Bug Hunting Session
Bug 83531 - Opening URL fails if it's WebDav and write access is restricted
Summary: Opening URL fails if it's WebDav and write access is restricted
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
4.2.6.2 release
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard: target:5.1.0
Keywords: bibisectRequest, regression
Depends on: 82744
Blocks:
  Show dependency treegraph
 
Reported: 2014-09-05 14:51 UTC by Anton Backer
Modified: 2016-10-25 19:21 UTC (History)
6 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Backer 2014-09-05 14:51:14 UTC
After running `soffice http://some/webdav/path`, this was the apache access log from our webdav server:

  "PROPFIND http://some/webdav/path HTTP/1.1" 207 1043 "-" "LibreOffice"
  "HEAD http://some/webdav/path HTTP/1.1" 200 299 "-" "LibreOffice"
  "GET http://some/webdav/path HTTP/1.1" 200 1504043 "-" "LibreOffice"
  "LOCK http://some/webdav/path HTTP/1.1" 401 709 "-" "LibreOffice"

I think that LibreOffice is detecting that the server supports WebDav. Issuing a LOCK requires additional permissions, so LibreOffice prompts me for username/password. Since I have no username on this server, I hit "Cancel", and LibreOffice responds with: "General Internet error has occurred."

Issue happens both on the command line, via `soffice <webdav url>` and from the GUI's open-file dialog.

To test this on a public svn repo, try opening http://unladen-swallow.googlecode.com/svn/trunk/LICENSE. wget can fetch it without issue, but LibreOffice shows the following error:

  Error reading data from the Internet.
  Server error message: 405 Method Not Allowed.

This first started happening to me after I upgraded from Ubuntu 12.04 (which came with LibreOffice 3.5) to Ubuntu 14.04 (which came with LibreOffice 4.2.6.3 420m0(Build:3)).
Comment 1 raal 2015-03-18 20:17:30 UTC
I can confirm with Version: 4.5.0.0.alpha0+
Build ID: e3167924fd28c8b854f23139dbf49f53e6282ef7
TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2015-03-17_03:10:47

Error reading data from the Internet.
Server error message: 405 Method Not Allowed

I can open file http://unladen-swallow.googlecode.com/svn/trunk/LICENSE  with LO 3.5, regression
Comment 2 Giuseppe Castagno (aka beppec56) 2015-08-10 08:53:04 UTC
This appears as a follow-up of tdf#82744.
Comment 3 Giuseppe Castagno (aka beppec56) 2015-08-10 08:54:20 UTC
I'll look at this as soon as the fix for tdf#82744 is pushed.
Comment 4 Giuseppe Castagno (aka beppec56) 2015-08-15 12:50:34 UTC
(In reply to Anton Backer from comment #0)
> After running `soffice http://some/webdav/path`, this was the apache access
> log from our webdav server:
> 
>   "PROPFIND http://some/webdav/path HTTP/1.1" 207 1043 "-" "LibreOffice"
>   "HEAD http://some/webdav/path HTTP/1.1" 200 299 "-" "LibreOffice"
>   "GET http://some/webdav/path HTTP/1.1" 200 1504043 "-" "LibreOffice"
>   "LOCK http://some/webdav/path HTTP/1.1" 401 709 "-" "LibreOffice"
> 

Anton:

When you spare time and if you can, can you post the apache configuration needed to replicate the issue?

Of course stripped to the bare minimum, so I'll try to configure my apache server in the same way for a local test site.

Tnx.
Comment 5 Anton Backer 2015-08-17 15:13:09 UTC
The main criteria are that you allow anonymous reads, but require authentication for writes.

Try something like this:

  <Location /svn>
    Order deny,allow
    Allow from all

    DAV svn
    SVNPath /path/to/repo

    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /path/to/htpasswd/file

    Satisfy any
    Require valid-user
  </Location>

Similar examples can be found in the documentation: http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html
Comment 6 Giuseppe Castagno (aka beppec56) 2015-08-19 07:39:49 UTC
(In reply to Anton Backer from comment #5)
> The main criteria are that you allow anonymous reads, but require
> authentication for writes.

'''

> Similar examples can be found in the documentation:
> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html

this is useful, something I should read.

Thanks for the example.
Comment 7 Giuseppe Castagno (aka beppec56) 2015-08-19 09:44:36 UTC
Prompted by the example configuration in comment #5, I came up with one of my own, this one for general purpose apache2 server, the comments inside should be enough to understand it.

The uncommented LimitExcept section is the one that permits the reproduction of the issue.

# On Kubuntu 14.04, apache2 v 2.4
# configurations to limit access to WEBDAV, some method read/only
# authorization credentials needed to lock/write/put and modify
# operation in general.
# This file to be linked in to /etc/apache2/sites-enabled
# internal and test use only

<VirtualHost *:80>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/webdav/
	<Directory /var/www/webdav/>
		Options Indexes MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

</VirtualHost>

Alias /w_ro-dav_rw /var/www/web_ro-dav_rw

<Location /w_ro-dav_rw>
    DAV on
    AuthType Basic
    AuthName "w_ro-dav_rw: enable read/write"
    AuthUserFile /var/www/webdav/.DAV/passwd.dav

# this enable OPTIONS without need of autenthicate
#    <LimitExcept GET HEAD OPTIONS PROPFIND>
#            Require valid-user
#    </LimitExcept>

# in this  OPTIONS is not used, since it's  optional in RFC 7231, section 4.1
# PROPFIND is still needed if you want to open as a r/o WebDAV
# LO request credentials on opening, if not provided file will be opened read/only
# credentials will be requested when user switched to edit mode
# with this configuration you can open the directory with the LO own file
# picker, but would not be allowed to make new folders
    <LimitExcept GET HEAD PROPFIND>
            Require valid-user
    </LimitExcept>

# this is the bare minimum, only GET and HEAD must always be present
# with this configuration LO will alway open r/o and act as it where a standard web site
# unfortunately will always ask for credentials, since it's auth eneabled
# but without PROFIND you would not be able to open the directory correctly
# the file can only be opened providing the direct URL
#    <LimitExcept GET HEAD>
#            Require valid-user
#    </LimitExcept>

</Location>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Comment 8 Commit Notification 2015-10-05 11:19:54 UTC
Giuseppe Castagno committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=0326352470aee1a774bb5aa314c4f3625c1372b3

tdf#83531 Opening WebDAV URL WebDav fails if write is restricted

It will be available in 5.1.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 9 Giuseppe Castagno (aka beppec56) 2015-10-12 09:20:18 UTC
(In reply to Anton Backer from comment #0)

...

> 
>   "PROPFIND http://some/webdav/path HTTP/1.1" 207 1043 "-" "LibreOffice"
>   "HEAD http://some/webdav/path HTTP/1.1" 200 299 "-" "LibreOffice"
>   "GET http://some/webdav/path HTTP/1.1" 200 1504043 "-" "LibreOffice"
>   "LOCK http://some/webdav/path HTTP/1.1" 401 709 "-" "LibreOffice"
> 
> I think that LibreOffice is detecting that the server supports WebDav.
> Issuing a LOCK requires additional permissions, so LibreOffice prompts me
> for username/password. Since I have no username on this server, I hit
> "Cancel", and LibreOffice responds with: "General Internet error has
> occurred."

Anton:

As soon as you have spare time, can you try a current daily?
Builds contain the correction starting from Oct 6th, they are available for Windows and Linux (couldn't try Mac because I haven't one).

Thanks.
Comment 10 Robinson Tryon (qubit) 2015-12-14 05:35:09 UTC Comment hidden (obsolete)