| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/engine/syncer_util.h" | 5 #include "sync/engine/syncer_util.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/location.h" | 12 #include "base/location.h" |
| 13 #include "base/metrics/histogram.h" | 13 #include "base/metrics/histogram.h" |
| 14 #include "sync/engine/conflict_resolver.h" | 14 #include "sync/engine/conflict_resolver.h" |
| 15 #include "sync/engine/syncer_proto_util.h" | 15 #include "sync/engine/syncer_proto_util.h" |
| 16 #include "sync/engine/syncer_types.h" | 16 #include "sync/engine/syncer_types.h" |
| 17 #include "sync/internal_api/public/base/model_type.h" | 17 #include "sync/internal_api/public/base/model_type.h" |
| 18 #include "sync/protocol/bookmark_specifics.pb.h" | 18 #include "sync/protocol/bookmark_specifics.pb.h" |
| 19 #include "sync/protocol/nigori_specifics.pb.h" | |
| 20 #include "sync/protocol/password_specifics.pb.h" | 19 #include "sync/protocol/password_specifics.pb.h" |
| 21 #include "sync/protocol/sync.pb.h" | 20 #include "sync/protocol/sync.pb.h" |
| 22 #include "sync/syncable/directory.h" | 21 #include "sync/syncable/directory.h" |
| 23 #include "sync/syncable/entry.h" | 22 #include "sync/syncable/entry.h" |
| 24 #include "sync/syncable/mutable_entry.h" | 23 #include "sync/syncable/mutable_entry.h" |
| 25 #include "sync/syncable/nigori_handler.h" | |
| 26 #include "sync/syncable/nigori_util.h" | |
| 27 #include "sync/syncable/read_transaction.h" | 24 #include "sync/syncable/read_transaction.h" |
| 28 #include "sync/syncable/syncable_changes_version.h" | 25 #include "sync/syncable/syncable_changes_version.h" |
| 29 #include "sync/syncable/syncable_proto_util.h" | 26 #include "sync/syncable/syncable_proto_util.h" |
| 30 #include "sync/syncable/syncable_util.h" | 27 #include "sync/syncable/syncable_util.h" |
| 31 #include "sync/syncable/write_transaction.h" | 28 #include "sync/syncable/write_transaction.h" |
| 32 #include "sync/util/cryptographer.h" | 29 #include "sync/util/cryptographer.h" |
| 33 #include "sync/util/time.h" | 30 #include "sync/util/time.h" |
| 34 | 31 |
| 35 namespace syncer { | 32 namespace syncer { |
| 36 | 33 |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 188 syncable::WriteTransaction* const trans, | 185 syncable::WriteTransaction* const trans, |
| 189 syncable::MutableEntry* const entry, | 186 syncable::MutableEntry* const entry, |
| 190 ConflictResolver* resolver, | 187 ConflictResolver* resolver, |
| 191 Cryptographer* cryptographer) { | 188 Cryptographer* cryptographer) { |
| 192 CHECK(entry->good()); | 189 CHECK(entry->good()); |
| 193 if (!entry->Get(IS_UNAPPLIED_UPDATE)) | 190 if (!entry->Get(IS_UNAPPLIED_UPDATE)) |
| 194 return SUCCESS; // No work to do. | 191 return SUCCESS; // No work to do. |
| 195 syncable::Id id = entry->Get(ID); | 192 syncable::Id id = entry->Get(ID); |
| 196 const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS); | 193 const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS); |
| 197 | 194 |
| 198 // We intercept updates to the Nigori node, update the Cryptographer and | |
| 199 // encrypt any unsynced changes here because there is no Nigori | |
| 200 // ChangeProcessor. We never put the nigori node in a state of | |
| 201 // conflict_encryption. | |
| 202 // | |
| 203 // We always update the cryptographer with the server's nigori node, | |
| 204 // even if we have a locally modified nigori node (we manually merge nigori | |
| 205 // data in the conflict resolver in that case). This handles the case where | |
| 206 // two clients both set a different passphrase. The second client to attempt | |
| 207 // to commit will go into a state of having pending keys, unioned the set of | |
| 208 // encrypted types, and eventually re-encrypt everything with the passphrase | |
| 209 // of the first client and commit the set of merged encryption keys. Until the | |
| 210 // second client provides the pending passphrase, the cryptographer will | |
| 211 // preserve the encryption keys based on the local passphrase, while the | |
| 212 // nigori node will preserve the server encryption keys. | |
