| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/engine/syncer_util.h" | 5 #include "sync/engine/syncer_util.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 199 syncable::WriteTransaction* const trans, | 199 syncable::WriteTransaction* const trans, |
| 200 syncable::MutableEntry* const entry, | 200 syncable::MutableEntry* const entry, |
| 201 ConflictResolver* resolver, | 201 ConflictResolver* resolver, |
| 202 Cryptographer* cryptographer) { | 202 Cryptographer* cryptographer) { |
| 203 CHECK(entry->good()); | 203 CHECK(entry->good()); |
| 204 if (!entry->Get(IS_UNAPPLIED_UPDATE)) | 204 if (!entry->Get(IS_UNAPPLIED_UPDATE)) |
| 205 return SUCCESS; // No work to do. | 205 return SUCCESS; // No work to do. |
| 206 syncable::Id id = entry->Get(ID); | 206 syncable::Id id = entry->Get(ID); |
| 207 const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS); | 207 const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS); |
| 208 | 208 |
| 209 // We intercept updates to the Nigori node, update the Cryptographer and | |
| 210 // encrypt any unsynced changes here because there is no Nigori | |
| 211 // ChangeProcessor. We never put the nigori node in a state of | |
| 212 // conflict_encryption. | |
| 213 // | |
| 214 // We always update the cryptographer with the server's nigori node, | |
| 215 // even if we have a locally modified nigori node (we manually merge nigori | |
| 216 // data in the conflict resolver in that case). This handles the case where | |
| 217 // two clients both set a different passphrase. The second client to attempt | |
| 218 // to commit will go into a state of having pending keys, unioned the set of | |
| 219 // encrypted types, and eventually re-encrypt everything with the passphrase | |
| 220 // of the first client and commit the set of merged encryption keys. Until the | |
| 221 // second client provides the pending passphrase, the cryptographer will | |
| 222 // preserve the encryption keys based on the local passphrase, while the | |
| 223 // nigori node will preserve the server encryption keys. | |
| 224 // | |
| 225 // If non-encryption changes are made to the nigori node, they will be | |
| 226 // lost as part of conflict resolution. This is intended, as we place a higher | |
| 227 // priority on preserving the server's passphrase change to preserving local | |
| 228 // non-encryption changes. Next time the non-encryption changes are made to | |
| 229 // the nigori node (e.g. on restart), they will commit without issue. | |
| 230 if (specifics.has_nigori()) { | |
| 231 const sync_pb::NigoriSpecifics& nigori = specifics.nigori(); | |
| 232 cryptographer->Update(nigori); | |
| 233 | |
| 234 // Make sure any unsynced changes are properly encrypted as necessary. | |
| 235 // We only perform this if the cryptographer is ready. If not, these are | |
| 236 // re-encrypted at SetDecryptionPassphrase time (via ReEncryptEverything). | |
| 237 // This logic covers the case where the nigori update marked new datatypes | |
| 238 // for encryption, but didn't change the passphrase. | |
| 239 if (cryptographer->is_ready()) { | |
| 240 // Note that we don't bother to encrypt any data for which IS_UNSYNCED | |
| 241 // == false here. The machine that turned on encryption should know about | |
| 242 // and re-encrypt all synced data. It's possible it could get interrupted | |
| 243 // during this process, but we currently reencrypt everything at startup | |
| 244 // as well, so as soon as a client is restarted with this datatype marked | |
| 245 // for encryption, all the data should be updated as necessary. | |
| 246 | |
| 247 // If this fails, something is wrong with the cryptographer, but there's | |
| 248 // nothing we can do about it here. | |
| 249 DVLOG(1) << "Received new nigori, encrypting unsynced changes."; | |
| 250 syncable::ProcessUnsyncedChangesForEncryption(trans, cryptographer); | |
| 251 } | |
| 252 } | |
| 253 | |
| 254 // Only apply updates that we can decrypt. If we can't decrypt the update, it | 209 // Only apply updates that we can decrypt. If we can't decrypt the update, it |
| 255 // is likely because the passphrase has not arrived yet. Because the | 210 // is likely because the passphrase has not arrived yet. Because the |
| 256 // passphrase may not arrive within this GetUpdates, we can't just return | 211 // passphrase may not arrive within this GetUpdates, we can't just return |
| 257 // conflict, else we try to perform normal conflict resolution prematurely or | 212 // conflict, else we try to perform normal conflict resolution prematurely or |
| 258 // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is | 213 // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is |
