Comments (14)
spacehorst
commented on July 25, 2024
3
As a workaround one could add the missing Authorization Header by hand:
echo -n "$username:$password" | base64
abc....xyz=
davix-get -H "Authorization: Basic abc....xyz=" http://your.web/dav
from davix.
mpatrascoiu
commented on July 25, 2024
1
Hello all,
This problem appeared with the davix v0.8.0 release, which introduced libcurl alongside libneon for the backend. A large refactoring was done to facilitate having two different backends, including introducing a new class hierarchy.
Unfortunately, during that refactoring, the hooks mechanism used with libneon was lost. Previously, hooks would be registered for different scenarios. One such hook would be triggered when the server requests Basic authentication via the response headers.
In branch login_callback_0.8.0, I'm trying to get the hooks mechanism to work again. However, this introduces a memory corruption in the session object management. The corruption does not show via the command line tool (e.g.: davix-get <url>), but if you were to reuse the same Davix object, it will show up sooner or later. For this reason, the branch is not ready to be merged.
Ultimately, we we plan to decommission the libneon backend. Due to this, I gave up on getting the hooks mechanism to work, especially since it is only tied to libneon and not libcurl.
For what concerns the username + password login, the davix + libcurl backend simply does not do it at all. If there's high demand for this functionality, I can add it to the libcurl backend. This means you'd have it only when activating libcurl:
$ DAVIX_USE_LIBCURL=1 davix-get <url>
from davix.
spacehorst
commented on July 25, 2024
1
Hi @mpatrascoiu,
thanks for investigating on that issue.
Could you please clarify your statement of #81 (comment)
Do I understand correct, that it would not be possible to use a WebDAV Server with Basic Authentification by davix >= 0.8.0 any more?
This would be a big drawback for us. We have been using davix for more than 10 years in our CI/CD pipeline.
So we would like to encourage you to keep on with basic authentication.
from davix.
mpatrascoiu
commented on July 25, 2024
Hello Shahram,
Great problem report!
I will look into why it fails. From the logs, it seems the client login callback is never invoked.
Cheers,
Mihai
from davix.
kelson42
commented on July 25, 2024
Seems I'm impacted by the same bug
from davix.
felix-egli
commented on July 25, 2024
I'm affected by this bug as well.
from davix.
nachter
commented on July 25, 2024
I came across this error too. With davix version 0.8.2. When I compare the debug-output of davix-version 0.7.6: In 0.7.6 there is this line:
creating session keys... httpsnextcloud.gbv.de
This line is completly missing in 0.8.2
Just a hint, perhaps this helps.
from davix.
nachter
commented on July 25, 2024
So, the message about creating session keys is just missing in the output for 0.8.x, it's just not present in the code of 0.8.x. So this doesnt seem to be the problem.
But for 0.8.x in the debug-log, I get the message
"DAVIX(ssl): Disable Session recycling"
Perhaps there is a case missing (so for username/passphrase authentication), when the session recycling should not be disabled?
from davix.
nachter
commented on July 25, 2024
Hello!
I now compiled and tested the login_callback_0.8.0 branch. It seems to work fine with this branch.
Thanks for having a look on this!
from davix.
crstmkt
commented on July 25, 2024
Hello,
I'm affected by this bug aswell.
from davix.
TGion
commented on July 25, 2024
Hi there,
I am not 100% sure this is the same issue / connected, but as far I could tell, there weren't any fixes about this issue yet. Sorry in advance if this is another issue / misconfiguration on my part.
I am trying to access my Nextcloud instance with davix 0.8.4. on my FreeBSD system:
[[email protected] ~]$ davix-ls --debug --userlogin USERNAME --userpass PASSWORD davs://cloud.gion.io/remote.php/dav/files/USERNAME/
DAVIX(socket): ssl: Initialized OpenSSL thread-safety callbacks for 1 locks.
DAVIX(core): HTTP/SSL Session caching ENABLED
DAVIX(core): Redirection Session caching ENABLED
DAVIX(core): libdavix path /usr/local/lib/libdavix.so.0, version: 0.8.4
DAVIX(posix): -> opendirpp
DAVIX(http): Create HttpRequest for davs://cloud.gion.io/remote.php/dav/files/USERNAME/
DAVIX(http): -> negotiateRequest
DAVIX(http): NEON start internal request
DAVIX(http): no cached ne_session, create a new one
DAVIX(http): HTTP session to https://cloud.gion.io:443 begins.
DAVIX(ssl): ssl: SNI enabled by default.
DAVIX(http): configure session...
DAVIX(http): define connection timeout to 30
DAVIX(http): enable login/password authentication
DAVIX(http): enable client cert authentication by callback
DAVIX(ssl): ah_create, for WWW-Authenticate
DAVIX(socket): Running pre_send hooks
> PROPFIND /remote.php/dav/files/USERNAME/ HTTP/1.1
> User-Agent: libdavix/0.8.4 neon/0.0.29
> Keep-Alive:
> Connection: Keep-Alive
> TE: trailers
> Host: cloud.gion.io
> Depth: 1
> Content-Length: 303
>
DAVIX(socket): Sending request-line and headers:
DAVIX(socket): Doing DNS lookup on cloud.gion.io...
DAVIX(ssl): Doing SSL negotiation.
DAVIX(ssl): Chain depth: 2
DAVIX(ssl): ssl: Match common name '*.gion.io' against ''
DAVIX(ssl): ssl: Match common name 'gion.io' against ''
DAVIX(ssl): Identity match for '': bad
DAVIX(ssl): Cert #0:
DAVIX(ssl): Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b5:18:58:80:3d:d6:ec:2a:12:4d:db:84:25:11:78:0c:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 22 10:48:47 2023 GMT
Not After : Aug 20 10:48:46 2023 GMT
Subject: CN=gion.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:0a:8d:54:41:ce:9e:e9:83:a3:cd:6f:ae:08:
24:f0:b8:6f:b2:65:0e:53:e3:c3:3d:0f:1c:f2:fb:
ee:f6:cf:2c:eb:88:98:e9:14:10:83:34:00:9f:a9:
08:ee:88:e8:21:a2:71:cf:61:72:c5:d6:52:f5:6c:
d4:c1:27:d5:fe:f1:8d:d6:c3:b3:2f:1d:0f:f7:fc:
b8:a3:c0:53:6a:38:cd:0b:ed:c3:47:41:ed:08:50:
37:8a:f9:73:d2:76:a2:30:8f:4a:2e:b2:a5:b5:8e:
11:3b:4c:e0:1f:df:ad:67:23:1f:9a:79:f1:03:b1:
10:d4:1f:9b:7c:aa:1e:ba:97:06:78:8c:04:d4:4f:
56:3c:52:d7:f1:2e:0e:f4:61:c2:24:19:92:f0:0a:
de:0b:3a:5e:4a:6c:3c:d9:95:b5:7f:31:19:d4:cc:
82:bc:7b:0b:fe:76:03:34:42:dd:88:50:17:95:ba:
76:f5:66:95:6c:a8:e7:74:d5:8b:c0:72:ff:b3:94:
a8:eb:9a:ff:a3:2b:f9:58:1f:a9:62:0b:a1:35:3f:
a0:04:24:d0:42:7b:07:2a:9c:15:8b:ae:d5:0a:ea:
6c:d6:a4:68:86:b4:e6:ae:a2:0a:e3:f4:8d:be:63:
ac:5e:9c:2c:65:3b:16:b1:54:8a:3a:74:30:b4:50:
19:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
9F:AF:79:EA:A7:11:8C:28:EB:B2:5C:76:AF:97:E1:D3:2E:F4:8C:74
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.gion.io, DNS:gion.io
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : May 22 11:48:47.518 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:66:36:CF:29:95:A1:F7:54:E6:90:42:A1:
F2:09:FD:50:A5:95:83:46:FA:64:18:23:61:69:4C:70:
07:10:AE:9E:02:21:00:E2:3A:12:85:52:A5:6F:63:DE:
EF:9E:EE:3B:46:DF:50:92:62:D2:9F:BC:DB:B1:5D:40:
9C:DA:94:79:48:62:2D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : May 22 11:48:47.541 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:27:1C:80:5D:5B:75:1B:87:7F:92:6A:57:
DC:49:0C:54:CB:9B:50:20:66:84:56:41:52:A6:91:5D:
B2:
DAVIX(ssl): ssl: Match common name 'R3' against ''
DAVIX(ssl): Identity match for '': bad
DAVIX(ssl): Cert #1:
