| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/engine/syncer_util.h" | 5 #include "sync/engine/syncer_util.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 syncable::WriteTransaction* const trans, | 187 syncable::WriteTransaction* const trans, |
| 188 syncable::MutableEntry* const entry, | 188 syncable::MutableEntry* const entry, |
| 189 ConflictResolver* resolver, | 189 ConflictResolver* resolver, |
| 190 Cryptographer* cryptographer) { | 190 Cryptographer* cryptographer) { |
| 191 CHECK(entry->good()); | 191 CHECK(entry->good()); |
| 192 if (!entry->Get(IS_UNAPPLIED_UPDATE)) | 192 if (!entry->Get(IS_UNAPPLIED_UPDATE)) |
| 193 return SUCCESS; // No work to do. | 193 return SUCCESS; // No work to do. |
| 194 syncable::Id id = entry->Get(ID); | 194 syncable::Id id = entry->Get(ID); |
| 195 const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS); | 195 const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS); |
| 196 | 196 |
| 197 // We intercept updates to the Nigori node, update the Cryptographer and | |
| 198 // encrypt any unsynced changes here because there is no Nigori | |
| 199 // ChangeProcessor. We never put the nigori node in a state of | |
| 200 // conflict_encryption. | |
| 201 // | |
| 202 // We always update the cryptographer with the server's nigori node, | |
| 203 // even if we have a locally modified nigori node (we manually merge nigori | |
| 204 // data in the conflict resolver in that case). This handles the case where | |
| 205 // two clients both set a different passphrase. The second client to attempt | |
| 206 // to commit will go into a state of having pending keys, unioned the set of | |
| 207 // encrypted types, and eventually re-encrypt everything with the passphrase | |
| 208 // of the first client and commit the set of merged encryption keys. Until the | |
| 209 // second client provides the pending passphrase, the cryptographer will | |
| 210 // preserve the encryption keys based on the local passphrase, while the | |
| 211 // nigori node will preserve the server encryption keys. | |
| 212 // | |
| 213 // If non-encryption changes are made to the nigori node, they will be | |
| 214 // lost as part of conflict resolution. This is intended, as we place a higher | |
| 215 // priority on preserving the server's passphrase change to preserving local | |
| 216 // non-encryption changes. Next time the non-encryption changes are made to | |
| 217 // the nigori node (e.g. on restart), they will commit without issue. | |
| 218 if (specifics.has_nigori()) { | |
| 219 const sync_pb::NigoriSpecifics& nigori = specifics.nigori(); | |
| 220 cryptographer->ApplyNigoriUpdate(nigori, trans); | |
| 221 | |
| 222 // Make sure any unsynced changes are properly encrypted as necessary. | |
| 223 // We only perform this if the cryptographer is ready. If not, these are | |
| 224 // re-encrypted at SetDecryptionPassphrase time (via ReEncryptEverything). | |
| 225 // This logic covers the case where the nigori update marked new datatypes | |
| 226 // for encryption, but didn't change the passphrase. | |
| 227 if (cryptographer->is_ready()) { | |
| 228 // Note that we don't bother to encrypt any data for which IS_UNSYNCED | |
| 229 // == false here. The machine that turned on encryption should know about | |
| 230 // and re-encrypt all synced data. It's possible it could get interrupted | |
| 231 // during this process, but we currently reencrypt everything at startup | |
| 232 // as well, so as soon as a client is restarted with this datatype marked | |
| 233 // for encryption, all the data should be updated as necessary. | |
| 234 | |
| 235 // If this fails, something is wrong with the cryptographer, but there's | |
| 236 // nothing we can do about it here. | |
| 237 DVLOG(1) << "Received new nigori, encrypting unsynced changes."; | |
| 238 syncable::ProcessUnsyncedChangesForEncryption(trans, cryptographer); | |
| 239 } | |
| 240 } | |
| 241 | |
| 242 // Only apply updates that we can decrypt. If we can't decrypt the update, it | 197 // Only apply updates that we can decrypt. If we can't decrypt the update, it |
| 243 // is likely because the passphrase has not arrived yet. Because the | 198 // is likely because the passphrase has not arrived yet. Because the |
| 244 // passphrase may not arrive within this GetUpdates, we can't just return | 199 // passphrase may not arrive within this GetUpdates, we can't just return |
| 245 // conflict, else we try to perform normal conflict resolution prematurely or | 200 // conflict, else we try to perform normal conflict resolution prematurely or |
| 246 // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is | 201 // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is |
| 247 // treated as an unresolvable conflict. See the description in syncer_types.h. | 202 // treated as an unresolvable conflict. See the description in syncer_types.h. |
