File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1.0

[Revisor01]

Steps to reproduce

1. Upgrade to owncloud 9.1
2. Login
3. It shows CSRF check failed
4. Deactivated files_sharing via occ
5. Login workes

Expected behaviour

Login and works

Actual behaviour

shows CSRF check failed

Server configuration

Operating system:

Web server:
all-inkl.com
Database:
5.6.30
PHP version:
5.6.23
ownCloud version: (see ownCloud admin page)
9.1
Updated from an older ownCloud or fresh install:
updated from 9.0.3
Where did you install ownCloud from:
Install from tar.bz2
Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

Enabled:

• activity: 2.3.2
• calendar: 1.2.2
• comments: 0.3.0
• contacts: 1.3.1.0
• dav: 0.2.5
• federatedfilesharing: 0.3.0
• federation: 0.1.0
• files: 1.5.1
• files_pdfviewer: 0.8.1
• files_texteditor: 2.1
• files_trashbin: 0.9.0
• files_sharing 0.10.0
• files_versions: 1.3.0
• files_videoplayer: 0.9.8
• gallery: 15.0.0
• notifications: 0.3.0
• provisioning_api: 0.5.0
• systemtags: 0.3.0
• updatenotification: 0.2.1
  Disabled:
• encryption
• external
• files_antivirus
• files_external
• firstrunwizard
• templateeditor
• user_external
• user_ldap

The content of config/config.php:

$CONFIG = array (
'trusted_domains' =>
array (
0 => 'owncloud..de',
1 => 'owncloud..de',
2 => '.de',
3 => 'www.owncloud..de',
4 => 'www.owncloud..de',
5 => '.de',
),
'datadirectory' => '/www/htdocs///ownclouddata/data',
'tempdirectory' => '/www/htdocs///ownclouddata/tmp',
'overwrite.cli.url' => 'http://.de/cloud/owncloud',
'dbtype' => 'mysql',
'version' => '9.1.0.15',
'dbname' => 'd01cd1d3',
'dbhost' => '127.0.0.1',
'dbtableprefix' => 'oc_',
'filesystem_check_changes' => 0,
'dbuser' => 'd01cd1d3',
'dbpassword' => '',
'installed' => true,
'forcessl' => true,
'theme' => '',
'maintenance' => false,
'loglevel' => 3,
'mail_smtpmode' => 'smtp',
'appstore.experimental.enabled' => true,
'mail_from_address' => 'info',
'mail_domain' => 'owncloud.de',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtphost' => 'w01078ba.kasserver.com',
'mail_smtpport' => '465',
'mail_smtpauth' => 1,
'mail_smtpname' => '',
'mail_smtppassword' => '',
'trashbin_retention_obligation' => 'auto',
'enabledPreviewProviders' =>
array (
0 => 'OC\Preview\Image',
1 => 'OC\Preview\MP3',
2 => 'OC\Preview\TXT',
3 => 'OC\Preview\MarkDown',
4 => 'OC\Preview\Epub',
5 => 'OC\Preview\PDF',
6 => 'OC\Preview\OpenDocument',
7 => 'OC\Preview\StarOffice',
8 => 'OC\Preview\MSOfficeDoc',
9 => 'OC\Preview\MSOffice2003',
10 => 'OC\Preview\MSOffice2007',
),
'updater.secret' => '',
'mail_smtpsecure' => 'ssl',
);

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser:
Chrome
Operating system:
Mac OSX 10.11.6

