Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to authorize webdav when password longer than 21 #170

Closed
1 task done
leafee98 opened this issue Nov 7, 2023 · 6 comments
Closed
1 task done

Failed to authorize webdav when password longer than 21 #170

leafee98 opened this issue Nov 7, 2023 · 6 comments

Comments

@leafee98
Copy link

leafee98 commented Nov 7, 2023

  • I have read the above note

What version of Round Sync are you using (About -> App version)?

v2.2.2 from GitHub release

What is your Android version, phone model and manufacturer?

Android 13, Lineage OS 20

Which steps are required to reproduce this issue?

  1. Start a webdav service, I'm using dufs as example, this will serve /tmp/test-webdav and create two users, u21 with 21 ps as password and u22 with 22 ps as password.

    dufs -A --auth u21:ppppppppppppppppppppp@/ --auth u22:pppppppppppppppppppppp@/ --auth-method basic /tmp/test-webdav

  2. Then create two webdav remotes on Round-Sync, u21 and u22.

  3. Just browser those two remotes on Round-Sync, u21 works fine, and u22 error.

    Android/data/de.felixnuesse.extract/files/logs/log.txt show as 401 Unauthorized (time doesn't match because I collected these information with multi attempts):

    2023-11-07 17:03:29 - 2023/11/07 09:03:29 DEBUG : Home directory lookup failed and cannot be used as configuration location: exec: "getent": executable file not found in $PATH
2023/11/07 09:03:29 DEBUG : Failed to find user cache dir, using temporary directory: neither $XDG_CACHE_HOME nor $HOME are defined
2023/11/07 09:03:29 DEBUG : Setting default for local-no-set-modtime="true" from environment variable RCLONE_LOCAL_NO_SET_MODTIME
2023/11/07 09:03:29 DEBUG : rclone: Version "1.63.1-extract" starting with parameters ["/data/app/~~btw2RcwLKilicl_goSkv4w==/de.felixnuesse.extract-Y-agOwWFB8Qq21CDSglKiA==/lib/arm64/librclone.so" "--cache-chunk-path" "/data/user/0/de.felixnuesse.extract/cache" "--cache-db-path" "/data/user/0/de.felixnuesse.extract/cache" "--config" "/data/user/0/de.felixnuesse.extract/files/rclone.conf" "-vvv" "lsjson" "u22:"]
2023/11/07 09:03:29 DEBUG : Creating backend with remote "u22:"
2023/11/07 09:03:29 DEBUG : Using config file from "/data/user/0/de.felixnuesse.extract/files/rclone.conf"
2023/11/07 09:03:29 DEBUG : found headers: 
2023/11/07 09:03:29 ERROR : : error listing: couldn't list files: 401 Unauthorized
2023/11/07 09:03:29 DEBUG : 7 go routines active
2023/11/07 09:03:29 Failed to lsjson with 2 errors: last error was: error in ListJSON: couldn't list files: 401 Unauthorized

Information from tcpdump

For u21:

16:39:31.216814 IP6 ::1.55020 > ::1.5000: Flags [P.], seq 1:206, ack 1, win 512, options [nop,nop,TS val 3342587382 ecr 3342587379], length 205
	0x0000:  600e 0a1b 00ed 0640 0000 0000 0000 0000  `......@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 d6ec 1388 c454 ca71  .............T.q
	0x0030:  35d4 dc08 8018 0200 00f5 0000 0101 080a  5...............
	0x0040:  c73b d5f6 c73b d5f3 5052 4f50 4649 4e44  .;...;..PROPFIND
	0x0050:  202f 2048 5454 502f 312e 310d 0a48 6f73  ./.HTTP/1.1..Hos
	0x0060:  743a 2031 302e 3432 2e30 2e31 3a35 3030  t:.10.42.0.1:500
	0x0070:  300d 0a55 7365 722d 4167 656e 743a 2072  0..User-Agent:.r
	0x0080:  636c 6f6e 652f 312e 3633 2e31 2d65 7874  clone/1.63.1-ext
	0x0090:  7261 6374 0d0a 4175 7468 6f72 697a 6174  ract..Authorizat
	0x00a0:  696f 6e3a 2042 6173 6963 2064 5449 784f  ion:.Basic.dTIxO
	0x00b0:  6e42 7763 4842 7763 4842 7763 4842 7763  nBwcHBwcHBwcHBwc
	0x00c0:  4842 7763 4842 7763 4842 7763 413d 3d0d  HBwcHBwcHBwcA==.
	0x00d0:  0a44 6570 7468 3a20 310d 0a52 6566 6572  .Depth:.1..Refer
	0x00e0:  6572 3a20 6874 7470 3a2f 2f31 302e 3432  er:.http://10.42
	0x00f0:  2e30 2e31 3a35 3030 302f 0d0a 4163 6365  .0.1:5000/..Acce
	0x0100:  7074 2d45 6e63 6f64 696e 673a 2067 7a69  pt-Encoding:.gzi
	0x0110:  700d 0a0d 0a                             p....

