Project

General

Profile

Actions

Bug #1787

closed

Bug in mod_webdav when using aliases and MOVE command

Added by Anonymous over 15 years ago. Updated about 2 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_webdav
Target version:
ASK QUESTIONS IN Forums:

Description

If an aliased directory is used as a webdav mount point (a "virtual directory") and the webdav client issues a MOVE command (possibly this bug extends to other commands like COPY), it uses the server.document-root rather than the virtual directory.

For example, if we have the following in the config file:


server.document-root = "/var/www/" 

alias.url = ( "/webdav/" => "/usr/local/public/" )

$HTTP["url"] =~ "^/webdav($|/)" {
  webdav.activate = "enable" 
  webdav.is-readonly = "disable" 
}

and then we mount the server at http://192.168.1.1/webdav/ and create a folder, then we try to rename that folder, at about line 1901 it issues a "No such file or directory" because p->physical.path->ptr points to "/var/www/webdav/foldername" instead of the aliased directory.

-- kurtzmarc


Files

1787-webdav.c.patch (2.88 KB) 1787-webdav.c.patch giuse_pes, 2013-12-03 22:49

Related issues 1 (0 open1 closed)

Related to Bug #1359: alias, auth etc are not checked for destination path for webdav operationsFixedActions
Actions #1

Updated by tibob over 15 years ago

I can confirm this bug on lighttpd 1.4.13-4etch11 (debian etch).

Actions #2

Updated by icy about 15 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to No
Actions #3

Updated by stbuehler about 15 years ago

  • Target version changed from 1.4.22 to 1.4.23
Actions #4

Updated by stbuehler almost 15 years ago

  • Target version changed from 1.4.23 to 1.4.24
Actions #5

Updated by stbuehler over 14 years ago

  • Target version changed from 1.4.24 to 1.4.x
Actions #6

Updated by DenisKlimek almost 14 years ago

Hello,

I can confirm this bad bug too.

Got two systems with Lighttpd and this failure behavoir.

system a:
lighttpd 1.4.19-5+lenny1
lighttpd-mod-webdav 1.4.19-5+lenny1

system b:
lighttpd 1.4.26-1.1
lighttpd-mod-webdav 1.4.26-1.1

Any workarounds or solutions available?

My configuration looks like:

$HTTP["host"] =~ "(www\.)?(website)\.(de)" {
        server.indexfiles               =       ( "index.php" )
        server.document-root            =       "/var/cluster/web/website/old" 
        accesslog.filename              =       "/var/log/lighttpd/website/old/access.log" 
        server.errorlog                 =       "/var/log/lighttpd/website/old/error.log" 
        alias.url                       +=      ( "/forum" => "/var/cluster/web/website/www/forum", )
        alias.url                       +=      ( "/icon" => "/var/cluster/web/website/services/awstats/icon", )
        alias.url                       +=      ( "/users" => "/var/cluster/web/website/users", )
        $HTTP["url"] =~ "^/users/denis/webdav($|/)" {
                server.document-root            =       "/var/cluster/web/website/users/denis/webdav/" 
                webdav.activate                 =       "enable" 
                webdav.is-readonly              =       "disable" 
                webdav.sqlite-db-name           =       "/var/run/lighttpd/lighttpd.webdav_lock.db" 
                auth.backend                    =       "plain" 
                auth.backend.plain.userfile     =       "/var/cluster/web/website/users/denis.pwd" 
                auth.require                    =       ( "" => ( "method" => "basic", "realm" => "Webdav", "require" => "valid-user" ) )
        }
}
Actions #7

Updated by tomas.srnka over 11 years ago

Hello,

I confirm that this problem is still valid with lighttpd-1.4.31-1.el6.x86_64, tested on Scientific Linux 6.3.

Can you please have a look at it?

