From: Xavier R. <xav...@bl...> - 2006-09-05 19:17:46
|
Hello all, I'm experiencing trouble connecting to a Novell NetStorage webdav server. I installed the last version (1.0.2) of davfs2 on my Ubuntu 6.06, but still cannot get the connexion. Here is the transcription of a typical session : > xavier@ubuntu:~/davfs2-1.0.2$ sudo mount.davfs http://netstorage.unige.ch/oneNet/NetStorage/ /media/dav > > Please enter the username to authenticate with server > http://netstorage.unige.ch/oneNet/NetStorage/ > or hit enter for none. > Username: robin0 > > Please enter the password to authenticate robin0 with server > http://netstorage.unige.ch/oneNet/NetStorage/ > or hit enter for none. > Password: > mount.davfs: Authentication with server or proxy failed. > Look up the log files for details. Neon version is 0.25.5 (official from Ubuntu) and is located in /usr. So : where can I find the log files ? I also tried the version of davfs2 bundled with Ubuntu (0.2.8) and I get a slightly different output, as it asks me if I agree to connect to a server whose identity cannot be verified. I ask 'yes' and get a '401 Authorization Required' error. I know the server certificate is outdated (KDE webdav also complains for that), but version 1.0.2 doesn't even asks me if I want to connect anyway. I found an "old" discussion about probably the same problem : http://sourceforge.net/mailarchive/message.php?msg_id=12734625 And also, a site has a page about that issue : http://www.smashedstack.net/webdav/ Visibly, it is a problem of cookies, removed from libneon-0.25. I tried to apply their solution unsuccessfully (a pid-lock problem). I'm not a programmer, but I would be really happy if I could help resolving this issue. Greetings, Xavier Robin |
From: Werner B. <wer...@on...> - 2006-09-06 10:02:54
|
Hello Xavier, it looks like Novell is doing some non-standard authentication like HTTP-Authentication combined with cookies. But as long as the connection is not secured, HTTP-authentication is not allowed by the standard. The RFC demands that servers must support Digest Authentication in this case. (Ther is a discussion about the use of cookies in the webdav working group: http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JulSep/0274.html) But I am not really sure, what NetStorage is doing. To get it running soon you might follow the advice in http://www.smashedstack.net/webdav/. It looks quite reasonable to me. If you want to apply this patch to davfs2-1.0.2 you mitght add to file webdav.c: In section /* Private global variables */ /*==========================*/ add: #if NE_VERSION_MINOR == 24 ne_cookie_cache *loretta = NULL; #endif At the end of function dav_init_webdav() add: #if NE_VERSION_MINOR == 24 loretta = ne_calloc(sizeof *loretta); ne_cookie_register(session, loretta); #endif If this works for you, please file a bug report against Novell NetStorage, saying you want it to work with either Digest-Authentication or plain HTTP-Authentication over TLS, according to RFC 2518, 17.1 Authentication of Clients. To investigate what is really going on, you might help with this: - the log messages from davfs2. Logs are in /var/log/. In which file you will find the messages from davfs2 depends on the distribution. You may look for messages, syslog, daemon.log, ?. - you will get a lot of debug messages if you configure davfs2-v1 with --enable-debug=secrets. But be sure to remove your username and password from this messages before sending them to me. - the log entries from the server might be interesting too. - if you start the connection as plain text HTTP ("http://...") recording the traffic with ethereal might be helpful. - As you use "http://..." but there are also complaints about certificates, NetStorages seems to upgrade from plain HTTP to TLS. You might use an "https://..."-url instead, so davfs2 will use TLS from the start. What will happen then? Greetings Werner |
From: Xavier R. <xav...@bl...> - 2006-09-09 19:32:02
|
Werner Baumann a =E9crit : > Hello Xavier, >=20 > it looks like Novell is doing some non-standard authentication like=20 > HTTP-Authentication combined with cookies. But as long as the connectio= n=20 > is not secured, HTTP-authentication is not allowed by the standard. The= =20 > RFC demands that servers must support Digest Authentication in this=20 > case. (Ther is a discussion about the use of cookies in the webdav=20 > working group:=20 > http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JulSep/0274.html) >=20 > But I am not really sure, what NetStorage is doing. Ok, actually it was an error on my part for the http:. But I just tried with KDE and http works as well. > To get it running soon you might follow the advice in=20 > http://www.smashedstack.net/webdav/. It looks quite reasonable to me. > If you want to apply this patch to davfs2-1.0.2 you mitght add to file=20 > webdav.c: > > (...) >=20 > If this works for you, please file a bug report against Novell=20 > NetStorage, saying you want it to work with either Digest-Authenticatio= n=20 > or plain HTTP-Authentication over TLS, according to RFC 2518, 17.1=20 > Authentication of Clients. I modified the file, make clean, ./configure --enable-debug=3Dsecrets,=20 make and make install (actually I use checkinstall for easy=20 uninstalling, but it issues a make install). But I still have the error : > Accept certificate for this session? [y,N] y > mount.davfs: Authentication with server or proxy failed. > Look up the log files for details. Davfs2 1.0.2 asks me for the certificate if I use https. And=20 authentification fails. > - the log messages from davfs2. Logs are in /var/log/. In which file yo= u=20 > will find the messages from davfs2 depends on the distribution. You may= =20 > look for messages, syslog, daemon.log, ?. >=20 > - you will get a lot of debug messages if you configure davfs2-v1 with=20 > --enable-debug=3Dsecrets. But be sure to remove your username and passw= ord=20 > from this messages before sending them to me. The content of syslog is in the attached file. Visibly, everything seems=20 to go right, but neon fails during the authentification. An exact copy=20 of it is in the debug log. It isn't very "verbose" on the exact error. Version of neon is 0.25.5.dfsg-5. I found a package neon-dbg in my package manager. I installed it,=20 reconfigured and built davfs2, but I got no more information. Perhaps I should rebuild completely neon with a debug option to get=20 further informations ? Nothing in user.log and in daemon.log or dmesg. > - the log entries from the server might be interesting too. Unfortunately I can't access to them :-( > - if you start the connection as plain text HTTP ("http://...")