[Owncloud] SOLVED ! Re: Inconsistency: Webdav via Brwoser vs. webdav via dav mount

Simon Kainz simon at familiekainz.at
Thu Feb 23 08:10:26 UTC 2012 

Ok, i Think i resolved the issue (apparently this is also reported as
bug 161 on bugs.owncloud.org

http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-161


Quick Summary: Nautilus works, cadaver & davfs didn't, because the don't
honor cookies owncloud announces - which breaks the access to the Shared
folder.

for my fix(?) please see below:

Long Version:

The wireshark dump for cadaver:


PROPFIND /files/webdav.php/Shared/ HTTP/1.1
User-Agent: cadaver/0.23.3 neon/0.29.6
Connection: TE
TE: trailers
Host: owncloud
Depth: 1
Content-Length: 288
Content-Type: application/xml
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxx

<?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:"><prop>
<getcontentlength xmlns="DAV:"/>
<getlastmodified xmlns="DAV:"/>
<executable xmlns="http://apache.org/dav/props/"/>
<resourcetype xmlns="DAV:"/>
<checked-in xmlns="DAV:"/>
<checked-out xmlns="DAV:"/>
</prop></propfind>
HTTP/1.1 207 Multi-Status
Date: Thu, 23 Feb 2012 07:40:52 GMT
Server: Apache/2.2.19 (Debian)
X-Powered-By: PHP/5.3.10-1
Set-Cookie: PHPSESSID=ulfld0qqjok239h6dgbo5cop82; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
DAV: 1, 3, extended-mkcol, 2
Content-Length: 656
Content-Type: application/xml; charset=utf-8

<?xml version="1.0" encoding="utf-8"?>
<d:multistatus xmlns:d="DAV:"
xmlns:s="http://sabredav.org/ns"><d:response><d:href>/files/webdav.php/Shared/</d:href><d:propstat><d:prop><d:getlastmodified
xmlns:b="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
b:dt="dateTime.rfc1123">Tue, 21 Feb 2012 13:22:33
+0000</d:getlastmodified><d:resourcetype><d:collection/></d:resourcetype></d:prop><d:status>HTTP/1.1
200
OK</d:status></d:propstat><d:propstat><d:prop><d:getcontentlength/><x2:executable
xmlns:x2="http://apache.org/dav/props/"/><d:checked-in/><d:checked-out/></d:prop><d:status>HTTP/1.1
404 Not Found</d:status></d:propstat></d:response></d:multistatus>



As we can see here, Basic-Authorization is proposed by the client, and,
altough this is not the first request, there is no Cookie in the Request
header.  Owncloud responses with an empty Shared folder, but still
announces the cookie.


The log using Nautilus looks like this:


PROPFIND /files/webdav.php HTTP/1.1
Host: owncloud
Depth: 0
Content-Type: application/xml
Apply-To-Redirect-Ref: T
User-Agent: gvfs/1.6.4
Authorization: Basic xxxxxxxxxxxxxxxxx
Cookie: PHPSESSID=lj9r2rno1qf4gv05d510senoe1
Content-Length: 235

<?xml version="1.0" encoding="utf-8" ?>
 <D:propfind xmlns:D="DAV:">
  <D:prop>
<D:creationdate/>
<D:displayname/>
<D:getcontentlength/>
<D:getcontenttype/>
<D:getetag/>
<D:getlastmodified/>
<D:resourcetype/>
  </D:prop>
 </D:propfind>HTTP/1.1 207 Multi-Status
Date: Thu, 23 Feb 2012 07:43:09 GMT
Server: Apache/2.2.19 (Debian)
X-Powered-By: PHP/5.3.10-1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
DAV: 1, 3, extended-mkcol, 2
Content-Length: 626
Content-Type: application/xml; charset=utf-8
.....
(here follows the xml outputif my shared dir)


As we can see here, The cookie is sent by the client, thus marking the
whole thing work.

I tracked it down to the line

OC_Filesystem::mount('shared',array('datadir'=>'/'.OC_User::getUser().'/files/Shared'),'/'.OC_User::getUser().'/files/Shared/');

in apps/files_sharing/sharedstorage.php

Here OC_User::getUser() return nothing for the first request without
Cookie.


I changed it to the following:



$un=OC_USER::getUser();
if (!$un) {$un=$_SESSION['user_id'];}
OC_Filesystem::mount('shared',array('datadir'=>'/'.$un.'/files/Shared'),'/'.$un.'/files/Shared/');

which at least, works for me.

Question is: is this safe? Is this sane?

Any ideas, whats wrong here?


Regards,





On 02/21/12 13:51, Simon Kainz wrote:
> Dear list,
> 
> when i use my brower to access /files/webdav.php/Shared i see some files
> which are shared for me.
> 
> When I do the same using a davfs2 based mount (which works flawless
> otherwise) i only see an empty Shared folder.
> 
> 
> Funny thing is: Even after i remove/rename my Shared folder in
> /username/skainz in he OC "data directory", i still can access my Shared
> folder via Webdav/Browser (well, i don't see my Shared folder, but i can
> still type in the URL). So it gets somewhere inserted into the directory
> tree, but seemingly only for the GET via Browser.
> 
> Any ideas?
> 
> Is this worth sumbitting a bug?
> 
> Regards,
> 
> 
> Simon
> 
> 
> 
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120223/746b55f4/attachment.sig>

More information about the Owncloud mailing list