Cannot mount WebDAV server

Help
2006-04-23
2013-04-16
  • Michael Holm

    Michael Holm - 2006-04-23

    Hi,
    I have huge problems mounting any webdav server, but im pretty sure the problem has to do with CODA, i get the following errors in my syslog.

    Apr 24 00:52:59 wonder kernel: coda_read_super: device index: 0
    Apr 24 00:52:59 wonder mount.davfs-2.6: Bad handle passed 0/0/(nil)
    Apr 24 00:52:59 wonder kernel: coda_read_super: rootfid is (01234567.ffffffff.08061258)
    Apr 24 00:53:29 wonder kernel: Failure of coda_cnode_make for root: error -4

    anyone who knows what that means?

    kind regards
    Michael

     
    • Michael Holm

      Michael Holm - 2006-04-24

      I found out that my coda module was wrong.. so now it works without SSL, but when i tries to mount with SSL, i get the following errors:

      Could not contact server:
      Could not read status line: SSL error: decryption failed or bad record mac
      /usr/lib/mount.davfs-2.6: Could not connect to https://webdav.firma-web.dk/mitea .

      Well.. it is with a self made certificate.. but that shouldnt make any errors?

      And i use the below command to mount:

      sudo mount -t davfs https://webdav.firma-web.dk/mitea /mnt/mitea_webdav/

      i really hope someone can help me.

       
    • Werner Baumann

      Werner Baumann - 2006-04-24

      Hello Michael,

      it does not look like a certificate problem. davfs2 would ask you to verifiy the certificate in this case.

      The problem seems to arise in an earlier stage, when davfs2 tries to establish a connection with your webserver. We use the neon library for this. You migth have a look at the noen site (http://www.webdav.org/neon/) if there are known problems.

      But most propably it is a server problem. You might first search the server logs. You may also try a TLS/SSL connection to this server using a standard browser.

      Greetings
      Werner

       
      • Michael Holm

        Michael Holm - 2006-04-25

        >it does not look like a certificate problem. davfs2 would ask you to verifiy the certificate in this case.
        That is good to know :)

        >The problem seems to arise in an earlier stage, when davfs2 tries to establish a connection with your webserver. We use the neon library for this. You migth have a look at the noen site (http://www.webdav.org/neon/) if there are known problems.
        I get no errors in my syslog.. the error pasted right below is the only debug i have.. Either the server comes with ANYTHING at all.. nothing in access.log and nothing in error.log.. and the funny thing is that i can login with no problems at all with my firefox browser.. BUT here is my debug:

        Could not contact server:
        Could not read status line: SSL error: decryption failed or bad record mac
        /usr/lib/mount.davfs-2.6: Could not connect to https://webdav.firma-web.dk/mitea.

        kind regards
        Michael

         
        • Werner Baumann

          Werner Baumann - 2006-04-25

          Hello Michael,

          I just tried to connect to your server. This is what I got:
          ginster:/home/werner# mount -t davfs https://webdav.firma-web.dk/mitea /mnt
          Please enter the username for authentication with server
          https://webdav.firma-web.dk/mitea or hit enter for none.
          Username: otto
          Please enter the password to authenticate otto with server
          https://webdav.firma-web.dk/mitea or hit enter for none.
          Password:
          Server cerifticate could not be verified.
            presented for `webdav.firma-web.dk':
            Issuer:  Firma-Web, Mitea, Aalborg, Some-State, DK
            Subject: Firma-Web, Mitea, Aalborg, Some-State, DK
            Fingerprint: e2:ab:31:2d:83:5d:1d:44:42:5b:36:28:34:7c:23:9f:62:e6:5e:4c
          If you can't verify the fingerprint the server may be faked
          or there may be a man-in-the-middle-attack!
          I am not a coward and accept the certificate anyway [y,N]? y
          Could not contact server:
          401 Authorization Required
          /usr/lib/mount.davfs-2.6: Could not connect to https://webdav.firma-web.dk/mitea.

          Except from the fact that I don't know username and password and therefore got "401 Authorization Required" everything works fine.
          As I am using Debian Sarge and I assume you do too, there must be another problem, propably with the network connection.

          Are there any firewalls or proxies between the client and the server?

          Greetings
          Werner

          P.S.: There will be some entries in the logs of your webserver, documenting my attempts to gain access to the server without authentication.

           
    • Michael Holm

      Michael Holm - 2006-05-16

      once again.. i will paste a little more log.. this time from the error.log (apache2):
      [Tue May 16 15:20:27 2006] [info] Connection to child 0 established (server webdav.firma-web.dk:443, client 194.239.195.8)
      [Tue May 16 15:20:27 2006] [info] Seeding PRNG with 136 bytes of entropy
      [Tue May 16 15:20:30 2006] [info] Connection to child 0 closed with standard shutdown(server webdav.firma-web.dk:443, client 194.239.195.8)
      [Tue May 16 15:20:30 2006] [info] Connection to child 1 established (server webdav.firma-web.dk:443, client 194.239.195.8)
      [Tue May 16 15:20:30 2006] [info] Seeding PRNG with 136 bytes of entropy
      [Tue May 16 15:20:30 2006] [info] SSL library error 1 in handshake (server webdav.firma-web.dk:443, client 194.239.195.8)
      [Tue May 16 15:20:30 2006] [info] SSL Library Error: 336131157 error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
      [Tue May 16 15:20:30 2006] [info] Connection to child 1 closed with abortive shutdown(server webdav.firma-web.dk:443, client 194.239.195.8)

      and to sum up.. here is the error from my client..:
      Could not contact server:
      Could not read status line: SSL error: decryption failed or bad record mac
      /usr/lib/mount.davfs-2.6: Could not connect to https://webdav.mitea.dk/mitea.

      there are no proxies between the 2 computers... but there are firewalls, but the does not deny any of the access.. so i find it hard to believe this is caused by any of the network traffik.. i think its more possible that i need some packages on my debian client.. i have tried both testing and unstable packages..

      In the kernel i have coda in the kernel.. so it just seems to be some packages im missing.. here is a list of my installed packages:

      davfs2      - 0.2.8-1
      libc6       - 2.3.6-7
      libneon25   - 0.25.5.dfsg-5
      libssl0.9.8 - 0.9.8a-8
      libxml2     - 2.6.24.dfsg-1
      zlib1g      - 1:1.2.3-11

       
    • Werner Baumann

      Werner Baumann - 2006-05-25

      Hello Michael,

      now I could reproduce the error, using the Debian testing system of my son. I used
      davfs2-0.2.7
      libneon24
      libssl0.9.8

      Allthough this is not exactly the same configuration as yours, I got the same error. But I also tried with two other servers and there was no error.

      I also logged the traffic with ethereal. That is what I can say:
      - Server and client both use TLS 1.0
      - TLS handshake succeds
      - the error occurs only when the client has send the first packet with appliction data (should be an OPTIONS request, but it is encrypted)
      - the server responds with an SSL error (the one we see on the command line); it should respond with "authorization required"
      - after sending the error response the server terminates the connection (FIN).

      As you can make SSL connections to the server with  a browser, but davfs2 can connect to other servers with SSL, the most likely reason is a subtle misunderstanding between the two SSL libraries on server and client.

      Sorrily, I am not really familiar with SSL (davfs does no SSL by itself, but uses neon; neon just uses the SSL library). I am not of much help from this point.

      Some suggestions:
      - maybe it is possible to use another SSL library on the server?
      - If the server is Debian too, you may post an error report to the Debian maintainer of the server.
      - you may look for error reports an the apache and the openssl website.

      Greetings
      Werner

       
    • Werner Baumann

      Werner Baumann - 2006-05-25

      P.S.:
      There again should be some entries in your servers log files:
      Client IP 80.145.154.109, username otto
      That's me searching for the bug. I only could reproduce the error with your server, but there are some more servers I could try.

      Werner

       

Log in to post a comment.