Topic: WebDAV HowTo? and securing phpMyadmin

[cactus]

K, today I tried to get WebDAV working according to your HowTo.
Seems like I can't make it. But I think it's because I have the SVN-contrib installed. At the moment i don't want to remove that, because I'm working with it
If I do erverything right according to your HowTo I don't have access to my server via browser at all. So I un-did all the steps an got it working again.
Then I only added the 75BrowserMatchMod_Dav and 95AddModDav2ibays with the same outcome that I couldn't access the server via browser.
Well, as I said, I think it's because I have SVN installed.

But thanks a lot!!!
When I've got some more time, I will try to make it work with an installed svn as well. (But as I'm a noob, this could take a little time )

I (the developer of the smeserver-subversion and the smeserver-subversion) have a hard time believing that the subversion and the mod_dav plugin are hampering you to implement Web DAV. Did you check your log files for errors and hints on what goes wrong?

Are there messages in the /var/log/messages indicating that the webserver is restarted succesfully after you have made your modifications? If so are there log messages in the /var/log/httpd/error_log or /var/log/httpd/access_log at the time you tried to access your configured Web DAV locations?

Keep in mind that the smeserver-mod_dav was written to only load mod_dav into Apache in a controlled and orderly fashion as this is a requirement for subversion to work with Apache, no further Web DAV functionality is implemented as I do not need it at the moment.

[chris_da_man]

Hi, thanks for your reply, and congratulations on your work on the svn-contrib, even I got it working in 5 minutes!!!!!!!

I didn't want to imply, that your contrib does something bad or even wrong, I'm completely aware that it's me who makes the mistakes in configuring the WebDav functionality.
I only thought that maybe the templates for the Webdav functionality override anything that SVN already configured and so it comes to an error. This is just a guess from a linux-noob, so don't pay too much attention;-)
This is the log from /var/log/httpd/error_log

-error_log-
[Thu Aug 23 16:59:32 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:32 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:32 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Aug 23 16:59:32 2007] [crit] (17)File exists: unable to create scoreboard "/var/run/httpd.scoreboard" (name-based shared memory failure)
[Thu Aug 23 16:59:34 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:34 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:34 2007] [notice] Digest: generating secret for digest authentication ...
[Thu Aug 23 16:59:34 2007] [notice] Digest: done
[Thu Aug 23 16:59:35 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:35 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:35 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Aug 23 16:59:35 2007] [notice] Apache configured -- resuming normal operations

The access_log doesn't hold anything.

The same -unreachable via browser error- happened to me as i made a mistake configuring the secure phpmyadmin-console, so it's also very likely that I've made a mistake creating the WebDav-template-files (but i did only c&p).

Sorry if I annoyed you by my post, it wasn't meant to...

Thanks for your help

[cactus]

Hi, thanks for your reply, and congratulations on your work on the svn-contrib, even I got it working in 5 minutes!!!!!!!

You're welcome!

I didn't want to imply, that your contrib does something bad or even wrong, I'm completely aware that it's me who makes the mistakes in configuring the WebDav functionality.

Don't bother I am not offended.

This is the log from /var/log/httpd/error_log

[Thu Aug 23 16:59:32 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Aug 23 16:59:32 2007] [crit] (17)File exists: unable to create scoreboard "/var/run/httpd.scoreboard" (name-based shared memory failure)

This seems like an unclear shutdown of the httpd daemon. Did you use the correct command to restart the httpd daemon:

Code: [Select]

service httpd-e-smith restart

[Thu Aug 23 16:59:32 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
The access_log doesn't hold anything.

That would be correct as it seems that your webserver is not running, because of the unclear shutdown.

There once was posted a script for this but I am unable to find it in the bugtracker or on the forums, but my guess is that issuing this on the command line should also fix it

Code: [Select]

signal-event reboot

[chris_da_man]

You're right, my apache isn't running after the reconfig...
But even a reboot can't make it running.
I always need to remove my custom-templates and then apache starts.
I check the files again. There must be a mistake in one of them.

Thanks

[cactus]

You're right, my apache isn't running after the reconfig...
But even a reboot can't make it running.
I always need to remove my custom-templates and then apache starts.
I check the files again. There must be a mistake in one of them.

Thanks

Check the /var/log/messages file, it will probably say a bit more about the reason apache won't start.

[chris_da_man]

Hmmm.....
No there is no hint, apache wouldn't start. The file says, it starts.
But it doesn't react on requests. And doesn't write them down into the access-log.

Strange;-)

[cactus]

Hmmm.....
No there is no hint, apache wouldn't start. The file says, it starts.
But it doesn't react on requests. And doesn't write them down into the access-log.

Strange;-)

That is strange, please post your configuration templates, maybe I and others can helptrying to find the source of the error.

