set a storage availability delay on auth issues to avoid lock out

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2019-08-22 12:19:51 +02:00
parent cd62b38cc8
commit 43bc31bacb
No known key found for this signature in database
GPG Key ID: 7424F1874854DF23
4 changed files with 126 additions and 114 deletions

View File

@ -55,6 +55,7 @@ use OCA\Files_External\Lib\Notify\SMBNotifyHandler;
use OCP\Files\Notify\IChange;
use OCP\Files\Notify\IRenameChange;
use OCP\Files\Storage\INotifyStorage;
use OCP\Files\StorageAuthException;
use OCP\Files\StorageNotAvailableException;
use OCP\ILogger;
@ -160,7 +161,7 @@ class SMB extends Common implements INotifyStorage {
/**
* @param string $path
* @return \Icewind\SMB\IFileInfo
* @throws StorageNotAvailableException
* @throws StorageAuthException
*/
protected function getFileInfo($path) {
try {
@ -170,19 +171,26 @@ class SMB extends Common implements INotifyStorage {
}
return $this->statCache[$path];
} catch (ConnectException $e) {
$this->logger->logException($e, ['message' => 'Error while getting file info']);
throw new StorageNotAvailableException($e->getMessage(), $e->getCode(), $e);
$this->throwUnavailable($e);
} catch (ForbiddenException $e) {
// with php-smbclient, this exceptions is thrown when the provided password is invalid.
// Possible is also ForbiddenException with a different error code, so we check it.
if($e->getCode() === 1) {
$this->logger->logException($e, ['message' => 'Error while getting file info']);
throw new StorageNotAvailableException($e->getMessage(), $e->getCode(), $e);
$this->throwUnavailable($e);
}
throw $e;
}
}
/**
* @param \Exception $e
* @throws StorageAuthException
*/
protected function throwUnavailable(\Exception $e) {
$this->logger->logException($e, ['message' => 'Error while getting file info']);
throw new StorageAuthException($e->getMessage(), $e);
}
/**
* @param string $path
* @return \Icewind\SMB\IFileInfo[]

View File

@ -1480,6 +1480,17 @@ $CONFIG = array(
*/
'quota_include_external_storage' => false,
/**
* When an external storage is unavailable for some reasons, it will be flagged
* as such for 10 minutes. When the trigger is a failed authentication attempt
* the delay is higher and can be controlled with this option. The motivation
* is to make account lock outs at Active Directories (and compatible) more
* unlikely.
*
* Defaults to ``1800`` (seconds)
*/
'external_storage.auth_availability_delay' => 1800,
/**
* Specifies how often the local filesystem (the Nextcloud data/ directory, and
* NFS mounts in data/) is checked for changes made outside Nextcloud. This

View File

@ -166,11 +166,12 @@ class Storage {
/**
* @param bool $isAvailable
* @param int $delay amount of seconds to delay reconsidering that storage further
*/
public function setAvailability($isAvailable) {
public function setAvailability($isAvailable, int $delay = 0) {
$sql = 'UPDATE `*PREFIX*storages` SET `available` = ?, `last_checked` = ? WHERE `id` = ?';
$available = $isAvailable ? 1 : 0;
\OC_DB::executeAudited($sql, array($available, time(), $this->storageId));
\OC_DB::executeAudited($sql, [$available, time() + $delay, $this->storageId]);
}
/**

View File

@ -24,6 +24,9 @@
namespace OC\Files\Storage\Wrapper;
use OCP\Files\Storage\IStorage;
use OCP\Files\StorageAuthException;
use OCP\Files\StorageNotAvailableException;
use OCP\IConfig;
/**
* Availability checker for storages
@ -33,6 +36,14 @@ use OCP\Files\Storage\IStorage;
class Availability extends Wrapper {
const RECHECK_TTL_SEC = 600; // 10 minutes
/** @var IConfig */
protected $config;
public function __construct($parameters) {
$this->config = $parameters['config'] ?? \OC::$server->getConfig();
parent::__construct($parameters);
}
public static function shouldRecheck($availability) {
if (!$availability['available']) {
// trigger a recheck if TTL reached
@ -72,11 +83,11 @@ class Availability extends Wrapper {
}
/**
* @throws \OCP\Files\StorageNotAvailableException
* @throws StorageNotAvailableException
*/
private function checkAvailability() {
if (!$this->isAvailable()) {
throw new \OCP\Files\StorageNotAvailableException();
throw new StorageNotAvailableException();
}
}
@ -85,9 +96,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::mkdir($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -96,9 +106,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::rmdir($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -107,9 +116,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::opendir($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -118,9 +126,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::is_dir($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -129,9 +136,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::is_file($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -140,9 +146,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::stat($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -151,9 +156,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::filetype($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -162,9 +166,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::filesize($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -173,9 +176,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::isCreatable($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -184,9 +186,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::isReadable($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -195,9 +196,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::isUpdatable($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -206,9 +206,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::isDeletable($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -217,9 +216,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::isSharable($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -228,9 +226,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::getPermissions($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -242,9 +239,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::file_exists($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -253,9 +249,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::filemtime($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -264,9 +259,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::file_get_contents($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -275,9 +269,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::file_put_contents($path, $data);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -286,9 +279,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::unlink($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -297,9 +289,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::rename($path1, $path2);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -308,9 +299,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::copy($path1, $path2);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -319,9 +309,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::fopen($path, $mode);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -330,9 +319,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::getMimeType($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -341,9 +329,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::hash($type, $path, $raw);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -352,9 +339,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::free_space($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -363,9 +349,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::search($query);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -374,9 +359,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::touch($path, $mtime);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -385,9 +369,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::getLocalFile($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -396,9 +379,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::hasUpdated($path, $time);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -406,9 +388,8 @@ class Availability extends Wrapper {
public function getOwner($path) {
try {
return parent::getOwner($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -417,9 +398,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::getETag($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -428,9 +408,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::getDirectDownload($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -439,9 +418,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -450,9 +428,8 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::moveFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
@ -461,9 +438,24 @@ class Availability extends Wrapper {
$this->checkAvailability();
try {
return parent::getMetaData($path);
} catch (\OCP\Files\StorageNotAvailableException $e) {
$this->setAvailability(false);
throw $e;
} catch (StorageNotAvailableException $e) {
$this->setUnavailable($e);
}
}
/**
* @throws StorageNotAvailableException
*/
protected function setUnavailable(StorageNotAvailableException $e) {
$delay = self::RECHECK_TTL_SEC;
if($e instanceof StorageAuthException) {
$delay = max(
// 30min
$this->config->getSystemValueInt('external_storage.auth_availability_delay', 1800),
self::RECHECK_TTL_SEC
);
}
$this->getStorageCache()->setAvailability(false, $delay);
throw $e;
}
}