Return-Path: 
 <dev-return-26588-apmail-subversion-dev-archive=subversion.apache.org@subversion.apache.org>
X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org
Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2DB2010E3D
	for <apmail-subversion-dev-archive@minotaur.apache.org>;
 Tue,  4 Jun 2013 00:24:55 +0000 (UTC)
Received: (qmail 54367 invoked by uid 500); 4 Jun 2013 00:24:55 -0000
Delivered-To: apmail-subversion-dev-archive@subversion.apache.org
Received: (qmail 54339 invoked by uid 500); 4 Jun 2013 00:24:54 -0000
Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@subversion.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@subversion.apache.org>
List-Post: <mailto:dev@subversion.apache.org>
List-Id: <dev.subversion.apache.org>
Delivered-To: mailing list dev@subversion.apache.org
Received: (qmail 54332 invoked by uid 99); 4 Jun 2013 00:24:54 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Jun 2013 00:24:54 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of knst.kolinko@gmail.com
 designates 209.85.214.170 as permitted sender)
Received: from [209.85.214.170] (HELO mail-ob0-f170.google.com)
 (209.85.214.170)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Jun 2013 00:24:50 +0000
Received: by mail-ob0-f170.google.com with SMTP id ef5so8443315obb.1
        for <dev@subversion.apache.org>; Mon, 03 Jun 2013 17:24:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=Jg5a9xatvYV/Vo2sbX5Qwq9h1c1H+hNe26xvfpcmyCM=;
        b=uMpHJ9p3VK3KEQVbzJ2gT17b5XczIrf0Yl9iGWYwSJEu/zK2GF/QcUotV47bK4xmHC
         72bPYyktf4x7S3CnercuK59W7/rAuVlZe/lAqUQwFglQOzXcqC0sFV2qH4s4UjT1ene6
         wrsF4R2y12BTwsFnNCjXmAwJP4PMPnAj67dX4iGYHc8Va9m/joXqf+LaSAG2Z7DjNgwQ
         s2oDILQAZ7aP4Xqa0Y/Z75K4XT0ZjN+43qO2F9hTCe1iOjttCYvbmClpzClbtsKrUS1b
         YtISpdFxb+bTaq/MU/x6Wv564IV94qOnVW3+Oshyn6tqPAI3VSNQ+WiTFR1LBQ1B7II/
         azkA==
MIME-Version: 1.0
X-Received: by 10.60.131.104 with SMTP id ol8mr10888413oeb.104.1370305469816;
 Mon, 03 Jun 2013 17:24:29 -0700 (PDT)
Received: by 10.76.117.165 with HTTP; Mon, 3 Jun 2013 17:24:29 -0700 (PDT)
In-Reply-To: 
 <CABD8fLV8EVSp=Fa2Zi900ye7WDP_bSQxPqpvKbxP017AqSKWEQ@mail.gmail.com>
References: <87y5aqgam0.fsf@ntlworld.com>
	<CABD8fLVSox+GgGWaqBZjipqCrD8ZuJ3oC+ZUYDj59dWhaE1=dw@mail.gmail.com>
	<87txleg82u.fsf@ntlworld.com>
	<CABD8fLV7u9SsXam2s975WAmaSBAR_=K2oCz7AXXvJUAfm9RV4w@mail.gmail.com>
	<CADkdwvQFgmmucoVFd3KMekZQLbyYh+BV0-PKr2X45OM=TdNJrg@mail.gmail.com>
	<CABD8fLUGzK23eS-gi2XPtDhHTAw-YCVyKshHr-Z2XoZFgReamA@mail.gmail.com>
	<CABD8fLV8EVSp=Fa2Zi900ye7WDP_bSQxPqpvKbxP017AqSKWEQ@mail.gmail.com>
Date: Tue, 4 Jun 2013 04:24:29 +0400
Message-ID: 
 <CABzHfVmKAzSwSWR+8TJQpQL0=QhQaFQSkY76MwZNP2-mDUdgig@mail.gmail.com>
Subject: Re: serf error handling for locks without authn
From: Konstantin Kolinko <knst.kolinko@gmail.com>
To: Greg Stein <gstein@gmail.com>
Cc: Ben Reser <ben@reser.org>, Philip Martin <philip.martin@wandisco.com>,
	Subversion Development <dev@subversion.apache.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

2013/6/4 Greg Stein <gstein@gmail.com>:
> On Mon, Jun 3, 2013 at 7:10 PM, Greg Stein <gstein@gmail.com> wrote:
>> On Mon, Jun 3, 2013 at 6:48 PM, Ben Reser <ben@reser.org> wrote:
>>...
>>> I'd argue that we should return a 500 range error since the problem
>>> here is that the server is not properly configured.  There is really
>>
>> Nah. 500 means there is nothing the client can do, which isn't quite
>> accurate. A client *could* go ahead and fill in an Authorization:
>> header. (tho I don't know if Apache will parse it, without a config
>> there)
>>
>>> nothing a client can do to resolve the issue other than to
>>> authenticate, which our client is only going to do if the server is
>>> setup properly.  So I'd vote for returning HTTP_INTERNAL_SERVER_ERROR.
>
> On IRC, Ben and I tossed this around. The short answer is "the server
> is not configured to allow a LOCK operation." 501 (Not Implemented)
> states it is an appropriate status when the server is unable to
> support the request method.
>
> We can also adjust the error string in append_locks() to something like:
>   "Anonymous lock creation is not allowed. The server configuration
> will not allow a LOCK."
>
> That points to the configuration problem. And the 501 is pretty darned
> close to what we want.
>
> As Ben noted on IRC, a 4xx response implies the client got something
> wrong. The root problem is on the server, and that implies a 5xx
> response.
>

If you are considering 501 then there also exists 405 Method Not Allowed
An implementation difference though is that 405 must be accompanied by
an Allow header.

Difference between 405 and 501 is also specified in ch.5.1.1 of RFC
2616 (HTTP/1.1),
Quoting from there:
[[[
   The list of methods allowed by a resource can be specified in an
   Allow header field (section 14.7). The return code of the response
   always notifies the client whether a method is currently allowed on a
   resource, since the set of allowed methods can change dynamically. An
   origin server SHOULD return the status code 405 (Method Not Allowed)
   if the method is known by the origin server but not allowed for the
   requested resource, and 501 (Not Implemented) if the method is
   unrecognized or not implemented by the origin server.
]]]

On a generic HTTP server if authentication is required but is not configured
I would consider returning 403.
I do not know whether that would work for Subversion in this case though.

Best regards,
Konstantin Kolinko