Logs

Web server error log

{"reqId":"V5DHUlUNh8EAAC3bt5kAAAAk","remoteAddr":"217.93.9.75","app":"core","message":"starting upgrade from 9.0.1.3 to 9.1.0.15","level":0,"time":"2016-07-21T13:00:03+00:00","method":"GET","url":"/core/ajax/update.php?requesttoken=%3D%%3D","user":"--"}
{"reqId":"V5DHUlUNh8EAAC3bt5kAAAAk","remoteAddr":"217.93.9.75","app":"core","message":"Exception: {"Exception":"Exception","Message":"Die Anwendung konnte nicht installiert werden, weil Sie nicht mit dieser Version von ownCloud kompatibel ist.","Code":0,"Trace":"#grity(Array, '\/www\/htdocs\/w01...', '\/www\/htdocs\/w01...', false)\n#1 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Installer.php(263): OC\Installer::updateApp(Array)\n#2 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Updater.php(454): OC\Installer::updateAppByOCSId('164356')\n#3 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Updater.php(254): OC\Updater->upgradeAppStoreApps(Array)\n#4 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Updater.php(150): OC\Updater->doUpgrade('9.1.0.15', '9.0.1.3')\n#5 \/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/core\/ajax\/update.php(193): OC\Updater->upgrade()\n#6 {main}","File":"\/www\/htdocs\/w01078ba\/simon\/cloud\/owncloud\/lib\/private\/Installer.php","Line":377}","level":3,"time":"2016-07-21T13:02:21+00:00","method":"GET","url":"/core/ajax/update.php?requesttoken=I3g2NToLJgUlehQpPikjBWMvOQMBV2wbOgQyOzwgN2U%3D%3AfSRxkQHLRIfSJLAsZFmNMb4BcfhZfNO5pfFUDm96pio%3D","user":"--"}

ownCloud log (data/owncloud.log)

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

[cipher2k]

I have the same issue. deactivating files_sharing via occ solved the issue of not being able to log in, but now the file sharing feature is missing.

[wmeneses]

hello, happens to me ... when I activate the ldap module, an answer to this problem?

[PVince81]

Please all tell us how did you update.

From looking at the messages above it looks like the source code hasn't been properly replaced.

[Revisor01]

Hello,
I Downloaded tar.bz2, extracted on the Server, copy over config.php and started update process.

Thanks for help

[PVince81]

@Revisor01 did you delete the old source code before extracting ?

[Revisor01]

Yes.

[Revisor01]

In an Otter Installation i tried to replace files. Same Error.

[PVince81]

@Revisor01 can you confirm that there are no errors on this page: http://example.com/index.php/settings/integrity/failed and on the admin page (setup check) ?

[Revisor01]

I'm not at the pc right now. But there were no errors or integrity massages after disabling files_sharing.

[PVince81]

Could all the reporters answer the same questions ? The more details we have about the different setups, the closer we can get to a soluton. Thank you !

[PVince81]

Does clearing the cookies make the CSRF failed message disappear ?

So far I don't see any correlation between this and the files_sharing app.

[Revisor01]

Deleted the cache, tried different browsers (safari, Firefox, chrome) users, computers, tablets.

[cipher2k]

I updated from a working latest 9.0.x release to 9.1 via apt-get update & apt-get upgrade.
Then did a occ upgrade -> no errors shown in console.
next: turned off maintenance mode via occ, too.

After that I could not log in to owncloud anymore via web. CSRF check failed message. After disabling files_sharing via occ it works again.

Cookies are always turned on. integrity check page shows: No errors have been found.

[PVince81]

And I guess there is no specific error in owncloud.log or error_log when you get the CSRF failed page ? Even with "loglevel" set to 0 ?

[cipher2k]

nothing specific, just:
{"reqId":"0/clTBSYhuMIUJ4JIfrh","remoteAddr":"##.###.###.###","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-07-21T16:20:54+00:00","method":"POST","url":"/index.php/login","user":"--"}

[PVince81]

Hmmm... the way how CSRF check works: whenever the login page is rendered, it will first generate the token and then store it into the current session. Also it will append the token into a hidden field "requesttoken". You can see it if you inspect the source code of the login page.
Then, when you login, it will POST username/password but also send that token to the server.
Then the server compares the token with the one it has in the session.
If they don't match, you get this error.

Not sure yet where the files_sharing app would disturb this process.

[wmeneses]

Hi, I had written the post above about ldap, after testing off the modules one by one, Ldap works ok, but the module "sharing files" does not work.
If I disable ldap "sharing files" works, by trying to turn it on, the CPU goes up and the server goes down, I think the error is the loading order of each of the modules in this version, the 9.0 had no problem .

