From 9b494985fb4bd14e081289901e4aec45467d7af1 Mon Sep 17 00:00:00 2001 From: jkoberg Date: Wed, 20 Dec 2023 14:57:55 +0100 Subject: [PATCH] bump reva Signed-off-by: jkoberg --- changelog/unreleased/bump-reva.md | 5 ++ go.mod | 2 +- go.sum | 4 +- .../usershareprovider/usershareprovider.go | 53 ++++++++++++++++++- .../http/services/owncloud/ocdav/tus.go | 8 ++- .../cs3org/reva/v2/pkg/rgrpc/rgrpc.go | 44 +++++++-------- .../receivedsharecache/receivedsharecache.go | 43 ++++++++------- .../reva/v2/pkg/user/manager/ldap/ldap.go | 4 ++ .../cs3org/reva/v2/pkg/utils/ldap/identity.go | 3 +- vendor/modules.txt | 2 +- 10 files changed, 120 insertions(+), 48 deletions(-) create mode 100644 changelog/unreleased/bump-reva.md diff --git a/changelog/unreleased/bump-reva.md b/changelog/unreleased/bump-reva.md new file mode 100644 index 00000000000..f7e1fadc89d --- /dev/null +++ b/changelog/unreleased/bump-reva.md @@ -0,0 +1,5 @@ +Enhancement: Bump reva + +Bumps reva version + +https://github.com/owncloud/ocis/pull/8038 diff --git a/go.mod b/go.mod index 61f4f832bd1..7aa867befb3 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.9.0 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 - github.com/cs3org/reva/v2 v2.17.1-0.20231219093515-da04bc32d9fb + github.com/cs3org/reva/v2 v2.17.1-0.20231221075812-146de6352a30 github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e diff --git a/go.sum b/go.sum index 420e7a984b2..6d5d49d2271 100644 --- a/go.sum +++ b/go.sum @@ -1021,8 +1021,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.17.1-0.20231219093515-da04bc32d9fb h1:YH5k1nDJ5tm4gqUykeniDl83Bva5EMH8D2uA++M+ziY= -github.com/cs3org/reva/v2 v2.17.1-0.20231219093515-da04bc32d9fb/go.mod h1:QW31Q1IQ9ZCJMFv3u8/SdHSyLfCcSVNcRbqIJj+Y+7o= +github.com/cs3org/reva/v2 v2.17.1-0.20231221075812-146de6352a30 h1:uZfYdOTde4YmiRyWGEip093YuBIfoVYXdVrDp2Z7/w8= +github.com/cs3org/reva/v2 v2.17.1-0.20231221075812-146de6352a30/go.mod h1:QW31Q1IQ9ZCJMFv3u8/SdHSyLfCcSVNcRbqIJj+Y+7o= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/usershareprovider/usershareprovider.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/usershareprovider/usershareprovider.go index 5e09a084e1b..d18024d6f7f 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/usershareprovider/usershareprovider.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/usershareprovider/usershareprovider.go @@ -154,6 +154,7 @@ func (s *service) isPathAllowed(path string) bool { } func (s *service) CreateShare(ctx context.Context, req *collaboration.CreateShareRequest) (*collaboration.CreateShareResponse, error) { + log := appctx.GetLogger(ctx) user := ctxpkg.ContextMustGetUser(ctx) gatewayClient, err := s.gatewaySelector.Next() @@ -184,9 +185,22 @@ func (s *service) CreateShare(ctx context.Context, req *collaboration.CreateShar } } + sRes, err := gatewayClient.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: req.GetResourceInfo().GetId()}}) + if err != nil { + log.Err(err).Interface("resource_id", req.GetResourceInfo().GetId()).Msg("failed to stat resource to share") + return &collaboration.CreateShareResponse{ + Status: status.NewInternal(ctx, "failed to stat shared resource"), + }, err + } + // the user needs to have the AddGrant permissions on the Resource to be able to create a share + if !sRes.GetInfo().GetPermissionSet().AddGrant { + return &collaboration.CreateShareResponse{ + Status: status.NewPermissionDenied(ctx, nil, "no permission to add grants on shared resource"), + }, err + } // check if the requested share creation has sufficient permissions to do so. if shareCreationAllowed := conversions.SufficientCS3Permissions( - req.GetResourceInfo().GetPermissionSet(), + sRes.GetInfo().GetPermissionSet(), req.GetGrant().GetPermissions().GetPermissions(), ); !shareCreationAllowed { return &collaboration.CreateShareResponse{ @@ -214,6 +228,8 @@ func (s *service) CreateShare(ctx context.Context, req *collaboration.CreateShar } func (s *service) RemoveShare(ctx context.Context, req *collaboration.RemoveShareRequest) (*collaboration.RemoveShareResponse, error) { + log := appctx.GetLogger(ctx) + user := ctxpkg.ContextMustGetUser(ctx) share, err := s.sm.GetShare(ctx, req.Ref) if err != nil { return &collaboration.RemoveShareResponse{ @@ -221,6 +237,29 @@ func (s *service) RemoveShare(ctx context.Context, req *collaboration.RemoveShar }, nil } + gatewayClient, err := s.gatewaySelector.Next() + if err != nil { + return nil, err + } + sRes, err := gatewayClient.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: share.GetResourceId()}}) + if err != nil { + log.Err(err).Interface("resource_id", share.GetResourceId()).Msg("failed to stat shared resource") + return &collaboration.RemoveShareResponse{ + Status: status.NewInternal(ctx, "failed to stat shared resource"), + }, err + } + // the requesting user needs to be either the Owner/Creator of the share or have the RemoveGrant permissions on the Resource + switch { + case utils.UserEqual(user.GetId(), share.GetCreator()) || utils.UserEqual(user.GetId(), share.GetOwner()): + fallthrough + case sRes.GetInfo().GetPermissionSet().RemoveGrant: + break + default: + return &collaboration.RemoveShareResponse{ + Status: status.NewPermissionDenied(ctx, nil, "no permission to remove grants on shared resource"), + }, err + } + err = s.sm.Unshare(ctx, req.Ref) if err != nil { return &collaboration.RemoveShareResponse{ @@ -279,6 +318,7 @@ func (s *service) ListShares(ctx context.Context, req *collaboration.ListSharesR func (s *service) UpdateShare(ctx context.Context, req *collaboration.UpdateShareRequest) (*collaboration.UpdateShareResponse, error) { log := appctx.GetLogger(ctx) + user := ctxpkg.ContextMustGetUser(ctx) gatewayClient, err := s.gatewaySelector.Next() if err != nil { return nil, err @@ -326,6 +366,17 @@ func (s *service) UpdateShare(ctx context.Context, req *collaboration.UpdateShar Status: status.NewInternal(ctx, "failed to stat shared resource"), }, err } + // the requesting user needs to be either the Owner/Creator of the share or have the UpdateGrant permissions on the Resource + switch { + case utils.UserEqual(user.GetId(), currentShare.GetCreator()) || utils.UserEqual(user.GetId(), currentShare.GetOwner()): + fallthrough + case sRes.GetInfo().GetPermissionSet().UpdateGrant: + break + default: + return &collaboration.UpdateShareResponse{ + Status: status.NewPermissionDenied(ctx, nil, "no permission to remove grants on shared resource"), + }, err + } // If this is a permissions update, check if user's permissions on the resource are sufficient to set the desired permissions var newPermissions *provider.ResourcePermissions diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/tus.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/tus.go index 6fbbbb6e43d..d3592f1ab74 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/tus.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/tus.go @@ -175,7 +175,13 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http. w.WriteHeader(http.StatusInternalServerError) return } - if tfRes.Status.Code != rpc.Code_CODE_OK { + switch tfRes.Status.Code { + case rpc.Code_CODE_OK: + w.WriteHeader(http.StatusCreated) + return + case rpc.Code_CODE_ALREADY_EXISTS: + // Fall through to the tus case + default: log.Error().Interface("status", tfRes.Status).Msg("error touching file") w.WriteHeader(http.StatusInternalServerError) return diff --git a/vendor/github.com/cs3org/reva/v2/pkg/rgrpc/rgrpc.go b/vendor/github.com/cs3org/reva/v2/pkg/rgrpc/rgrpc.go index 381c468c2d6..4168c4f0646 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/rgrpc/rgrpc.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/rgrpc/rgrpc.go @@ -325,25 +325,24 @@ func (s *Server) getInterceptors(unprotected []string) ([]grpc.ServerOption, err return nil, errors.Wrap(err, "rgrpc: error creating unary auth interceptor") } - unaryInterceptors := []grpc.UnaryServerInterceptor{authUnary} - for _, t := range unaryTriples { - unaryInterceptors = append(unaryInterceptors, t.Interceptor) - s.log.Info().Msgf("rgrpc: chaining grpc unary interceptor %s with priority %d", t.Name, t.Priority) - } - - unaryInterceptors = append(unaryInterceptors, + unaryInterceptors := []grpc.UnaryServerInterceptor{ otelgrpc.UnaryServerInterceptor( otelgrpc.WithTracerProvider(s.tracerProvider), - otelgrpc.WithPropagators(rtrace.Propagator)), - ) - - unaryInterceptors = append([]grpc.UnaryServerInterceptor{ + otelgrpc.WithPropagators(rtrace.Propagator), + ), appctx.NewUnary(s.log, s.tracerProvider), token.NewUnary(), useragent.NewUnary(), log.NewUnary(), recovery.NewUnary(), - }, unaryInterceptors...) + authUnary, + } + + for _, t := range unaryTriples { + unaryInterceptors = append(unaryInterceptors, t.Interceptor) + s.log.Info().Msgf("rgrpc: chaining grpc unary interceptor %s with priority %d", t.Name, t.Priority) + } + unaryChain := grpc_middleware.ChainUnaryServer(unaryInterceptors...) streamTriples := []*streamInterceptorTriple{} @@ -372,20 +371,23 @@ func (s *Server) getInterceptors(unprotected []string) ([]grpc.ServerOption, err return nil, errors.Wrap(err, "rgrpc: error creating stream auth interceptor") } - streamInterceptors := []grpc.StreamServerInterceptor{authStream} - for _, t := range streamTriples { - streamInterceptors = append(streamInterceptors, t.Interceptor) - s.log.Info().Msgf("rgrpc: chaining grpc streaming interceptor %s with priority %d", t.Name, t.Priority) - } - - streamInterceptors = append([]grpc.StreamServerInterceptor{ - authStream, + streamInterceptors := []grpc.StreamServerInterceptor{ + otelgrpc.StreamServerInterceptor( + otelgrpc.WithTracerProvider(s.tracerProvider), + otelgrpc.WithPropagators(rtrace.Propagator), + ), appctx.NewStream(s.log, s.tracerProvider), token.NewStream(), useragent.NewStream(), log.NewStream(), recovery.NewStream(), - }, streamInterceptors...) + authStream, + } + + for _, t := range streamTriples { + streamInterceptors = append(streamInterceptors, t.Interceptor) + s.log.Info().Msgf("rgrpc: chaining grpc streaming interceptor %s with priority %d", t.Name, t.Priority) + } streamChain := grpc_middleware.ChainStreamServer(streamInterceptors...) opts := []grpc.ServerOption{ diff --git a/vendor/github.com/cs3org/reva/v2/pkg/share/manager/jsoncs3/receivedsharecache/receivedsharecache.go b/vendor/github.com/cs3org/reva/v2/pkg/share/manager/jsoncs3/receivedsharecache/receivedsharecache.go index 65111e7e7c5..1080a808d1c 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/share/manager/jsoncs3/receivedsharecache/receivedsharecache.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/share/manager/jsoncs3/receivedsharecache/receivedsharecache.go @@ -32,6 +32,7 @@ import ( provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" "github.com/cs3org/reva/v2/pkg/appctx" "github.com/cs3org/reva/v2/pkg/errtypes" + "github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/mtimesyncedcache" "github.com/cs3org/reva/v2/pkg/storage/utils/metadata" "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" @@ -46,7 +47,7 @@ const tracerName = "receivedsharecache" type Cache struct { lockMap sync.Map - ReceivedSpaces map[string]*Spaces + ReceivedSpaces mtimesyncedcache.Map[string, *Spaces] storage metadata.Storage ttl time.Duration @@ -74,7 +75,7 @@ type State struct { // New returns a new Cache instance func New(s metadata.Storage, ttl time.Duration) Cache { return Cache{ - ReceivedSpaces: map[string]*Spaces{}, + ReceivedSpaces: mtimesyncedcache.Map[string, *Spaces]{}, storage: s, ttl: ttl, lockMap: sync.Map{}, @@ -97,7 +98,7 @@ func (c *Cache) Add(ctx context.Context, userID, spaceID string, rs *collaborati span.SetAttributes(attribute.String("cs3.userid", userID)) defer unlock() - if c.ReceivedSpaces[userID] == nil { + if _, ok := c.ReceivedSpaces.Load(userID); !ok { err := c.syncWithLock(ctx, userID) if err != nil { return err @@ -111,7 +112,8 @@ func (c *Cache) Add(ctx context.Context, userID, spaceID string, rs *collaborati persistFunc := func() error { c.initializeIfNeeded(userID, spaceID) - receivedSpace := c.ReceivedSpaces[userID].Spaces[spaceID] + rss, _ := c.ReceivedSpaces.Load(userID) + receivedSpace := rss.Spaces[spaceID] if receivedSpace.States == nil { receivedSpace.States = map[string]*State{} } @@ -171,10 +173,11 @@ func (c *Cache) Get(ctx context.Context, userID, spaceID, shareID string) (*Stat if err != nil { return nil, err } - if c.ReceivedSpaces[userID] == nil || c.ReceivedSpaces[userID].Spaces[spaceID] == nil { + rss, ok := c.ReceivedSpaces.Load(userID) + if !ok || rss.Spaces[spaceID] == nil { return nil, nil } - return c.ReceivedSpaces[userID].Spaces[spaceID].States[shareID], nil + return rss.Spaces[spaceID].States[shareID], nil } // List returns a list of received shares for a given user @@ -192,7 +195,8 @@ func (c *Cache) List(ctx context.Context, userID string) (map[string]*Space, err } spaces := map[string]*Space{} - for spaceID, space := range c.ReceivedSpaces[userID].Spaces { + rss, _ := c.ReceivedSpaces.Load(userID) + for spaceID, space := range rss.Spaces { spaceCopy := &Space{ States: map[string]*State{}, } @@ -220,9 +224,10 @@ func (c *Cache) syncWithLock(ctx context.Context, userID string) error { jsonPath := userJSONPath(userID) span.AddEvent("updating cache") // - update cached list of created shares for the user in memory if changed + rss, _ := c.ReceivedSpaces.Load(userID) dlres, err := c.storage.Download(ctx, metadata.DownloadRequest{ Path: jsonPath, - IfNoneMatch: []string{c.ReceivedSpaces[userID].etag}, + IfNoneMatch: []string{rss.etag}, }) switch err.(type) { case nil: @@ -248,7 +253,7 @@ func (c *Cache) syncWithLock(ctx context.Context, userID string) error { } newSpaces.etag = dlres.Etag - c.ReceivedSpaces[userID] = newSpaces + c.ReceivedSpaces.Store(userID, newSpaces) span.SetStatus(codes.Ok, "") return nil } @@ -259,12 +264,13 @@ func (c *Cache) persist(ctx context.Context, userID string) error { defer span.End() span.SetAttributes(attribute.String("cs3.userid", userID)) - if c.ReceivedSpaces[userID] == nil { + rss, ok := c.ReceivedSpaces.Load(userID) + if !ok { span.SetStatus(codes.Ok, "no received shares") return nil } - createdBytes, err := json.Marshal(c.ReceivedSpaces[userID]) + createdBytes, err := json.Marshal(rss) if err != nil { span.RecordError(err) span.SetStatus(codes.Error, err.Error()) @@ -280,11 +286,11 @@ func (c *Cache) persist(ctx context.Context, userID string) error { ur := metadata.UploadRequest{ Path: jsonPath, Content: createdBytes, - IfMatchEtag: c.ReceivedSpaces[userID].etag, + IfMatchEtag: rss.etag, } // when there is no etag in memory make sure the file has not been created on the server, see https://www.rfc-editor.org/rfc/rfc9110#field.if-match // > If the field value is "*", the condition is false if the origin server has a current representation for the target resource. - if c.ReceivedSpaces[userID].etag == "" { + if rss.etag == "" { ur.IfNoneMatch = []string{"*"} } @@ -303,12 +309,9 @@ func userJSONPath(userID string) string { } func (c *Cache) initializeIfNeeded(userID, spaceID string) { - if c.ReceivedSpaces[userID] == nil { - c.ReceivedSpaces[userID] = &Spaces{ - Spaces: map[string]*Space{}, - } - } - if spaceID != "" && c.ReceivedSpaces[userID].Spaces[spaceID] == nil { - c.ReceivedSpaces[userID].Spaces[spaceID] = &Space{} + rss, _ := c.ReceivedSpaces.LoadOrStore(userID, &Spaces{Spaces: map[string]*Space{}}) + if spaceID != "" && rss.Spaces[spaceID] == nil { + rss.Spaces[spaceID] = &Space{} + c.ReceivedSpaces.Store(userID, rss) } } diff --git a/vendor/github.com/cs3org/reva/v2/pkg/user/manager/ldap/ldap.go b/vendor/github.com/cs3org/reva/v2/pkg/user/manager/ldap/ldap.go index 6b8eeb66cd5..a996dbee2d1 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/user/manager/ldap/ldap.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/user/manager/ldap/ldap.go @@ -116,6 +116,10 @@ func (m *manager) GetUser(ctx context.Context, uid *userpb.UserId, skipFetchingG return nil, err } + if m.c.LDAPIdentity.IsLDAPUserInDisabledGroup(log, m.ldapClient, userEntry) { + return nil, errtypes.NotFound("user is locally disabled") + } + if skipFetchingGroups { return u, nil } diff --git a/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go b/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go index f438d332036..0a9af35c187 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go @@ -503,11 +503,12 @@ func (i *Identity) getUserFilter(uid string) (string, error) { escapedUUID = ldap.EscapeFilter(uid) } - return fmt.Sprintf("(&%s(objectclass=%s)(%s=%s))", + return fmt.Sprintf("(&%s(objectclass=%s)(%s=%s)%s)", i.User.Filter, i.User.Objectclass, i.User.Schema.ID, escapedUUID, + i.disabledFilter(), ), nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index ba1b458723f..07d8bb18ba6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -362,7 +362,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.17.1-0.20231219093515-da04bc32d9fb +# github.com/cs3org/reva/v2 v2.17.1-0.20231221075812-146de6352a30 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime