Branko Čibej [u] wrote on 06/08/2004 15:53:
> Sven Mueller wrote:
>
>> Ben Collins-Sussman [u] wrote on 05/08/2004 21:59:
>>
>>> On Thu, 2004-08-05 at 14:52, Sven Mueller wrote:
>>>
>>>
>>>> As you can see, the user parameter ($3) is actually passed to the
>>>> script (if not, the svn:log would move up into the USER parameter),
>>>> but empty.
>>>
>>>
>>>
>>> This simply means that the server never sent an authentication challenge
>>> to the client. It's the same reason it's possible to end up with
>>> revisions that have no 'svn:author' property. No authentication means
>>> no username to store.
>>
>>
>>
>> As requested, here are the configuration lines in httpd.conf:
>>
>> # Enable subversion access
>> <IfModule mod_dav.c>
>> <IfModule mod_dav_svn.c>
>> <Location /svn>
>> DAV svn
>> SVNParentPath /var/repositories
>> #SVNAutoversioning on
>> AuthzSVNAccessFile /usr/local/subversion/conf/SVNaccess
>> Satisfy Any
>
>
> Oops.
>
>> Require valid-user
>> AuthType Basic
>> AuthName "Leogic Subversion access"
>> AuthUserFile /usr/local/subversion/conf/htpasswd
>> </Location>
>> </IfModule>
>> </IfModule>
Not much of an "Ooops":
If you set it to "Any", anyone can connect without authentication if the
AuthzSVNAccessFile specifies read access is allowed to "". It won't
allow anonymous access though if the AuthzSVNAccessFile doesn't grant
anonymous users any access.
Problem is that even if someone _could_ authenticate himself,
pre-revprop hook fails because it is called with a non-authenticated
user, which I would say is a bug. Note that the authentication
credentials are saved in the users .subversion/auth directory, so the
commandline client knows it can authenticate to the server.
If I should fix the problem on the client side, I would either
1) always send authentication information when I know it for the given
server.
2) if an operation fails when done anonymously, try it again with
authentication.
If I should fix it on the server side (which might not be possible,
depending on the DAV protocol), I would do it this way:
- On request to change a property:
- Check AuthzSVNAccessFile, if it doesn't allow write for the
anonymous user (""), require authentication
- check pre-revprop hook
Problem is: I don't know the source good enough to do any of that, let
alone having the time to do it.
cu,
sven
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 6 16:36:52 2004