WebDAV Access Control in Cosmo

This document describes the implementation of the WebDAV Access Control Protocol (RFC 3744) in Cosmo as of version 0.8.

Principals

Cosmo exposes user accounts via WebDAV as user principal resources. These resources are accessed through the user principal collection.

URI-path	Description
`/dav/users/`	Principal collection providing the root URL namespace for user principals
`/dav/users/{username}`	Principal resource representing a user account

The user principal collection may be accessed with GET, HEAD, PROPFIND, and REPORT by any authenticated user. This allows clients to browse and query the server's user accounts.

An individual user principal resource may only be accessed with GET, HEAD and PROPFIND by that user and by administators. User principals may not be copied, moved, updated or deleted. User account management occurs using CMP or the web UI.

Dead properties are not supported for any principal resources. (Bug 10848))

Group principals are not supported.

Privileges

The DAV privilege tree for Cosmo is structured as follows:

DAV:all (aggregate)
    |
    +-- DAV:read
    |
    +-- DAV:write (aggregate)
           |
           +-- DAV:write-properties (abstract)
           +-- DAV:write-content (abstract)
           +-- DAV:bind (abstract)
           +-- DAV:unbind (abstract)
    |
    +-- DAV:read-current-user-privilege-set
    +-- CALDAV:read-free-busy

This privilege tree allows DAV:all, DAV:read, DAV:write, DAV:read-current-user-privilege-set, and CALDAV:read-free-busy (see CosmoCaldav for more information on this privilege) to be assigned to ACEs.

The server's access control model is static. All ACLs are created at the time a user account or resource is created, and no ACL may be edited or deleted other than as a side effect of deleting a user account or resource.

The following table describes the privileges expressed by the server for the various principals and resource types.

Principal	Resource Type	Privileges	Inheritance
Anonymous users	All resources	none	-
Administrators	All resources	`DAV:all`	-
Authenticated users	User principal collection	`DAV:read`, `DAV:read-current-user-privilege-set`	none
	Own user principal resource	`DAV:all`	-
	Other user principal resource	`DAV:read-current-user-privilege-set`	-
	Owned by the user	`DAV:all`	-
	Parent collection owned by the user	`DAV:all`	-
	Not owned by the user	`DAV:read-current-user-privilege-set`	-
Any ticket	User principal collection	`DAV:read-current-user-privilege-set`	none
Any ticket	Any user principal resource	`DAV:read-current-user-privilege-set`	none
Read-only ticket	Item resource	`DAV:read`, `DAV:read-current-user-privilege-set`, `CALDAV:read-free-busy`	all descendants; may be overridden by a ticket on a descendant
Read-write ticket	Item resource	`DAV:read`, `DAV:write`, `DAV:read-current-user-privilege-set`, `CALDAV:read-free-busy`	all descendants; may be overridden by a ticket on a descendant
Free-busy ticket	Item resource	`DAV:read-current-user-privilege-set`, `CALDAV:read-free-busy`	all descendants; may be overridden by a ticket on a descendant

Principal Properties

These properties are defined on user principal resources.

Name	Value
`DAV:alternate-URI-set`	empty
`DAV:principal-URL`	The canonical URL of the principal resource as shown above
`DAV:group-membership`	empty
`DAV:acl`	All privileges granted to regular users for the resource; does not include privileges for tickets or admin users; all ACEs are protected

DAV:group-member-set is not supported.

Access Control Properties

These properties are defined on item resources.

Name	Value
`DAV:owner`	The principal URL of the user who owns the resource
`DAV:current-user-privilege-set`	The set of privileges granted to the currently authenticated principal for the resource
`DAV:principal-collection-set`	The URL of the user principal collection
`DAV:acl`	All privileges granted to regular users for the resource; does not include privileges for tickets or admin users; all ACEs are protected

DAV:group, DAV:supported-privilege-set, DAV:acl-restrictions, and DAV:inherited-acl-set are not supported.

Methods

`PROPFIND`

There is a known security issue by which a user or ticket can be used to obtain access to the properties of a resource for which the user or ticket does not have the read privilege. (Bug 10940)

`ACL`

The server responds to any ACL request with a 403 Forbidden response containing the DAV:not-supported-privilege error condition code.

Reports

DAV:principal-match is supported on the user principal collection, all principal resources, and all item collections.

DAV:principal-property-search is supported on the user principal collection and on all item collections. Its search method performs caseless substring matches. This report will search against any property.

DAV:principal-search-property-set is supported on the user principal collection and on all item collections. The only property it specifies for searches is DAV:displayname; even though DAV:principal-property-search accepts any property in a search specification, DAV:displayname is the only one that is practically useful.

DAV:acl-principal-prop-set is not supported.

chandlerproject.org

VISION
TOUR

Download Desktop
Get a Hub Account
Get Chandler Server

FAQ
Get Started

Blog
Mailing Lists
Chat on IRC

Report a Bug
Get Involved

OSAF Community
About OSAF

Projects Wiki Changes

Open Source Applications Foundation

Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.