Does rclone support public sharepoint sites / file shares?

cc_dev · March 5, 2020, 12:37pm

I am trying to connect rclone to a public sharepoint file share that doesn't require any authentication to access - Is this supported in rclone latest?

I tried the onedrive config approach first but this requires the config step to get a token - which isn't possible in this use case so I can't complete the step.

I then tried the webdav version but I get 403/authentication failure errors. Accessing the share on chrome and looking at network traffic, I see that there's a redirect to login.microsoft.com which sets a authentication cookie and redirects back to the public sharepoint.

I have tried setting cookies myself using the auth key I got from chrome but this doesn't work either e.g.:

rclone --http-headers "set-cookie,FedAuth=[snip" ls publicshare: -vv --dump requests

I assume --http-headers doesn't work with other backends?

I can't share the URL publically to the sharepoint site but happy to do so in PM if needed or do further diagnostic tests.

thanks

ncw · March 5, 2020, 1:47pm

Did you try configuring it as a plain webdav backend? Ie answering other to this question

Name of the Webdav site/service/software you are using
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
 1 / Nextcloud
   \ "nextcloud"
 2 / Owncloud
   \ "owncloud"
 3 / Sharepoint
   \ "sharepoint"
 4 / Other site/service or software
   \ "other"

If it doesn't need auth, then I would have thought that should work...

cc_dev · March 5, 2020, 1:57pm

@ncw thanks for getting back to me.
Yeah I tried options 3 and 4 (other) as suggested and no luck.

My config is:

type = webdav
url = https://[company].sharepoint.com/personal/[suer]/Documents
vendor = other

Running:

rclone ls share: -vv --dump requests

This is the dump I get:

2020/03/05 13:52:00 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/03/05 13:52:00 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/03/05 13:52:00 DEBUG : HTTP RESPONSE (req 0xc000143200)
2020/03/05 13:52:00 DEBUG : HTTP/2.0 403 Forbidden
Content-Length: 13
Content-Type: text/plain; charset=utf-8
Date: Thu, 05 Mar 2020 13:52:00 GMT
Microsoftsharepointteamservices: 16.0.0.19819
Ms-Cv: nzvSR8FQALCdGiRj0m1mwA.0
P3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Request-Id: 47d23b9f-50c1-b000-9d1a-2463d26d66c0
Sprequestguid: 47d23b9f-50c1-b000-9d1a-2463d26d66c0
X-Content-Type-Options: nosniff
X-Forms_based_auth_required: https://x.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=/personal/x
X-Forms_based_auth_return_url: https://x.sharepoint.com/_layouts/15/error.aspx
X-Idcrl_auth_params_v1: IDCRL Type="BPOSIDCRL", EndPoint="/personal/x/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"
X-Ms-Invokeapp: 1; RequireReadOnly
X-Msdavext_error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.
X-Msedge-Ref: Ref A: 1F237D9895F443C49D66B81BDC12DE2B Ref B: DB3EDGE1621 Ref C: 2020-03-05T13:52:00Z
X-Powered-By: ASP.NET
X-Sharepointhealthscore: 2

2020/03/05 13:52:00 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/03/05 13:52:00 ERROR : : error listing: couldn't list files: 403 FORBIDDEN: 403 Forbidden
2020/03/05 13:52:00 Failed to ls with 2 errors: last error was: couldn't list files: 403 FORBIDDEN: 403 Forbidden

This is why I then looked into Chrome to see this redirect happens automatically in the browser which generates a auth token cookie it seems.

calisro · March 5, 2020, 2:06pm

I'm not a sharepoint guy but seems something else is needed here to full-fill the anonymous context. Just was reading this but i'm not sure how relevant that really is to you.

https://social.msdn.microsoft.com/Forums/office/en-US/b30860cd-8f2c-4dcf-b44c-68b42771498e/access-denied-before-opening-files-in-this-location-?forum=appsforsharepoint

This seems to say you need to pass anonymous contexts.

https://social.msdn.microsoft.com/Forums/vstudio/en-US/f5e62d68-755e-47e5-b094-0e64a3a77e60/how-to-pass-networkcredential-sharepoint-page-using-client-object-model-or-serve-object-model-in?forum=sharepointdevelopmentprevious

ncw · March 5, 2020, 3:18pm

Thanks, it was worth a try!

I could make that option work relatively easily for the webdav backend - it seems a bit untidy though!

So do you think if rclone maintained cookies for the site - that would help?

If you PM me the site, I'll have a play around - thanks!

cc_dev · March 5, 2020, 3:49pm

@calisro Thanks for the earlier post - I had a look at both links and wasn't entirely sure how they could help in my case as I've no control over the originating sharepoint link but this site defo seems to be setup as a anonymous share.

@ncw thanks for the reply.

Yeah I am stabbing in the dark a bit regarding the cookie solution - I just noted that setting a cookie is a workaround in the past based on this article:

https://shui.azurewebsites.net/2018/01/13/mount-onedrive-for-business-on-headless-linux-vps-through-webdav/

Since my post / your reply, I found out this sharepoint is not public but can be viewed by invitation link and that the original link contains this invite code - so I re-setup rclone with webdav / other and tried again and this time I now get a new error '405 method not allowed' so I guess my question should be updated to say 'does rclone support invite only sharepoints' and I'm guessing that this isn't a rclone issue but a sharepoint one where invitees aren't allowed to query the API to get listings etc (even tho I do have write access to upload and view files and folders). See below for request output:

2020/03/05 15:47:13 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/03/05 15:47:13 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/03/05 15:47:13 DEBUG : HTTP RESPONSE (req 0xc000154800)
2020/03/05 15:47:13 DEBUG : HTTP/2.0 405 Method Not Allowed
Allow: GET, HEAD, OPTIONS, TRACE
Date: Thu, 05 Mar 2020 15:47:13 GMT
Microsoftsharepointteamservices: 16.0.0.19819
Ms-Cv: nzvY35ggALAbRO94u4UN4w.0
P3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Request-Id: dfd83b9f-2098-b000-1b44-ef78bb850de3
Spiislatency: 3
Sprequestduration: 7
Sprequestguid: dfd83b9f-2098-b000-1b44-ef78bb850de3
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Ms-Invokeapp: 1; RequireReadOnly
X-Msedge-Ref: Ref A: AC53C930C62C403A9764F8C8FFC41F9F Ref B: DB3EDGE1114 Ref C: 2020-03-05T15:47:14Z
X-Powered-By: ASP.NET
X-Sharepointhealthscore: 3
Content-Length: 0

2020/03/05 15:47:13 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/03/05 15:47:13 ERROR : : error listing: couldn't list files: 405 Method Not Allowed
2020/03/05 15:47:13 Failed to ls with 2 errors: last error was: couldn't list files: 405 Method Not Allowed

Happy to send the site - where is the best place to PM as couldn't see how to do it here on the forum?

Thanks again for rclone and your help!

ncw · March 5, 2020, 5:05pm

The invite link doesn't support webdav is what that error means. I suspect you have to do something to it first!

Click on my username (in this reply is fine) and you'll see a Message button.

cc_dev · March 5, 2020, 5:36pm

@ncw It appears I'm too new here to message you yet I've no access to a Message button.

As for the invite link - yeah agreed.

Animosity022 · March 5, 2020, 5:44pm

You should be able to now as I fixed that for you.

system · May 5, 2020, 1:44pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.