For u22:

16:39:33.877022 IP6 ::1.55036 > ::1.5000: Flags [P.], seq 1:178, ack 1, win 512, options [nop,nop,TS val 3342590042 ecr 3342590039], length 177
	0x0000:  6008 d86f 00d1 0640 0000 0000 0000 0000  `..o...@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 d6fc 1388 62dd d0f5  ............b...
	0x0030:  36ab 4ec7 8018 0200 00d9 0000 0101 080a  6.N.............
	0x0040:  c73b e05a c73b e057 5052 4f50 4649 4e44  .;.Z.;.WPROPFIND
	0x0050:  202f 2048 5454 502f 312e 310d 0a48 6f73  ./.HTTP/1.1..Hos
	0x0060:  743a 2031 302e 3432 2e30 2e31 3a35 3030  t:.10.42.0.1:500
	0x0070:  300d 0a55 7365 722d 4167 656e 743a 2072  0..User-Agent:.r
	0x0080:  636c 6f6e 652f 312e 3633 2e31 2d65 7874  clone/1.63.1-ext
	0x0090:  7261 6374 0d0a 4175 7468 6f72 697a 6174  ract..Authorizat
	0x00a0:  696f 6e3a 2042 6173 6963 2064 5449 794f  ion:.Basic.dTIyO
	0x00b0:  673d 3d0d 0a44 6570 7468 3a20 310d 0a52  g==..Depth:.1..R
	0x00c0:  6566 6572 6572 3a20 6874 7470 3a2f 2f31  eferer:.http://1
	0x00d0:  302e 3432 2e30 2e31 3a35 3030 302f 0d0a  0.42.0.1:5000/..
	0x00e0:  4163 6365 7074 2d45 6e63 6f64 696e 673a  Accept-Encoding:
	0x00f0:  2067 7a69 700d 0a0d 0a                   .gzip....

Authorization header for u21 is Basic dTIxOnBwcHBwcHBwcHBwcHBwcHBwcHBwcA==, decode base64 got u21:ppppppppppppppppppppp, while u22 is Basic dTIyOg== and decode got u22:

What is your configuration (rclone.conf)?

[u21]
type = webdav
pass = _mixydpTH9LJmMrvwYI9LGsa3Gj3FTIdoryjuCffMEa9H6r1Bw
user = u21
url = http://10.42.0.1:5000

[u22]
type = webdav
user = u22
url = http://10.42.0.1:5000
rclone_remote_name = u22
pass = pppppppppppppppppppppp

Does the same issue also occur when using the same configuration on a PC or in Termux?

Yes, u22 not work with the same config, tcpdump shows the Authorization header is Basic.dTIyOg==, same as tcpdump output with u22 on Round-Sync.

But if I create a new config, it will work, for u22 the new config created as follow.

[test-webdav]
type = webdav
url = http://10.42.0.1:5000
vendor = other
user = u22
pass = G2OypJwWvElefU5VUAYtrEyjkrdvoC9Ncp5QOgU8iGolxTtXu0g

Rclone version as follow.

rclone v1.64.2
- os/version: arch "rolling" (64 bit)
- os/kernel: 6.5.9-arch2-1 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.21.3
- go/linking: dynamic
- go/tags: none
@newhinton
Copy link
Owner

Oh my, this is a very thorough bug report, thank you!

First, i assume that this is the same bug as #157 and the same as in this discussion: #159. I havent gotten around to figure out why the password wasnt beeing handled correctly, so your report is invaluable.

But i am curious, how did you figure out that 21 character boundary? :D

@leafee98
Copy link
Author

leafee98 commented Nov 7, 2023

lmao, after found it may be related with password, before submitting issue, I try multi times. With dufs as local webdav server, a new attempt is not so hard. ;)

Thanks for your quick response, and feel free to close as duplicated.

@newhinton
Copy link
Owner

I'll keep it open until it is fixed ;)

@newhinton
Copy link
Owner

newhinton commented Nov 7, 2023
edited

@leafee98 Could you do me a favor? Could you check what happens if you use a username that is longer than 21 chars? Especially what the server recieves? I dont have a handy remote available at the moment that would easily allow me to test this.

(In the future, ill likely check out dufs in detail, it looks interesting for such debugging purposes)

@leafee98
Copy link
Author

leafee98 commented Nov 7, 2023

It work fine with 22 u as username and pass as password.

20:07:23.317666 IP6 ::1.39856 > ::1.5000: Flags [P.], seq 1:206, ack 1, win 512, options [nop,nop,TS val 3355059482 ecr 3355059482], length 205
	0x0000:  6004 76e6 00ed 0640 0000 0000 0000 0000  `.v....@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 9bb0 1388 e424 2c9f  .............$,.
	0x0030:  6672 d243 8018 0200 00f5 0000 0101 080a  fr.C............
	0x0040:  c7fa 251a c7fa 251a 5052 4f50 4649 4e44  ..%...%.PROPFIND
	0x0050:  202f 2048 5454 502f 312e 310d 0a48 6f73  ./.HTTP/1.1..Hos
	0x0060:  743a 2031 302e 3432 2e30 2e31 3a35 3030  t:.10.42.0.1:500
	0x0070:  300d 0a55 7365 722d 4167 656e 743a 2072  0..User-Agent:.r
	0x0080:  636c 6f6e 652f 312e 3633 2e31 2d65 7874  clone/1.63.1-ext
	0x0090:  7261 6374 0d0a 4175 7468 6f72 697a 6174  ract..Authorizat
	0x00a0:  696f 6e3a 2042 6173 6963 2064 5856 3164  ion:.Basic.dXV1d
	0x00b0:  5856 3164 5856 3164 5856 3164 5856 3164  XV1dXV1dXV1dXV1d
	0x00c0:  5856 3164 5856 3164 5470 7759 584e 7a0d  XV1dXV1dTpwYXNz.
	0x00d0:  0a44 6570 7468 3a20 310d 0a52 6566 6572  .Depth:.1..Refer
	0x00e0:  6572 3a20 6874 7470 3a2f 2f31 302e 3432  er:.http://10.42
	0x00f0:  2e30 2e31 3a35 3030 302f 0d0a 4163 6365  .0.1:5000/..Acce
	0x0100:  7074 2d45 6e63 6f64 696e 673a 2067 7a69  pt-Encoding:.gzi
	0x0110:  700d 0a0d 0a                             p....

And the response, which is a webdav response without any error.