DAVIX(ssl): Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:2b:08:4a:cf:0c:18:a7:53:f6:d6:2e:25:a7:5f:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1
Validity
Not Before: Sep 4 00:00:00 2020 GMT
Not After : Sep 15 16:00:00 2025 GMT
Subject: C=US, O=Let's Encrypt, CN=R3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:02:15:28:cc:f6:a0:94:d3:0f:12:ec:8d:55:
92:c3:f8:82:f1:99:a6:7a:42:88:a7:5d:26:aa:b5:
2b:b9:c5:4c:b1:af:8e:6b:f9:75:c8:a3:d7:0f:47:
94:14:55:35:57:8c:9e:a8:a2:39:19:f5:82:3c:42:
a9:4e:6e:f5:3b:c3:2e:db:8d:c0:b0:5c:f3:59:38:
e7:ed:cf:69:f0:5a:0b:1b:be:c0:94:24:25:87:fa:
37:71:b3:13:e7:1c:ac:e1:9b:ef:db:e4:3b:45:52:
45:96:a9:c1:53:ce:34:c8:52:ee:b5:ae:ed:8f:de:
60:70:e2:a5:54:ab:b6:6d:0e:97:a5:40:34:6b:2b:
d3:bc:66:eb:66:34:7c:fa:6b:8b:8f:57:29:99:f8:
30:17:5d:ba:72:6f:fb:81:c5:ad:d2:86:58:3d:17:
c7:e7:09:bb:f1:2b:f7:86:dc:c1:da:71:5d:d4:46:
e3:cc:ad:25:c1:88:bc:60:67:75:66:b3:f1:18:f7:
a2:5c:e6:53:ff:3a:88:b6:47:a5:ff:13:18:ea:98:
09:77:3f:9d:53:f9:cf:01:e5:f5:a6:70:17:14:af:
63:a4:ff:99:b3:93:9d:dc:53:a7:06:fe:48:85:1d:
a1:69:ae:25:75:bb:13:cc:52:03:f5:ed:51:a1:8b:
db:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
X509v3 Authority Key Identifier:
keyid:79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
Authority Information Access:
CA Issuers - URI:http://x1.i.lencr.org/
X509v3 CRL Distribution Points:
Full Name:
URI:http://x1.c.lencr.org/
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
Signature Algorithm: sha256WithRSAEncryption
85:ca:4e:47:3e:a3:f7:85:44:85:bc:d5:67:78:b2:98:63:ad:
75:4d:1e:96:3d:33:65:72:54:2d:81:a0:ea:c3:ed:f8:20:bf:
5f:cc:b7:70:00:b7:6e:3b:f6:5e:94:de:e4:20:9f:a6:ef:8b:
b2:03:e7:a2:b5:16:3c:91:ce:b4:ed:39:02:e7:7c:25:8a:47:
e6:65:6e:3f:46:f4:d9:f0:ce:94:2b:ee:54:ce:12:bc:8c:27:
4b:b8:c1:98:2f:a2:af:cd:71:91:4a:08:b7:c8:b8:23:7b:04:
2d:08:f9:08:57:3e:83:d9:04:33:0a:47:21:78:09:82:27:c3:
2a:c8:9b:b9:ce:5c:f2:64:c8:c0:be:79:c0:4f:8e:6d:44:0c:
5e:92:bb:2e:f7:8b:10:e1:e8:1d:44:29:db:59:20:ed:63:b9:
21:f8:12:26:94:93:57:a0:1d:65:04:c1:0a:22:ae:10:0d:43:
97:a1:18:1f:7e:e0:e0:86:37:b5:5a:b1:bd:30:bf:87:6e:2b:
2a:ff:21:4e:1b:05:c3:f5:18:97:f0:5e:ac:c3:a5:b8:6a:f0:
2e:bc:3b:33:b9:ee:4b:de:cc:fc:e4:af:84:0b:86:3f:c0:55:
43:36:f6:68:e1:36:17:6a:8e:99:d1:ff:a5:40:a7:34:b7:c0:
d0:63:39:35:39:75:6e:f2:ba:76:c8:93:02:e9:a9:4b:6c:17:
ce:0c:02:d9:bd:81:fb:9f:b7:68:d4:06:65:b3:82:3d:77:53:
f8:8e:79:03:ad:0a:31:07:75:2a:43:d8:55:97:72:c4:29:0e:
f7:c4:5d:4e:c8:ae:46:84:30:d7:f2:85:5f:18:a1:79:bb:e7:
5e:70:8b:07:e1:86:93:c3:b9:8f:dc:61:71:25:2a:af:df:ed:
25:50:52:68:8b:92:dc:e5:d6:b5:e3:da:7d:d0:87:6c:84:21:
31:ae:82:f5:fb:b9:ab:c8:89:17:3d:e1:4c:e5:38:0e:f6:bd:
2b:bd:96:
DAVIX(ssl): ssl: Match common name '*.gion.io' against 'cloud.gion.io'
DAVIX(ssl): Identity match for 'cloud.gion.io': good
DAVIX(socket): Sending request body:
DAVIX(socket): Request body sent successfully
DAVIX(socket): Request sent; retry is 0.