I have 1500 users, 64GB of RAM, Xeon g4

[PVince81]

Are you guys using the standard PHP session or did you deploy clustered environments ? In the latter case the session management might be slightly different.

[wmeneses]

It should be standard, I do not cluster.
I happened in php5.5, upgrade to php7.0 but I have the same problem

[wmeneses]

In my particular case apache generates a "segmentation fault". if one of the modules is on and the other is active.

[PVince81]

@wmeneses @cipher2k can you guys please post a full report ? See https://raw.githubusercontent.com/owncloud/core/master/issue_template.md

I'd like to see if there is anything similar in your reports.

So far there isn't enough information to be able to either reproduce the issue or understand where it's coming from.

[wmeneses]

Unfortunately I can not, my owncloud has many active users now, if I activate this module the server crashes, :(. "Sharing files" will be off because it is more important that users can be authenticated.
At night I can reproduce the error, thank you very much for all the help

[dergilb99]

@Revisor01 You might want to remove your smtp credentials.

[ruuskil]

Steps to reproduce

1. Upgrade to OC 9.1
2. Try to log in as a normal user
3. No login because CSRF check failed
4. Log in as admin and disable file sharing app from admin panel
5. Login works

Expected behaviour

All users should be able to log in

Actual behaviour

User can not log in because CSRF check failed when file sharing app is enabled. Server load goes very high.

Server configuration

Operating system:
Ubuntu 16.04 LTS

Web server:
Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g-fips

Database:
MySQL 5.7.13-0ubuntu0.16.04.2 - (Ubuntu)

PHP version:
7.0.8-0ubuntu0.16.04.1

ownCloud version: (see ownCloud admin page)
9.1

Updated from an older ownCloud or fresh install:
Updated from 9.0.4

Where did you install ownCloud from:
From apt-get. Did occ upgrade from command line and no errors were reported.

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

No errors have been found.

**List of activated apps:**

Enabled:
  - activity: 2.3.2
  - calendar: 1.2.2
  - comments: 0.3.0
  - dav: 0.2.5
  - federatedfilesharing: 0.3.0
  - federation: 0.1.0
  - files: 1.5.1
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - notifications: 0.3.0
  - ownnote: 1.08
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1

**The content of config/config.php:**
{
    "system": {
        "instanceid": "oc5rl1d2bu5s",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "pilvi.sytes.net",
            "pilvi.kielletaan.com"
        ],
        "datadirectory": "\/var\/www\/owncloud\/data",
        "overwrite.cli.url": "https:\/\/pilvi.kielletaan.com",
        "dbtype": "mysql",
        "version": "9.1.0.15",
        "installed": true,
        "logtimezone": "Europe\/Helsinki",
        "logfile": "\/var\/log\/owncloud.log",
        "loglevel": 0,
        "log_authfailip": true,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "smtpa.kolumbus.fi",
        "mail_from_address": "pilvi",
        "mail_domain": "kielletaan.com",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "theme": "",
        "maintenance": false,
        "dbname": "owncloud",
        "dbhost": "127.0.0.1",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "check_for_working_htaccess": true,
        "appstoreenabled": true,
        "appstoreurl": "https:\/\/api.owncloud.com\/v1",
        "apps_paths": [
            {
                "path": "\/var\/www\/owncloud\/apps",
                "url": "\/apps",
                "writable": true
            }
        ],
        "trashbin_retention_obligation": "auto",
        "updatechecker": false,
        "htaccess.RewriteBase": "\/"
    }
}

**Are you using external storage, if yes which one:** local/smb/sftp/...
no

**Are you using encryption:** yes/no
no

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
Webdav

### Client configuration
**Browser:**
Chrome/IE/Safari
Mobile clients
Desktop client

**Operating system:**
Windows/Linux/Android

### Logs
#### Web server error log
[Fri Jul 22 20:48:12.573084 2016] [core:notice] [pid 3014] AH00051: child pid 6346 exit signal Segmentation fault (11), possible coredump in /etc/apache2

#### ownCloud log (data/owncloud.log)
{"reqId":"vx2BMAK6UpRfaM1VRB8F","remoteAddr":"192.168.1.1","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-07-22T21:10:02+03:00","method":"POST","url":"\/login","user":"--"}

[ruuskil]

Did some testing and found something that might help.

