Project

General

Profile

Actions

Bug #1787

closed

Bug in mod_webdav when using aliases and MOVE command

Added by Anonymous almost 13 years ago. Updated about 5 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_webdav
Target version:
ASK QUESTIONS IN Forums:

Description

If an aliased directory is used as a webdav mount point (a "virtual directory") and the webdav client issues a MOVE command (possibly this bug extends to other commands like COPY), it uses the server.document-root rather than the virtual directory.

For example, if we have the following in the config file:


server.document-root = "/var/www/" 

alias.url = ( "/webdav/" => "/usr/local/public/" )

$HTTP["url"] =~ "^/webdav($|/)" {
  webdav.activate = "enable" 
  webdav.is-readonly = "disable" 
}

and then we mount the server at http://192.168.1.1/webdav/ and create a folder, then we try to rename that folder, at about line 1901 it issues a "No such file or directory" because p->physical.path->ptr points to "/var/www/webdav/foldername" instead of the aliased directory.

-- kurtzmarc


Files

1787-webdav.c.patch (2.88 KB) 1787-webdav.c.patch giuse_pes, 2013-12-03 22:49

Related issues

Related to Bug #1359: alias, auth etc are not checked for destination path for webdav operationsWontfixActions
Actions #1

Updated by tibob over 12 years ago

I can confirm this bug on lighttpd 1.4.13-4etch11 (debian etch).

Actions #2

Updated by icy over 12 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to No
Actions #3

Updated by stbuehler over 12 years ago

  • Target version changed from 1.4.22 to 1.4.23
Actions #4

Updated by stbuehler about 12 years ago

  • Target version changed from 1.4.23 to 1.4.24
Actions #5

Updated by stbuehler almost 12 years ago

  • Target version changed from 1.4.24 to 1.4.x
Actions #6

Updated by DenisKlimek over 11 years ago

Hello,

I can confirm this bad bug too.

Got two systems with Lighttpd and this failure behavoir.

system a:
lighttpd 1.4.19-5+lenny1
lighttpd-mod-webdav 1.4.19-5+lenny1

system b:
lighttpd 1.4.26-1.1
lighttpd-mod-webdav 1.4.26-1.1

Any workarounds or solutions available?

My configuration looks like:

$HTTP["host"] =~ "(www\.)?(website)\.(de)" {
        server.indexfiles               =       ( "index.php" )
        server.document-root            =       "/var/cluster/web/website/old" 
        accesslog.filename              =       "/var/log/lighttpd/website/old/access.log" 
        server.errorlog                 =       "/var/log/lighttpd/website/old/error.log" 
        alias.url                       +=      ( "/forum" => "/var/cluster/web/website/www/forum", )
        alias.url                       +=      ( "/icon" => "/var/cluster/web/website/services/awstats/icon", )
        alias.url                       +=      ( "/users" => "/var/cluster/web/website/users", )
        $HTTP["url"] =~ "^/users/denis/webdav($|/)" {
                server.document-root            =       "/var/cluster/web/website/users/denis/webdav/" 
                webdav.activate                 =       "enable" 
                webdav.is-readonly              =       "disable" 
                webdav.sqlite-db-name           =       "/var/run/lighttpd/lighttpd.webdav_lock.db" 
                auth.backend                    =       "plain" 
                auth.backend.plain.userfile     =       "/var/cluster/web/website/users/denis.pwd" 
                auth.require                    =       ( "" => ( "method" => "basic", "realm" => "Webdav", "require" => "valid-user" ) )
        }
}
Actions #7

Updated by tomas.srnka almost 9 years ago

Hello,

I confirm that this problem is still valid with lighttpd-1.4.31-1.el6.x86_64, tested on Scientific Linux 6.3.

Can you please have a look at it?

Actions #8

Updated by stbuehler over 8 years ago

  • Assignee deleted (jan)
  • Target version changed from 1.4.x to 1.4.32
  • Missing in 1.5.x set to No
Implementation note:
  • Working across aliases is probably not possible (doc-root similar settings might be in url conditionals, so we'd need to simulate a complete second request to evaluate the config options)
  • it should use the same "doc-root"/"alias" base
Actions #9

Updated by stbuehler over 8 years ago

  • Target version changed from 1.4.32 to 1.4.33
Actions #10

Updated by stbuehler almost 8 years ago

  • Target version changed from 1.4.33 to 1.4.34
Actions #11

Updated by darix over 7 years ago

  • Target version changed from 1.4.34 to 1.4.35
Actions #12

Updated by giuse_pes over 7 years ago

Fix MOVE and COPY requests when an aliased directory is specified as WEBDAV folder. Please let me know if there is any problem and if it is required more testing.

Thanks
Giuseppe

Configuration used for testing :

server.document-root = "/home/giuseppe/www"
server.port = 8080

server.username = "giuseppe"
server.groupname = "giuseppe"

server.modules = ("mod_access", "mod_auth", "mod_setenv", "mod_fastcgi", "mod_alias", "mod_rewrite", "mod_redirect", "mod_helloworld", "mod_webdav" )
server.modules += ("mod_accesslog")
server.errorlog = "/home/giuseppe/git/lighttpd1.4/error.log"

debug.log-file-not-found = "enable"
debug.log-request-header = "enable"
debug.log-request-handling = "enable"
debug.log-response-header = "enable"
webdav.log-xml = "enable"

server.network-backend = "linux-sendfile"

dir-listing.activate = "enable"

mimetype.assign = (
".html" => "text/html",
".htm" => "text/html",
".jpg" => "image/jpeg",
".png" => "image/png"
)

fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php-fastcgi.socket"
)))

static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
index-file.names = ( "index.html" )
index-file.names += ( "index.htm" )
index-file.names += ( "index.php" )

auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/home/giuseppe/Dropbox/PlayGround/lighttpd/lighttpd.user"
auth.require = ( "/private/index.html" =>
(
"method" => "basic",
"realm" => "test",
"require" => "user=test"
)
)

auth.require += ( "/test/index.htm" =>
(
"method" => "basic",
"realm" => "test",
"require" => "user=test"
)
)

alias.url = ( "/webdav" => "/home/giuseppe/dav/" )
$HTTP["url"] =~ "^/webdav($|/)" {
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

$HTTP["url"] =~ "^/test($|/)" {
server.document-root = "/home/giuseppe/"
webdav.activate = "enable"
webdav.is-readonly = "disable"
}

url.rewrite-once = ("^/music$" => "/redirect/")

Actions #13

Updated by giuse_pes over 7 years ago

HI guys,

As it has been pointed out in the chat, this patch has some drawbacks. Can someone show me a context on which this patch may be dangerous or not work properly?
I am sorry for being stubborn, but I just want to understand better my errors and improve my knowledge regarding Lighttpd.

Thanks for your time.

Actions #14

Updated by stbuehler over 7 years ago

  • Target version changed from 1.4.35 to 1.4.36
Actions #15

Updated by stbuehler about 6 years ago

  • Target version changed from 1.4.36 to 1.4.x
Actions #16

Updated by gstrauss over 5 years ago

  • Related to Bug #1359: alias, auth etc are not checked for destination path for webdav operations added
Actions #17

Updated by gstrauss over 5 years ago

Anyone still watching this ticket who would be willing to test out a patch I wrote?

Actions #18

Updated by gstrauss over 5 years ago

  • Target version changed from 1.4.x to 1.4.40
Actions #19

Updated by gstrauss about 5 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom