Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 09A6E1828E for ; Thu, 13 Aug 2015 10:53:18 +0000 (UTC) Received: (qmail 10597 invoked by uid 500); 13 Aug 2015 10:53:16 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 10566 invoked by uid 500); 13 Aug 2015 10:53:16 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 10549 invoked by uid 99); 13 Aug 2015 10:53:16 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Aug 2015 10:53:16 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 393CF1AA037 for ; Thu, 13 Aug 2015 10:47:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.511 X-Spam-Level: *** X-Spam-Status: No, score=3.511 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RDNS_NONE=2.5, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 4C3E-T8PRnNL for ; Thu, 13 Aug 2015 10:47:07 +0000 (UTC) Received: from spamd1-us-west.apache.org (unknown [209.188.14.142]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTP id 575D852427 for ; Thu, 13 Aug 2015 10:36:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id CD19EDD3EF for ; Thu, 13 Aug 2015 10:36:10 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id iPjxtRwgR3-W for ; Thu, 13 Aug 2015 10:35:57 +0000 (UTC) Received: from mail.am-soft.de (mail.am-soft.de [83.218.36.120]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 6FB0E33578 for ; Thu, 13 Aug 2015 10:30:47 +0000 (UTC) Envelope-To: users@subversion.apache.org Received: from localhost (dslb-178-000-097-206.178.000.pools.vodafone-ip.de [178.0.97.206]) by mail.am-soft.de (Postfix) with ESMTP id 7F464EAAB9 for ; Thu, 13 Aug 2015 12:30:46 +0200 (CEST) Date: Thu, 13 Aug 2015 12:30:45 +0200 From: =?iso-8859-1?Q?Thorsten_Sch=F6ning?= Organization: AM-SoFT IT-Systeme X-Priority: 3 (Normal) Message-ID: <1622829424.20150813123045@am-soft.de> To: users@subversion.apache.org Subject: Re: SVNListParentPath without path based authz checks? In-Reply-To: <20150811223328.GI1859@tarsus.local2> References: <303322122.20150810202249@am-soft.de> <20150811223328.GI1859@tarsus.local2> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Guten Tag Daniel Shahaf, am Mittwoch, 12. August 2015 um 00:33 schrieben Sie: > SVNListParentPath used to list all repositories, but not too long ago > that was changed to only list repositories that the authenticated user > has access to. (I can't find the commit that made the change, and > I don't recall whether the required access is "r access to the root of > that repository" or "r access to at least one path in that repository".) For the docs: Regarding my tests it's "r access to the root of that repository" and therefore doesn't work very well with my intended setup to allow all "the world" to see the list of repos, because for that to work, "*" would need to be granted read access at the root level, which would get inherited and need to be revoked for subdirs until one adds a new subdir and forgets to revoke... > I'm not sure how to achieve what you want with mod_dav_svn 1.9.0. > Perhaps there's an httpd.conf trick you could use? You'll want to have > the authz check return TRUE when the original request is for the > SVNListParentPath dir, and FALSE when the original request is attempting > to access the repository root or anything within the repository. I tried that using a PerlAuthzHandler, but 1. it needs authentication first, whereas I thought of letting everyone see the list, and 2. and more problematic I can't get it to forward the authz handling to mod_dav_svn for every request which is not only listing the repos. I can distinct both simply using the requested URL and can allow access for the listing itself, but returning DECLINED to forward to other handlers doesn't seem to have any effect. I guess because mod_dav_svn simply is not part of mod_perl handlers[2]. Looks like I need to present the list of repos some other way if really needed. [1] https://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandl= er [2] https://perl.apache.org/docs/2.0/user/handlers/intro.html#Stacked_Handl= ers Mit freundlichen Gr=FC=DFen, Thorsten Sch=F6ning --=20 Thorsten Sch=F6ning E-Mail: Thorsten.Schoening@AM-SoFT.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...........05151- 9468- 55 Fax...............05151- 9468- 88 Mobil..............0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Gesch=E4ftsf=FChrer: Andreas Muchow