I created a test user and then enabled the file share app. All old users got the same CSRF error but this new test user was able to log in and create file shares. Maybe things will start to work if I delete all user accounts and create them again and restore their data? I'm not willing to do that because most likely they will lose all calendar data and file share information.

[PVince81]

@gekoul are any files or folders shared from that local storage ? Or is there no sharing involved ?
The patch only fixes issues related to sharing, so I'm wondering whether you found another different case.

[gekoul]

I think not. It is most definitely the same use case. The problem starts as soon as the user tries to share the file/folder.
The issue is resolved once the share is deleted from the oc_shares table.

G.

----- Original Message -----

From: "Vincent Petry" notifications@github.com
To: "owncloud/core" core@noreply.github.com
Cc: "George" gekoul@gmail.com, "Mention" mention@noreply.github.com
Sent: Thursday, 18 August, 2016 1:06:00 PM
Subject: Re: [owncloud/core] File Sharing stack overflow, memory issue, crash, CSRF issue on 9.1 (#25557)

@gekoul are any files or folders shared from that local storage ? Or is there no sharing involved ?
The patch only fixes issues related to sharing, so I'm wondering whether you found another different case.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub , or mute the thread .

[PVince81]

9.1.1 RC1 is out, you can use it for testing: You can help testing with the 9.1.1 RC1: http://download.owncloud.org/community/testing/owncloud-9.1.1RC1.tar.bz2

[scroach]

Hey there, we are having massive issues this week since we migrated our server. We updated from OC 8 to 9.0 and then 9.1. But since the update the share plugin is causing problems. We tried updating to the 9.1.1RC1 but it's still not working. Some users are able to login and some are not (we are not sure about why, but disabling the plugin works).

I get an internal server error when I try to login. SQL Exception when trying to insert into oc_mounts. Any thoughts or more info I could provide to help?