=20 > recording the traffic with ethereal might be helpful. I don't know exactly how it works, but I could capture the traffic. I=20 can see a 401 Authorization Required error, but the details and the=20 other packets are very obscure to me. Unfortunately, I don't know exactly how to remove my password from this=20 binary file (I think it is inside...), so I don't dare to send it as is. I'll try to understand it exactly tomorrow. Thanks for your help ! Xavier |
From: Xavier R. <xav...@bl...> - 2006-09-09 19:35:13
Attachments:
syslog
|
Xavier Robin a =E9crit : > The content of syslog is in the attached file. But I forgot to attach it. Sorry for the annoyance. It is here |
From: Werner B. <wer...@on...> - 2006-09-10 07:46:38
|
Hello Xavier, it is definitely a problem with authentication between davfs2 and NetStorage. You made sure, the password you found in the logs is correct. So everything looks just as described in http://www.smashedstack.net/webdav/. But the patch from this site (the one I sent you is essentially the same) does not work with neon 0.25. The neon people have removed cookie support, as they think their code was outdated and they hadn't time to write a new (I assume they do not think it is important, too). So you have to use neon 0.24. To do this: Get the package http://www.webdav.org/neon/neon-0.24.7.tar.gz and unpack. Configure with options --enable-shared and --with-ssl. Please examine the output of configure. It should end like this: Install prefix: /usr/local Compiler: gcc XML Parser: libxml 2.6.16 SSL library: OpenSSL (0.9.7 or later) zlib support: found in -lz Build libraries: Shared=yes, Static=yes "Install prefix: /usr/local" will make sure it does not interfere with the neon package from your distribution. So other applications like konqueror may continue to use the neon lib from the distribution. Do "make" and "make install". Now you can configure the patched version of davfs2 again. Without an options it should use the neon library from /usr/local. Check the output, it should end like this: Install prefix: /usr/local Compiler: gcc neon library: library in /usr/local (0.24.7) After "make" and "make install" it should now work with neon 0.24.7 and the patch should have enabled cookie support. It is best, if you removed the debian/ubuntu-davfs2-package before. Hint to capture the traffic: If you are using ethereal, there is a tool "Analyze/Follow TCP-Stream". It will take all the packets that belong to the same TCP-connection as the highlighted packet, and display the content (e.g. HTTP messages) in a separate window. There you can mark the text with the mouse and paste it into some editor. Please note: This will apply a filter on your packages so ethereal will only show the packages that match this filter. If you want to see the other packets again, you have to remove the filter. Note 2: A conversation between davfs2 and a WebDAV server may consist of more than one TCP stream. 401 Authentication required: It is OK to get this message. But davfs2 should then send another request including some credentials (hopefully not readable) and this should succeed. If you capture the traffic, please look for Cookie headers. Greetings Werner |
From: Xavier R. <xav...@bl...> - 2006-09-10 19:55:27
Attachments:
webdav.c
|
Hello again. Neon compiled and installed fine. But I get errors when compiling davfs2. ./configure works well : > Using configuration for building davfs2 1.0.2: >=20 > Install prefix: /usr/local > Compiler: gcc > neon library: library in /usr/local (0.24.7) >=20 > Now run 'make' to compile davfs2 But make aborts with this error : > src/webdav.c:120: erreur: syntax error before =AB*=BB token > src/webdav.c:120: attention : type defaults to =ABint=BB in declaration= of =ABloretta=BBsrc/webdav.c:120: attention : la d=E9finition de donn=E9= es n'a pas de type ni de classe de stockage > src/webdav.c: Dans la fonction =ABdav_init_webdav=BB : > src/webdav.c:252: attention : implicit declaration of function =ABne_co= okie_register=BB > make: *** [src/webdav.o] Erreur 1 It seems linked to the parts of code I added to webdav.c. I copied=20 exactly the code you gave me, and I think put it at the correct lines=85 For ethereal, I'll look at it soon. Thanks, Xavier |
From: Werner B. <wer...@on...> - 2006-09-10 20:29:13
|
Hello Xavier, sorry for this. I forgott to include the necessary neon header for cookies. Please add line #include <ne_cookies.h> at the beginning of webdav.c (best between #include <ne_basic.h> and #include <ne_dates.h>, so it will be properly in alphabetical order ;-) ). Greetings Werner |
From: Werner B. <wer...@on...> - 2006-09-11 19:33:01
|
Hello Xavier, there is another detail I forgott about. In order davfs2 can find your neon library in /usr/local/lib you need an symbolic link in /usr/lib (there should be a better way, but I don't know of it). Please create (as root) in /usr/lib a symbolic link: ln -s /usr/local/lib/libneon.so.24.0.7 libneon.so.24 Of course "/usr/local/lib/libneon.so.24.0.7" might be slightly different for the library you compiled. You may check with ldd mount.davfs whether all libraries for davfs2 are found. Greetings Werner |