subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terry Dooher <Terry.Doo...@naturalmotion.com>
Subject Authentication of sync user on write-through proxy.
Date Thu, 13 Jun 2013 08:45:47 GMT
Hi all,

I've set up a write-through proxy for one of our studios and I'm getting Access Denied errors
when the post-commit hook executes, or when running the sync command manually from the master.


I'm using apache 2.2/mod_dav_svn 1.7.7 on Debian 6.0. The apache config for vhost "repo-slave.example.com"
is as follows:

  # Primary configuration for local user access.
  <Location />
    Order allow,deny
    Allow from all

    DAV svn
    SVNPath "/var/svn-slave/repo"
    SVNMasterURI http://repo.example.com/proxy-master

    AuthType Basic
    AuthName "Test Repository (SLAVE)"
    AuthUserFile "/etc/apache2/auth/htpass"
    AuthzSVNAccessFile "/etc/apache2/auth/perms"
    Require valid-user
  </Location>

  # Sync access.
  <Location /repo-proxy-sync>
    DAV svn
    SVNPath "/var/svn-slave/repo"

    Order deny,allow
    # Allow connections from server VLAN only.
    Allow from 192.168.10.0/24

    AuthType Basic
    AuthName "Test Repository (SLAVE)"
    AuthUserFile "/etc/apache2/auth/sync-htpass"
    Require user syncuser
  </Location>


When executing the following from the master server 

	svnsync sync --non-interactive --no-auth-cache --sync-username syncuser \
	--sync-password <pass> http://repo-slave.example.com/repo-proxy-sync file:///var/svn/repo

I get: 

	svnsync: E175013: Unable to connect to a repository at URL 'http://repo-slave.example.com/repo-proxy-sync'
	svnsync: E175013: Access to 'http://repo-slave.example.com/repo-proxy-sync' forbidden

And this in the slave error log:

[Thu Jun 13 01:02:01 2013] [error] [client 192.168.10.10] Access denied: 'syncuser' OPTIONS
:/repo-proxy-sync

So it's 403ing; I think because it can't find 'syncuser' in /etc/apache2/auth/htpass. The
problem only occurs when I have the Primary configured at the URI root <Location />.
If I set them up on separate adjacent paths, it works; but according to the apache docs, I
_should_ be able to override settings in nested Locations. (cf: http://httpd.apache.org/docs/current/sections.html#file-and-web)


Is there a way I can get around this? I could change the Location directives, but I'd prefer
the slave URIs to mirror the master URIs (and changing those would impact a lot of automated
processes)

Thanks,

Terry.

Mime
View raw message