{"reqId":"AO1OAdlnpklUTvXF6Ui4","remoteAddr":"xxxxxx","app":"index","message":"Exception: {\"Exception\":\"Doctrine\\\\DBAL\\\\Exception\\\\DriverException\",\"Message\":\"An exception occurred while executing 'INSERT INTO oc_mounts (storage_id,root_id,user_id,mount_point) SELECT ?,?,?,? FROM oc_mounts WHERE root_id = ? AND user_id = ? HAVING COUNT(*) = 0' with params [false, 2147, \\\"winkelmayer\\\", \\\"\\\\\\\/winkelmayer\\\\\\\/files\\\\\\\/xxxxx\\\\\\\/\\\", 2147, \\\"winkelmayer\\\"]:\\n\\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'storage_id' at row 1\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/DBALException.php(116): Doctrine\\\\DBAL\\\\Driver\\\\AbstractMySQLDriver->convertException('An exception oc...', Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException))\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Connection.php(996): Doctrine\\\\DBAL\\\\DBALException::driverExceptionDuringQuery(Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOMySql\\\\Driver), Object(Doctrine\\\\DBAL\\\\Driver\\\\PDOException), 'INSERT INTO oc...', Array)\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Connection.php(209): Doctrine\\\\DBAL\\\\Connection->executeUpdate('INSERT INTO oc...', Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Adapter.php(113): OC\\\\DB\\\\Connection->executeUpdate('INSERT INTO oc...', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/DB\\\/Connection.php(247): OC\\\\DB\\\\Adapter->insertIfNotExist('*PREFIX*mounts', Array, Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/UserMountCache.php(144): OC\\\\DB\\\\Connection->insertIfNotExist('*PREFIX*mounts', Array, Array)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/UserMountCache.php(124): OC\\\\Files\\\\Config\\\\UserMountCache->addToCache(Object(OC\\\\Files\\\\Config\\\\LazyStorageMountInfo))\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Config\\\/MountProviderCollection.php(133): OC\\\\Files\\\\Config\\\\UserMountCache->registerMounts(Object(OC\\\\User\\\\User), Array)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(425): OC\\\\Files\\\\Config\\\\MountProviderCollection->registerMounts(Object(OC\\\\User\\\\User), Array)\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(370): OC\\\\Files\\\\Filesystem::initMountPoints('winkelmayer')\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/util.php(226): OC\\\\Files\\\\Filesystem::init('winkelmayer', '\\\/winkelmayer\\\/fi...')\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Filesystem.php(348): OC_Util::setupFS()\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(1110): OC\\\\Files\\\\Filesystem::resolvePath('\\\/files_encrypti...')\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/View.php(524): OC\\\\Files\\\\View->basicOperation('file_exists', '\\\/files_encrypti...')\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Encryption\\\/Keys\\\/Storage.php(190): OC\\\\Files\\\\View->file_exists('\\\/files_encrypti...')\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Encryption\\\/Keys\\\/Storage.php(101): OC\\\\Encryption\\\\Keys\\\\Storage->getKey('\\\/files_encrypti...')\\n#16 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/KeyManager.php(558): OC\\\\Encryption\\\\Keys\\\\Storage->getSystemUserKey('pubShare_15c297...', 'OC_DEFAULT_MODU...')\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/KeyManager.php(157): OCA\\\\Encryption\\\\KeyManager->getPublicShareKey()\\n#18 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/Users\\\/Setup.php(85): OCA\\\\Encryption\\\\KeyManager->validateShareKey()\\n#19 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/lib\\\/AppInfo\\\/Application.php(72): OCA\\\\Encryption\\\\Users\\\\Setup->setupSystem()\\n#20 \\\/var\\\/www\\\/owncloud\\\/apps\\\/encryption\\\/appinfo\\\/app.php(29): OCA\\\\Encryption\\\\AppInfo\\\\Application->__construct(Array, true)\\n#21 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(186): require_once('\\\/var\\\/www\\\/ownclo...')\\n#22 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(149): OC_App::requireAppFile('encryption')\\n#23 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/legacy\\\/app.php(119): OC_App::loadApp('encryption')\\n#24 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(875): OC_App::loadApps()\\n#25 \\\/var\\\/www\\\/owncloud\\\/index.php(39): OC::handleRequest()\\n#26 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/doctrine\\\/dbal\\\/lib\\\/Doctrine\\\/DBAL\\\/Driver\\\/AbstractMySQLDriver.php\",\"Line\":115}","level":3,"time":"2016-08-24T10:58:45+00:00","method":"GET","url":"\/owncloud\/index.php","user":"winkelmayer"}

[PVince81]

@scroach mind raising this in a separate issue and ping me there ? Your symptoms look completely different. Or are you also having memory errors and server crashes ?

[ballfire]

I applied the patch and i still experiencing the problem with CSRF; however, as i explained before, this server has SSL enabled in Apache, so the CSRF problem only happens when accessing without SSL. SSL version of the site works flawlessly.

Here is the log after a failed login attemp in the non-SSL version of the site

It looks as if the arguments for login were not being passed correctly

----- log -----
{"reqId":"vJETh0OzJzlypRU3Lh/u","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:22:59+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"vJETh0OzJzlypRU3Lh/u","remoteAddr":"192.168.253.160","app":"no app in context","message":"CSRF check failed","level":0,"time":"2016-08-25T08:22:59+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"zozgHToiwNjKOAW6g+af","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:22:59+00:00","method":"GET","url":"/owncloud/index.php/core/js/oc.js?v=223e9f78f8e1d27896a82bac43b47cf3","user":"--"}

------- log in the SSL version of the site that actually works (LDAP scheme hand changed to someorg.es)------
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"No DN found for on 127.0.0.1","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"--"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => uid=alorenzo,ou=people,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => primaryGroupID\n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Ready for a paged search","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Requested attribute primarygroupid not found for uid=alorenzo,ou=people,dc=someorg,dc=es","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=empleados,ou=group,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"Ready for a paged search","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"readAttribute: cn=empleados,ou=group,dc=someorg,dc=es found","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}
{"reqId":"DoGiTYMOzgZQAMcWiQzd","remoteAddr":"192.168.253.160","app":"user_ldap","message":"initializing paged search for Filter objectClass=* base Array\n(\n [0] => cn=owncloud_admin,ou=group,dc=someorg,dc=es\n)\n attr Array\n(\n [0] => \n)\n limit 500 offset 0","level":0,"time":"2016-08-25T08:27:42+00:00","method":"POST","url":"/owncloud/index.php/login","user":"091848fc-51f0-1034-8301-6d683c40ea4a"}

