|Newbie questions about Pliant
How to use webdav on Pliant with access control
|Message posted by michel on 2006/11/03 19:51:21
|I use Webdav on my server http://pliant.gassendi.fr powered by Linux and Pliant.
My webdav client is Windows XP Explorer with net connection feature.
I use it with "everybody" right. All run perfectly.
My dav/virtual_tree.page is :
file_browser "file:/sauvegarde/dav"+virtual_path options true ""
When I try to introduce access control else by "allowed"... or by site configuration
I have no result : either all is permited or I can't transfer login nor password.
Can you help me ?
|Message posted by maybe Hubert Tonneau on 2006/11/04 00:31:32
|Could you post your version with more specific rights that does not work.
|Message posted by pom on 2006/11/07 18:28:14
|After having looked to the HTTP trace, it seems that the pb comes from the following exchange:
connection 06FZE9S restart at 2006/11/07 17:08:59 from 188.8.131.52
query OPTIONS / HTTP/1.1
option translate: f
option User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600
option Host: webdav.gassendi.asso.fr
option Content-Length: 0
option Connection: Keep-Alive
user 0 : browse_source browse_file browse_type browse_status everybody browse_patch browse_file
site is webdav.gassendi.asso.fr
answer HTTP/1.1 401 Unauthorized
answer Server: Pliant/96
answer Expires: 0
answer Content-Length: 184
answer Content-Type: text/html
answer WWW-Authenticate: Basic realm="webdav.gassendi.asso.fr"
--------> the OPTIONS request should probably result in a "not implemented" answer,
but not in a "Unauthorized" one.
|Message posted by hubert.tonneau on 2006/11/07 23:40:18
|It reminds me a Windows bug:
you can't mount under Windows a Webdav volume if you don't have access right
to the root of the volume.
I mean, if you try to mount
and you don't have access right to
then some Windows will bug as far as I remember it.
|Message posted by maybe pom on 2006/11/08 00:06:12
|I don't think this is the problem here, as even the administrator cannot mount the dav.
The answer to the OPTIONS request is bad:
"The purpose of OPTIONS is to allow a 'client to determine the
options and/or requirements associated with a resource, or
the capabilities of a server, without implying a resource
action or initiating a resource retrieval.' "
Hence an OPTIONS request should never cause an "Unauthorized" answer.
|Message posted by hubert.tonneau on 2006/11/08 01:08:56
|Reading 'parse_then_answer' method in /pliant/protocol/http/server.pli
I see that the default behaviour if we receive an unexpected instruction
such as 'OPTIONS' request is to answer '501 not implemented'
Might be that your site definition does not provide anonymous access to '/',
so Pliant is asking for authentification.
The fact that we should handle 'OPTIONS' as a special instruction that
would not be submitted to access rights check seems odd to me.
|Message posted by pom on 2006/11/08 14:22:53
|The answer is not in a special handling of OPTIONS but in the addition of an
argument to file_browser. Instead of write, file_browser should have two boolean
arguments, read and write, about the rights of reading and writing.
By the way, the move should need both but, in the actual version, I don't see even
the need for 'write' permission when one asks for a move.