Public bug reported:
ENVIRONMENT:
---------------------
Precise 64
Nautilus 3.4.2
$ uname -a && nautilus --version
Linux zakhar-desktop 3.2.0-30-generic #48-Ubuntu SMP Fri Aug 24 16:52:48 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux
GNOME nautilus 3.4.2
WEBDAV:
------------
I set up a local Apache WebDAV with standard options.
No SSL
Basic authentication (it is for local use)
When I instruct Nautilus to go to my WebDAV (dav://127.0.0.1/webdav/) I
get an error.
After a few hours of investigation, I discovered the bug: Nautilus sends
data to a closed TCP connection!
WHAT HAPPENS:
----------------------
When you hit "Enter" after the address (dav://127.0.0.1/webdav/), Nautilus
issues a plain request to the server.
Then, of course, the server replies 401: Authorisation required.
Having this response, Nautilus shows the box where you can enter user/password.
... the trouble is... if it takes you more than 5 seconds to type the
password, the default keepalive of Apache being 5 seconds, the
connection will be closed.
Then, once you have entered both username and password, Nautilus re-
issues the same request with the Authorization header.
... but this is done on a closed connection!..
PROOF:
----------
This is the Wireshark summary trace from a second PC (client is 192.168.0.132,
server is 192.168.0.130)
No. Time Source Destination Protocol Length
Info
1 0.000000 192.168.0.132 192.168.0.130 TCP 74
38035 > http [SYN] Seq=0 Win=14600 Len=0 MSS=1460
2 0.000040 192.168.0.130 192.168.0.132 TCP 74
http > 38035 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0
3 0.000246 192.168.0.132 192.168.0.130 TCP 66
38035 > http [ACK] Seq=1 Ack=1 Win=14656 Len=0
4 0.000534 192.168.0.132 192.168.0.130 HTTP 230
OPTIONS /webdav HTTP/1.1
5 0.000555 192.168.0.130 192.168.0.132 TCP 66
http > 38035 [ACK] Seq=1 Ack=165 Win=15552 Len=0
6 0.001226 192.168.0.130 192.168.0.132 HTTP 727
HTTP/1.1 401 Authorization Required (text/html)
7 0.001698 192.168.0.132 192.168.0.130 TCP 66
38035 > http [ACK] Seq=165 Ack=662 Win=15936 Len=0
8 5.003870 192.168.0.130 192.168.0.132 TCP 66
http > 38035 [FIN, ACK] Seq=662 Ack=165 Win=15552 Len=0
9 5.042256 192.168.0.132 192.168.0.130 TCP 66
38035 > http [ACK] Seq=165 Ack=663 Win=15936 Len=0
10 7.873829 192.168.0.132 192.168.0.130 HTTP 273
OPTIONS /webdav HTTP/1.1
11 7.873866 192.168.0.130 192.168.0.132 TCP 54
http > 38035 [RST] Seq=663 Win=0 Len=0
12 7.873872 192.168.0.132 192.168.0.130 TCP 66
38035 > http [FIN, ACK] Seq=372 Ack=663 Win=15936 Len=0
13 7.873881 192.168.0.130 192.168.0.132 TCP 54
http > 38035 [RST] Seq=663 Win=0 Len=0
As you can see, packet 8 occurs around 5 second after the packet 7, and is a
FIN from the server (5 seconds of inactivity).
I spent almost 8 seconds typing username/password, and then at 7.8 sec,
the second request with the Authorization goes out... WITHOUT reopening
the connection.
Of course, the server is not happy with that and issues a RST, and
subsequently Nautilus says that there is an error.
To check that it is indeed the source of the bug, I bumped the keep-alive
time-out in my Apache config to 30 seconds, and this time, all was fine (of
course I typed the user/password in less than 30 secs).
GUESSING:
-------------
With previous versions of Nautilus where you had to enter in a windows the
address of the server, the protocol, the username and password... THEN hit
enter, I imagine such things didn't show as it was 'fast enough' not to be in
that situation.
Having removed this windows, the bug shows.
It is bad because my workaround (timeout to 30 secs) is hazardous.
In fact you can't really guess how much time would the user need to enter
user/password. In case of strong and long pass phrases, and slow typing user,
we could imagine over a minute... and we don't want to bump the keep-alive
time-out on Apache that much for the sake of resource preservation.
WHAT IS EXPECTED:
--------------------------
Nautilus should not produce an error when connecting to a perfectly fine WebDAV
server.
Basically, it shouldn't try sending data on a closed TCP connection... because
obviously that does not work!
** Affects: nautilus (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1051726
Title:
WebDav broken, Nautilus sends data on a closed TCP connection!
