I saw that too, we have tested with /ecomm.*/webprojects as well.
Either way, it challenges everything else, but does not submit
credentials on the actual LOCK request
Sample from logs below. the initial challenge on the first two lines
collects the credentials. The credentials are used for several
PROPFINDs and then not used for the actual LOCK. The first number after
the URI is the http status code. The field after the IP address is the
user credential {REMOTE_USER}
Note the timestamp for all records is the same. This is one svn
TortoiseSVN action.
apache logs
2006-06-22 12:13:36 3.144.56.85 - httpd PROPFIND
/svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt 401 813 633
1673 "SVN/1.3.0 (r17949) neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 - httpd PROPFIND
/svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt 401 813 633
1787 "SVN/1.3.0 (r17949) neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 jeb.beasley@penske.com httpd PROPFIND
/svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt 207 964 700
225085 "SVN/1.3.0 (r1
7949) neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 jeb.beasley@penske.com httpd PROPFIND
/svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt 207 964 700
225144 "SVN/1.3.0 (r1
7949) neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 jeb.beasley@penske.com httpd PROPFIND
/svn/ecomm/!svn/vcc/default 207 576 456 4148 "SVN/1.3.0 (r17949)
neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 jeb.beasley@penske.com httpd PROPFIND
/svn/ecomm/!svn/vcc/default 207 576 456 4172 "SVN/1.3.0 (r17949)
neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 jeb.beasley@penske.com httpd PROPFIND
/svn/ecomm/!svn/bln/378 207 631 489 5627 "SVN/1.3.0 (r17949)
neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 jeb.beasley@penske.com httpd PROPFIND
/svn/ecomm/!svn/bln/378 207 631 489 5677 "SVN/1.3.0 (r17949)
neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 - httpd LOCK
/svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt 401 692 478
94309 "SVN/1.3.0 (r17949) neon/0.25.4" "-"
2006-06-22 12:13:36 3.144.56.85 - httpd LOCK
/svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt 401 692 478
94358 "SVN/1.3.0 (r17949) neon/0.25.4" "-"
Erik Huelsmann wrote:
> On 6/26/06, Jeb <jeb.beasley@penske.com> wrote:
>
>> We are using Apache authentication/authorization to limit access, not
>> subversion.
>>
>> Up until we got into this lock issue, this kind of authorization scheme
>> is working well. The problem surfaced when users set the needs-lock
>> property on files.
>>
>> As I understand, the mod_authz_svn mechanism does not do any pattern
>> matching, and out tests indicate that if we have a rule for
>> [repo/project/branches/dev]
>> that is does not match
>> repo/project/branches/dev/module/source.ext
>>
>> We have branches like dev_gh, dev_phase2, dev_pl and based on the
>> parent project control access to group members for that group.
>>
>> When I request a lock, the apache logs show several authenticated
>> propfinds, and then a LOCK request without the authentication token.
>> (Log snippet attached to previous message)
>
>
> Maybe:
> /svn/ecomm/webprojects/autotest/branches/dev_gh/test.txt
>
> doesn't match /ecomm/.*/webprojects? I think there's one forward slash
> too many?
>
> HTH,
>
>
> Erik.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jun 26 17:42:50 2006