[.... goes on with successful after-login activity ---- ]

[PVince81]

@ballfire separate unrelated issue: #25927

[aTanCS]

After upgrading to 9.1 users (from ldap) who shared files hang php-fpm process. It runs at 100% until timeout. Disabling file sharing resolves the problem. Tried with php-fpm 5.4.45 and 7.0.9.
EDIT: patch resolved the problem.

[wobemh]

After Patching upgraded 9.1 we have an issue with sophos Antivirus, which scans new and changed files on our CentOS 7 Server:
System runs in normal speed, but shares over links are very slow!
Does OC build temporary files, if there is someone connecting over a shared link??

[derekbtw]

I'm getting this error and I just installed OwnCloud on my server yesterday and have not shared any links, thus there isn't any data in the oc_share table. I'm getting kind of nervous because I uploaded every single photo I have of my son on there to clear space on my computer.

[PVince81]

@wobemh Please make new tickets for any new issues observed on 9.1.1RC1 or patched instances.

@derekbtw https://owncloud.org/faq/#backup
@derekbtw since you don't have shares, your problem is likely a different one #25927

[derekbtw]

@PVince81 I figured it out. The problem was my max file upload size was set to 1KB for some reason. So when I typed in my username and password, it was over 1kb.

[kwisatz]

We have tested the latest patch mentioned above (https://patch-diff.githubusercontent.com/raw/owncloud/core/pull/25754.patch) and found it working.
However, @PVince81 you mentioned that

The patch was merged and will be in OC 9.1.1.

This means that is you want to help testing, you can use tomorrow's daily build of stable9.1

However, we're using the .deb package from your repository and 9.1.1 is not yet available here, is that known?

owncloud:
  Installed: 9.1.0-1.1
  Candidate: 9.1.0-1.1
  Version table:
 *** 9.1.0-1.1 0
        500 http://download.owncloud.org/download/repositories/stable/Debian_8.0/  Packages

[PVince81]

You might find 9.1.1RC1 in the testing repositories

[stormsh]

Hello there, I had login problems with my apps since I updated to 9.1. I solved this problem by adding App passwords for said apps. BUT I get this error when I try to log in with my mobile Firefox. The normal desktop Firefox (both are same version and nearly same addons) doesn't have a login problem. It's not urgend because I use the mobile forefox login twice per year.
I just thought you might like the info.

[lolnerd]

Hi there, I encountered this problem after upgrading to 9.1 by repository (Ubuntu 16.04). After the info in this thread, I waited patiently to 9.1.1 being released via repository, yet still the bug remains. I'm unable to login via Web Interface with the "Zugriff verboten", "CSRF check failed" error.

[PVince81]

@lolnerd maybe #25927 ?

[soaringPingu]

Hi, for what it might be worth I have a slightly different path to the same issue, and it might be useful to someone :-)

This doesn't just happen with upgrades.
I started from scratch with 9.1.0 a month or so ago. My old version was 7, and I only have 3 family users, so didn't bother upgrade as I was also making a fair few other changes.
I manually moved the old file structure of the data files into the new install. I have been using it since it was installed and I have shared one folder, with sub folders and files, with the group 'family'.
Yesterday I added one of the family users back in, and there were some file name clashes with the old files, using lower case first letters, like 'documents', vs. 9.1.0 defaults of 'Documents' (it might be the other way around, not sure...). This became an issue on Windows. I used the sync utility in Windows and manually de-selected the upper case and lower case directories until they contained the same data. I then logged in to the web interface with the new user and removed one version, in this case the lower case ones (documents, music and photos).
This morning, the new user could not log in, nor could I log in with my current user (admin rights). No changes had been made to the system at all.
I could still log into the web interface using my original admin account, and notably, that account is not a member of the group "family", all other accounts are.
My sync client on Ubuntu was showing a green connected tick, using the same credentials as I failed to log in with in the web interface. I didn't test it further than that.

