External Storage SMB ACL check

nox309 · January 2, 2024, 2:15pm

Nextcloud version (eg, 20.0.5): 28.0.1
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04.3
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.52 (Ubuntu)
PHP version (eg, 7.4): 8.1.2

The issue you are facing:
I have created a new VM with the latest Nextcloud version. here I have integrated various users via AD/LDAP. in addition, I have set up the External Storage App with SMB support.

The app uses the login data stored in the session to log in to the SMB share. This works for almost all users, but now I have received a message that a few users can no longer see any folders.
For data protection reasons, I have activated the ACL check when setting up the share within the APP. This also works for 95% of all users. However, it is strange that, for example, one user sees all folders under Folders, but another user with exactly the same permissions does not see them.
If I switch off the ACL check, all files and folders are visible.
However, I cannot do this for the aforementioned security reasons.

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

Install NC withExternal Storage support for SMB
Create SMB Share with 2 authorization levels (Mainfolder for all, Subfolders for spezial people)

The output of your Nextcloud log in Admin > Logging:

Fehler	webdav	
GenericFileException
Exception thrown: OCP\Files\GenericFileException
Exception thrown: OCP\Files\GenericFileException

02.01.2024, 14:56:16	

Fehler	webdav	
GenericFileException
Exception thrown: OCP\Files\GenericFileException
Exception thrown: OCP\Files\GenericFileException

02.01.2024, 14:56:13	

Fehler	webdav	
GenericFileException
Exception thrown: OCP\Files\GenericFileException
Exception thrown: OCP\Files\GenericFileException

02.01.2024, 14:22:02	

Fehler	index	
Exception
Call to a member function getPath() on null in file '/var/www/html/apps/files/lib/Controller/ViewController.php' line 240

02.01.2024, 13:52:19	

Fehler	PHP	
Undefined array key 0 at /var/www/html/apps/files/lib/Controller/ViewController.php#240

02.01.2024, 13:52:19	

Fehler	no app in context	
Exception
HMAC does not match.
Could not decrypt or decode encrypted session data

02.01.2024, 13:17:04	

Fehler	no app in context	
Exception
HMAC does not match.
Could not decrypt or decode encrypted session data

02.01.2024, 13:15:49	

Fehler	no app in context	
Exception
HMAC does not match.
Could not decrypt or decode encrypted session data

02.01.2024, 13:15:45	

Fehler	no app in context	
Exception
HMAC does not match.
Could not decrypt or decode encrypted session data

02.01.2024, 13:15:39

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  
  'trusted_domains' => 
  array (
    0 => 'x',
    1 => 'x',
    2 => 'x',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '28.0.1.1',
  'overwrite.cli.url' => 'http://xxx',
    'htaccess.RewriteBase' => '/',
  'default_phone_region' => 'DE',
  'filelocking.enabled' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 0.0,
  ),
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'default_language' => 'de_DE',
  'default_locale' => 'de',
  'force_locale' => 'de',
  'session_lifetime' => 900,
  'logtimezone' => 'Europe/Berlin',
  'trusted_proxies' => 
  array (
    0 => 'xx',
    1 => 'xx',
  ),
  'maintenance' => false,
);

