[Owncloud] SOLVED ! Re: Inconsistency: Webdav via Brwoser vs. webdav via dav mount

Simon Kainz simon at familiekainz.at
Thu Feb 23 08:43:38 UTC 2012 

Sorry, screwed it up,

the correct lines are:

$un=OC_USER::getUser();
//echo "<pre>";var_dump($_SERVER);echo "</pre>";
if (!$un) {$un=$_SERVER['PHP_AUTH_USER'];}

OC_Filesystem::mount('shared',array('datadir'=>'/'.$un.'/files/Shared'),'/'.$un.'/files/Shared/');


(I had the wrong content in my copy/paste buffer).

regards,




On 02/23/12 09:10, Simon Kainz wrote:
> Ok, i Think i resolved the issue (apparently this is also reported as
> bug 161 on bugs.owncloud.org
> 
> http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-161
> 
> 
> Quick Summary: Nautilus works, cadaver & davfs didn't, because the don't
> honor cookies owncloud announces - which breaks the access to the Shared
> folder.
> 
> for my fix(?) please see below:
> 
> Long Version:
> 
> The wireshark dump for cadaver:
> 
> 
> PROPFIND /files/webdav.php/Shared/ HTTP/1.1
> User-Agent: cadaver/0.23.3 neon/0.29.6
> Connection: TE
> TE: trailers
> Host: owncloud
> Depth: 1
> Content-Length: 288
> Content-Type: application/xml
> Authorization: Basic xxxxxxxxxxxxxxxxxxxxxx
> 
> <?xml version="1.0" encoding="utf-8"?>
> <propfind xmlns="DAV:"><prop>
> <getcontentlength xmlns="DAV:"/>
> <getlastmodified xmlns="DAV:"/>
> <executable xmlns="http://apache.org/dav/props/"/>
> <resourcetype xmlns="DAV:"/>
> <checked-in xmlns="DAV:"/>
> <checked-out xmlns="DAV:"/>
> </prop></propfind>
> HTTP/1.1 207 Multi-Status
> Date: Thu, 23 Feb 2012 07:40:52 GMT
> Server: Apache/2.2.19 (Debian)
> X-Powered-By: PHP/5.3.10-1
> Set-Cookie: PHPSESSID=ulfld0qqjok239h6dgbo5cop82; path=/; HttpOnly
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
> Pragma: no-cache
> DAV: 1, 3, extended-mkcol, 2
> Content-Length: 656
> Content-Type: application/xml; charset=utf-8
> 
> <?xml version="1.0" encoding="utf-8"?>
> <d:multistatus xmlns:d="DAV:"
> xmlns:s="http://sabredav.org/ns"><d:response><d:href>/files/webdav.php/Shared/</d:href><d:propstat><d:prop><d:getlastmodified
> xmlns:b="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
> b:dt="dateTime.rfc1123">Tue, 21 Feb 2012 13:22:33
> +0000</d:getlastmodified><d:resourcetype><d:collection/></d:resourcetype></d:prop><d:status>HTTP/1.1
> 200
> OK</d:status></d:propstat><d:propstat><d:prop><d:getcontentlength/><x2:executable
> xmlns:x2="http://apache.org/dav/props/"/><d:checked-in/><d:checked-out/></d:prop><d:status>HTTP/1.1
> 404 Not Found</d:status></d:propstat></d:response></d:multistatus>
> 
> 
> 
> As we can see here, Basic-Authorization is proposed by the client, and,
> altough this is not the first request, there is no Cookie in the Request
> header.  Owncloud responses with an empty Shared folder, but still
> announces the cookie.
> 
> 
> The log using Nautilus looks like this:
> 
> 
> PROPFIND /files/webdav.php HTTP/1.1
> Host: owncloud
> Depth: 0
> Content-Type: application/xml
> Apply-To-Redirect-Ref: T
> User-Agent: gvfs/1.6.4
> Authorization: Basic xxxxxxxxxxxxxxxxx
> Cookie: PHPSESSID=lj9r2rno1qf4gv05d510senoe1
> Content-Length: 235
> 
> <?xml version="1.0" encoding="utf-8" ?>
>  <D:propfind xmlns:D="DAV:">
>   <D:prop>
> <D:creationdate/>
> <D:displayname/>
> <D:getcontentlength/>
> <D:getcontenttype/>
> <D:getetag/>
> <D:getlastmodified/>
> <D:resourcetype/>
>   </D:prop>
>  </D:propfind>HTTP/1.1 207 Multi-Status
> Date: Thu, 23 Feb 2012 07:43:09 GMT
> Server: Apache/2.2.19 (Debian)
> X-Powered-By: PHP/5.3.10-1
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
> Pragma: no-cache
> DAV: 1, 3, extended-mkcol, 2
> Content-Length: 626
> Content-Type: application/xml; charset=utf-8
> .....
> (here follows the xml outputif my shared dir)
> 
> 
> As we can see here, The cookie is sent by the client, thus marking the
> whole thing work.
> 
> I tracked it down to the line
> 
> OC_Filesystem::mount('shared',array('datadir'=>'/'.OC_User::getUser().'/files/Shared'),'/'.OC_User::getUser().'/files/Shared/');
> 
> in apps/files_sharing/sharedstorage.php
> 
> Here OC_User::getUser() return nothing for the first request without
> Cookie.
> 
> 
> I changed it to the following:
> 
> 
> 
> $un=OC_USER::getUser();
> if (!$un) {$un=$_SESSION['user_id'];}
> OC_Filesystem::mount('shared',array('datadir'=>'/'.$un.'/files/Shared'),'/'.$un.'/files/Shared/');
> 
> which at least, works for me.
> 
> Question is: is this safe? Is this sane?
> 
> Any ideas, whats wrong here?
> 
> 
> Regards,
> 
> 
> 
> 
> 
> On 02/21/12 13:51, Simon Kainz wrote:
>> Dear list,
>>
>> when i use my brower to access /files/webdav.php/Shared i see some files
>> which are shared for me.
>>
>> When I do the same using a davfs2 based mount (which works flawless
>> otherwise) i only see an empty Shared folder.
>>
>>
>> Funny thing is: Even after i remove/rename my Shared folder in
>> /username/skainz in he OC "data directory", i still can access my Shared
>> folder via Webdav/Browser (well, i don't see my Shared folder, but i can
>> still type in the URL). So it gets somewhere inserted into the directory
>> tree, but seemingly only for the GET via Browser.
>>
>> Any ideas?
>>
>> Is this worth sumbitting a bug?
>>
>> Regards,
>>
>>
>> Simon
>>
>>
>>
>>
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
> 
> 
> 
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120223/fee9a83f/attachment.sig>

More information about the Owncloud mailing list