subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko Čibej <br...@apache.org>
Subject Re: Apache SVN module and LUA authentification hook
Date Fri, 05 Jan 2018 15:29:47 GMT
On 05.01.2018 16:00, Stefan Hauffe wrote:
>
> Hello community,
>
>  
>
> I have an Apache 2.4 which shall deliver SVN repos by the
> http-Protocol. I’m experienced with standard Basic Authentification
> and path-based authorization for the Subversion repo.
>
>  
>
> In my new application, the authentication will be done by a LUA-script
> using the directive “LuaHookCheckUserID”. Generally, the LUA script
> works as expected (used this documentation
> <https://httpd.apache.org/docs/trunk/mod/mod_lua.html#luahookcheckuserid>).
>
>  
>
> Unfortunately it seems, that the authorization file (Subversion
> Accessfile) is not read out correctly. I see an empty repo with my
> (authorized) user.
>
>  
>
> From the logfile (Debug/Error) I see, that LUA granted my user. But
> also a “Access denied” message on a SVN file path:
>
>  
>
> [lua:debug] [pid 6872:tid ] @/path/to/hook.lua(29): [client ip]
> Accepted user myuser
>
> [authz_svn:info] [pid 6872:tid ] [client ip] Access granted: 'myuser'
> GET (null)
>
> [authz_svn:debug] [pid 6872:tid ]
> subversion/mod_authz_svn/mod_authz_svn.c(450): [client ip] Path to
> authz file is /path/to/accessfile
>
> [authz_svn:info] [pid 6872:tid ] [client ip] Access denied: - GET
> repo002:/file.txt
>
>  
>
> My simplest working LUA-Scripts goes here:
>
>  
>
> require 'apache2'
>
> function authcheck_hook(r)
>
>     r.user = "myuser"
>
>     r:debug("Accepted user " .. r.user)
>
>     return apache2.OK
>
> end
>

Are you really changing the username stored in the request in your
authentication script? That could certainly be the problem, AFAIK
there's no guarantee that that change gets propagated back to mod_authz_svn.

(It's also a horribly wrong approach to authentication.)

-- Brane


Mime
View raw message