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Sun, 04 Jun 2023 09:50:03 GMT
< Content-Type: application/xml; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=5
< Set-Cookie: [removed]
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Security-Policy: default-src 'none';
< WWW-Authenticate: Basic realm="cloud | gion . io", charset="UTF-8"
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Referrer-Policy: no-referrer
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< X-XSS-Protection: 1; mode=block
< Permissions-Policy: camera=(), microphone=(), geolocation=()
< X-Frame-Options: SAMEORIGIN
< X-Robots-Tag: noindex,nofollow
<
DAVIX(socket): End of headers.
DAVIX(socket): Running post_headers hooks
DAVIX(ssl): Disable Session recycling
DAVIX(http): <- negotiateRequest
DAVIX(core): Destroy HttpRequest
DAVIX(socket): sess: Closing connection.
DAVIX(socket): sess: Connection closed.
DAVIX(ssl): Disable Session recycling
DAVIX(socket): Running destroy hooks.
DAVIX(socket): Request ends.
DAVIX(socket): sess: Destroying session.
DAVIX(posix): <- opendirpp
(Davix::HttpRequest) Error: HTTP 401 : Authentication Error
What else has been tested:
- Successfully accessed the DAV server with cadaver
- Failed with https:// address too
- Reinstallation of davix
What has not been tested
- Earlier versions of davix with my Nextcloud instance
- Access via http:// or dav://
- Another server with davix
Help, a new version, or hints about any misconfiguration on my parts would be really appreciated. Thanks a lot in advance.
If I could be of any help with more testing, just let me know!
from davix.
TGion
commented on July 25, 2024
Hey @mpatrascoiu ,
first of all thanks a lot for your effort and your clarification!
I am a bit confused about your last paragraph (most certainly because of my lack of knowledge):
How do you usually connect to a WebDAV Server, because I honestly don't know any other way then by basic authentification (username + password). Iam trying to access my Nextcloud instance via WebDAV and couldnt find another way then by username + password.
Long story short, I would think the demand for it is quite high.
If you have the time I would appreciate also some clarification on how other forms of authentification work with davix. I couldnt really find a lot in the documentation which would be useful for my appliance.
Thanks a lot again and please tell me if I could be of any help!
from davix.
TGion
commented on July 25, 2024
Thanks for your workaround @spacehorst
from davix.
mpatrascoiu
commented on July 25, 2024
Hello @spacehorst , that's correct. With davix >= 0.8.0, there is no more Basic Authentication.
And if we bring it back (I believe we should, it's more a question of effort and planning), it will only be available for the CURL backend.
Just to mention: your workaround should work well, cheers for that
from davix.
Related Issues (20)
- Unit tests fail when run by more than one user on the same machine HOT 3
- Introspect redirections for HTTP TPC xfers HOT 1
- CVE-2022-32221 in bundled curl library HOT 2
- Wrong format for downloaded files for release 0.8.4 HOT 5
- CVE-2023-38545 in bundled curl library HOT 1
- 1 test fails, and several tests hang
- davix version 0.8.5 cannot authenticate using username and password with DAVIX_USE_LIBCURL HOT 1
- [FreeBSD] Davix build fails on FreeBSD
- Davix "master" branch fails to compile on macOS (caused by DMC-1394) HOT 1
- davix-ls fails to load certificates when using libcurl backend
- Add support for CA certificate file in addition to a CA directory
- Documentation pages missing
- Out of Date RapidJSON dependency causing compile failure HOT 1
- davix-ls omits the content-type header
- Dir listing ignores IsTruncated = true
- Allow forcing of bundled rapidjson
- Crash on badly formed `davix-cp` command
- Please add instructions how to run tests to the README
- Copyrighted song lyrics in codebase HOT 2
- Infinite loop in davix slow unit tests when using external libcurl HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from davix.