| 259 // treated as an unresolvable conflict. See the description in syncer_types.h. | 214 // treated as an unresolvable conflict. See the description in syncer_types.h. |
| 260 // This prevents any unsynced changes from commiting and postpones conflict | 215 // This prevents any unsynced changes from commiting and postpones conflict |
| 261 // resolution until all data can be decrypted. | 216 // resolution until all data can be decrypted. |
| 262 if (specifics.has_encrypted() && | 217 if (specifics.has_encrypted() && |
| 263 !cryptographer->CanDecrypt(specifics.encrypted())) { | 218 !cryptographer->CanDecrypt(specifics.encrypted())) { |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 480 << " Illegal predecessor after converting from server position."; | 435 << " Illegal predecessor after converting from server position."; |
| 481 } | 436 } |
| 482 | 437 |
| 483 entry->Put(CTIME, entry->Get(SERVER_CTIME)); | 438 entry->Put(CTIME, entry->Get(SERVER_CTIME)); |
| 484 entry->Put(MTIME, entry->Get(SERVER_MTIME)); | 439 entry->Put(MTIME, entry->Get(SERVER_MTIME)); |
| 485 entry->Put(BASE_VERSION, entry->Get(SERVER_VERSION)); | 440 entry->Put(BASE_VERSION, entry->Get(SERVER_VERSION)); |
| 486 entry->Put(IS_DEL, entry->Get(SERVER_IS_DEL)); | 441 entry->Put(IS_DEL, entry->Get(SERVER_IS_DEL)); |
| 487 entry->Put(IS_UNAPPLIED_UPDATE, false); | 442 entry->Put(IS_UNAPPLIED_UPDATE, false); |
| 488 } | 443 } |
| 489 | 444 |
| 445 // Allow the server's changes to take precedence. |
| 446 // This will take effect during the next ApplyUpdates step. |
| 447 void SyncerUtil::IgnoreLocalChanges(MutableEntry* entry) { |
| 448 DCHECK(entry->Get(IS_UNSYNCED)); |
| 449 DCHECK(entry->Get(IS_UNAPPLIED_UPDATE)); |
| 450 entry->Put(syncable::IS_UNSYNCED, false); |
| 451 } |
| 452 |
| 453 // Overwrite the server with our own value. |
| 454 // We will commit our local data, overwriting the server, at the next |
| 455 // opportunity. |
| 456 void SyncerUtil::OverwriteServerChanges(MutableEntry* entry) { |
| 457 DCHECK(entry->Get(IS_UNSYNCED)); |
| 458 DCHECK(entry->Get(IS_UNAPPLIED_UPDATE)); |
| 459 entry->Put(syncable::BASE_VERSION, entry->Get(syncable::SERVER_VERSION)); |
| 460 entry->Put(syncable::IS_UNAPPLIED_UPDATE, false); |
| 461 } |
| 462 |
| 463 // Having determined that everything matches, we ignore the non-conflict. |
| 464 void SyncerUtil::IgnoreConflict(MutableEntry* entry) { |
| 465 // If we didn't also unset IS_UNAPPLIED_UPDATE, then we would lose unsynced |
| 466 // positional data from adjacent entries when the server update gets applied |
| 467 // and the item is re-inserted into the PREV_ID/NEXT_ID linked list. This is |
| 468 // primarily an issue because we commit after applying updates, and is most |
| 469 // commonly seen when positional changes are made while a passphrase is |
| 470 // required (and hence there will be many encryption conflicts). |
| 471 DCHECK(entry->Get(IS_UNSYNCED)); |
| 472 DCHECK(entry->Get(IS_UNAPPLIED_UPDATE)); |
| 473 entry->Put(syncable::BASE_VERSION, entry->Get(syncable::SERVER_VERSION)); |
| 474 entry->Put(syncable::IS_UNAPPLIED_UPDATE, false); |
| 475 entry->Put(syncable::IS_UNSYNCED, false); |
| 476 } |
| 477 |
| 490 // static | 478 // static |
| 491 VerifyCommitResult SyncerUtil::ValidateCommitEntry( | 479 VerifyCommitResult SyncerUtil::ValidateCommitEntry( |
| 492 syncable::Entry* entry) { | 480 syncable::Entry* entry) { |
| 493 syncable::Id id = entry->Get(ID); | 481 syncable::Id id = entry->Get(ID); |
| 494 if (id == entry->Get(PARENT_ID)) { | 482 if (id == entry->Get(PARENT_ID)) { |
| 495 CHECK(id.IsRoot()) << "Non-root item is self parenting." << *entry; | 483 CHECK(id.IsRoot()) << "Non-root item is self parenting." << *entry; |
| 496 // If the root becomes unsynced it can cause us problems. | 484 // If the root becomes unsynced it can cause us problems. |
| 497 LOG(ERROR) << "Root item became unsynced " << *entry; | 485 LOG(ERROR) << "Root item became unsynced " << *entry; |
| 498 return VERIFY_UNSYNCABLE; | 486 return VERIFY_UNSYNCABLE; |
| 499 } | 487 } |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 716 if (update.version() < target->Get(SERVER_VERSION)) { | 704 if (update.version() < target->Get(SERVER_VERSION)) { |
| 717 LOG(WARNING) << "Update older than current server version for " | 705 LOG(WARNING) << "Update older than current server version for " |
| 718 << *target << " Update:" | 706 << *target << " Update:" |
| 719 << SyncerProtoUtil::SyncEntityDebugString(update); | 707 << SyncerProtoUtil::SyncEntityDebugString(update); |
| 720 return VERIFY_SUCCESS; // Expected in new sync protocol. | 708 return VERIFY_SUCCESS; // Expected in new sync protocol. |
| 721 } | 709 } |
| 722 return VERIFY_UNDECIDED; | 710 return VERIFY_UNDECIDED; |
| 723 } | 711 } |
| 724 | 712 |
| 725 } // namespace csync | 713 } // namespace csync |
| OLD | NEW |