @param int $addressBookId
* @param string $cardUri
* @return ISimpleFolder
*/
private function getFolder($addressBookId, $cardUri) {
$hash = md5($addressBookId . ' ' . $cardUri);
try {
return $this->appData->getFolder($hash);
} catch (NotFoundException $e) {
return $this->appData->newFolder($hash);
}
}

In my case, according to the log above, $addressBookId is 5, and $cardUriis LDAP shtrom.vcf. The MD5 hash would be

$ echo -n '5 LDAP shtrom.vcf' | md5
a5d294d64888425da6c3ec6a413756ac

but a folder by that name doesn't actually exist (and the permissions are correct)

/nexcloud/data/appdata_XXX$ ls -ld dav-photocache/
drwxr-xr-x  9 www  daemon  512 Aug 23 06:09 dav-photocache/
/nextcloud/data/appdata_XXX$ ls -l  dav-photocache/
total 56
drwxr-xr-x  2 www  daemon  512 Jun 19 02:23 3a8097f0c5abaa002b38f55bbbe3563c
drwxr-xr-x  2 www  daemon  512 Jun 19 02:23 898355910b8811229885a2ebcca07632
drwxr-xr-x  2 www  daemon  512 Dec 29  2017 a31397b5fe250014dee5bd0f55bc7e6e
drwxr-xr-x  2 www  daemon  512 Mar 11 13:14 abc91eeb7c7beb526ce48d721adf1c52
drwxr-xr-x  2 www  daemon  512 Mar 11 13:14 baa195923a21e3eefa8994a272e7722f
drwxr-xr-x  2 www  daemon  512 Aug 16 08:09 cddf6bc29bb4dc8d43ed29c148b6de3b
drwxr-xr-x  2 www  daemon  512 Dec 29  2017 ea91e7f3f91e6833ac8d4464195b828e

So it seems $this->appData->newFolder() is called, and seems to succeeds, only for the folder to immediately be deleted, which seems suboptimal, but also raises the Exception. This is confusing as I would expect that the Exception would mean that the folder did not get deleted, but it is not present above.

Could it be that $this->appData->newFolder() silently fails to create the new folder, resulting in a cryptic permission denied exception when trying to delete it?

@blizzz
Copy link
Member

blizzz commented Aug 25, 2018

@rullzer

@hex-m
Copy link

hex-m commented Oct 11, 2018

We had the same problem. The problem emerges when you have a user-image (avatar) in your Profile on the LDAP Server. Removing the avatar from the LDAP solves the problem.

@shtrom
Copy link
Member Author

shtrom commented Oct 12, 2018

Ah, yep, I can confirm that this happens to me on an instance where some users have an LDAP user-image.

I'm not sure removing the avatar is a good solution, but it does help confirming it as the cause.

@dgeo
Copy link

dgeo commented Jan 15, 2019

Same here: LDAP avatar works but generates this warning …

@blizzz
Copy link
Member

blizzz commented Jan 24, 2019

Which Nextcloud version are you running? I cannot reproduce it on 14.0.6.

@dgeo
Copy link

dgeo commented Jan 26, 2019

Still the case with 15.0.2
The LDAP bind user only has read perms on entries, may that be a difference ?

{
   "method" : "GET",
   "app" : "no app in context",
   "url" : "/index.php/204",
   "remoteAddr" : "XX.YY.ZZ.FF",
   "reqId" : "**removed**",
   "level" : 3,
   "time" : "2019-01-26T16:14:44+00:00",
   "userAgent" : "Mozilla/5.0 (Android) ownCloud-android/3.4.1",
   "message" : {
      "CustomMessage" : "--",
      "Code" : 0,
      "File" : "/usr/local/www/nextcloud/lib/private/Files/Node/Folder.php",
      "Exception" : "OCP\\Files\\NotPermittedException",
      "Message" : "No delete permission for path",
      "Trace" : [
         {
            "class" : "OC\\Files\\Node\\Folder",
            "file" : "/usr/local/www/nextcloud/lib/private/Files/SimpleFS/SimpleFolder.php",
            "line" : 65,
            "function" : "delete",
            "type" : "->",
            "args" : []
         },
         {
            "class" : "OC\\Files\\SimpleFS\\SimpleFolder",
            "file" : "/usr/local/www/nextcloud/apps-pkg/dav/lib/CardDAV/PhotoCache.php",
            "line" : 277,
            "function" : "delete",
            "args" : [],
            "type" : "->"
         },
         {
            "function" : "delete",
            "type" : "->",
            "args" : [
               "4",
               "LDAP:myuser.vcf"
            ],
            "class" : "OCA\\DAV\\CardDAV\\PhotoCache",
            "line" : 144,
            "file" : "/usr/local/www/nextcloud/apps-pkg/dav/lib/AppInfo/Application.php"
         },
         {
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "type" : "->",
            "function" : "OCA\\DAV\\AppInfo\\{closure}",
            "line" : 212,
            "file" : "/usr/local/www/nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php",
            "class" : "OCA\\DAV\\AppInfo\\Application"
         },
         {
            "file" : "/usr/local/www/nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php",
            "line" : 44,
            "class" : "Symfony\\Component\\EventDispatcher\\EventDispatcher",
            "args" : [
               [
                  {
                     "__class__" : "Closure"
                  },
                  {
                     "__class__" : "Closure"
                  }
               ],
               "*** sensitive parameter replaced ***",
               "*** sensitive parameter replaced ***"
            ],
            "type" : "->",
            "function" : "doDispatch"
         },
         {
            "class" : "Symfony\\Component\\EventDispatcher\\EventDispatcher",
            "file" : "/usr/local/www/nextcloud/apps-pkg/dav/lib/CardDAV/CardDavBackend.php",
            "line" : 699,
            "function" : "dispatch",
            "args" : [
               "*** sensitive parameter replaced ***",
               "*** sensitive parameter replaced ***"
            ],
            "type" : "->"
         },
         {
            "args" : [
               "4",
               "LDAP:dgeo.vcf",
               "BEGIN:VCARD\r\nVERSION:3.0\r\nPRODID:-//Sabre//Sabre VObject 4.1.6//EN\r\nUID:myuser\r\nFN:Full Name (myuser)\r\nN:(myuser);Full;Name;;\r\nEMAIL;TYPE=OTHER:myusers@mail.address\r\nPHOTO;ENCODING=b;TYPE=image/jpeg:/**base64 data**\r\nCLOUD:myusers@mail.address\r\nEND:VCARD\r\n"
            ],
            "type" : "->",
            "function" : "updateCard",
            "line" : 284,
            "file" : "/usr/local/www/nextcloud/apps-pkg/dav/lib/CardDAV/SyncService.php",
            "class" : "OCA\\DAV\\CardDAV\\CardDavBackend"
         },
         {
            "args" : [
               "*** sensitive parameter replaced ***"
            ],
            "type" : "->",
            "function" : "updateUser",
            "line" : 144,
            "file" : "/usr/local/www/nextcloud/apps-pkg/dav/lib/HookManager.php",
            "class" : "OCA\\DAV\\CardDAV\\SyncService"
         },
         {
            "args" : [
               {
                  "old_value" : "*** sensitive parameter replaced ***",
                  "user" : "*** sensitive parameter replaced ***",
                  "value" : "*** sensitive parameter replaced ***",
                  "run" : true,
                  "feature" : "*** sensitive parameter replaced ***"
               }
            ],
            "type" : "->",
            "function" : "changeUser",
            "line" : 106,
            "file" : "/usr/local/www/nextcloud/lib/private/legacy/hook.php",
            "class" : "OCA\\DAV\\HookManager"
         },
         {
            "args" : [
               "OC_User",
               "changeUser",
               {
                  "feature" : "*** sensitive parameter replaced ***",
                  "run" : true,
                  "value" : "*** sensitive parameter replaced ***",
                  "user" : "*** sensitive parameter replaced ***",
                  "old_value" : "*** sensitive parameter replaced ***"
               }
            ],
            "type" : "::",
            "function" : "emit",
            "file" : "/usr/local/www/nextcloud/lib/private/Server.php",
            "line" : 429,
            "class" : "OC_Hook"
         },
         {
            "function" : "OC\\{closure}",
            "class" : "OC\\Server",
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "type" : "->"
         },
         {
            "line" : 99,
            "args" : [
               {
                  "__class__" : "Closure"
               },
               [
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***"
               ]
            ],
            "file" : "/usr/local/www/nextcloud/lib/private/Hooks/EmitterTrait.php",
            "function" : "call_user_func_array"
         },
         {
            "class" : "OC\\Hooks\\BasicEmitter",
            "file" : "/usr/local/www/nextcloud/lib/private/Hooks/PublicEmitter.php",
            "line" : 36,
            "function" : "emit",
            "args" : [
               "\\OC\\User",
               "changeUser",
               [
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***"
               ]
            ],
            "type" : "->"
         },
         {
            "args" : [
               "\\OC\\User",
               "changeUser",
               [
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***"
               ]
            ],
            "type" : "->",
            "function" : "emit",
            "line" : 459,
            "file" : "/usr/local/www/nextcloud/lib/private/User/User.php",
            "class" : "OC\\Hooks\\PublicEmitter"
         },
         {
            "function" : "triggerChange",
            "args" : [
               "*** sensitive parameter replaced ***",
               "*** sensitive parameter replaced ***"
            ],
            "type" : "->",
            "class" : "OC\\User\\User",
            "line" : 194,
            "file" : "/usr/local/www/nextcloud/lib/private/Avatar.php"
         },
         {
            "class" : "OC\\Avatar",
            "file" : "/usr/local/www/nextcloud/apps-pkg/user_ldap/lib/User/User.php",
            "line" : 607,
            "function" : "set",
            "args" : [
               null
            ],
            "type" : "->"
         },
         {
            "class" : "OCA\\User_LDAP\\User\\User",
            "line" : 582,
            "file" : "/usr/local/www/nextcloud/apps-pkg/user_ldap/lib/User/User.php",
            "function" : "setOwnCloudAvatar",
            "args" : [],
            "type" : "->"
         },
         {
            "function" : "updateAvatar",
            "type" : "->",
            "args" : [],
            "class" : "OCA\\User_LDAP\\User\\User",
            "line" : 562,
            "file" : "/usr/local/www/nextcloud/apps-pkg/user_ldap/lib/User/User.php"
         },
         {
            "function" : "updateAvatarPostLogin",
            "args" : [
               {
                  "uid" : "*** sensitive parameter replaced ***",
                  "password" : "*** sensitive parameter replaced ***",
                  "run" : true
               }
            ],
            "type" : "->",
            "class" : "OCA\\User_LDAP\\User\\User",
            "line" : 106,
            "file" : "/usr/local/www/nextcloud/lib/private/legacy/hook.php"
         },
         {
            "function" : "emit",
            "args" : [
               "OC_User",
               "post_login",
               {
                  "run" : true,
                  "password" : "*** sensitive parameter replaced ***",
                  "uid" : "*** sensitive parameter replaced ***"
               }
            ],
            "type" : "::",
            "class" : "OC_Hook",
            "file" : "/usr/local/www/nextcloud/lib/private/Server.php",
            "line" : 418
         },
         {
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "type" : "->",
            "class" : "OC\\Server",
            "function" : "OC\\{closure}"
         },
         {
            "file" : "/usr/local/www/nextcloud/lib/private/Hooks/EmitterTrait.php",
            "line" : 99,
            "args" : [
               {
                  "__class__" : "Closure"
               },
               [
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***"
               ]
            ],
            "function" : "call_user_func_array"
         },
         {
            "file" : "/usr/local/www/nextcloud/lib/private/Hooks/PublicEmitter.php",
            "line" : 36,
            "class" : "OC\\Hooks\\BasicEmitter",
            "type" : "->",
            "args" : [
               "\\OC\\User",
               "postLogin",
               [
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***"
               ]
            ],
            "function" : "emit"
         },
         {
            "class" : "OC\\Hooks\\PublicEmitter",
            "file" : "/usr/local/www/nextcloud/lib/private/User/Session.php",
            "line" : 371,
            "function" : "emit",
            "args" : [
               "\\OC\\User",
               "postLogin",
               [
                  "*** sensitive parameter replaced ***",
                  "*** sensitive parameter replaced ***"
               ]
            ],
            "type" : "->"
         },
         {
            "function" : "completeLogin",
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "type" : "->",
            "class" : "OC\\User\\Session",
            "line" : 617,
            "file" : "/usr/local/www/nextcloud/lib/private/User/Session.php"
         },
         {
            "function" : "loginWithToken",
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "type" : "->",
            "class" : "OC\\User\\Session",
            "file" : "/usr/local/www/nextcloud/lib/private/User/Session.php",
            "line" : 336
         },
         {
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "type" : "->",
            "function" : "login",
            "line" : 420,
            "file" : "/usr/local/www/nextcloud/lib/private/User/Session.php",
            "class" : "OC\\User\\Session"
         },
         {
            "function" : "logClientIn",
            "type" : "->",
            "args" : [
               "*** sensitive parameters replaced ***"
            ],
            "class" : "OC\\User\\Session",
            "line" : 537,
            "file" : "/usr/local/www/nextcloud/lib/private/User/Session.php"
         },
         {
            "class" : "OC\\User\\Session",
            "file" : "/usr/local/www/nextcloud/lib/base.php",
            "line" : 1040,
            "function" : "tryBasicAuthLogin",
            "args" : [
               "*** sensitive parameter replaced ***",
               "*** sensitive parameter replaced ***"
            ],
            "type" : "->"
         },
         {
            "function" : "handleLogin",
            "type" : "::",
            "args" : [
               "*** sensitive parameter replaced ***"
            ],
            "class" : "OC",
            "line" : 976,
            "file" : "/usr/local/www/nextcloud/lib/base.php"
         },
         {
            "function" : "handleRequest",
            "args" : [],
            "type" : "::",
            "class" : "OC",
            "file" : "/usr/local/www/nextcloud/index.php",
            "line" : 42
         }
      ],
      "Line" : 343
   },
   "version" : "15.0.2.0",
   "user" : "myuser"
}

@skjnldsv skjnldsv added the 0. Needs triage Pending check for reproducibility or if it fits our roadmap label Jun 12, 2019
@skjnldsv
Copy link
Member

skjnldsv commented Apr 10, 2020
edited
Loading

The LDAP bind user only has read perms on entries, may that be a difference ?

What do you think @blizzz ?

@blizzz
Copy link
Member

blizzz commented Apr 24, 2020

The LDAP bind user only has read perms on entries, may that be a difference ?

The image is saved in LDAP within the record, so this should not be an issue.

@ghost
Copy link

ghost commented May 24, 2020

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

@ghost ghost added the stale Ticket or PR with no recent activity label May 24, 2020
@ghost ghost closed this as completed Jun 7, 2020
@dgeo
Copy link

dgeo commented Jun 8, 2020

@skjnldsv same here

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: ldap needs info stale Ticket or PR with no recent activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dgeo @shtrom @blizzz @kesselb @skjnldsv @hex-m @nextcloud-bot