Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHP72: Exceptions if php-openssl isn't installed #30337

Closed
Niduroki opened this issue Feb 2, 2018 · 14 comments
Closed

PHP72: Exceptions if php-openssl isn't installed #30337

Niduroki opened this issue Feb 2, 2018 · 14 comments

Comments

@Niduroki
Copy link
Member

Niduroki commented Feb 2, 2018

When using PHP72 sessions blow up.
When the session cookie (instance-id) is set you get an exception.
The DAV client still works though (since it doesn't use sessions I suppose).

{"reqId":"XYZ","level":3,"time":"…","remoteAddr":"…","user":"--","app":"PHP","method":"GET","url":"\/index.php\/login","message":"Function create_function() is deprecated at /owncloud/lib/composer/phpseclib/phpseclib/phpseclib/Crypt/Base.php#2495"}

{"reqId":"XYZ","level":3,"time":"…","remoteAddr":"…","user":"--","app":"PHP","method":"GET","url":"\/index.php\/login","message":"ini_set(): A session is active. You cannot change the session module's ini settings at this time at /owncloud/lib/base.php#596"}

{"reqId":"XYZ","level":3,"time":"…","remoteAddr":"…","user":"--","app":"index","method":"GET","url":"\/index.php\/login","message":"Exception:
{\"Exception\":\"Exception\",
\"Message\":"Session has been closed - no further changes to the session are allowed",
\"Code\":0,\"Trace\":\"
#0 /owncloud/lib/private/Session/Memory.php(52): OC\Session\Memory->validateSession()
#1 /owncloud/lib/private/Security/CSRF/TokenStorage/SessionStorage.php(63): OC\Session\Memory->set('requesttoken', 'R51xt2JdLRCLhvq...')
#2 /owncloud/lib/private/Security/CSRF/CsrfTokenManager.php(57): OC\Security\CSRF\TokenStorage\SessionStorage->setToken('R51xt2JdLRCLhvq...')
#3 /owncloud/lib/public/Util.php(511): OC\Security\CSRF\CsrfTokenManager->getToken(*** sensitive parameters replaced ***)
#4 /owncloud/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php(139): OC\Util::callRegister()
#5 /owncloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php(93): OC\AppFramework\Middleware\Security\SecurityMiddleware->beforeController(Object(OC\Core\Controller\LoginController), 'showLoginForm')
#6 /owncloud/lib/private/AppFramework/Http/Dispatcher.php(88): OC\AppFramework\Middleware\MiddlewareDispatcher->beforeController(Object(OC\Core\Controller\LoginController), 'showLoginForm')
#7 /owncloud/lib/private/AppFramework/App.php(103): OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Core\Controller\LoginController), 'showLoginForm')
#8 /owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46): OC\AppFramework\App::main('LoginController', 'showLoginForm', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#9 [internal function]: OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
#10 /owncloud/lib/private/Route/Router.php(342): call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
#11 /owncloud/lib/base.php(913): OC\Route\Router->match('/login')
#12 /owncloud/index.php(55): OC::handleRequest()
#13 {main}
\",\"File\":"/owncloud/lib/private/Session/Memory.php","Line":119}"}

If I remove the "Session closed" line in /lib/private/Session/Memory.php#119 I instead get a CSRF error "You took too long to log in" message, when trying to log in (but no exception, at least).

Everything works fine with php 7.1.13.

Server configuration

Operating system:
openSUSE rolling release

Web server:
nginx 1.12.1

Database:
postgres 10.1

PHP version:
PHP 7.2.1

ownCloud version: (see ownCloud admin page)
10.0.6.1

Updated from an older ownCloud or fresh install:
updated

Where did you install ownCloud from:
owncloud.org ZIP

The content of config/config.php:

$CONFIG = array (
  'datadirectory' => '/home/http/owncloud/data',
  'dbtype' => 'pgsql',
  'version' => '10.0.6.1',
  'installed' => true,
  'appstoreenabled' => true,
  'forcessl' => true,
  'maxZipInputSize' => 419430400,
  'allowZipDownload' => true,
'trusted_domains' =>
  array (
    0 => '',
    1 => '',
  ),
  'theme' => '',
  'maintenance' => false,
  'trashbin_retention_obligation' => 'auto',
  'appstore.experimental.enabled' => false,
  'mail_smtpmode' => 'php',
  'htaccess.RewriteBase' => '/',
  'singleuser' => false,
);

List of activated apps:

Enabled:
  - calendar: 1.5.4
  - comments: 0.3.0
  - configreport: 0.1.1
  - contacts: 1.5.3
  - dav: 0.3.2
  - federatedfilesharing: 0.3.1
  - federation: 0.1.0
  - files: 1.5.1
  - files_external: 0.7.1
  - files_pdfviewer: 0.8.2
  - files_sharing: 0.10.1
  - files_texteditor: 2.2.1
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 16.0.2
  - market: 0.2.3
  - notifications: 0.3.2
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.2
  - updatenotification: 0.2.1
Disabled:
  - encryption
  - external
  - theme-example
  - user_external
@tomneedham
Copy link
Member

tomneedham commented Feb 2, 2018

@Kondou-ger can you please test #30141 to see if this resolves the issue for you Thanks.

My bad. I think this is a different issue. My PR just corrects the exception type so that it is caught in certain circumstances, but I think this is different.

@patrickjahns
Copy link
Contributor

@Kondou-ger
Can you check that you have openssl extension for php7.2 installed and properly setup

@Niduroki
Copy link
Member Author

Niduroki commented Feb 3, 2018

@patrickjahns That was it!

What a mean way of telling you "Please install the php-openssl extension".
ownCloud should definitely check for the openssl extension being installed, and if it's not, show a message like it's done with php-intl and so on.

@patrickjahns
Copy link
Contributor

ownCloud should definitely check for the openssl extension being installed, and if it's not, show a message like it's done with php-intl and so on.

In php7.2 a couple of things with packages changed - need to see if we can reliably check that this is missing in installations with < php7.2

@patrickjahns
Copy link
Contributor

@Kondou-ger
could you do us the favor and check if extension_loaded('openssl') would fail in your environment if you disable the extension again ?

@Niduroki
Copy link
Member Author

Niduroki commented Feb 3, 2018

@patrickjahns
Works as expected.
With the openssl-extension removed, extension_loaded('openssl') returns false, enabled it returns true.

@Niduroki Niduroki changed the title PHP72: Session cookie → Exception PHP72: Exceptions if php-openssl isn't installed Feb 3, 2018
@ownclouders
Copy link
Contributor

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

@PVince81
Copy link
Contributor

Do I understand it correctly that PHP 7.2 doesn't use openssl any more and moved to some other lib ? If yes, then it makes sense to not enforce openssl any more with hard-coded checks.

@patrickjahns
Copy link
Contributor

Libsodium replace mcrypt

@crrodriguez
Copy link

openssl is still cool, mcrypt is not.

@patrickjahns
Copy link
Contributor

What would we need to do, to better address this issue? Prevent installation if library is not available ?

@PVince81
Copy link
Contributor

documentation not enough ? owncloud-archive/documentation#4422

@DeepDiver1975
Copy link
Member

As pointed out in my blog post: double check that all required modules are installed.
The server itself has no understanding when the underlying php run time is upgraded.

Closed therefor

@DeepDiver1975
Copy link
Member

@lock lock bot locked as resolved and limited conversation to collaborators Sep 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

7 participants