subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henk P. Penning" <penn...@uu.nl>
Subject problem authz_svn_module
Date Sun, 15 Jan 2017 09:02:12 GMT
Hi,

   I use the authz_svn_module in 'repocafe' :

     http://repocafe.science.uu.nl/

   installed here :

     https://svn.science.uu.nl/

   My config :

      <Location /repos>
      DAV svn
      SVNParentPath /data/svn/repos
      AuthzSVNAccessFile /data/svn/admin/svnaccessfile
!! <LimitExcept PROPFIND>
      Satisfy Any
      Require valid-user
      AuthType Basic
      AuthName "Subversion repository"
      AuthBasicProvider svnlocal ldap_science
!! </LimitExcept>
      </Location>

   The problem is with 'private' repos with a 'public' subtree ;

     https://svn.science.uu.nl/index.php?RID=1278

   From the AuthzSVNAccessFile :

        [project.mirmon:/]
        penni101 = rw
        # anonymous read not allowed
        * =

        [project.mirmon:/trunk]
        penni101 = rw
        # anonymous read allowed
        * = r

    So, https://svn.science.uu.nl/repos/project.mirmon/trunk
    should work as if it was 'public' (anonymous access allowed).

    But, without the "LimitExcept" lines in the config shown above,
    these commands work :

     %  svn ls //svn.science.uu.nl/repos/project.mirmon/trunk
     %  svn cat //svn.science.uu.nl/repos/project.mirmon/trunk/probe

    but (and this is the PROBLEM) the checkout command prompts
    for a username/password :

     %  svn co //svn.science.uu.nl/repos/project.mirmon/trunk

    With the "LimitExcept" lines in the config, the checkout
    command works, although some errors appear in the log
    (see below).

   So, it appears that the 'checkout' command does a

     PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk

    which causes the username/password-prompt when the
    "LimitExcept" lines are omitted.

    -- Does this diagnosis make sense ?
    -- How do I make this work, without the LimitExcept trick ?

    Note :
    -- The server is apache-2.4, but 2.2 appears to have probs too.
       I wonder how authz_svn_module is supposed to work under 2.4
       proper (without the 'old' "satisfy any". Shouldn't authz_svn_module
       set an environment variable in the case "r = *" (anonymous read) ?

    -- I looked for guidance here :

         https://svn.apache.org/repos/asf/subversion/trunk/subversion/mod_authz_svn/INSTALL
         G. Example 7: Authenticated access to "Collection of Repositories"

       It comes close to my case, but it doesn't work.

   Thanks for your help ; much appreciated ; groeten,

   Henk Penning

------------------------------------------------------------   _
Henk P. Penning, ICT-beta                 R Uithof HFG-406   _/ \_
Faculty of Science, Utrecht University    T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL        F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penning@uu.nl     \_/

Log-entries for

   %  svn co //svn.science.uu.nl/repos/project.mirmon/trunk

37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS 
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS 
/repos/project.mirmon/trunk HTTP/1.1" 200 97 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS 
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "PROPFIND 
/repos/project.mirmon/!svn/rvr/64/trunk HTTP/1.1" 207 342 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS 
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS 
/repos/project.mirmon/trunk HTTP/1.1" 200 97 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS 
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"

==>  svn/error.log <==
[Sat Jan 14 14:23:10.690943 2017] [authz_svn:error] [pid 31902] [client 
37.48.69.238:47680] Access denied: - PROPFIND project.mirmon:/

==>  svn/access.log <==
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "PROPFIND 
/repos/project.mirmon/!svn/rvr/64 HTTP/1.1" 403 234 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "REPORT 
/repos/project.mirmon/!svn/me HTTP/1.1" 200 201362 "-" "SVN/1.8.8 
(x86_64-pc-linux-gnu) serf/1.3.3

Mime
View raw message