You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
(12) |
Sep
|
Oct
(7) |
Nov
(12) |
Dec
(3) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(1) |
Feb
(4) |
Mar
(3) |
Apr
(6) |
May
(3) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(9) |
Oct
(56) |
Nov
(3) |
Dec
(2) |
2003 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
(4) |
Sep
|
Oct
(8) |
Nov
(6) |
Dec
(2) |
2004 |
Jan
(1) |
Feb
(3) |
Mar
(7) |
Apr
(1) |
May
|
Jun
(9) |
Jul
|
Aug
(9) |
Sep
(1) |
Oct
(3) |
Nov
(7) |
Dec
|
2005 |
Jan
|
Feb
(8) |
Mar
(3) |
Apr
(13) |
May
(2) |
Jun
(5) |
Jul
(30) |
Aug
(7) |
Sep
(14) |
Oct
(1) |
Nov
(1) |
Dec
(14) |
2006 |
Jan
(8) |
Feb
(4) |
Mar
(2) |
Apr
(6) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(8) |
Oct
(5) |
Nov
|
Dec
(1) |
2007 |
Jan
|
Feb
|
Mar
(1) |
Apr
(2) |
May
(1) |
Jun
(13) |
Jul
|
Aug
(9) |
Sep
|
Oct
|
Nov
(7) |
Dec
|
2008 |
Jan
|
Feb
(11) |
Mar
(3) |
Apr
(7) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
|
Nov
|
Dec
|
2009 |
Jan
(2) |
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Werner B. <wer...@on...> - 2007-06-24 20:35:44
|
Thanks for spell checking. As tomorrow will be Monday it will take some days, but it will be included in the next release. Newline and getpass: As it works it seems not urgent. I will change it some day but I am not sure whether it will be in the next release. (propably yes) Certificates: It's an old discussion and I'm stur: davfs2 will not use unverified certificates. But the problem is solved. Users may verifiy the certificate in their own way, save it on disk and tell davfs2 to use it without further checking. It is described in the davfs2.conf man page., option servercert. There is a general problem with user interaction. davfs2 will prompt the user only as long as it is not in daemon mode. With pam_mount this is still more restricted (the same holds for automatic mount at boot time). But everthing can be configured, so that there is no need to ask the user anything. But davfs2 is not samba and not nfs. It has to deal with different problems, so configuration is different. In my opinion davfs2 therefore needs configuration files and can't handle everthing via command line. Jan Engelhardt wrote: > Even if they possibly wanted, it can be quite tedious for the > administrator. I've been to systems with 2000 users and more. > The users themselves cannot edit any davfs secrets file, since /etc > belongs to root, and /home/$USER is not possibly mounted yet. > How comes davfs2 into this? Wants the administrator to allow every user to mount the same webdav resource? Why not mount it once and set permissions for all users? Wants he to allow every user to mount another webdav resource? So he will propably use some script to configure this. He might include the secrets file in this script. But as he is responsible for 2000 user accounts, he certainly will not allow to use the login password for gmx-access. /home/$USER: Why should it be necessary to mount a webdav resource before the home directory is mounted. I can't imagine, except the webdav resource is the home directory. Don't blame davfs2 for the disaster. Cheers Werner |
From: Jan E. <je...@co...> - 2007-06-24 17:55:59
|
Index: davfs2-1.2.1/BUGS =================================================================== --- davfs2-1.2.1.orig/BUGS +++ davfs2-1.2.1/BUGS @@ -1,11 +1,11 @@ davfs2 known bugs 2007-02-13 ---------------------------- -- davfs2 can not calculate the free disk space on the server. But some +- davfs2 cannot calculate the free disk space on the server. But some applications (e.g. nautilus) insist on this. So davfs can't help but lie. - Some servers require the use of special headers or cookies. mount.davfs - currently can not handle this. But this may as well be considered a + currently cannot handle this. But this may as well be considered a server bug (RFC 2518 does not require any of this). - davfs2 is propably not portable but relies on GNU libc 2. Index: davfs2-1.2.1/ChangeLog =================================================================== --- davfs2-1.2.1.orig/ChangeLog +++ davfs2-1.2.1/ChangeLog @@ -179,7 +179,7 @@ ChangeLog for davfs2 webdav.c: dav_head Destroy request *after* retrieving information. * cache.h, cache.c: dav_node - Added dirty flag (mtime not allways indicates changes). + Added dirty flag (mtime not always indicates changes). * cache.c, webdav.c, webdav.h: On PUT set Execute property before HEAD (IIS changes Etag on PROPPATCH). @@ -244,7 +244,7 @@ ChangeLog for davfs2 2006-10-05 Werner Baumann (wer...@on...) * webdav.c: dav_get_collection - Check path for trailing slash; ctx.path must allways + Check path for trailing slash; ctx.path must always have a trailing slash. 2006-10-05 Werner Baumann (wer...@on...) Index: davfs2-1.2.1/FAQ =================================================================== --- davfs2-1.2.1.orig/FAQ +++ davfs2-1.2.1/FAQ @@ -5,12 +5,12 @@ FREQUENTLY ASKED QUESTIONS Q: What are these files with size 0 and date of 1970-01-01? A: WebDAV allows to lock files that do not exist, to protect the name - while you are preparing a file for upload. This "locked-null-resources" + while you are preparing a file for upload. These "locked-null-resources" will show as files with size 0. This is ok as long as the locks are released some day. -Q: But this size-0-files don't disappear. How can I get rid of them? -Q: Some files can not be accessed because they are locked. But I know for +Q: But the size-0-files don't disappear. How can I get rid of them? +Q: Some files cannot be accessed because they are locked. But I know for sure that nobody uses them. A: It can happen that locks are not released: - An WebDAV client may crash. @@ -22,17 +22,17 @@ A: It can happen that locks are not rele - Whenever it discovers that a file is locked, it tries to discover whether it owns the lock. In this case it will reuse the lock and then release it. But not all servers will support this. - Sometimes only the administrator of the server may be able to free stale + Sometimes, only the administrator of the server may be able to free stale locks. It would be a good idea if the server implements an administrative timeout for locks, because it is impossible to make sure that all clients - will allways release locks properly. + will always release locks properly. Q: Why can't I access Novell NetStorage with davfs2? It works with KDE and even with Microsoft WebFolders. A: NetStorage refuses to work with clients that do not support cookies. davfs2 does not support cookies. The reason is that neon dropped cookie support - because it was autdated and they had not yet time to rewrite it. - There is a workaround in using the old neon 0.24 library. Please look at + because it was outdated and they did not yet have the time to rewrite it. + There is a workaround, by using the old neon 0.24 library. Please look at http://sourceforge.net/mailarchive/forum.php?thread_id=30502324&forum_id=1351 I will try to prepare a proper patch soon. But I think it is really a fault of Novell NetStorage. WebDAV does not, and @@ -41,7 +41,7 @@ A: NetStorage refuses to work with clien Q: When I try to save may backups to the WebDAV Server, davfs2 creates another copy on disk, so I run out of disk space. Why does dafs2 do this? -A: davfs2 will allways create a local copy of all files moved between the local +A: davfs2 will always create a local copy of all files moved between the local computer and the server. There are several reasons for this: - The coda kernel file system needs this. It will only read and write to local copies. @@ -52,7 +52,7 @@ A: davfs2 will allways create a local co Q: When I unmount a davfs2 file system, umount blocks and it sometimes takes hours before it returns. -A: This intentionally. umount should not return, before all cached data are +A: This is intentionally. umount should not return before all cached data is saved to the media. The time needed depends on the amount of data and the transfer rate. It is almost unnoticeable for a hard disk, some minutes for a floppy, and for davfs2 it varies with the quality of the connection. @@ -66,7 +66,7 @@ A: Reason is that this programs open eve file type. mount.davfs has to download them all. Even if the files are cached, it will have to ask the server whether there is a new version. You may try the configuration option 'gui_optimize'. This will not help when - you visit the directory for the first time, but when the files are allready + you visit the directory for the first time, but when the files are already in the cache it will reduce response time. O: When I mount a resource form Microsoft IIS, I can create new files, but when @@ -78,9 +78,9 @@ A: Microsoft IIS only serves files with this restriction. So you can create a new file with e.g. OpenOffice.org and when you try to open it again, IIS will tell it can't find it. But it really exists in the servers file system. - By default only extensions used by Microsoft are registered (because you do + By default, only extensions used by Microsoft are registered (because you do not want to use file formats that are not owned by Microsoft. But maybe you're - a communist?). To change this you have to register all file extensions, you + a communist?). To change this you have to register all file extensions you want to use. You may also register a wildcard extension. - Open the microsoft management console for IIS. - Select the WebDAV folder within IIS you want to use. @@ -91,5 +91,5 @@ A: Microsoft IIS only serves files with - From the menue choose actions->all tasks->save configuration on disk - Restart IIS. Please Note: - I had to retranslate the names of menue items form Microsoft's German. So the + I had to retranslate the names of menu items form Microsoft's German. So the exact naming in English might be different. Index: davfs2-1.2.1/README =================================================================== --- davfs2-1.2.1.orig/README +++ davfs2-1.2.1/README @@ -46,15 +46,15 @@ and client certificates. davfs2 is not intended as a replacement for distributed file systems like nfs, coda, cifs and similar. -When davfs2 mounts a resource it authenticates with the server using the -username and passward it got from the mounting user. All requests to the -server are done on behalve of this WebDAV user. davfs2 does not handle different +When davfs2 mounts a resource, it authenticates with the server using the +username and password it got from the mounting user. All requests to the +server are done on behalf of this WebDAV user. davfs2 does not handle different WebDAV users within one mount. But this would be required for a distributed file system. dafs2 is not a generic WebDAV client. davfs2 maps a WebDAV resource to a file system. But as the file system interface and the WebDAV protocol are quite -different, this is not possible without losses. As a file system davfs2 can not +different, this is not possible without losses. As a file system davfs2 cannot use all the possibilities of WebDAV, and most WebDAV servers do not provide all the information a file system usually requires. @@ -76,7 +76,7 @@ the administrator must have control over also be an entry in /etc/fstab. This can only be done by root. - To mount a WebDAV resource users must be member of dav_group (default is - group 'davfs2'). The administrator may use groupmembership to allow or + group 'davfs2'). The administrator may use group membership to allow or disallow mounting of WebDAV resources. mount.davfs starts with effective user-id 'root' to be able to mount. After @@ -93,9 +93,9 @@ When a normal user mounts a davfs2 file is not yet a user configuration file and a secrets file. So you will be asked for the credentials. mount.davfs will create a hidden directory .davfs2 in the users home directory, that holds configuration files, the cache and -certificates. You will want to edit this files afterwords. +certificates. You will want to edit this files afterwards. -If you update from an older version, this files allready exist and davfs2 +If you update from an older version, these files already exist and davfs2 will not touch them. To allow mount.davfs installation of newer versions, you might rename davfs2.conf and secrets and merge your changes into the new versions. @@ -109,7 +109,7 @@ davfs2 needs a network connection to mou automatic mounting at boot time and unmounting at shut down may not work reliably. By default davfs2 mounts with option '_netdev' to inform the operating system about this and allow correct handling. Whether this really -works depends on the details of the startup and shut down process and will +works depends on the details of the startup and shutdown process and will be different on different systems. So please test before you rely on this. @@ -147,12 +147,12 @@ There are two reasons for chaching: - Many applications, especially those with graphical user interfaces, think of file system calls as cheap and quick, which is not true when using a slow - conection to the internet. Some graphical interfaces for file handling even + connection to the internet. Some graphical interfaces for file handling even open every file in every directory they list, forcing davfs2 to download them from the server. -To avoid excessive network traffic davfs2 now saves all downloaded files in a -cache directory and will hold this files, even when the file system is +To avoid excessive network traffic, davfs2 now saves all downloaded files in a +cache directory and will hold the files, even when the file system is unmounted. When the same file system is mounted again, it will reuse this cached files. @@ -165,12 +165,12 @@ been closed. So whenever a file is newly until it is closed and then wait another short period (configurable, default is 10 seconds) before it will upload the changed version to server. This saves a lot of uneccessary traffic, but the strategy still has to be enhanced. If -there are many files to be uploaded (e.g.after copiing a directory) mount.davfs -may block quite some time, as it has to upload all the files. +there are many files to be uploaded (e.g. after copying a directory) +mount.davfs may block quite some time, as it has to upload all the files. -6 TROUBLE SHOOTING -================== +6 TROUBLESHOOTING +================= In case davfs2 does not behave as you expect, there is some very useful free software, to search for the reason: @@ -185,10 +185,10 @@ software, to search for the reason: - Wireshark (former Ethereal) will log and analyze the traffic between davfs2 and the server. (http://www.wireshark.org/) -- If you have access to the servers log files, they contain valuable +- If you have access to the server's log files, they contain valuable information. -- Finally davfs2 may be configured with option '--enable-debug', to write a +- Finally, davfs2 may be configured with option '--enable-debug', to write a lot of messages into the log files. But this is the most laborious way. When sending a bug report, please include @@ -196,7 +196,7 @@ When sending a bug report, please includ - the exact version of davfs2 and the source where you got it from. - a complete description of the bug and the actions that lead to the buggy - behaviour (please not: I usually do not know th acronyms of your favorite + behaviour (please not: I usually do not know the acronyms of your favorite applications, operating system and server. In many cases I never used them). The exact commands you issued on the command line and the messages you got from davfs2 are necessary to understand what's going on. @@ -207,11 +207,11 @@ When sending a bug report, please includ 7 KNOWN ISSUES ============== -- davfs2 can not calculate the free disk space on the server. But some +- davfs2 cannot calculate the free disk space on the server. But some applications (e.g. nautilus) insist on this. So davfs can't help but lie. - Some servers require the use of special headers or cookies. mount.davfs - currently can not handle this. But this may as well be considered a + currently cannot handle this. But this may as well be considered a server bug (RFC 2518 does not require any of this). Index: davfs2-1.2.1/README.translators =================================================================== --- davfs2-1.2.1.orig/README.translators +++ davfs2-1.2.1/README.translators @@ -5,7 +5,7 @@ davfs2 uses the GNU gettext utilities to Information about GNU gettext may be foud at http://www.gnu.org/software/gettext/manual/ -For the man pages (and propably other documentation in future) it makes use +For the man pages (and propably other documentation in future), it makes use of the po4a tools in order to keep translations of documentation maintainable. po4a (http://po4a.alioth.debian.org/) applies the gettext tools to arbitrary documentation. @@ -13,7 +13,7 @@ documentation. Messages -------- -Alle messages that need translation are in the file po/davfs2.pot. The +All messages that need translation are in the file po/davfs2.pot. The translated messages will be in po/ll.po, where ll is the two-letter country code. If you start a translation into a language not yet supported, you may just @@ -22,17 +22,17 @@ take a copy of po/davfs2.pot for your ll Man Pages --------- -The .pot-files of the man pages are in the man/ subdirectory together with +The .pot files of the man pages are in the man/ subdirectory together with a configuration file for po4a to automatically build all the translated man -pages from the .po-files. +pages from the .po files. There is a subdirectory for each language, named after the country code, that -holds the .po-files and the addendum files. As usual the initial .po-file can -be a copy of the .pot-file. +holds the .po files and the addendum files. As usual the initial .po file can +be a copy of the .pot file. Replacement Text in Man Pages ----------------------------- -davfs2 uses all upercase strings enclosed in @-characters for strings that may +davfs2 uses all uppercase