subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Benjamin.Ort...@wellsfargo.com>
Subject Re: On commit attempt, Server sent unexpected return value (403 Forbidden) in response to CHECKOUT
Date Mon, 03 Jan 2011 02:27:14 GMT
That can't be right, since it works perfectly when I use the authz file by itself. When I add
that apache location in, everything except the file that is indicated in that location works
exactly as expected with the authz file in the order I have it.



Benjamin Ortega
--------------------------------------------
Operations Systems Engineer
Wells Fargo Bank, Des Moines, IA
CORE Build & Deploy Team
Benjamin.Ortega@WellsFargo.com
☎ : 515-720-2700 (cell)‬
‪MAC: X2301-01X‬

‪‬

‪
This transmission may contain information that is confidential and/or proprietary. If you
are not the individual or entity to which it is addressed, note that any review, disclosure,
copying, retransmission, or other use is strictly prohibited. If you received this transmission
in error, please notify the sender immediately and delete the material from your system.‬
‪

________________________________
From: Tony Sweeney <tsweeney@omnifone.com>
To: Ortega, Benjamin; users@subversion.apache.org <users@subversion.apache.org>
Sent: Sat Jan 01 11:20:59 2011
Subject: RE: On commit attempt, Server sent unexpected return value (403 Forbidden) in response
to CHECKOUT



________________________________
From: Benjamin.Ortega@wellsfargo.com [mailto:Benjamin.Ortega@wellsfargo.com]
Sent: 01 January 2011 17:13
To: users@subversion.apache.org
Subject: On commit attempt, Server sent unexpected return value (403 Forbidden) in response
to CHECKOUT


I'm trying to integrate a SVN Authz authorization file with apache configuration files to
provide a solution for not just directory level restrictions, but also file level restrictions.
It's my understanding that the SVN Authorization file is not capable of handling file-specific
restrictions, only directory level.

The SVN Authz file is set up and i'm able to use it with absolutely no issues what-so-ever.
If I switch to using just the Apache Conf file by itself, it works exactly as expected with
no issues. But if I combine them I get something very weird. Everything works just fine, except
the trying to commit the file that was restricted by the following Location/Limit:

<Location "/subversion/repo/*/*/*/folder/structure/RestrictedFile">
<Limit PUT>
Require user my_username
</Limit>
</Location>

I'm able to view, update, and checkout the file, and am able to do anything (checkout, commit,
etc) to other files in the same directory, but when I attempt perform a commit of changes
to the "RestrictedFile", I get the following error:
Error: Commit failed (details follow):
Error: Server sent unexpected return value (403 Forbidden) in response to CHECKOUT
Error: request for '/subversion/repo/!svn/ver/110/folder/structure/RestrictedFile'

the apache access log file gives me the following:
ip_address - - [30/Dec/2010:15:49:58 -0600] "OPTIONS /subversion/repo/folder/structure HTTP/1.1"
401 1337
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "OPTIONS /subversion/repo/folder/structure
HTTP/1.1" 200 -
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND /subversion/repo/folder/structure
HTTP/1.1" 207 816
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "OPTIONS /subversion/repo/folder/structure
HTTP/1.1" 200 195
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "MKACTIVITY /subversion/repo/!svn/act/71f51505-a174-8349-ab61-843f80a40f8f
HTTP/1.1" 201 234
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND /subversion/repo/!svn/vcc/default
HTTP/1.1" 207 414
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "CHECKOUT /subversion/repo/!svn/bln/110
HTTP/1.1" 201 250
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPPATCH /subversion/repo/!svn/wbl/71f51505-a174-8349-ab61-843f80a40f8f/110
HTTP/1.1" 207 469
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND /subversion/repo/folder/structure
HTTP/1.1" 207 526
ip_address - - [30/Dec/2010:15:49:59 -0600] "CHECKOUT /subversion/repo/!svn/ver/110/folder/structure/RestrictedFile
HTTP/1.1" 403 1021
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "DELETE /subversion/repo/!svn/act/71f51505-a174-8349-ab61-843f80a40f8f
HTTP/1.1" 204 -

If I remove the <Location...> entry listed above, i'm able to commit just fine.

My svnauthz file basically has this:

[/]

* =

my_username = rw

The ordering is important.  Authz uses the fist match.  The first rule matches for all users,
including ‘my_username’, so the second rule is ignored.  Try swapping the order of the
directives, i.e.

[/]

my_username = rw

* =

If I change “* = “ to “* = r”, I get the same issue.  If I change it to “* = rw”,
I’m able to commit.

Benjamin Ortega

Benjamin Ortega
----------------------------------------------
Operations Systems Engineer
Wells Fargo Bank, Des Moines, IA
CORE Build & Deploy Team
• : Benjamin.Ortega@WellsFargo.com<mailto:Benjamin.Ortega@WellsFargo.com>
• : 515-720-2700 (cell)

MAC: X2301-01X

This transmission may contain information that is confidential and/or proprietary. If you
are not the individual or entity to which it is addressed, note that any review, disclosure,
copying, retransmission, or other use is strictly prohibited. If you received this transmission
in error, please notify the sender immediately and delete the material from your system.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Mime
View raw message