// Copyright 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sync/engine/apply_control_data_updates.h" #include "base/metrics/histogram.h" #include "sync/engine/conflict_resolver.h" #include "sync/engine/conflict_util.h" #include "sync/engine/syncer_util.h" #include "sync/syncable/directory.h" #include "sync/syncable/mutable_entry.h" #include "sync/syncable/nigori_handler.h" #include "sync/syncable/nigori_util.h" #include "sync/syncable/syncable_write_transaction.h" #include "sync/util/cryptographer.h" namespace syncer { using syncable::GET_TYPE_ROOT; using syncable::IS_UNAPPLIED_UPDATE; using syncable::IS_UNSYNCED; using syncable::SERVER_SPECIFICS; using syncable::SPECIFICS; using syncable::SYNCER; void ApplyControlDataUpdates(syncable::Directory* dir) { syncable::WriteTransaction trans(FROM_HERE, SYNCER, dir); std::vector handles; dir->GetUnappliedUpdateMetaHandles( &trans, ToFullModelTypeSet(ControlTypes()), &handles); // First, go through and manually apply any new top level datatype nodes (so // that we don't have to worry about hitting a CONFLICT_HIERARCHY with an // entry because we haven't applied its parent yet). // TODO(sync): if at some point we support control datatypes with actual // hierarchies we'll need to revisit this logic. ModelTypeSet control_types = ControlTypes(); for (ModelTypeSet::Iterator iter = control_types.First(); iter.Good(); iter.Inc()) { syncable::MutableEntry entry(&trans, syncable::GET_TYPE_ROOT, iter.Get()); if (!entry.good()) continue; if (!entry.GetIsUnappliedUpdate()) continue; ModelType type = entry.GetServerModelType(); if (type == NIGORI) { // Nigori node applications never fail. ApplyNigoriUpdate(&trans, &entry, dir->GetCryptographer(&trans)); } else { ApplyControlUpdate(&trans, &entry, dir->GetCryptographer(&trans)); } } // Go through the rest of the unapplied control updates, skipping over any // top level folders. for (std::vector::const_iterator iter = handles.begin(); iter != handles.end(); ++iter) { syncable::MutableEntry entry(&trans, syncable::GET_BY_HANDLE, *iter); CHECK(entry.good()); ModelType type = entry.GetServerModelType(); CHECK(ControlTypes().Has(type)); if (!entry.GetUniqueServerTag().empty()) { // We should have already applied all top level control nodes. DCHECK(!entry.GetIsUnappliedUpdate()); continue; } ApplyControlUpdate(&trans, &entry, dir->GetCryptographer(&trans)); } } // Update the nigori handler with the server's nigori node. // // If we have a locally modified nigori node, we merge them manually. This // handles the case where two clients both set a different passphrase. The // second client to attempt to commit will go into a state of having pending // keys, unioned the set of encrypted types, and eventually re-encrypt // everything with the passphrase of the first client and commit the set of // merged encryption keys. Until the second client provides the pending // passphrase, the cryptographer will preserve the encryption keys based on the // local passphrase, while the nigori node will preserve the server encryption // keys. void ApplyNigoriUpdate(syncable::WriteTransaction* const trans, syncable::MutableEntry* const entry, Cryptographer* cryptographer) { DCHECK(entry->GetIsUnappliedUpdate()); // We apply the nigori update regardless of whether there's a conflict or // not in order to preserve any new encrypted types or encryption keys. // TODO(zea): consider having this return a bool reflecting whether it was a // valid update or not, and in the case of invalid updates not overwrite the // local data. const sync_pb::NigoriSpecifics& nigori = entry->GetServerSpecifics().nigori(); trans->directory()->GetNigoriHandler()->ApplyNigoriUpdate(nigori, trans); // Make sure any unsynced changes are properly encrypted as necessary. // We only perform this if the cryptographer is ready. If not, these are // re-encrypted at SetDecryptionPassphrase time (via ReEncryptEverything). // This logic covers the case where the nigori update marked new datatypes // for encryption, but didn't change the passphrase. if (cryptographer->is_ready()) { // Note that we don't bother to encrypt any data for which IS_UNSYNCED // == false here. The machine that turned on encryption should know about // and re-encrypt all synced data. It's possible it could get interrupted // during this