strings enclosed in @-characters for strings that may change with every version or at compile time (like @PACKAGE_STRING@ or @SYS_CACHE_DIR@). They will be replaced at compile time by the correct value. Please use them in your translation unaltered. To allow correct integration @@ -55,23 +55,23 @@ into the translated text, here are the m Additional Text --------------- -You at least want to add a paragraph about the translators into the localized -man page. But may be you feel the need for some more additions that are +At least you want to add a paragraph about the translators into the localized +man page. But maybe you feel the need for some more additions that are not present in the english man page. -Unfortunately this additions can not be inserted directly into the .po-file, -as the document structure must not differ from the original. So this -additions have to go in seperate files, called addendum. +Unfortunately, these additions cannot be inserted directly into the .po file, +as the document structure must not differ from the original. So these +additions have to go into seperate files, called addendum. You can use the template man/template.translator to add a paragraph about the translators. If you need more than this, you have to create additional addendum files. Please see the po4a documentation for the syntax of the PO4A-HEADER to mark the position where to add the text. -Please use the same character encoding as in the .po-file. +Please use the same character encoding as in the .po file. Character Encoding ------------------ -At the moment man, or at least one of its helper programs, seems not capable -of handling UTF-8 encoding. Luckily gettext can convert the encoding when the -translated man page is created. So you may use UTF-8 in the .po-file or any -other encoding. But please tell me, what character encoding should be used -when the man page is build. +At the moment, the "man" tool, or at least one of its helper programs, do not +seem capable of handling UTF-8 encoding. Luckily, gettext can convert the +encoding when the translated man page is created. So you may use UTF-8 in the +.po file or any other encoding. But please tell me which character encoding +should be used when the man page is built. Index: davfs2-1.2.1/etc/secrets =================================================================== --- davfs2-1.2.1.orig/etc/secrets +++ davfs2-1.2.1/etc/secrets @@ -2,30 +2,30 @@ # version 3 # ------------------------------- -# This file must be read and writable by the owner only (mode 600). +# This file must be readable and writable by the owner only (mode 0600). -# This file contains username and password for the proxy and the -# WebDAV-resources and decryption passwords for client certificates. +# This file contains username and password for the proxy, the +# WebDAV resources and decryption passwords for client certificates. # Comments are indicated by a '#' character and the rest of the line # is ignored. Empty line are ignored too. # Each line consists of two or three items separated by spaces or tabs. # If an item contains one of the characters space, tab, #, \ or ", this -# character must be escaped by a preceding \. Alternatively the item +# character must be escaped by a preceding \. Alternatively, the item # may be enclosed in double quotes. # After escape characters and quotation are removed, names of proxy, # WebDAV server and client certificate files must exactly match the -# ones given in davfs2.conf, fstab or environment variable. +# ones given in davfs2.conf, fstab or environment variables. # Proxy Line # ---------- # A proxy line consists of the fully qualified domain name of the proxy, -# the username and the passord. The proxy name must not contain a scheme -# or path segment, but a portnumber may be added, seperated by a colon. -# The passord my be omitted. +# the username and the password. The proxy name must not contain a scheme +# or path segment, but a port number may be added, seperated by a colon. +# The password my be omitted. # Examples # foo.bar otto "my secret" @@ -37,7 +37,7 @@ # A credential line consists of the server url, the username and the # password. The url must contain scheme, fully qualified domain name # and path. If the path segment is missing, / is assumed. -# The passord my be omitted. +# The password may be omitted. # Examples # https://foo.bar/ otto g3H\"x\ 7z\\ @@ -48,7 +48,7 @@ # Password for Client Certificate # ------------------------------- -# It must contain the name of the certifcate file and the encryption passord. +# It must contain the name of the certifcate file and the encryption password. # Examples # otto_private.crt "this is extraordinary secret" |
From: Jan E. <je...@co...> - 2007-06-24 17:55:36
|
On Jun 24 2007 18:27, Werner Baumann wrote: > Jan Engelhardt wrote: >> The username option is actually all that is needed, because the >> password code, by means of getpass(), already trims \n. > > Does that mean getpass() does not block, but gets the password from > mount/pam_mount? It works, yes, 1077 if (args->askauth && args->username != NULL && args->password == NULL) { (gdb) 1078 printf(_("Please enter the password to authenticate user %s with " (gdb) 1080 args->password = getpass(_("Password: ")); (gdb) 1081 if (args->password != NULL && strlen(args->password) == 0) { (gdb) p args->password $2 = 0x8067390 "SECRET" `ps afx`: 3286 tty1 Ss+ 0:00 /bin/login -- 3303 ? Ss 0:00 \_ /bin/mount -t davfs https://dev.computergmbh.de// 3304 ? T 0:03 \_ /sbin/mount.davfs https://dev.computergmbh.de `l /proc/3304/fd`: total 0 dr-x------ 2 root root 0 Jun 24 19:26 . dr-xr-xr-x 6 root root 0 Jun 24 19:26 .. lr-x------ 1 root root 64 Jun 24 19:26 0 -> pipe:[209505] lrwx------ 1 root root 64 Jun 24 19:26 1 -> /dev/tty1 l-wx------ 1 root root 64 Jun 24 19:26 2 -> pipe:[209506] and glibc/misc/getpass.c: in = fopen ("/dev/tty", "w+c"); if (in == NULL) { in = stdin; out = stderr; } So what goes: pam_mount pipes to mount, the mount process just forks again to mount.davfs, which inherites pam_mount's file descriptor (pipe:[209505]), triggering the non-tty read in glibc. (Which seems a fragile behavior, and replacing getpass() seems an idea.) I have come across a different point however, davfs now stops for issuer: myself subject: myself identity: devbox.locallan fingerprint: 58:17:3c:b2:fd:77:bf:aa:2b:42:28:b3:f7:c4:d4:23:c1:9a:6f:90 You only should accept this certificate, if you can verify the fingerprint! The server might be faked or there might be a man-in-the-middle-attack. Accept certificate for this session? [y,N] It is to be noted that opening /dev/tty might work, but also may not succeed at all, since PAM is also used in X. For this case, I'd suggest adding an option to: - go ahead when the certificate chain is fully trusted (default) - go ahead even when the certificate is self-signed > In this case there would be no need to change this soon. As pam_mount > does not send the username over stdin, the missing newline will not be a > problem for username. So this changes may be delayed. That is correct. > So the only point would be: > Are your users willing to put the username in the davfs2 secrets file, as > expected by davfs2? > Please show me the scenario where this is really a problem. It should be > realistic and it should not be a WebDAV-servers that replaces NFS. > > As mentioned, there is a reason, why there is no '-o username='. Why > should I change the userinterface of davfs2, including the > documentation, only because somebody is too lazy to edit three lines in > /etc/davfs2/secrets? Even if they possibly wanted, it can be quite tedious for the administrator. I've been to systems with 2000 users and more. The users themselves cannot edit any davfs secrets file, since /etc belongs to root, and /home/$USER is not possibly mounted yet. > P.S.: Typical use cases for davfs2 are described in README. To use a WebDAV > resource all that is needed: > - root makes an entry in fstab > - the user edits her personal secrets file > - some broken servers may need editing of davfs2.conf > > The resource can be mounted either by some clicking in Gnome/Nautilus/KDE/..., > or by just typing 'mount <mountpint>. Yeah. There's always some un-typical users :) Jan -- |
From: Werner B. <wer...@on...> - 2007-06-24 16:27:26
|
Jan Engelhardt wrote: > The username option is actually all that is needed, because the > password code, by means of getpass(), already trims \n. Does that mean getpass() does not block, but gets the password from mount/pam_mount? In this case there would be no need to change this soon. As pam_mount does not send the username over stdin, the missing newline will not be a problem for username. So this changes may be delayed. So the only point would be: Are your users willing to put the username in the davfs2 secrets file, as expected by davfs2? Please show me the scenario where this is really a problem. It should be realistic and it should not be a WebDAV-servers that replaces NFS. As mentioned, there is a reason, why there is no '-o username='. Why should I change the userinterface of davfs2, including the documentation, only because somebody is too lazy to edit three lines in /etc/davfs2/secrets? Cheers Werner P.S.: Typical use cases for davfs2 are described in README. To use a WebDAV resource all that is needed: - root makes an entry in fstab - the user edits her personal secrets file - some broken servers may need editing of davfs2.conf The resource can be mounted either by some clicking in Gnome/Nautilus/KDE/..., or by just typing 'mount <mountpint>. |