| 213 // | |
| 214 // If non-encryption changes are made to the nigori node, they will be | |
| 215 // lost as part of conflict resolution. This is intended, as we place a higher | |
| 216 // priority on preserving the server's passphrase change to preserving local | |
| 217 // non-encryption changes. Next time the non-encryption changes are made to | |
| 218 // the nigori node (e.g. on restart), they will commit without issue. | |
| 219 if (specifics.has_nigori()) { | |
| 220 const sync_pb::NigoriSpecifics& nigori = specifics.nigori(); | |
| 221 trans->directory()->GetNigoriHandler()->ApplyNigoriUpdate(nigori, trans); | |
| 222 | |
| 223 // Make sure any unsynced changes are properly encrypted as necessary. | |
| 224 // We only perform this if the cryptographer is ready. If not, these are | |
| 225 // re-encrypted at SetDecryptionPassphrase time (via ReEncryptEverything). | |
| 226 // This logic covers the case where the nigori update marked new datatypes | |
| 227 // for encryption, but didn't change the passphrase. | |
| 228 if (cryptographer->is_ready()) { | |
| 229 // Note that we don't bother to encrypt any data for which IS_UNSYNCED | |
| 230 // == false here. The machine that turned on encryption should know about | |
| 231 // and re-encrypt all synced data. It's possible it could get interrupted | |
| 232 // during this process, but we currently reencrypt everything at startup | |
| 233 // as well, so as soon as a client is restarted with this datatype marked | |
| 234 // for encryption, all the data should be updated as necessary. | |
| 235 | |
| 236 // If this fails, something is wrong with the cryptographer, but there's | |
| 237 // nothing we can do about it here. | |
| 238 DVLOG(1) << "Received new nigori, encrypting unsynced changes."; | |
| 239 syncable::ProcessUnsyncedChangesForEncryption(trans); | |
| 240 } | |
| 241 } | |
| 242 | |
| 243 // Only apply updates that we can decrypt. If we can't decrypt the update, it | 195 // Only apply updates that we can decrypt. If we can't decrypt the update, it |
| 244 // is likely because the passphrase has not arrived yet. Because the | 196 // is likely because the passphrase has not arrived yet. Because the |
| 245 // passphrase may not arrive within this GetUpdates, we can't just return | 197 // passphrase may not arrive within this GetUpdates, we can't just return |
| 246 // conflict, else we try to perform normal conflict resolution prematurely or | 198 // conflict, else we try to perform normal conflict resolution prematurely or |
| 247 // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is | 199 // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is |
| 248 // treated as an unresolvable conflict. See the description in syncer_types.h. | 200 // treated as an unresolvable conflict. See the description in syncer_types.h. |
| 249 // This prevents any unsynced changes from commiting and postpones conflict | 201 // This prevents any unsynced changes from commiting and postpones conflict |
| 250 // resolution until all data can be decrypted. | 202 // resolution until all data can be decrypted. |
| 251 if (specifics.has_encrypted() && | 203 if (specifics.has_encrypted() && |
| 252 !cryptographer->CanDecrypt(specifics.encrypted())) { | 204 !cryptographer->CanDecrypt(specifics.encrypted())) { |
| (...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 693 if (update.version() < target->Get(SERVER_VERSION)) { | 645 if (update.version() < target->Get(SERVER_VERSION)) { |
| 694 LOG(WARNING) << "Update older than current server version for " | 646 LOG(WARNING) << "Update older than current server version for " |
| 695 << *target << " Update:" | 647 << *target << " Update:" |
| 696 << SyncerProtoUtil::SyncEntityDebugString(update); | 648 << SyncerProtoUtil::SyncEntityDebugString(update); |
| 697 return VERIFY_SUCCESS; // Expected in new sync protocol. | 649 return VERIFY_SUCCESS; // Expected in new sync protocol. |
| 698 } | 650 } |
| 699 return VERIFY_UNDECIDED; | 651 return VERIFY_UNDECIDED; |
| 700 } | 652 } |
| 701 | 653 |
| 702 } // namespace syncer | 654 } // namespace syncer |
| OLD | NEW |