process, but we currently reencrypt everything at startup // as well, so as soon as a client is restarted with this datatype marked // for encryption, all the data should be updated as necessary. // If this fails, something is wrong with the cryptographer, but there's // nothing we can do about it here. DVLOG(1) << "Received new nigori, encrypting unsynced changes."; syncable::ProcessUnsyncedChangesForEncryption(trans); } if (!entry->GetIsUnsynced()) { // Update only. UpdateLocalDataFromServerData(trans, entry); } else { // Conflict. const sync_pb::EntitySpecifics& server_specifics = entry->GetServerSpecifics(); const sync_pb::NigoriSpecifics& server_nigori = server_specifics.nigori(); const sync_pb::EntitySpecifics& local_specifics = entry->GetSpecifics(); const sync_pb::NigoriSpecifics& local_nigori = local_specifics.nigori(); // We initialize the new nigori with the server state, and will override // it as necessary below. sync_pb::EntitySpecifics new_specifics = entry->GetServerSpecifics(); sync_pb::NigoriSpecifics* new_nigori = new_specifics.mutable_nigori(); // If the cryptographer is not ready, another client set a new encryption // passphrase. If we had migrated locally, we will re-migrate when the // pending keys are provided. If we had set a new custom passphrase locally // the user will have another chance to set a custom passphrase later // (assuming they hadn't set a custom passphrase on the other client). // Therefore, we only attempt to merge the nigori nodes if the cryptographer // is ready. // Note: we only update the encryption keybag if we're sure that we aren't // invalidating the keystore_decryptor_token (i.e. we're either // not migrated or we copying over all local state). if (cryptographer->is_ready()) { if (local_nigori.has_passphrase_type() && server_nigori.has_passphrase_type()) { // They're both migrated, preserve the local nigori if the passphrase // type is more conservative. if (server_nigori.passphrase_type() == sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE && local_nigori.passphrase_type() != sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) { DCHECK(local_nigori.passphrase_type() == sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE || local_nigori.passphrase_type() == sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); new_nigori->CopyFrom(local_nigori); cryptographer->GetKeys(new_nigori->mutable_encryption_keybag()); } } else if (!local_nigori.has_passphrase_type() && !server_nigori.has_passphrase_type()) { // Set the explicit passphrase based on the local state. If the server // had set an explict passphrase, we should have pending keys, so // should not reach this code. // Because neither side is migrated, we don't have to worry about the // keystore decryptor token. new_nigori->set_keybag_is_frozen(local_nigori.keybag_is_frozen()); cryptographer->GetKeys(new_nigori->mutable_encryption_keybag()); } else if (local_nigori.has_passphrase_type()) { // Local is migrated but server is not. Copy over the local migrated // data. new_nigori->CopyFrom(local_nigori); cryptographer->GetKeys(new_nigori->mutable_encryption_keybag()); } // else leave the new nigori with the server state. } // Always update to the safest set of encrypted types. trans->directory()->GetNigoriHandler()->UpdateNigoriFromEncryptedTypes( new_nigori, trans); entry->PutSpecifics(new_specifics); DVLOG(1) << "Resolving simple conflict, merging nigori nodes: " << entry; conflict_util::OverwriteServerChanges(entry); UMA_HISTOGRAM_ENUMERATION("Sync.ResolveSimpleConflict", ConflictResolver::NIGORI_MERGE, ConflictResolver::CONFLICT_RESOLUTION_SIZE); } } void ApplyControlUpdate(syncable::WriteTransaction* const trans, syncable::MutableEntry* const entry, Cryptographer* cryptographer) { DCHECK_NE(entry->GetServerModelType(), NIGORI); DCHECK(entry->GetIsUnappliedUpdate()); if (entry->GetIsUnsynced()) { // We just let the server win all conflicts with control types. DVLOG(1) << "Ignoring local changes for control update."; conflict_util::IgnoreLocalChanges(entry); UMA_HISTOGRAM_ENUMERATION("Sync.ResolveSimpleConflict", ConflictResolver::OVERWRITE_LOCAL, ConflictResolver::CONFLICT_RESOLUTION_SIZE); } UpdateAttemptResponse response = AttemptToUpdateEntry( trans, entry, cryptographer); DCHECK_EQ(SUCCESS, response); } } // namespace syncer