It appears that only users in the group 'family' (in my case) are affected.
The folder that was shared with the group 'family' had no links to the removed folders
The sync clients appeared to be unaffected

(I have not done extensive testing as I am fairly novice in this and I don't have a test set-up, (and I don't want to break it ;-))

If some log files are of use to anyone, let me know which ones.

Since I only have a small system and my oc_share table only had one line in it, I solved it using the above suggested workaround of disabling the File Share and removing that entry. I then rebooted, enabled File Sharing, shared the folder again, and I am up and running.

[PVince81]

By the way, 9.1.1 was released which contains this fix.

So I encourage anyone coming here with the same issue to try 9.1.1 first.

[lep86]

OC 9.1.1 new installation on ubuntu 16. Got error CSRF check failed

[PVince81]

I'm locking this thread now as many people mistake it with #25927.

If you came here through the search and see a CSRF check failed issue on 9.1.1, please report your details in #25927.

Thanks.

[PVince81]

Trying to find smaller steps to reproduce this locally. Goal is being able to test this automatically to avoid regressions in the future.

Steps to recreate one level of recursion on v9.1.0:

1. Create three users "user1", "user2" and "user3"
2. Login as "user2"
3. Create a folder "deleted"
4. Share "deleted" with "user1"
5. Delete "deleted" to trash (but leave it there)
6. Create a folder "test"
7. Share "test" with "user1"
8. Login as "user3"
9. Create a folder "withuser2"
10. Share "withuser2" with "user2"
11. Log out
12. curl -D - -X GET -u user1:test http://localhost/owncloud/remote.php/webdav/welcome.txt > file.txt and debug into $this->ownerView->getPath() from the shared storage.

At some point the $mounts list will contain a SharedMount when trying to resolve the "deleted" share. Since that one is not in the "Home" mount which is the first entry in $mounts, it will step to the second entry SharedMount and call getStorage() and getCache() which will internally initialized that matching shared storage, which itself will call $this->ownerView->getPath() again for itself.