Actions #8

Updated by stbuehler over 11 years ago

  • Assignee deleted (jan)
  • Target version changed from 1.4.x to 1.4.32
  • Missing in 1.5.x set to No
Implementation note:
  • Working across aliases is probably not possible (doc-root similar settings might be in url conditionals, so we'd need to simulate a complete second request to evaluate the config options)
  • it should use the same "doc-root"/"alias" base
Actions #9

Updated by stbuehler over 11 years ago

  • Target version changed from 1.4.32 to 1.4.33
Actions #10

Updated by stbuehler over 10 years ago

  • Target version changed from 1.4.33 to 1.4.34
Actions #11

Updated by darix over 10 years ago

  • Target version changed from 1.4.34 to 1.4.35
Actions #12

Updated by giuse_pes over 10 years ago

Fix MOVE and COPY requests when an aliased directory is specified as WEBDAV folder. Please let me know if there is any problem and if it is required more testing.

Thanks
Giuseppe

Configuration used for testing :

server.document-root = "/home/giuseppe/www"
server.port = 8080

server.username = "giuseppe"
server.groupname = "giuseppe"

server.modules = ("mod_access", "mod_auth", "mod_setenv", "mod_fastcgi", "mod_alias", "mod_rewrite", "mod_redirect", "mod_helloworld", "mod_webdav" )
server.modules += ("mod_accesslog")
server.errorlog = "/home/giuseppe/git/lighttpd1.4/error.log"

debug.log-file-not-found = "enable"
debug.log-request-header = "enable"
debug.log-request-handling = "enable"
debug.log-response-header = "enable"
webdav.log-xml = "enable"

server.network-backend = "linux-sendfile"

dir-listing.activate = "enable"

mimetype.assign = (
".html" => "text/html",
".htm" => "text/html",
".jpg" => "image/jpeg",
".png" => "image/png"
)

fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php-fastcgi.socket"
)))

static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
index-file.names = ( "index.html" )
index-file.names += ( "index.htm" )
index-file.names += ( "index.php" )

auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/home/giuseppe/Dropbox/PlayGround/lighttpd/lighttpd.user"
auth.require = ( "/private/index.html" =>
(
"method" => "basic",
"realm" => "test",
"require" => "user=test"
)
)

auth.require += ( "/test/index.htm" =>
(
"method" => "basic",
"realm" => "test",
"require" => "user=test"
)
)

alias.url = ( "/webdav" => "/home/giuseppe/dav/" )
$HTTP["url"] =~ "^/webdav($|/)" {
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

$HTTP["url"] =~ "^/test($|/)" {
server.document-root = "/home/giuseppe/"
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

url.rewrite-once = ("^/music$" => "/redirect/")

Actions #13

Updated by giuse_pes over 10 years ago

HI guys,

As it has been pointed out in the chat, this patch has some drawbacks. Can someone show me a context on which this patch may be dangerous or not work properly?
I am sorry for being stubborn, but I just want to understand better my errors and improve my knowledge regarding Lighttpd.

Thanks for your time.

Actions #14

Updated by stbuehler about 10 years ago

  • Target version changed from 1.4.35 to 1.4.36
Actions #15

Updated by stbuehler over 8 years ago

  • Target version changed from 1.4.36 to 1.4.x
Actions #16

Updated by gstrauss almost 8 years ago

  • Related to Bug #1359: alias, auth etc are not checked for destination path for webdav operations added
Actions #17

Updated by gstrauss almost 8 years ago

Anyone still watching this ticket who would be willing to test out a patch I wrote?

Actions #18

Updated by gstrauss almost 8 years ago

  • Target version changed from 1.4.x to 1.4.40
Actions #19

Updated by gstrauss almost 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions #20

Updated by Donaldtat about 2 years ago

  • File 535.gif added
Actions #21

Updated by gstrauss about 2 years ago

  • File deleted (535.gif)
Actions #22

Updated by RubenAcuri about 2 years ago

  • File 1561.gif added
Actions #23

Updated by gstrauss about 2 years ago

  • File deleted (1561.gif)
Actions #24

Updated by Bobbyexpox about 2 years ago

  • File 1395.gif added
Actions #25

Updated by stbuehler about 2 years ago

  • File deleted (1395.gif)
Actions

Also available in: Atom