Log excerpt from the Nextcloud.log

{"reqId":"BchtslOZpYFz9a1rA7ed","level":3,"time":"2024-01-02T14:22:02+01:00","remoteAddr":"xxx.xxxx.xxx.xxx","user":"C9E6CEB0-72CD-457D-8400-A60EF7093667","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/C9E6CEB0-72CD-457D-8400-A60EF7093667/folder1/folder2/folder3/","message":"Exception thrown: OCP\\Files\\GenericFileException","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0","version":"28.0.1.1","exception":{"Exception":"OCP\\Files\\GenericFileException","Message":"","Code":0,"Trace":[{"file":"/var/www/html/apps/text/lib/DAV/WorkspacePlugin.php","line":119,"function":"getContent","class":"OC\\Files\\Node\\File","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/PropFind.php","line":95,"function":"OCA\\Text\\DAV\\{closure}","class":"OCA\\Text\\DAV\\WorkspacePlugin","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/text/lib/DAV/WorkspacePlugin.php","line":122,"function":"handle","class":"Sabre\\DAV\\PropFind","type":"->"},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"propFind","class":"OCA\\Text\\DAV\\WorkspacePlugin","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1052,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":984,"function":"getPropertiesByNode","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/apps/dav/lib/Server.php","line":370,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/html/remote.php","line":172,"args":["/var/www/html/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Files/Node/File.php","Line":56,"message":"","exception":{},"CustomMessage":"Exception thrown: OCP\\Files\\GenericFileException"}}
{"reqId":"8S5m31m1P0CGyMCcfFK7","level":3,"time":"2024-01-02T14:56:13+01:00","remoteAddr":"xxx.xxxx.xxx.xxx","user":"C9E6CEB0-72CD-457D-8400-A60EF7093667","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/C9E6CEB0-72CD-457D-8400-A60EF7093667/folder1/folder2/folder3/","message":"Exception thrown: OCP\\Files\\GenericFileException","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36","version":"28.0.1.1","exception":{"Exception":"OCP\\Files\\GenericFileException","Message":"","Code":0,"Trace":[{"file":"/var/www/html/apps/text/lib/DAV/WorkspacePlugin.php","line":119,"function":"getContent","class":"OC\\Files\\Node\\File","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/PropFind.php","line":95,"function":"OCA\\Text\\DAV\\{closure}","class":"OCA\\Text\\DAV\\WorkspacePlugin","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/text/lib/DAV/WorkspacePlugin.php","line":122,"function":"handle","class":"Sabre\\DAV\\PropFind","type":"->"},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"propFind","class":"OCA\\Text\\DAV\\WorkspacePlugin","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1052,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":984,"function":"getPropertiesByNode","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/apps/dav/lib/Server.php","line":370,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/html/remote.php","line":172,"args":["/var/www/html/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Files/Node/File.php","Line":56,"message":"","exception":{},"CustomMessage":"Exception thrown: OCP\\Files\\GenericFileException"}}
{"reqId":"W51LzfRB3jW505VYLsOv","level":3,"time":"2024-01-02T14:56:16+01:00","remoteAddr":"xxx.xxxx.xxx.xxx","user":"C9E6CEB0-72CD-457D-8400-A60EF7093667","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/C9E6CEB0-72CD-457D-8400-A60EF7093667/folder1/folder2/folder3/","message":"Exception thrown: OCP\\Files\\GenericFileException","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36","version":"28.0.1.1","exception":{"Exception":"OCP\\Files\\GenericFileException","Message":"","Code":0,"Trace":[{"file":"/var/www/html/apps/text/lib/DAV/WorkspacePlugin.php","line":119,"function":"getContent","class":"OC\\Files\\Node\\File","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/PropFind.php","line":95,"function":"OCA\\Text\\DAV\\{closure}","class":"OCA\\Text\\DAV\\WorkspacePlugin","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/apps/text/lib/DAV/WorkspacePlugin.php","line":122,"function":"handle","class":"Sabre\\DAV\\PropFind","type":"->"},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"propFind","class":"OCA\\Text\\DAV\\WorkspacePlugin","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1052,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":984,"function":"getPropertiesByNode","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1662,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":1647,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/apps/dav/lib/Server.php","line":370,"function":"exec","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/html/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/html/remote.php","line":172,"args":["/var/www/html/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Files/Node/File.php","Line":56,"message":"","exception":{},"CustomMessage":"Exception thrown: OCP\\Files\\GenericFileException"}}

I know how to a work around, but it is a massive effort.
I could set up each user group’s directories as admin and make them available without an ACL check. But that would be unattractive and does not fix the actual error.

Maybe someone can help me or give me the right hint. Oh well, before I forget, I have tested the permissions without the NC there are no problems here.

nox309 · January 31, 2024, 1:47pm

Does anyone have a solution or an idea where I should start with the error analysis? Unfortunately, I can’t get any further and the server is now online and the errors are piling up.