| 248 // This prevents any unsynced changes from commiting and postpones conflict | 203 // This prevents any unsynced changes from commiting and postpones conflict |
| 249 // resolution until all data can be decrypted. | 204 // resolution until all data can be decrypted. |
| 250 if (specifics.has_encrypted() && | 205 if (specifics.has_encrypted() && |
| 251 !cryptographer->CanDecrypt(specifics.encrypted())) { | 206 !cryptographer->CanDecrypt(specifics.encrypted())) { |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 464 << " Illegal predecessor after converting from server position."; | 419 << " Illegal predecessor after converting from server position."; |
| 465 } | 420 } |
| 466 | 421 |
| 467 entry->Put(CTIME, entry->Get(SERVER_CTIME)); | 422 entry->Put(CTIME, entry->Get(SERVER_CTIME)); |
| 468 entry->Put(MTIME, entry->Get(SERVER_MTIME)); | 423 entry->Put(MTIME, entry->Get(SERVER_MTIME)); |
| 469 entry->Put(BASE_VERSION, entry->Get(SERVER_VERSION)); | 424 entry->Put(BASE_VERSION, entry->Get(SERVER_VERSION)); |
| 470 entry->Put(IS_DEL, entry->Get(SERVER_IS_DEL)); | 425 entry->Put(IS_DEL, entry->Get(SERVER_IS_DEL)); |
| 471 entry->Put(IS_UNAPPLIED_UPDATE, false); | 426 entry->Put(IS_UNAPPLIED_UPDATE, false); |
| 472 } | 427 } |
| 473 | 428 |
| 429 // Allow the server's changes to take precedence. |
| 430 // This will take effect during the next ApplyUpdates step. |
| 431 void IgnoreLocalChanges(MutableEntry* entry) { |
| 432 DCHECK(entry->Get(IS_UNSYNCED)); |
| 433 DCHECK(entry->Get(IS_UNAPPLIED_UPDATE)); |
| 434 entry->Put(syncable::IS_UNSYNCED, false); |
| 435 } |
| 436 |
| 437 // Overwrite the server with our own value. |
| 438 // We will commit our local data, overwriting the server, at the next |
| 439 // opportunity. |
| 440 void OverwriteServerChanges(MutableEntry* entry) { |
| 441 DCHECK(entry->Get(IS_UNSYNCED)); |
| 442 DCHECK(entry->Get(IS_UNAPPLIED_UPDATE)); |
| 443 entry->Put(syncable::BASE_VERSION, entry->Get(syncable::SERVER_VERSION)); |
| 444 entry->Put(syncable::IS_UNAPPLIED_UPDATE, false); |
| 445 } |
| 446 |
| 447 // Having determined that everything matches, we ignore the non-conflict. |
| 448 void IgnoreConflict(MutableEntry* entry) { |
| 449 // If we didn't also unset IS_UNAPPLIED_UPDATE, then we would lose unsynced |
| 450 // positional data from adjacent entries when the server update gets applied |
| 451 // and the item is re-inserted into the PREV_ID/NEXT_ID linked list. This is |
| 452 // primarily an issue because we commit after applying updates, and is most |
| 453 // commonly seen when positional changes are made while a passphrase is |
| 454 // required (and hence there will be many encryption conflicts). |
| 455 DCHECK(entry->Get(IS_UNSYNCED)); |
| 456 DCHECK(entry->Get(IS_UNAPPLIED_UPDATE)); |
| 457 entry->Put(syncable::BASE_VERSION, entry->Get(syncable::SERVER_VERSION)); |
| 458 entry->Put(syncable::IS_UNAPPLIED_UPDATE, false); |
| 459 entry->Put(syncable::IS_UNSYNCED, false); |
| 460 } |
| 461 |
| 474 VerifyCommitResult ValidateCommitEntry(syncable::Entry* entry) { | 462 VerifyCommitResult ValidateCommitEntry(syncable::Entry* entry) { |
| 475 syncable::Id id = entry->Get(ID); | 463 syncable::Id id = entry->Get(ID); |
| 476 if (id == entry->Get(PARENT_ID)) { | 464 if (id == entry->Get(PARENT_ID)) { |
| 477 CHECK(id.IsRoot()) << "Non-root item is self parenting." << *entry; | 465 CHECK(id.IsRoot()) << "Non-root item is self parenting." << *entry; |
| 478 // If the root becomes unsynced it can cause us problems. | 466 // If the root becomes unsynced it can cause us problems. |
| 479 LOG(ERROR) << "Root item became unsynced " << *entry; | 467 LOG(ERROR) << "Root item became unsynced " << *entry; |
| 480 return VERIFY_UNSYNCABLE; | 468 return VERIFY_UNSYNCABLE; |
| 481 } | 469 } |
| 482 if (entry->IsRoot()) { | 470 if (entry->IsRoot()) { |
| 483 LOG(ERROR) << "Permanent item became unsynced " << *entry; | 471 LOG(ERROR) << "Permanent item became unsynced " << *entry; |
| (...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 692 if (update.version() < target->Get(SERVER_VERSION)) { | 680 if (update.version() < target->Get(SERVER_VERSION)) { |
| 693 LOG(WARNING) << "Update older than current server version for " | 681 LOG(WARNING) << "Update older than current server version for " |
| 694 << *target << " Update:" | 682 << *target << " Update:" |
| 695 << SyncerProtoUtil::SyncEntityDebugString(update); | 683 << SyncerProtoUtil::SyncEntityDebugString(update); |
| 696 return VERIFY_SUCCESS; // Expected in new sync protocol. | 684 return VERIFY_SUCCESS; // Expected in new sync protocol. |
| 697 } | 685 } |
| 698 return VERIFY_UNDECIDED; | 686 return VERIFY_UNDECIDED; |
| 699 } | 687 } |
| 700 | 688 |
| 701 } // namespace syncer | 689 } // namespace syncer |
| OLD | NEW |