Status in “nautilus” package in Ubuntu:
New
Bug description:
ENVIRONMENT:
---------------------
Precise 64
Nautilus 3.4.2
$ uname -a && nautilus --version
Linux zakhar-desktop 3.2.0-30-generic #48-Ubuntu SMP Fri Aug 24 16:52:48 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux
GNOME nautilus 3.4.2
WEBDAV:
------------
I set up a local Apache WebDAV with standard options.
No SSL
Basic authentication (it is for local use)
When I instruct Nautilus to go to my WebDAV (dav://127.0.0.1/webdav/)
I get an error.
After a few hours of investigation, I discovered the bug: Nautilus
sends data to a closed TCP connection!
WHAT HAPPENS:
----------------------
When you hit "Enter" after the address (dav://127.0.0.1/webdav/), Nautilus
issues a plain request to the server.
Then, of course, the server replies 401: Authorisation required.
Having this response, Nautilus shows the box where you can enter
user/password.
... the trouble is... if it takes you more than 5 seconds to type the
password, the default keepalive of Apache being 5 seconds, the
connection will be closed.
Then, once you have entered both username and password, Nautilus re-
issues the same request with the Authorization header.
... but this is done on a closed connection!..
PROOF:
----------
This is the Wireshark summary trace from a second PC (client is
192.168.0.132, server is 192.168.0.130)
No. Time Source Destination Protocol
Length Info
1 0.000000 192.168.0.132 192.168.0.130 TCP 74
38035 > http [SYN] Seq=0 Win=14600 Len=0 MSS=1460
2 0.000040 192.168.0.130 192.168.0.132 TCP 74
http > 38035 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0
3 0.000246 192.168.0.132 192.168.0.130 TCP 66
38035 > http [ACK] Seq=1 Ack=1 Win=14656 Len=0
4 0.000534 192.168.0.132 192.168.0.130 HTTP 230
OPTIONS /webdav HTTP/1.1
5 0.000555 192.168.0.130 192.168.0.132 TCP 66
http > 38035 [ACK] Seq=1 Ack=165 Win=15552 Len=0
6 0.001226 192.168.0.130 192.168.0.132 HTTP 727
HTTP/1.1 401 Authorization Required (text/html)
7 0.001698 192.168.0.132 192.168.0.130 TCP 66
38035 > http [ACK] Seq=165 Ack=662 Win=15936 Len=0
8 5.003870 192.168.0.130 192.168.0.132 TCP 66
http > 38035 [FIN, ACK] Seq=662 Ack=165 Win=15552 Len=0
9 5.042256 192.168.0.132 192.168.0.130 TCP 66
38035 > http [ACK] Seq=165 Ack=663 Win=15936 Len=0
10 7.873829 192.168.0.132 192.168.0.130 HTTP 273
OPTIONS /webdav HTTP/1.1
11 7.873866 192.168.0.130 192.168.0.132 TCP 54
http > 38035 [RST] Seq=663 Win=0 Len=0
12 7.873872 192.168.0.132 192.168.0.130 TCP 66
38035 > http [FIN, ACK] Seq=372 Ack=663 Win=15936 Len=0
13 7.873881 192.168.0.130 192.168.0.132 TCP 54
http > 38035 [RST] Seq=663 Win=0 Len=0
As you can see, packet 8 occurs around 5 second after the packet 7, and is a
FIN from the server (5 seconds of inactivity).
I spent almost 8 seconds typing username/password, and then at 7.8
sec, the second request with the Authorization goes out... WITHOUT
reopening the connection.
Of course, the server is not happy with that and issues a RST, and
subsequently Nautilus says that there is an error.
To check that it is indeed the source of the bug, I bumped the keep-alive
time-out in my Apache config to 30 seconds, and this time, all was fine (of
course I typed the user/password in less than 30 secs).
GUESSING:
-------------
With previous versions of Nautilus where you had to enter in a windows the
address of the server, the protocol, the username and password... THEN hit
enter, I imagine such things didn't show as it was 'fast enough' not to be in
that situation.
Having removed this windows, the bug shows.
It is bad because my workaround (timeout to 30 secs) is hazardous.
In fact you can't really guess how much time would the user need to enter
user/password. In case of strong and long pass phrases, and slow typing user,
we could imagine over a minute... and we don't want to bump the keep-alive
time-out on Apache that much for the sake of resource preservation.
WHAT IS EXPECTED:
--------------------------
Nautilus should not produce an error when connecting to a perfectly fine
WebDAV server.
Basically, it shouldn't try sending data on a closed TCP connection...
because obviously that does not work!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1051726/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