20:07:23.317959 IP6 ::1.5000 > ::1.39856: Flags [P.], seq 1:830, ack 206, win 512, options [nop,nop,TS val 3355059483 ecr 3355059482], length 829
	0x0000:  600b dba0 035d 0640 0000 0000 0000 0000  `....].@........
	0x0010:  0000 0000 0000 0001 0000 0000 0000 0000  ................
	0x0020:  0000 0000 0000 0001 1388 9bb0 6672 d243  ............fr.C
	0x0030:  e424 2d6c 8018 0200 0365 0000 0101 080a  .$-l.....e......
	0x0040:  c7fa 251b c7fa 251a 4854 5450 2f31 2e31  ..%...%.HTTP/1.1
	0x0050:  2032 3037 204d 756c 7469 2d53 7461 7475  .207.Multi-Statu
	0x0060:  730d 0a63 6f6e 7465 6e74 2d74 7970 653a  s..content-type:
	0x0070:  2061 7070 6c69 6361 7469 6f6e 2f78 6d6c  .application/xml
	0x0080:  3b20 6368 6172 7365 743d 7574 662d 380d  ;.charset=utf-8.
	0x0090:  0a63 6f6e 7465 6e74 2d6c 656e 6774 683a  .content-length:
	0x00a0:  2036 3936 0d0a 6461 7465 3a20 5475 652c  .696..date:.Tue,
	0x00b0:  2030 3720 4e6f 7620 3230 3233 2031 323a  .07.Nov.2023.12:
	0x00c0:  3037 3a32 3320 474d 540d 0a0d 0a3c 3f78  07:23.GMT....<?x
	0x00d0:  6d6c 2076 6572 7369 6f6e 3d22 312e 3022  ml.version="1.0"
	0x00e0:  2065 6e63 6f64 696e 673d 2275 7466 2d38  .encoding="utf-8
	0x00f0:  2220 3f3e 0a3c 443a 6d75 6c74 6973 7461  ".?>.<D:multista
	0x0100:  7475 7320 786d 6c6e 733a 443d 2244 4156  tus.xmlns:D="DAV
	0x0110:  3a22 3e0a 3c44 3a72 6573 706f 6e73 653e  :">.<D:response>
	0x0120:  0a3c 443a 6872 6566 3e2f 3c2f 443a 6872  .<D:href>/</D:hr
	0x0130:  6566 3e0a 3c44 3a70 726f 7073 7461 743e  ef>.<D:propstat>
	0x0140:  0a3c 443a 7072 6f70 3e0a 3c44 3a64 6973  .<D:prop>.<D:dis
	0x0150:  706c 6179 6e61 6d65 3e3c 2f44 3a64 6973  playname></D:dis
	0x0160:  706c 6179 6e61 6d65 3e0a 3c44 3a67 6574  playname>.<D:get
	0x0170:  6c61 7374 6d6f 6469 6669 6564 3e54 7565  lastmodified>Tue
	0x0180:  2c20 3037 204e 6f76 2032 3032 3320 3132  ,.07.Nov.2023.12
	0x0190:  3a30 323a 3239 202b 3030 3030 3c2f 443a  :02:29.+0000</D:
	0x01a0:  6765 746c 6173 746d 6f64 6966 6965 643e  getlastmodified>
	0x01b0:  0a3c 443a 7265 736f 7572 6365 7479 7065  .<D:resourcetype
	0x01c0:  3e3c 443a 636f 6c6c 6563 7469 6f6e 2f3e  ><D:collection/>
	0x01d0:  3c2f 443a 7265 736f 7572 6365 7479 7065  </D:resourcetype
	0x01e0:  3e0a 3c2f 443a 7072 6f70 3e0a 3c44 3a73  >.</D:prop>.<D:s
	0x01f0:  7461 7475 733e 4854 5450 2f31 2e31 2032  tatus>HTTP/1.1.2
	0x0200:  3030 204f 4b3c 2f44 3a73 7461 7475 733e  00.OK</D:status>
	0x0210:  0a3c 2f44 3a70 726f 7073 7461 743e 0a3c  .</D:propstat>.<
	0x0220:  2f44 3a72 6573 706f 6e73 653e 3c44 3a72  /D:response><D:r
	0x0230:  6573 706f 6e73 653e 0a3c 443a 6872 6566  esponse>.<D:href
	0x0240:  3e2f 6865 6c6c 6f77 6f72 6c64 3c2f 443a  >/helloworld</D:
	0x0250:  6872 6566 3e0a 3c44 3a70 726f 7073 7461  href>.<D:propsta
	0x0260:  743e 0a3c 443a 7072 6f70 3e0a 3c44 3a64  t>.<D:prop>.<D:d
	0x0270:  6973 706c 6179 6e61 6d65 3e68 656c 6c6f  isplayname>hello
	0x0280:  776f 726c 643c 2f44 3a64 6973 706c 6179  world</D:display
	0x0290:  6e61 6d65 3e0a 3c44 3a67 6574 636f 6e74  name>.<D:getcont
	0x02a0:  656e 746c 656e 6774 683e 303c 2f44 3a67  entlength>0</D:g
	0x02b0:  6574 636f 6e74 656e 746c 656e 6774 683e  etcontentlength>
	0x02c0:  0a3c 443a 6765 746c 6173 746d 6f64 6966  .<D:getlastmodif
	0x02d0:  6965 643e 5475 652c 2030 3720 4e6f 7620  ied>Tue,.07.Nov.
	0x02e0:  3230 3233 2031 323a 3032 3a32 3920 2b30  2023.12:02:29.+0
	0x02f0:  3030 303c 2f44 3a67 6574 6c61 7374 6d6f  000</D:getlastmo
	0x0300:  6469 6669 6564 3e0a 3c44 3a72 6573 6f75  dified>.<D:resou
	0x0310:  7263 6574 7970 653e 3c2f 443a 7265 736f  rcetype></D:reso
	0x0320:  7572 6365 7479 7065 3e0a 3c2f 443a 7072  urcetype>.</D:pr
	0x0330:  6f70 3e0a 3c44 3a73 7461 7475 733e 4854  op>.<D:status>HT
	0x0340:  5450 2f31 2e31 2032 3030 204f 4b3c 2f44  TP/1.1.200.OK</D
	0x0350:  3a73 7461 7475 733e 0a3c 2f44 3a70 726f  :status>.</D:pro
	0x0360:  7073 7461 743e 0a3c 2f44 3a72 6573 706f  pstat>.</D:respo
	0x0370:  6e73 653e 0a3c 2f44 3a6d 756c 7469 7374  nse>.</D:multist
	0x0380:  6174 7573 3e                             atus>

The rclone.conf exported from Round-Sync (only the 22 u part)

[uuuuuuuuuuuuuuuuuuuuuu]
type = webdav
pass = to731ES7HNOIP9xT76zTLm7-lME
user = uuuuuuuuuuuuuuuuuuuuuu
url = http://10.42.0.1:5000

@leafee98
Copy link
Author

leafee98 commented Nov 7, 2023

It still working even with 65 characters. Just mention me whenever you need, I will do things in my ability at the time I see it. :D

@newhinton newhinton mentioned this issue Nov 30, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@newhinton @leafee98