From: Jan E. <je...@co...> - 2007-06-24 15:51:18
|
Hi, On Jun 24 2007 16:39, Werner Baumann wrote: > > Concerning the username option: The commandline option -o is > restricted to what is needed by mount and fstab (with the one > exception of an alternative configuration file). Everything else > (and it is a lot) goes in davfs2.conf and secrets. I can't see a > reason to change this. Just complaining "I want to put the username > into the pam_mount configuration file and not into the davfs2 > secrets file", does not look like an argument. I am not complaining; I apologize if it sounded like. I am rather focused on getting stuff to work rather than whether or not a newline is always to be expected. Anyway, I just wanted to make davfs work with pam_mount by recurring user demand. The username option is actually all that is needed, because the password code, by means of getpass(), already trims \n. > "I want to put the username into the pam_mount configuration file and > not into the davfs2 secrets file", does not look like an argument. In most cases, there is no username in the pam_mount config file. Thanks, Jan -- |
From: Werner B. <wer...@on...> - 2007-06-24 14:40:28
|
AS I told, I will change this: - check username input from stdin for missing newline and treat it appropriately - replace getpass by code that reads from stdin (not the real tty) and also checks for newline - maybe: allow root to configure an different secrets-file that will belong to the owner of the file system (so root can mount on behalve of a user without knowing the password, that is only known to gmx). Concerning the username option: The commandline option -o is restricted to what is needed by mount and fstab (with the one exception of an alternative configuration file). Everything else (and it is a lot) goes in davfs2.conf and secrets. I can't see a reason to change this. Just complaining "I want to put the username into the pam_mount configuration file and not into the davfs2 secrets file", does not look like an argument. Cheers Werner |
From: Jan E. <je...@co...> - 2007-06-24 12:02:09
|
Here's the patch... - For regular use: properly strips off \n - For pam_mount: adds -o username=XYZ, required so that - davfs2 does not ask for the username (since we only pass the password) (cifs also has -o username, in case the server username is different) --- src/mount_davfs.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) Index: davfs2-1.2.1/src/mount_davfs.c =================================================================== --- davfs2-1.2.1.orig/src/mount_davfs.c +++ davfs2-1.2.1/src/mount_davfs.c @@ -1007,6 +1007,16 @@ static void parse_config(dav_args *args) DBG_ARGS; } +static inline char *HX_chomp(char *s) +{ + char *p = s + strlen(s) - 1; + while(p >= s) { + if(*p != '\n' && *p != '\r') + break; + *p-- = '\0'; + } + return s; +} /* Reads the secrets file and asks the user interactivly for credentials if necessary. The user secrets file is parsed after the system wide secrets @@ -1023,17 +1033,19 @@ static void parse_secrets(dav_args *args char *s = NULL; size_t n = 0; - ssize_t len = 0; + ssize_t len = 0, len2; if (args->askauth && args->useproxy && args->p_user == NULL) { printf(_("Please enter the username to authenticate with proxy\n" "%s or hit enter for none.\nUsername: "), args->p_host); len = getline(&s, &n, stdin); - if (len < 1) + if (len < 0) abort(); - if (len > 1) { - args->p_user = ne_strndup(s, len - 1); - memset(s, '\0', len - 1); + HX_chomp(s); + len2 = strlen(s); + if (len2 > 1) { + args->p_user = ne_strdup(s); + memset(s, '\0', len); } free(s); s = NULL; @@ -1054,11 +1066,13 @@ static void parse_secrets(dav_args *args printf(_("Please enter the username to authenticate with server\n" "%s or hit enter for none.\nUsername: "), url); len = getline(&s, &n, stdin); - if (len < 1) + if (len < 0) abort(); + HX_chomp(s); + len2 = strlen(s); if (len > 1) { - args->username = ne_strndup(s, len - 1); - memset(s, '\0', len - 1); + args->username = ne_strndup(s, len); + memset(s, '\0', len); } free(s); } @@ -1364,6 +1378,7 @@ static void get_options(dav_args *args, AUTO, NOAUTO, DEFAULTS, + USERNAME, END }; char *suboptions[] = { @@ -1394,6 +1409,7 @@ static void get_options(dav_args *args, [AUTO] = "auto", [NOAUTO] = "noauto", [DEFAULTS] = "defaults", + [USERNAME] = "username", [END] = NULL }; @@ -1413,6 +1429,10 @@ static void get_options(dav_args *args, if (args->conf != NULL) free(args->conf); args->conf = ne_strdup(argument); + case USERNAME: + args->p_user = ne_strdup(argument); + args->username = ne_strdup(argument); + break; case UID: pwd = getpwnam(argument); if (pwd == NULL) { |
From: Jan E. <je...@co...> - 2007-06-24 10:40:40
|
On Jun 24 2007 11:51, Werner Baumann wrote: > Jan Engelhardt wrote: >> Users wanting to use pam_mount with davfs2 know that their regular >> PAM password will be used for any mounting. Hence, they have their >> webdav one set accordingly. > > I would not give away the login password to the administrator of some WebDAV > server I don't even know. So what kind of WebDAV server are you talking about? > Let me guess: some administrator installs a WebDAV server in the LAN as > replacement for NFS or CIFS? What do I knew why users need davfs. Perhaps something like https://ourwebserver.company.com/. > But note: davfs2 is not intended as a network file system like NFS or CIFS and > is not suitable for this. A WebDAV server is not a file server. But people take it like one. https://mediacenter.gmx.de/ is supposed to do DAV. > The WebDAV protocol does not match the file system interface. > davfs2 *tries* to map a WebDAV-resource into a file system. But > there is no 1:1-mapping, some tweaking and faking is necessary and > there will always be some shortcomings. Thats why it seems very > impropable to me, that one reasonable has the same password for > login and for WebDAV-access. No news here, VFAT has similar limitations. >> Users cannot edit the files in /etc/davfs2. > > Users can't edit the pam_mount configuration files either (I hope > so!). The administrator has to set up this for the user, including > credentials. So you want root to mount a WebDAV-resource on behalf > of the user, but you don't like to tell root the WebDAV > credentials. You prefer to tell your login password to the WebDAV > administrator instead. I would prefer it the other way round. That's not my decision, users want it that way. They like SSO and single passwords. (All hard to remember!) And I'd rather much prefer having the same pw on the login box as the DAV server, so as to not keep _additional_ secret phrases _on the filesystem_. > I am not sure, whether it is really o.k. to treat a missing newline > *always* as lazy programming and *not* as an input *error*. But I > am sure: all applications that read from stdin are able to treat > with a trailing newline, because this is what they usally get. They have to treat both cases, because they _cannot_ know. That said, some even have to cope with additional cases like \r\n$ (Windows), in which case ne_strdup(... - 1) is wrong again. Jan -- |
From: Werner B. <wer...@on...> - 2007-06-24 09:51:45
|
