Bug 586248 – Correctly handle usernames provided in the uri on mount

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 586248 - (dav_mount_uri) Correctly handle usernames provided in the uri on mount

(dav_mount_uri)
Summary:	Correctly handle usernames provided in the uri on mount


Status:	RESOLVED FIXED

Product:	gvfs
Classification:	Core
Component:	webdav backend
Version:	1.2.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gvfs-maint
QA Contact:	gvfs-maint

URL:
Whiteboard:

Duplicates:	602122 (view as bug list)
Depends on:
Blocks:

Reported:	2009-06-18 11:10 UTC by Jon Dowland
Modified:	2011-05-08 10:23 UTC

See Also:
GNOME target:	---
GNOME version:	2.25/2.26

Description Jon Dowland 2009-06-18 11:10:07 UTC

Please describe the problem:
I cannot access a WebDAV share via nautilus nor gvfs-mount. The share previously worked in GNOME before the upgrade to GIO/GVFS. I wish I could provide more information but I can't easily debug the traffic (secure) and I have no documentation on how to use the command-line tool or convince it to generate more output.

Steps to reproduce:
1. gvfs-mount 'davs://user@host/path/' (for my specific details)



Actual results:
$ gvfs-mount 'davs://njd33@webfolders.ncl.ac.uk/dept/iss/unix/'
Enter password for webfolders.ncl.ac.uk
Password: 
Error mounting location: HTTP Error: Unauthorized


Expected results:
correct mounting

Does this happen every time?
yes

Other information:
I can access the URL via a webbrowser and authenticate fine. The server is a windows-based front end onto a windows fileserver running Windows Server (R) 2008 Enterprise 6001 Service Pack 1] Server=[Windows Server (R) 2008 Enterprise 6.0. I don't know much more about the software on the front-end but can find out if that would be of use.

Comment 1 Michael Strecke 2009-07-25 22:43:19 UTC

I can confirm this bug in Ubuntu 9.04, i.e. Gnome 2.26.1 - which is a regression from previous (Ubuntu) releases.

I first noticed that bug in the "Connect to server" menu option, trying to use a webdav service of a large German email provider.

The problem seems to be the "username" (@) part of the URI.

Try gvfs-mount WITHOUT the the "@" part. The system will query you for username AND password, instead of the password alone.

Similarly, if I use "Connect to server" and omit the username, I will be prompted for username AND password, and all works well.

And also, entering the URI into the address bar in a Nautilus window only works if I don't use the username.

I checked the traffic with wireshark. If you try to connect without @:

1) Gnome sends "OPTIONS" query to webdav server WITHOUT credentials.
2) Server responds with 401 (Not authorized) and an authorisation realm
3) Gnome sends another "OPTIONS" query, this time with credentials.
4) Server responds with 20o OK - and all is well....

If you provide a username in the URI:

1) Gnome sends "OPTIONS" query to webdav server still WITHOUT credentials.
2) Server responds with 401 (Not authorized) and an authorisation realm
3) Gnome queries you for a password
4) NO second "OPTIONS" query!
5) "Not authorized" pop-up 

I hope that this will help to locate the bug.

Comment 2 Jon Dowland 2009-10-05 08:54:18 UTC

With 1.2.3 (debian package version 1.2.3-3), I get a different failure mode for the URL including '@':

$ gvfs-mount 'davs://njd33@webfolders.ncl.ac.uk/dept/iss/unix/'
Error mounting location: HTTP Error: Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )

Removing the 'user@' prefix as suggested 'works':

09:49:55$ gvfs-mount 'davs://webfolders.ncl.ac.uk/dept/iss/unix/'
09:50:07$ gvfs-mount -l
Drive(0): CD-RW/DVD±RW Drive
  Type: GProxyDrive (GProxyVolumeMonitorHal)
Mount(0): WebDAV on webfolders.ncl.ac.uk -> davs://webfolders.ncl.ac.uk/
  Type: GDaemonMount

Note that the path information is lost. If I browse to the share location via Nautilus, I can then hit CTRL+L and append the path info to the location string (davs://webfolders.ncl.ac.uk/) to get to the folders I want. The file/folder permissions are set such that I can't enumerate the contents of the root, so there is also a UI issue here.

Comment 3 Jon Dowland 2009-11-04 15:34:00 UTC

With 1.4.0 (debian version -2), this has once again stopped working:

$ gvfs-mount 'davs://webfolders.ncl.ac.uk/dept/iss/unix/'
Error mounting location: volume doesn't implement mount

Comment 4 brunogirin 2010-01-20 16:54:47 UTC

Is this the same as bug #602122 and if yes does the patch there resolve it?

Comment 5 brunogirin 2010-01-20 16:55:44 UTC

See related bug in Ubuntu Launchpad: https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/502925

Comment 6 Christian Kellner 2011-05-07 17:52:09 UTC

*** Bug 602122 has been marked as a duplicate of this bug. ***

Comment 7 Christian Kellner 2011-05-08 10:23:11 UTC

Author: Christian Kellner <gicmo@gnome.org>
Date:   Sun May 8 12:17:38 2011 +0200

    dav: correctly handle usernames supplied in the url
    
    When comparing URIs in dav_uri_match() do not take username or
    password into account because on a redirect the server is likely to not
    include the username in the url supplied in the Location header.
    Therefore redirection will fail and thus mounting.
    Should fix bug 586248. Patch based on a version from Henrik Holst.

Committed on master (a2a2fe7) and gnome-3-0 (06f3952).