Bug #1787: Bug in mod_webdav when using aliases and MOVE command - Lighttpd - lighty labs

Actions

Copy link

Bug #1787

closed

Bug in mod_webdav when using aliases and MOVE command

Added by Anonymous about 16 years ago. Updated almost 3 years ago.

Status:

Fixed

Priority:

Normal

Category:

mod_webdav

Target version:

1.4.40

ASK QUESTIONS IN Forums:

Description

If an aliased directory is used as a webdav mount point (a "virtual directory") and the webdav client issues a MOVE command (possibly this bug extends to other commands like COPY), it uses the server.document-root rather than the virtual directory.

For example, if we have the following in the config file:


server.document-root = "/var/www/" 

alias.url = ( "/webdav/" => "/usr/local/public/" )

$HTTP["url"] =~ "^/webdav($|/)" {
  webdav.activate = "enable" 
  webdav.is-readonly = "disable" 
}

and then we mount the server at http://192.168.1.1/webdav/ and create a folder, then we try to rename that folder, at about line 1901 it issues a "No such file or directory" because p->physical.path->ptr points to "/var/www/webdav/foldername" instead of the aliased directory.

-- kurtzmarc

Files

1787-webdav.c.patch (2.88 KB) 1787-webdav.c.patch

giuse_pes, 2013-12-03 22:49

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by tibob about 16 years ago

I can confirm this bug on lighttpd 1.4.13-4etch11 (debian etch).

Actions

Copy link

Updated by icy almost 16 years ago

Target version changed from 1.4.21 to 1.4.22
Patch available set to No

Actions

Copy link

Updated by stbuehler over 15 years ago

Target version changed from 1.4.22 to 1.4.23

Actions

Copy link

Updated by stbuehler over 15 years ago

Target version changed from 1.4.23 to 1.4.24

Actions

Copy link

Updated by stbuehler about 15 years ago

Target version changed from 1.4.24 to 1.4.x

Actions

Copy link

Updated by DenisKlimek over 14 years ago

Hello,

I can confirm this bad bug too.

Got two systems with Lighttpd and this failure behavoir.

system a:
lighttpd 1.4.19-5+lenny1
lighttpd-mod-webdav 1.4.19-5+lenny1

system b:
lighttpd 1.4.26-1.1
lighttpd-mod-webdav 1.4.26-1.1

Any workarounds or solutions available?

My configuration looks like:

$HTTP["host"] =~ "(www\.)?(website)\.(de)" {
        server.indexfiles               =       ( "index.php" )
        server.document-root            =       "/var/cluster/web/website/old" 
        accesslog.filename              =       "/var/log/lighttpd/website/old/access.log" 
        server.errorlog                 =       "/var/log/lighttpd/website/old/error.log" 
        alias.url                       +=      ( "/forum" => "/var/cluster/web/website/www/forum", )
        alias.url                       +=      ( "/icon" => "/var/cluster/web/website/services/awstats/icon", )
        alias.url                       +=      ( "/users" => "/var/cluster/web/website/users", )
        $HTTP["url"] =~ "^/users/denis/webdav($|/)" {
                server.document-root            =       "/var/cluster/web/website/users/denis/webdav/" 
                webdav.activate                 =       "enable" 
                webdav.is-readonly              =       "disable" 
                webdav.sqlite-db-name           =       "/var/run/lighttpd/lighttpd.webdav_lock.db" 
                auth.backend                    =       "plain" 
                auth.backend.plain.userfile     =       "/var/cluster/web/website/users/denis.pwd" 
                auth.require                    =       ( "" => ( "method" => "basic", "realm" => "Webdav", "require" => "valid-user" ) )
        }
}

Actions

Copy link

Updated by tomas.srnka about 12 years ago

Hello,

I confirm that this problem is still valid with lighttpd-1.4.31-1.el6.x86_64, tested on Scientific Linux 6.3.

Can you please have a look at it?

Actions

Copy link

Updated by stbuehler about 12 years ago

Assignee deleted (~~jan~~)
Target version changed from 1.4.x to 1.4.32
Missing in 1.5.x set to No

Implementation note:

Working across aliases is probably not possible (doc-root similar settings might be in url conditionals, so we'd need to simulate a complete second request to evaluate the config options)
it should use the same "doc-root"/"alias" base

Actions

Copy link

Updated by stbuehler about 12 years ago

Target version changed from 1.4.32 to 1.4.33

Actions

Copy link

#10

Updated by stbuehler about 11 years ago

Target version changed from 1.4.33 to 1.4.34

Actions

Copy link

#11

Updated by darix almost 11 years ago

Target version changed from 1.4.34 to 1.4.35

Actions

Copy link

#12

Updated by giuse_pes almost 11 years ago

File 1787-webdav.c.patch 1787-webdav.c.patch added
Status changed from New to Patch Pending

Fix MOVE and COPY requests when an aliased directory is specified as WEBDAV folder. Please let me know if there is any problem and if it is required more testing.

Thanks
Giuseppe

Configuration used for testing :

server.document-root = "/home/giuseppe/www"
server.port = 8080

server.username = "giuseppe"
server.groupname = "giuseppe"

server.modules = ("mod_access", "mod_auth", "mod_setenv", "mod_fastcgi", "mod_alias", "mod_rewrite", "mod_redirect", "mod_helloworld", "mod_webdav" )
server.modules += ("mod_accesslog")
server.errorlog = "/home/giuseppe/git/lighttpd1.4/error.log"

debug.log-file-not-found = "enable"
debug.log-request-header = "enable"
debug.log-request-handling = "enable"
debug.log-response-header = "enable"
webdav.log-xml = "enable"

server.network-backend = "linux-sendfile"

dir-listing.activate = "enable"

mimetype.assign = (
".html" => "text/html",
".htm" => "text/html",
".jpg" => "image/jpeg",
".png" => "image/png"
)

fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php-fastcgi.socket"
)))

static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
index-file.names = ( "index.html" )
index-file.names += ( "index.htm" )
index-file.names += ( "index.php" )

auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/home/giuseppe/Dropbox/PlayGround/lighttpd/lighttpd.user"
auth.require = ( "/private/index.html" =>
(
"method" => "basic",
"realm" => "test",
"require" => "user=test"
)
)

auth.require += ( "/test/index.htm" =>
(
"method" => "basic",
"realm" => "test",
"require" => "user=test"
)
)

alias.url = ( "/webdav" => "/home/giuseppe/dav/" )
$HTTP["url"] =~ "^/webdav($|/)" {
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

$HTTP["url"] =~ "^/test($|/)" {
server.document-root = "/home/giuseppe/"
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

url.rewrite-once = ("^/music$" => "/redirect/")

Actions

Copy link

#13

Updated by giuse_pes almost 11 years ago

HI guys,

As it has been pointed out in the chat, this patch has some drawbacks. Can someone show me a context on which this patch may be dangerous or not work properly?
I am sorry for being stubborn, but I just want to understand better my errors and improve my knowledge regarding Lighttpd.

Thanks for your time.

Actions

Copy link

#14