Jan Engelhardt wrote: > Users wanting to use pam_mount with davfs2 know that their regular > PAM password will be used for any mounting. Hence, they have their > webdav one set accordingly. I would not give away the login password to the administrator of some WebDAV server I don't even know. So what kind of WebDAV server are you talking about? Let me guess: some administrator installs a WebDAV server in the LAN as replacement for NFS or CIFS? But note: davfs2 is not intended as a network file system like NFS or CIFS and is not suitable for this. A WebDAV server is not a file server. The WebDAV protocol does not match the file system interface. davfs2 *tries* to map a WebDAV-resource into a file system. But there is no 1:1-mapping, some tweaking and faking is necessary and there will always be some shortcomings. Thats why it seems very impropable to me, that one reasonable has the same password for login and for WebDAV-access. > Users cannot edit the files in /etc/davfs2. Users can't edit the pam_mount configuration files either (I hope so!). The administrator has to set up this for the user, including credentials. So you want root to mount a WebDAV-resource on behalf of the user, but you don't like to tell root the WebDAV credentials. You prefer to tell your login password to the WebDAV administrator instead. I would prefer it the other way round. A possible solution might be: davfs2 allows root to configure a different secrets file in /etc/davfs2/davfs2.conf. This may be different for every mount-point and the secrets file can be under control of the owning user. Currently this is not possible, but it would be an easy change. I will have to think about any security related implications of this. > Right... I am referring to > samba-3.0.25a/source/client/mount.cifs.c:get_password_from_file(). > Apparently, it allows for an \n to be present, but it is known to > also accept input that is just the bare password without any \n. > > util-linux-2.12r+git20070530/mount/lomount.c:xgetpass() does the same > (accepting either \n or no \n). The 'protocol' is described in > mount(8), though it does not say anything special about newline in > single-key mode. O.k. 'established protocol' means 'some others do it also'. I agree that davfs2 should check any input for errors or non-standard behaviour. But, as you are redirecting standard input, you might as well delimit your input with a newline character, instead of trusting on davfs2 to check for this. I am not sure, whether it is really o.k. to treat a missing newline *always* as lazy programming and *not* as an input *error*. But I am sure: all applications that read from stdin are able to treat with a trailing newline, because this is what they usally get. > Don't worry too much about that. lomount also uses getpass :-/ As I understand (I did not test it), getpass() will block, if it finds a real terminal but there is no input from this terminal. lomount only uses getpass when it is sure that the input will come from a terminal. So I think I should change this. Cheers Werner |
From: Jan E. <je...@co...> - 2007-06-23 21:47:48
|
On Jun 23 2007 23:06, Werner Baumann wrote: > > I am still missing arguments why not to use the standard way to > pass credentials to davfs2: the secrets file. Please tell me. After > all: there will rarely be cases where the login password is the > same as the webdav password. Users wanting to use pam_mount with davfs2 know that their regular PAM password will be used for any mounting. Hence, they have their webdav one set accordingly. > So editing the secrets file is not an extra effort. Users cannot edit the files in /etc/davfs2. >> Do not ever assume a line is always terminated >> with \n, because _it is not_. pam_mount sends the password without an >> \n. After all, /bin/mount reads _only_ a password, and nothing more, so >> that's established protocol. > > I will change this. But I would be interested in some documentation > about this 'established protocol'. (pam_mount is just an > application, not a protocol). What was the need to introduce lines > that are not terminated by a new line? Right... I am referring to samba-3.0.25a/source/client/mount.cifs.c:get_password_from_file(). Apparently, it allows for an \n to be present, but it is known to also accept input that is just the bare password without any \n. util-linux-2.12r+git20070530/mount/lomount.c:xgetpass() does the same (accepting either \n or no \n). The 'protocol' is described in mount(8), though it does not say anything special about newline in single-key mode. davfs however, always strips a character. > getpass(): There seems to be some confusion in the documentation > (man page : The GNU C Library Reference Manual). But I agree that > trying to get the real tty is problematic. So I will return to the > handmade code that reads from stdin. Don't worry too much about that. lomount also uses getpass :-/ Jan -- |
From: Werner B. <wer...@on...> - 2007-06-23 21:07:07
|
I am still missing arguments why not to use the standard way to pass credentials to davfs2: the secrets file. Please tell me. After all: there will rarely be cases where the login password is the same as the webdav password. So editing the secrets file is not an extra effort. > Do not ever assume a line is always terminated > with \n, because _it is not_. pam_mount sends the password without an > \n. After all, /bin/mount reads _only_ a password, and nothing more, so > that's established protocol. I will change this. But I would be interested in some documentation about this 'established protocol'. (pam_mount is just an application, not a protocol). What was the need to introduce lines that are not terminated by a new line? getpass(): There seems to be some confusion in the documentation (man page : The GNU C Library Reference Manual). But I agree that trying to get the real tty is problematic. So I will return to the handmade code that reads from stdin. Cheers Werner |
From: Jan E. <je...@co...> - 2007-06-23 15:54:27
|
(This mail is duplicated separately to the pam-mount-user and dav-linuxfs (no Cc) because not everyone is cross-subscribed. Mostly davfs anyway, and just an info for pam_mount.) Hello everyone, today I took a look at davfs2 and why it does not work with pam_mount. Let's note that pam_mount passes the password to /bin/mount over (/bin/mount's) stdin descriptor. mount then passes it on to /sbin/mount.davfs2. The problem lies in mount.davfs2, which asks for a username first. There does not seem to be a way to pass the username as an argument, which would be the required thing. Want a hint? Look at mount.cifs. (-o user) (On top, cifs supports -o password as a last resort to passing-in via stdin.) Then there is the issue that users experienced truncation of input. Yes, the following line in davfs2 is the culprit: args->p_user = ne_strndup(s, len - 1); args->username = ne_strndup(s, len - 1); and perhaps other ones. Do not ever assume a line is always terminated with \n, because _it is not_. pam_mount sends the password without an \n. After all, /bin/mount reads _only_ a password, and nothing more, so that's established protocol. As for the matter, try something like HX_chomp() [1]. What also catched my eye is that davfs2 uses getpass(). The manpage for that says it is obsolete. The manpage also says this opens /dev/tty for asking for a password, which does not quite fly with PAM either. Thanks, Jan [1] https://dev.computergmbh.de/svn/libHX/trunk/src/string.c -- |
From: Kevin M. <k.m...@si...> - 2007-05-22 13:09:20
|
Has anyone ever got it right to use davfs, running through fuse, to work in automount, or amd? here is my config files: [/usr/local/etc/secrets] http://192.168.200.40/repos samba "*******" [/usr/local/etc/davfs2] dav_user root # system wide config file only dav_group root # system wide config file only kernel_fs fuse buf_size 16 # KiByte ask_auth 0 use_locks 0 [rpm -q autofs] autofs-5.0.1-0.rc2.43.0.2 [uname -r] 2.6.18-8.1.3.el5 [auto.master:] /misc /etc/auto.misc /net -hosts /home/automount autodav.auto --ghost --timeout=120 --debug [autodav.auto:] web.site.com -fstype=autofs http://192.168.200.40/repos [nsswitch.conf:] passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus [/etc/sysconfig.autofs:] DEFAULT_TIMEOUT=300 DEFAULT_BROWSE_MODE="no" [output from debug (when fstype=auto):] May 14 15:55:44 devaccess automount[3575]: master_do_mount: mounting /home/automount May 14 15:55:44 devaccess automount[3575]: lookup_nss_read_map: reading map files autodav.auto May 14 15:55:51 devaccess automount[3575]: handle_packet: type = 3 May 14 15:55:51 devaccess automount[3575]: handle_packet_missing_indirect: token 4, name web.site.com, request pid 3586 May 14 15:55:51 devaccess automount[3575]: lookup_mount: lookup(file): looking up web.site.com May 14 15:55:51 devaccess automount[3575]: lookup_mount: lookup(file): web.site.com -> -fstype=autofs http://192.168.200.40/repos May 14 15:55:51 devaccess automount[3575]: parse_mount: parse(sun): expanded entry: -fstype=autofs http://192.168.200.40/repos May 14 15:55:51 devaccess automount[3575]: parse_mount: parse(sun): gathered options: fstype=autofs May 14 15:55:51 devaccess automount[3575]: parse_mount: parse(sun): dequote(" http://192.168.200.40/repos") -> http://192.168.200.40/repos May 14 15:55:51 devaccess automount[3575]: parse_mount: parse(sun): core of entry: options=fstype=autofs, loc= http://192.168.200.40/repos May 14 15:55:51 devaccess automount[3575]: sun_mount: parse(sun): mounting root /home/automount, mountpoint web.site.com , what http://192.168.200.40/repos, fstype autofs, options May 14 15:55:51 devaccess automount[3575]: do_mount: http://192.168.200.40/repos /home/automount/web.site.com type autofs options using module autofs May 14 15:55:51 devaccess automount[3575]: mount_mount: mount(autofs): fullpath=/home/automount/web.site.com what= http://192.168.200.40/repos options= May 14 15:55:51 devaccess automount[3575]: lookup_nss_read_map: reading map http //192.168.200.40/repos May 14 15:55:51 devaccess automount[3575]: open_lookup: cannot open lookup module http (/usr/lib/autofs/lookup_http.so: cannot open shared object file: No such file or directory) May 14 15:55:51 devaccess