0  OC\Files\View->getPath() /srv/www/htdocs/owncloud/lib/private/Files/View.php:1693
1  OC\Files\Storage\Shared->__construct() /srv/www/htdocs/owncloud/apps/files_sharing/lib/sharedstorage.php:83
2  OC\Files\Storage\StorageFactory->getInstance() /srv/www/htdocs/owncloud/lib/private/Files/Storage/StorageFactory.php:82
3  OC\Files\Mount\MountPoint->createStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:137
4  OC\Files\Mount\MountPoint->getStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:160
5  OC\Files\View->getPath() /srv/www/htdocs/owncloud/lib/private/Files/View.php:1687
6  OC\Files\Storage\Shared->__construct() /srv/www/htdocs/owncloud/apps/files_sharing/lib/sharedstorage.php:83
7  OC\Files\Storage\StorageFactory->getInstance() /srv/www/htdocs/owncloud/lib/private/Files/Storage/StorageFactory.php:82
8  OC\Files\Mount\MountPoint->createStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:137
9  OC\Files\Mount\MountPoint->getStorage() /srv/www/htdocs/owncloud/lib/private/Files/Mount/MountPoint.php:160
10 OC\Files\Config\LazyStorageMountInfo->getStorageId() /srv/www/htdocs/owncloud/lib/private/Files/Config/LazyStorageMountInfo.php:50
11 OC\Files\Config\UserMountCache->addToCache() /srv/www/htdocs/owncloud/lib/private/Files/Config/UserMountCache.php:138
12 OC\Files\Config\UserMountCache->registerMounts() /srv/www/htdocs/owncloud/lib/private/Files/Config/UserMountCache.php:124
13 OC\Files\Config\MountProviderCollection->registerMounts() /srv/www/htdocs/owncloud/lib/private/Files/Config/MountProviderCollection.php:133
14 OC\Files\Filesystem::initMountPoints() /srv/www/htdocs/owncloud/lib/private/Files/Filesystem.php:425
15 OC\Cache\File->getStorage() /srv/www/htdocs/owncloud/lib/private/Cache/File.php:52
16 OC\Cache\File->gc() /srv/www/htdocs/owncloud/lib/private/Cache/File.php:173
17 OC::{closure:/srv/www/htdocs/owncloud/lib/base.php:717-729}() /srv/www/htdocs/owncloud/lib/base.php:720
18 call_user_func_array:{/srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98}() /srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98
19 OC\Hooks\BasicEmitter->emit() /srv/www/htdocs/owncloud/lib/private/Hooks/EmitterTrait.php:98
20 OC\Hooks\PublicEmitter->emit() /srv/www/htdocs/owncloud/lib/private/Hooks/PublicEmitter.php:32
21 OC\User\Session->loginWithPassword() /srv/www/htdocs/owncloud/lib/private/User/Session.php:436
22 OC\User\Session->login() /srv/www/htdocs/owncloud/lib/private/User/Session.php:287
23 OC\User\Session->logClientIn() /srv/www/htdocs/owncloud/lib/private/User/Session.php:313
24 OCA\DAV\Connector\Sabre\Auth->validateUserPass() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:121
25 Sabre\DAV\Auth\Backend\AbstractBasic->check() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php:105
26 OCA\DAV\Connector\Sabre\Auth->auth() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:242
27 OCA\DAV\Connector\Sabre\Auth->check() /srv/www/htdocs/owncloud/apps/dav/lib/Connector/Sabre/Auth.php:146
28 Sabre\DAV\Auth\Plugin->beforeMethod() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php:166
29 call_user_func_array:{/srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105}() /srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105
30 Sabre\Event\EventEmitter->emit() /srv/www/htdocs/owncloud/3rdparty/sabre/event/lib/EventEmitterTrait.php:105
31 Sabre\DAV\Server->invokeMethod() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php:446
32 Sabre\DAV\Server->exec() /srv/www/htdocs/owncloud/3rdparty/sabre/dav/lib/DAV/Server.php:248
33 require_once()  /srv/www/htdocs/owncloud/apps/dav/appinfo/v1/webdav.php:56
34 {main}          /srv/www/htdocs/owncloud/remote.php:164

This is only a single-level recursion. Goal is to use a similar scenario to achieve infinite recursion with group shares.

[PVince81]

Steps for infinite recursion on v9.1.0:

1. Create two users "user1" and "user2"
2. Login as "user1"
3. Create a folder "delfromuser1"
4. Share "delfromuser1" with "user2"
5. Delete "delfromuser1" to trash
6. Create a folder "testfromuser1"
7. Share "testfromuser1" with "user2"
8. Login as "user2"
9. Create a folder "delfromuser2"
10. Share "delfromuser2" with "user1"
11. Refresh the page 💥
12. curl -D - -X GET -u user2:test http://localhost/owncloud/remote.php/webdav/welcome.txt > file.txt 💥 500 Internal Server Error

How the recursion occurs:

1. When setting up the FS for user2, the SharedStorage for "delfromuser1" is being initialized.
2. This calls $this->ownerView->getPath() with the id of that share which points to a deleted file. The owner is "user1" so this is user1's view
3. getPath() grabs a list of mounts points in $mounts, first one is user1's Home storage and the second one is user1's received SharedMount "delfromuser2".
4. Since the file doesn't exist on the Home storage, the loop proceeds to the `SharedMount' "delfromuser2"
5. Since that one is not initialized yet, calling getStorage()->getCache() will initialize it.
6. Initializing the "SharedStorage" for "delfromuser2" will itself call $this->ownerView->getPath()with the id of that share. The owner is "user2" so this is user2's view.
7. getPath() grabs a list of mount points in $mounts, first one is user2's Home storage and the second one is user2's received SharedMount "delfromuser1"
8. The same logic as above happens in the loop and the SharedMount "delfromuser1" will initialize the storage again from step1, which causes an infinite loop that way