Windows Office files via SMB mount through WebDAV is prompting for authentication #22596

Closed
gig13 opened this Issue Feb 23, 2016 · 24 comments

Projects

None yet

7 participants

@gig13
gig13 commented Feb 23, 2016

Steps to reproduce

  1. Place Windows Office files ( .doc, .docx, ..) on a Windows Share
  2. Setup an ownCloud External Storage - SMB/CIF mount to the Windows Share
  3. Attempt to open the files via a WebDAV mount through the OC mount

Expected behavior

The user should be able to open the Windows Office files just as if they were using a standard Windows mount.

Actual behavior

The user is prompted to authenticate when trying to open the files through WebDAV

Server configuration

Operating system: RHEL

Web server: Apache

Database: MySQL

PHP version: to obtain

ownCloud version: 8.2.1

Updated from an older ownCloud or fresh install: Updated

Are you using external storage, if yes which one: SMB

Are you using encryption: NO

Are you using an external user-backend, if yes which one: AD

Client configuration

Browser: IE

Operating system: Windows

Logs

ownCloud log (data/owncloud.log)

Attached on s3

@MorrisJobke

@gig13 gig13 added the blue-ticket label Feb 23, 2016
@MorrisJobke
Member

It seems that Office tries to get a LOCK:

{"reqId":"VstiPqm3gBbJXhCzxe5B9gAAAAg","remoteAddr":"10.11.250.1","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 501 There was no handler found for this \\\"LOCK\\\" method\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotImplemented\",\"Code\":0,\"Trace\":\"#0 3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 apps\\\/files\\\/appinfo\\\/remote.php(55): Sabre\\\\DAV\\\\Server->exec()\\n#2 remote.php(137): require_once('\\\/misc\\\/osdatapro...')\\n#3 {main}\",\"File\":\"3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php\",\"Line\":472}","level":4,"time":"2016-02-22T19:32:15+00:00","method":"LOCK","url":"\/remote.php\/webdav\/abc\/def.docx"}

@PVince81 @LukasReschke Aren't LOCK requests ignored and just "simulated" in 8.2? Or am I wrong here. The log indicates, that the LOCK verb is not implemented.

@LukasReschke You implemented this for One Note: #21926 for 9.0

@gig13 Could you checkout which office version they use?

@gig13
gig13 commented Feb 23, 2016

@MorrisJobke
They tried it with 2010 and 2013. With 2010 if you click cancel on the prompt it does not open the file. With 2013 if you click cancel it will open the file.

@MorrisJobke
Member

@LukasReschke Any idea what this could be?

@LukasReschke
Member

@MorrisJobke Probably indeed the locking. We would likely need to enable fake locking there as well, do we have user agents?

@LukasReschke
Member

From http://sabre.io/dav/clients/msoffice/

Locks are required for saving, otherless MS Word will open the file as read only.

If a file is locked, Office 2007 and 2010 will ask you if you want to open the file as read only, download and modify it only in your computer or allow editing while in background the lock is checked at an interval (usually less than 20 seconds) until the file is released.

Once Office 2003 and 2007 gets the lock, it is updated at the "x" minutes interval you specify in your SabreDav locks plugin (30 minutes by default), but this time cannot be less than 180 seconds.

Office 2010 (Beta) has some kind of bug which makes the program don't update the lock anymore, so if another client checks the lock after the timeout, the lock will be released. This behaviour was observed in the Beta, so it may be corrected by the final product version.

Can we confirm the user agent "Microsoft Data Access Internet Publishing Provider DAV" from there as well?

@LukasReschke
Member

@PVince81 @LukasReschke Aren't LOCK requests ignored and just "simulated" in 8.2? Or am I wrong here. The log indicates, that the LOCK verb is not implemented.

It needs manually whitelisting of user agents and we just hope that clients are dumb enough to ignore the fact that we lie 😉

That's why we need the user agents. Then we can whitelist it as done in #21926

@MorrisJobke
Member

I only could test Office 2007 (I don't own any other version and it's pure pain to get a trail version without selling your soul to Microsoft)