automount[3575]: do_read_map: lookup module http failed May 14 15:55:51 devaccess automount[3575]: mount_autofs_indirect: failed to read map for /home/automount/web.site.com May 14 15:55:51 devaccess automount[3575]: handle_mounts: mount of /home/automount/web.site.com failed! May 14 15:55:51 devaccess automount[3575]: mount_mount: mount(autofs): failed to create submount for /home/automount/web.site.com [output from debug (when fstype=davfs):] May 14 15:59:01 devaccess automount[3619]: handle_packet: type = 3 May 14 15:59:01 devaccess automount[3619]: handle_packet_missing_indirect: token 5, name web.site.com, request pid 3630 May 14 15:59:01 devaccess automount[3619]: lookup_mount: lookup(file): looking up web.site.com May 14 15:59:01 devaccess automount[3619]: lookup_mount: lookup(file): web.site.com -> -fstype=davfs http://192.168.200.40/repos May 14 15:59:01 devaccess automount[3619]: parse_mount: parse(sun): expanded entry: -fstype=davfs http://192.168.200.40/repos May 14 15:59:01 devaccess automount[3619]: parse_mount: parse(sun): gathered options: fstype=davfs May 14 15:59:01 devaccess automount[3619]: parse_mount: parse(sun): dequote("http://192.168.200.40/repos") -> http://192.168.200.40/repos May 14 15:59:01 devaccess automount[3619]: parse_mount: parse(sun): core of entry: options=fstype=davfs, loc=http://192.168.200.40/repos May 14 15:59:01 devaccess automount[3619]: sun_mount: parse(sun): mounting root /home/automount, mountpoint web.site.com, what http://192.168.200.40/repos, fstype davfs, options May 14 15:59:01 devaccess automount[3619]: open_mount: (mount):cannot open mount module davfs (/usr/lib/autofs/mount_davfs.so: cannot open shared object file: No such file or directory) May 14 15:59:01 devaccess automount[3619]: do_mount: http://192.168.200.40/repos /home/automount/web.site.com type davfs options using module generic May 14 15:59:01 devaccess automount[3619]: mount_mount: mount(generic): calling mkdir_path /home/automount/web.site.com May 14 15:59:01 devaccess automount[3619]: mount_mount: mount(generic): calling mount -t davfs http://192.168.200.40/repos /home/automount/web.site.com May 14 15:59:40 devaccess automount[3619]: st_expire: state 1 path /home/automount May 14 15:59:40 devaccess automount[3619]: expire_proc: exp_proc = 3077438352 path /home/automount May 14 15:59:40 devaccess automount[3619]: expire_proc_indirect: expire /home/automount/web.site.com May 14 15:59:41 devaccess automount[3619]: expire_proc_indirect: 1 remaining in /home/automount May 14 15:59:41 devaccess automount[3619]: expire_cleanup: got thid 3077438352 path /home/automount stat 2 May 14 15:59:41 devaccess automount[3619]: expire_cleanup: sigchld: exp 3077438352 finished, switching from 2 to 1 May 14 15:59:41 devaccess automount[3619]: st_ready: st_ready(): state = 2 path /home/automount May 14 16:00:11 devaccess automount[3619]: st_expire: state 1 path /home/automount May 14 16:00:11 devaccess automount[3619]: expire_proc: exp_proc = 3077438352 path /home/automount May 14 16:00:11 devaccess automount[3619]: expire_proc_indirect: expire /home/automount/web.site.com May 14 16:00:13 devaccess automount[3619]: expire_proc_indirect: 1 remaining in /home/automount May 14 16:00:13 devaccess automount[3619]: expire_cleanup: got thid 3077438352 path /home/automount stat 2 May 14 16:00:13 devaccess automount[3619]: expire_cleanup: sigchld: exp 3077438352 finished, switching from 2 to 1 May 14 16:00:13 devaccess automount[3619]: st_ready: st_ready(): state = 2 path /home/automount May 14 16:00:43 devaccess automount[3619]: st_expire: state 1 path /home/automount May 14 16:00:43 devaccess automount[3619]: expire_proc: exp_proc = 3077438352 path /home/automount May 14 16:00:43 devaccess automount[3619]: expire_proc_indirect: expire /home/automount/web.site.com May 14 16:00:44 devaccess automount[3619]: expire_proc_indirect: 1 remaining in /home/automount May 14 16:00:44 devaccess automount[3619]: expire_cleanup: got thid 3077438352 path /home/automount stat 2 May 14 16:00:44 devaccess automount[3619]: expire_cleanup: sigchld: exp 3077438352 finished, switching from 2 to 1 May 14 16:00:44 devaccess automount[3619]: st_ready: st_ready(): state = 2 path /home/automount The davfs mount works perfect on its own, and the umount, but when I try create a automount, it starts the mount then hangs when a ls is done on the automount directory. yet when ctrl-c is pressed out of the ls, it returns, and the following ls on the directory then shows the files correctly. I am battling to isolate the problem, if it is a automount problem, or a davfs problem. I have a suspicion that it may have something to do with the fork of the daemon process. But I am not sure on how to go about to verify it. -Kevinm |
From: Werner B. <wer...@on...> - 2007-04-03 10:34:09
|
Hello Greg, file_mode and dir_mode are only defaults, that are used when no other information is available. Possible other information that will override these values: - the executable porperty set on the server - cached information from prior mounts - on file creation: mode demanded by the creating program, usually calculated from the user's umask - the noexec mount option. But there is also a minor bug in davfs2: if a server does not provide the executable property, davfs2 will not set the x-bit. But it should take the value from file_mode instead. This will be corrected in the next release. I think setting the x-bit in file_mode is rarely of any use, as it only makes sense with files that are executable, but most files are not. When a new file is created, the executable bit is usally not set, not because of davfs2, but because the creating process tells davfs2 what mode bits to set. Note: File systems, like ext2, that store the full set of unix permissions, have no options like file_mode and dir_mode. These options are only to fill the gap when the file system is not able to provide the information. Cheers Werner |
From: Greg K. <kuc...@po...> - 2007-04-02 19:46:44
|
I have a quick question to clarify exactly how executable bits and the file_mode option work. I couldn't clearly discern from the manpage whether or not the executable bit can be set on files via mount options. Under the file_mode option it says that "no x-bits are set" but I'm not sure if that is the default behavior or if in general no execute bits are set even if they are set in the octal value passed to the file_mode option. Example (mounting as root): mount -t davfs -o file_mode=0555,dir_mode=0555 %repos_location %mount_location Directories are mounted 555 and files are mounted 444 (no execute) I would appreciate any light anyone can shed on this for me. |
From: Simon C. <si...@si...> - 2007-03-21 15:27:41
|
The following patch adds rudimentary support for SSL client certificates. It's rudimentary because it doesn't store the PKCS12 certificate password in the secrets file, but expects it either on the command line or prompts for it. But it's hopefully enough to give you the idea of how to do it, and just needs to be tidied up slightly. Simon diff -ruN davfs2-1.1.4/src/mount_davfs.c davfs2-1.1.4-client-certs/src/mount_davfs.c --- davfs2-1.1.4/src/mount_davfs.c 2006-12-26 11:34:36.000000000 +0000 +++ davfs2-1.1.4-client-certs/src/mount_davfs.c 2007-03-21 14:53:58.000000000 +0000 @@ -187,6 +187,7 @@ args->read_timeout, args->locks, args->lock_timeout, args->username, args->password, args->useproxy, args->p_host, args->p_port, args->p_user, args->p_passwd, + args->client_cert, args->client_pass, args->lock_owner, args->displayname, args->expect100); DBG0("Initialize Cache."); @@ -846,6 +847,15 @@ args->secrets = f; } + if (args->client_cert != NULL && *args->client_cert == '~') { + int p = 1; + if (*(args->client_cert + p) == '/') + p++; + char *f = ne_concat(pw->pw_dir, "/", args->client_cert + p, NULL); + free(args->client_cert); + args->client_cert = f; + } + if (args->p_host == NULL) args->useproxy = 0; @@ -882,6 +892,8 @@ ask_auth(&args->p_user, &args->p_passwd, "proxy", args->p_host); if (args->askauth && (args->username == NULL || args->password == NULL)) ask_auth(&args->username, &args->password, "server", url); + if (args->client_cert && ! args->client_pass) + ask_auth(&args->client_cert, &args->client_pass, "certificate file", args->client_cert); DBG_SECRETS; } @@ -1099,6 +1111,10 @@ free(args->backup_dir); if (args->lock_owner != NULL) free(args->lock_owner); + if (args->client_cert != NULL) + free(args->client_cert); + if (args->lock_owner != NULL) + free(args->client_pass); free(args); } @@ -1160,6 +1176,8 @@ NOASKAUTH, LOCKS, NOLOCKS, + CLIENT_CERT, + CLIENT_PASS, USER, NOUSER, RW, @@ -1188,6 +1206,8 @@ [NOASKAUTH] = "noaskauth", [LOCKS] = "locks", [NOLOCKS] = "nolocks", + [CLIENT_CERT] = "client_cert", + [CLIENT_PASS] = "client_pass", [USER] = "user", [NOUSER] = "nouser", [RW] = "rw", @@ -1220,6 +1240,15 @@ if (args->conf != NULL) free(args->conf); args->conf = ne_strdup(argument); + break; + case CLIENT_CERT: + free(args->client_cert); + args->client_cert = ne_strdup(argument); + break; + case CLIENT_PASS: + free(args->client_pass); + args->client_pass = ne_strdup(argument); + break; case UID: pwd = getpwnam(argument); if (pwd == NULL) { @@ -1382,6 +1411,8 @@ args->lock_timeout = DAV_LOCK_TIMEOUT; args->lock_refresh = DAV_LOCK_REFRESH; args->lock_owner = NULL; + args->client_cert = NULL; + args->client_pass = NULL; return args; } @@ -1622,6 +1653,14 @@ args->retry = arg_to_int(parmv[1], 10, parmv[0]); } else if (strcmp(parmv[0], "max_retry") == 0) { args->max_retry = arg_to_int(parmv[1], 10, parmv[0]); + } else if (strcmp(parmv[0], "client_cert") == 0) { + if (args->client_cert != NULL) + free(args->client_cert); + args->client_cert = ne_strdup(parmv[1]); + } else if (strcmp(parmv[0], "client_pass") == 0) { + if (args->client_pass != NULL) + free(args->client_pass); + args->client_cert = ne_strdup(parmv[1]); } else if (strcmp(parmv[0], "lock_timeout") == 0) { args->lock_timeout = arg_to_int(parmv[1], 10, parmv[0]); } else if (strcmp(parmv[0], "lock_refresh") == 0) { @@ -1775,6 +1814,8 @@ printf(" comma separated list of options.\n"); printf(" Recognised options:\n"); printf(" conf= : absolute path of user configuration file\n"); + printf(" client_cert= : absolute path of SSL client certificate file\n"); + printf(" client_pass= : PKCS12 password (this is a hack)\n"); printf(" uid= : owner of the filesystem (username or numeric id)\n"); printf(" gid= : group of the filesystem (group name or numeric id)\n"); printf(" file_mode= : default file mode (ocatal)\n"); diff -ruN davfs2-1.1.4/src/mount_davfs.h davfs2-1.1.4-client-certs/src/mount_davfs.h --- davfs2-1.1.4/src/mount_davfs.h 2006-12-26 11:34:36.000000000 +0000 +++ davfs2-1.1.4-client-certs/src/mount_davfs.h 2007-03-21 14:26:41.000000000 +0000 @@ -54,6 +54,8 @@ int port; /* Command line */ char *path; /* Command line */ char *secrets; /* User config file */ + char *client_cert; /* SSL client certificates file */ + char *client_pass; /* PKCS12 file password */ char *username; /* User secrets file, system secrets file */ char *password; /* User secrets file, system secrets file */ char *p_host; /* User config file, sys conf f., environment */ diff -ruN davfs2-1.1.4/src/webdav.c davfs2-1.1.4-client-certs/src/webdav.c --- davfs2-1.1.4/src/webdav.c 2006-12-26 11:34:36.000000000 +0000 +++ davfs2-1.1.4-client-certs/src/webdav.c 2007-03-21 14:49:40.000000000 +0000 @@ -71,6 +71,10 @@ int fd; /* file descriptor of the open cache file. */ } get_context; +typedef struct { + const char *file; /* Filename and password for client cert */ + const char *password; /* PKCS12 file */ +} client_cert_context; /* Private constants */ /*===================*/ @@ -180,6 +184,9 @@ static int ssl_verify(void *userdata, int failures, const ne_ssl_certificate *cert); +static void client_ssl_callback(void *userdata, ne_session *sess, + const ne_ssl_dname *const *dnames, + int dncount); /* Public functions */ /*==================*/ @@ -189,7 +196,9 @@ time_t l_timeout, const char *user, const char *passwd, int useproxy, const char *p_host, int p_port, const char *p_user, const char *p_passwd, + const char *client_cert, const char *client_passwd, const char *lock_owner, int displayname, int expect100) { + client_cert_context client_context; if (ne_sock_init() != 0) error(EXIT_FAILURE, 0, "Socket library initalization failed"); @@ -230,6 +239,11 @@ #endif error(EXIT_FAILURE, 0, "Neon library does not support TLS/SSL."); ne_ssl_set_verify(session, ssl_verify, NULL); + if (client_cert) { + client_context.password = client_passwd; + client_context.file = client_cert; + ne_ssl_provide_clicert(session, client_ssl_callback, &client_context); + } ne_ssl_trust_default_ca(session); } @@ -1481,3 +1495,18 @@ free(digest); return ret; } + +static void +client_ssl_callback(void *userdata, ne_session *sess, + const ne_ssl_dname *const *dnames, + int dncount) +{ + client_cert_context *ctx = userdata; + ne_ssl_client_cert *clicert = ne_ssl_clicert_read(ctx->file); + if (!clicert) + error(EXIT_FAILURE, 0, "Couldn't read certificate file %s", ctx->file); + if (ne_ssl_clicert_encrypted(clicert) && + ne_ssl_clicert_decrypt(clicert, ctx->password) != 0) + error(EXIT_FAILURE, 0, "Couldn't decrypt certificate file %s (bad/no password?)", ctx->file); + ne_ssl_set_clicert(sess, clicert); +} diff -ruN davfs2-1.1.4/src/webdav.h davfs2-1.1.4-client-certs/src/webdav.h --- davfs2-1.1.4/src/webdav.h 2006-12-26 11:34:36.000000000 +0000 +++ davfs2-1.1.4-client-certs/src/webdav.h 2007-03-21 14:42:49.000000000 +0000 @@ -62,6 +62,7 @@ time_t l_timeout, const char *user, const char *passwd, int useproxy, const char *p_host, int p_port, const char *p_user, const char *p_passwd, + const char *client_cert, const char *client_passwd, const char *lock_owner, int displayname, int expect100); |
From: Tim O. <tol...@gm...> - 2006-12-18 18:33:07
|
Hi, Apologies for the cross posting. I hope that I have not sent this job posting to any mailing list where it is not appropriate. Feel free to forward this message to any webdav-related announce mailing lists if deemed suitable. Lime Wire is looking for a Senior Developer to work with us on two advanced WebDAV servers that we plan to open source. One server is a fork of the Catacomb project and is being written as an Apache C module. The other server is being written in Ruby on Rails and is more of a prototype. Both servers are backed by a database (currently MySQL) with resource bodies being stored on the file system. Our servers are written from the ground up to support the BIND draft (with support for bind cycles). Other RFCs / drafts that we plan to support are: Basic WebDAV (RFC 2518) (plus locking) ACL (RFC 3744) Quota & Size (RFC 4331) DeltaV (RFC 3253) SEARCH Redirect (RFC 4437) CalDAV Mount (RFC 4709) We have basic webdav, acl, quota, and some basic DeltaV features working already in our Apache C implementation. We are currently finishing off the basic webdav features in our Rails implementation. Why haven't we open-sourced these servers yet? We have not yet firmly decided which open-source licenses to use for the servers. In addition, we need to devote time and resources to setup the open-source projects so that we can properly foster a community around them. Part of this position will involve fostering this community. Our main office is in New York City. This position requires relocating to the New York metropolitan area if you don't already live there. We currently have two developers working on the project here in Manhattan and eight developers working remotely in Gurgaon, India (Gurgaon is just outside Delhi). They regularly visit New York for months at a time. Part of this position will involve communication with our remote developers (and of course, the eventual open-source community). This position will likely include periodic travel to Gurgaon (probably about once or twice a year for two or three weeks at a time). If you're interested, please email web...@li... with a resume and cover letter. Please include in the cover letter how you found out about this job posting. The following is the more-official-but-less-webdav-centric job posting: Lime Wire LLC, maker of the famous file-sharing program, seeks an exceptional Senior Developer. The right candidate will be a high-energy individual, open to new ideas, self-motivated, a quick study, and willing to develop new skills, while constantly improving upon existing abilities. Candidates must also be a strong multi-tasker with exceptional time-management skills. We seek talented, smart candidates who will work well in a team environment. QUALIFICATIONS Required * MS in Computer Science or equivalent (PhD is a plus), but will consider exceptionally strong candidates with only a BS * 5+ years industry experience * Excellent software design and communication skills * Experience with at least one object-oriented programming language * Knowledge of database fundamentals Nice to Have * Experience writing apache modules * Ruby / Ruby on Rails * MySQL or PostgreSQL * HTTP/WebDAV protocols * Semantic Web Extra Credit * Experience with several programming paradigms (functional, object-oriented, logical, etc.) * Experience with object-oriented languages other than C++ or Java. For example: Smalltalk, CLOS * SQL * J2EE * Experience working on open-source projects More about us ------------- Lime Wire's offices are located in Tribeca in downtown Manhattan. We offer competitive salaries and excellent benefits, including 5 weeks of vacation per year. Our workplace is casual and while we work hard, there is always a little more time for a game of poker or a summer party on our garden roof deck. Thanks, Tim Olsen Lead Software Developer Lime Wire LLC |
From: Sebastian R. <seb...@l0...> - 2006-10-10 10:39:15
|
Hi, as I have the webdav now working, I tried to access a mounted folder. that folder contains about 1500 vcards. I configured kaddressbook to use that directory to be used as a addressbook resource. loading that directory, takes about five minutes, within these five minutes, the kaddressbook, korganizer and kmail are unresponsive, therefore unusable. When I see the logs from the server, I see, that for every vcard an own request is done. I don't know much about webdav internals, nor coda, or whether this is a fault of kaddressbook or the webdav server. so my question is, is it generally possible to do a bulk fetch of the directory contents, so after receiving the directory entries, requesting all at a time? kind regards Sebastian |
From: Werner B. <wer...@on...> - 2006-10-05 21:34:55
|
Hello Janakai, sorry for the late answer, but I am much engaged to debug the latest release davfs2 1.1.1 Howto: ------ This Howto is really out of date (it was out of date when I startet to engage in davfs2). Please only use the documentation that is included in the package. There is a README file, and after installation there is also a manpage, but it is for 'mount.davfs' (man mount.davfs). There is no more davfs module in the kernel. There is only the mount.davfs program that communicates with the coda (or fuse) file system in the kernel and the webdav-server. version 0.2.8 and coda: ----------------------- If the coda module really is running when you try to launch mount.davfs, this message indicates, that another module uses the coda device, but mount.davfs could not detect this. Do you run the real coda file system (with venus) in parallel? In this case you might try without the coda file system running. version 1.0.2 ------------- Allthough this version is called beta (it needs some more testing by real users), it has a lot of advantages over 0.2.8; and I consider it just as stabel as 0.2.8. As you can read and write, it is really curious that you can not delete files. Some questions: - what are the access permissions of the directory that contains the file to delete? - owner und group of this directory, who is the user that tries to delete them? This user must have write and execute permissions for this directory? - access permissions, owner and group of the file. Has the user that wants to delete it, write permission on that file? -What is the exact error message you get when you try to delete the file? - Are there any restrictions set on the server? If everthing seems to be ok up to here, we are in trouble. In this case it would be useful if you could access the server logs, to see what requests davfs2 send to the server, and what was the answer. Tracing the HTTP traffic, using Ethereal or tcpdump, would even be better. Directories etc.: ----------------- If you install the package the standard way (./configure, make, su, make install), the documentation should be in /usr/local/share/davfs2 (this is a mistake, it really should be in /usr/local/share/doc/davfs2). It is much preferable to add an entry into /etc/fstab and use the standard mount program, instead of calling mount.davfs directly. Please see the examples in the man page. Remark: I just released version 1.1.1; at the moment we do some debugging and I would not suggest to use this package. But the version in the CVS repository seems fairly stable. And can use the fuse kernel file system, if there are troubles with coda. Nevertheless: I think it is easiest to stick with davfs2-1.0.2 and try to solve the delete problem. Waiting for answer to the above questions Greetings Werner |
From: Janaki T. M. <jma...@uc...> - 2006-10-04 19:38:47
|
Hi, I am trying to set up a davfs client (linux Fedora Core 5 kernel 2.6.17-1.2157_FC5smp) to connect to a server (already set up in my university), and I can't get it to work. Any suggestions would be very helpful. I need to get this running to start on a class project! I used the latest stable version, davfs2-0.2.8 and followed the instructions in section 4.1 and 4.2 of the HOWTO. Now if I try to connect, following the instructions in section 5.1 su /sbin/mount.davfs http://dav.myserver.edu/uploads/ /mnt/dav I get a username and password prompt, but then it says /sbin/mount.davfs: Could not open /dev/davfs0: Kernel does not support coda,or the coda-module is not loaded. But I know the coda-module is loaded: I checked with lsmod, and I can connect to testserver.coda.cs.cmu.edu Incidentally, I didn't find any davfs kernel module in /lib/modules/2.6.17-1.2157_FC5smp/kernel/fs/ as section 4.3 says. I looked in /dav/davfs2-0.2.8 (which is my $DAVFS directory) in order to follow the instructions in section 4.3 but I didn't find a davfs directory here. Nor can I find a davfsd in /usr/local/sbin (or anywhere else) as persection 5.2. Also, strangely, on another computer I installed davfs-1.0.2, which isn't supposed to be stable. This allowed me to connect to the dav server, and I could read and write files there, but not delete them. I guess this confirms that coda is really working. Thanks, Janaki |
From: Janaki T. M. <jma...@uc...> - 2006-10-04 14:57:15
|
Hi, I am trying to set up a davfs client (linux Fedora Core 5 kernel 2.6.17-1.2157_FC5smp) to connect to a server (already set up in my university), and I can't get it to work. Any suggestions would be very helpful. I need to get this running to start on a class project! I used the latest stable version, davfs2-0.2.8 and followed the instructions in section 4.1 and 4.2 of the HOWTO. Now if I try to connect, following the instructions in section 5.1 su /sbin/mount.davfs http://dav.myserver.edu/uploads/ /mnt/dav I get a username and password prompt, but then it says /sbin/mount.davfs: Could not open /dev/davfs0: Kernel does not support coda,or the coda-module is not loaded. But I know the coda-module is loaded: I checked with lsmod, and I can connect to testserver.coda.cs.cmu.edu Incidentally, I didn't find any davfs kernel module in /lib/modules/2.6.17-1.2157_FC5smp/kernel/fs/ as section 4.3 says. I looked in /dav/davfs2-0.2.8 (which is my $DAVFS directory) in order to follow the instructions in section 4.3 but I didn't find a davfs directory here. Nor can I find a davfsd in /usr/local/sbin (or anywhere else) as persection 5.2. Also, strangely, on another computer I installed davfs-1.0.2, which isn't supposed to be stable. This allowed me to connect to the dav server, and I could read and write files there, but not delete them. I guess this confirms that coda is really working. Thanks, Janaki |
From: Sebastian R. <itl...@ra...> - 2006-10-04 08:22:38
|
Hi Werner, thanks for davfs2-1.1.1. to automatically mount a webdav drive I would like to use pam_mount. pam_mount sends the users password via stdin to the mount command. unfortunately there migtht be two (possibly different) passwords and usernames needed for mounting the webdrive. I think add the mount options proxyuser, acceptinvalidcert, and to allow passwords read from stdin would make the davfs2 a lot more compatible with pam_mount as I feel it is right now? I also asked the question on how to mount davfs2 drive via pam_mount on the pam_mount list. I need to see, what they really need to make it work. kind regards Sebastian |
From: Werner B. <wer...@on...> - 2006-09-11 19:33:01
|
Hello Xavier, there is another detail I forgott about. In order davfs2 can find your neon library in /usr/local/lib you need an symbolic link in /usr/lib (there should be a better way, but I don't know of it). Please create (as root) in /usr/lib a symbolic link: ln -s /usr/local/lib/libneon.so.24.0.7 libneon.so.24 Of course "/usr/local/lib/libneon.so.24.0.7" might be slightly different for the library you compiled. You may check with ldd mount.davfs whether all libraries for davfs2 are found. Greetings Werner |
From: Werner B. <wer...@on...> - 2006-09-10 20:29:13
|
Hello Xavier, sorry for this. I forgott to include the necessary neon header for cookies. Please add line #include <ne_cookies.h> at the beginning of webdav.c (best between #include <ne_basic.h> and #include <ne_dates.h>, so it will be properly in alphabetical order ;-) ). Greetings Werner |
From: Xavier R. <xav...@bl...> - 2006-09-10 19:55:27
|
Hello again. Neon compiled and installed fine. But I get errors when compiling davfs2. ./configure works well : > Using configuration for building davfs2 1.0.2: >=20 > Install prefix: /usr/local > Compiler: gcc > neon library: library in /usr/local (0.24.7) >=20 > Now run 'make' to compile davfs2 But make aborts with this error : > src/webdav.c:120: erreur: syntax error before =AB*=BB token > src/webdav.c:120: attention : type defaults to =ABint=BB in declaration= of =ABloretta=BBsrc/webdav.c:120: attention : la d=E9finition de donn=E9= es n'a pas de type ni de classe de stockage > src/webdav.c: Dans la fonction =ABdav_init_webdav=BB : > src/webdav.c:252: attention : implicit declaration of function =ABne_co= okie_register=BB > make: *** [src/webdav.o] Erreur 1 It seems linked to the parts of code I added to webdav.c. I copied=20 exactly the code you gave me, and I think put it at the correct lines=85 For ethereal, I'll look at it soon. Thanks, Xavier |