[chris_da_man]

I configured all as it is shown in the HowTo by Stephen:

http://correa.namsys.com.au/misc/files/sme/doco/WebDavWithHTTPS.pdf

Here my files:

Code: [Select]

-20LoadModule80mod_dav-

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so

Code: [Select]

-35DavLock-

DAVLockDB /var/run/davLocks/DAVLock

Code: [Select]

-75BrowserMatchMod_Dav-

#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully

Code: [Select]

-95AddModDav2ibays-

{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
$OUT = "";
foreach my $ibay ($adb->ibays)
{
my %properties = $ibay->props;
my $key = $ibay->key;
if ($properties{'ModDav'})
{
if ($properties{'ModDav'} eq 'enabled')
{
$OUT .= "\n<Directory /home/e-smith/files/ibays/$key/html>\n";
$OUT .= " # Turn DAV on for this directory tree\n";
$OUT .= " DAV On\n";
$OUT .= " AllowOverride None\n";
$OUT .= " Options +Indexes \n";
$OUT .= " # Allow fancy indexing by columns and download by clicking icon\n";
$OUT .= " IndexOptions FancyIndexing IconsAreLinks\n";
if ($properties{'Group'})
{
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
# Save grouname and find it in the group list
$iBayGroup = $properties{'Group'};
foreach my $group ($adb->groups)
{
my %groupprops = $group->props;
my $grpkey = $group->key;
if ($grpkey eq $iBayGroup)
{
# we have the group that owns the DAV iBay
# If there are members of the group validate on them,
# otherwise on the ibayname
if ($groupprops{'Members'})
{
# need to break user list on commas then output each one...
my @values = split(',',$groupprops{'Members'});
$OUT .= " # Replace ibay name with any valid group member to validate\n";
$OUT .= " Require user ";
foreach my $val (@values) {
$OUT .= $val . " ";
}
$OUT .= "\n";
}
else
{
# No group members so use ibay name for validation
$OUT .= " # use ibay name to validate\n";
$OUT .= " Require user " . $key . "\n";
}
}
}
}
# Ensure only valid users get to do stuff...
$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>\n";
$OUT .= " allow from all\n";
$OUT .= " Require valid-user\n";
$OUT .= " </Limit>\n";
$OUT .= "</Directory>\n";
}
}
}
}
And in order to secure the phpMyAdmin-console:

Code: [Select]

-86PhpmyadminAlias-

# phpMyAdmin
Alias /phpmyadmin /opt/phpmyadmin
<Directory /opt/phpmyadmin>
{
use esmith::util;
my $release = esmith::util::determineRelease();
if ("$release" ge "7.0")
        {
        $OUT .= "    SSLRequireSSL";
        }
        else
        {
        $OUT .= "    RequireSSL on";
        }
}
    Options -Indexes
    AllowOverride None
    order deny,allow
    deny from all
    allow from { $localAccess; }
    AuthName "phpMyAdmin"
    AuthType Basic
    AuthExternal pwauth
    require user admin
    Satisfy all
    AddType application/x-httpd-php .php .php3
    php_flag  magic_quotes_gpc  on
    php_flag  track_vars        on
</Directory>
This is all I have.

This would be just great if you could take a quick look and see whats wrong.

Thanks a lot guys!!!!

[cactus]

This would be just great if you could take a quick look and see whats wrong.

Thanks a lot guys!!!!

I have loaded everything on a plain SME 7.2, without any other contribs and installed smeserver-subversion from smedev and then added the code fragments you copied in the forums to /etc/e-smith/templates-user/etc/httpd/conf/httpd.conf/ folder.
Regenerated the configuration file for httpd and restarted it:

Code: [Select]

expand-template /etc/httpd/conf/httpd.conf
service httpd-e-smith restartThe strange thing is that I can not reproduce your problem and the webserver starts properly and runs OK, after that. Just to verify, please answer these questions to see if I overlooked something:
What is your server version?
Do you have smeserver-subversion installed at the moment?
Do you have smeserver-mod_dav installed at the moment?
In which directory did you put your custom template fragments?
What is the output of

Code: [Select]

config show modDAV?
What is the output of

Code: [Select]

config show modDAVSVN?

[Jáder]

I think problem is on this line:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>\n";
It should be just one line! Remove CR and it wil became:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n";
So you´re be working. I had the same error when try to install!

BTW: Now it´s working... so how I can access those ibays ? http://server/ibay ??
(I´m a little LOST about webdav and his features!)

[cactus]

I think problem is on this line:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>\n";
It should be just one line! Remove CR and it wil became:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n";

Aargh, that was stupid I should have seen that and tested with an ibay as well. Thanks for pointing this out Jader.
So you´re be working. I had the same error when try to install!

BTW: Now it´s working... so how I can access those ibays ? http://server/ibay ??
(I´m a little LOST about webdav and his features!)

If drag-and-drop does not work you perhaps need a WebDAV client, but as already stated I do not have any experience with the use of WebDAV other than using it to enable my subversion contrib to work:-)

[chris_da_man]

Woooooowwww,

you're great!!!! Thanks!!!! 

Now I got it working, what a wonderful feeling 

You got to stick completely to the HowTo to set up the iBay.

Then you can access it maybe from Windows XP or Vista.
I don't know the specific terms of an english XP since I use it in german.

I copied this one from mmccarn:

Windows XP:
  - "My Network Places"
  - select "Add a network place"
  - "Next"
  - "Choose another network location"
  - "http://server/data"

This worked fine for me!!!!

Thanks to erveryone who helped me in this thread!!!!
And of course special thanks to StephenHodgman, cactus and last but not least jader!!!!!

[cactus]

Thanks to erveryone who helped me in this thread!!!!
And of course special thanks to StephenHodgman, cactus and last but not least jader!!!!!

You're welcome, I learned a little bit as well! Enjoy the ride!

[Jáder]

You're welcome, I learned a little bit as well! Enjoy the ride!

So do I. And again... you´re welcome!

Jáder

[StephenHodgman]

You blokes are too fast for me. 
I only just caught up with the message traffic now.
Glad it is all working for you.
Have fun,