127.0.0.1 - - [24/Feb/2016:09:33:38 +0100] "OPTIONS /remote.php/webdav/ HTTP/1.1" 200 0 "-" "Microsoft Office Protocol Discovery" 159677
127.0.0.1 - - [24/Feb/2016:09:33:38 +0100] "PUT /remote.php/webdav/Dok1.docx HTTP/1.1" 201 0 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 109719
127.0.0.1 - - [24/Feb/2016:09:33:38 +0100] "LOCK /remote.php/webdav/Dok1.docx HTTP/1.1" 501 247 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 49131
127.0.0.1 - - [24/Feb/2016:09:33:39 +0100] "PROPPATCH /remote.php/webdav/Dok1.docx HTTP/1.1" 207 553 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 65623
127.0.0.1 - - [24/Feb/2016:09:33:39 +0100] "HEAD /remote.php/webdav/Dok1.docx HTTP/1.1" 401 0 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 41315
127.0.0.1 - - [24/Feb/2016:09:33:39 +0100] "HEAD /remote.php/webdav/Dok1.docx HTTP/1.1" 200 0 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 47758
127.0.0.1 - - [24/Feb/2016:09:33:39 +0100] "PUT /remote.php/webdav/Dok1.docx HTTP/1.1" 204 0 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 113946
127.0.0.1 - - [24/Feb/2016:09:33:39 +0100] "PROPPATCH /remote.php/webdav/Dok1.docx HTTP/1.1" 207 553 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600" 57795
127.0.0.1 - - [24/Feb/2016:09:33:39 +0100] "HEAD /remote.php/webdav/Dok1.docx HTTP/1.1" 200 0 "-" "Microsoft Office Existence Discovery" 45753

And I also got the popup that asks for credentials.

@gig13
gig13 commented Feb 29, 2016

@LukasReschke @MorrisJobke What is the summary for the customer? Do we need to make some enhancements? Is this the expected behavior (at this point in time)?

@MorrisJobke
Member

@gig13 Could they try following patch:

diff --git a/lib/private/connector/sabre/serverfactory.php b/lib/private/connector/sabre/serverfactory.php
index a558a61..35b44f6 100644
--- a/lib/private/connector/sabre/serverfactory.php
+++ b/lib/private/connector/sabre/serverfactory.php
@@ -108,7 +108,11 @@ class ServerFactory {

        // Finder on OS X requires Class 2 WebDAV support (locking), since we do
        // not provide locking we emulate it using a fake locking plugin.
-       if($this->request->isUserAgent(['/WebDAVFS/'])) {
+       if($this->request->isUserAgent([
+           '/WebDAVFS/',
+           '/Microsoft Office Existence Discovery/',
+           '/Microsoft-WebDAV-MiniRedir/',
+       ])) {
            $server->addPlugin(new \OC\Connector\Sabre\FakeLockerPlugin());
        }

Best would be to test this in a test instance first. I could give this tomorrow a test.

@gig13
gig13 commented Mar 2, 2016

Please test first before I provide it to the customer.

@MorrisJobke
Member

Please test first before I provide it to the customer.

I don't own those office versions - so I couldn't test this 😢

@gig13
gig13 commented Mar 3, 2016

@MorrisJobke This patch is for 822, the customer is on 821, can I provide the 822 serverfactory, or do they need to upgrade to 822?

@MorrisJobke
Member

@MorrisJobke This patch is for 822, the customer is on 821, can I provide the 822 serverfactory, or do they need to upgrade to 822?

It's not yet in there. It's a separate patch, that is not yet in any version.

@gig13
gig13 commented Mar 3, 2016

@MorrisJobke @bboule So we can't test it, and I can't send to the customer. Is it being scheduled for another milestone/maintenance release?

@MorrisJobke
Member

@bboule How to proceed here? Do you have a lab machine with Office 2010 or 2013? Then I will create a PR, run tests and take care of this. But without the Office suites I'm not able to reproduce this.

@gig13
gig13 commented Mar 9, 2016

@bboule @MorrisJobke Any chance on testing this?

@MorrisJobke
Member

@bboule @MorrisJobke Any chance on testing this?

I still don't have any Office version available.

@MorrisJobke
Member

I still don't have any Office version available.

I now got a Office 2013 - I will test and fix this for Windows 7,8 and 10 with 2013 office.

@MorrisJobke MorrisJobke self-assigned this Mar 10, 2016
@MorrisJobke
Member

I tested this with Office 2013 on Windows 10 and Windows 8.1

@MorrisJobke
Member

@gig13 Fix is in #23094

@MorrisJobke MorrisJobke removed their assignment Mar 10, 2016
@MorrisJobke MorrisJobke added this to the 9.1-current milestone Mar 11, 2016
@MorrisJobke MorrisJobke removed their assignment Mar 11, 2016
@MorrisJobke
Member

@gig13 Backports are created - waiting for review. Then I could provide you a patch

@rtjdamen
rtjdamen commented Apr 8, 2016

Tried the fake lock and it is working on windows. When i try webdrive it still has the same problem. Same for OSX

@vondrt4
vondrt4 commented Apr 29, 2016

I'd just like to chime in that a problem is also on Microsoft's side. I couldn't overwrite files with Word even with the discussed patch applied and this hotfix from Microsoft fixed it:
https://support.microsoft.com/en-us/kb/2479169?sd=rss&spid=14019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment