[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug in authentication when working with "needs-lock"

From: Froenchenko Leonid <gregor66_at_mail.ru>
Date: 2006-11-27 12:41:34 CET

The problem seems to be in following code:
        static svn_error_t *add_lock_tokens(svn_ra_svn_conn_t *conn,
                                            apr_array_header_t
        *lock_tokens,
                                            server_baton_t *sb,
                                            apr_pool_t *pool)
        {
         
        ...
              if (! lookup_access(pool, sb, svn_authz_write,
                                  path_item->u.string->data, TRUE))
                return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED,
                                        NULL, NULL);
        ...
        }
        
The problem that lookup_access() is called for path_item->u.string->data
which equal to filename. As a result, access check is performed for
something called "/filename" ("/" is added internally). Since user have
no write access to repository root, authentication is failed.

On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> Actually, in trying to reproduce this error, I've discovered that user
> 'yosi' can't even 'svn lock' the file in the first place:
>
> $ svn lock file -m "blahblah" --username yosi
> Authentication realm: <svn://localhost:3690> My First Repository
> Password for 'yosi':
> subversion/svnserve/serve.c:1754: (apr_err=170001)
> svn: Authorization failed
>
> I think we should file this as a bug.
>
>
>
> On 11/22/06, Froenchenko Leonid <gregor66@mail.ru> wrote:
> > When performing commit against svnserve for file which being locked (and
> > have svn:needs-lock), and user have write access only to affected
> > directory (not repository root), commit is failed with:
> >
> > svn: Commit failed (details follow):
> > svn: Authorization failed
> >
> > If lock removed before commit, everithing is fine.
> >
> > Setup:
> > authz:
> >
> > [groups]
> > g0=yosi
> > g1=moshe
> >
> > [/]
> > *=r
> >
> > [/trunk/dir0]
> > @g0=rw
> >
> > [/trunk/dir1]
> > @g1=rw
> >
> > When user "yosi" commits in dir0, error is happen.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 27 05:41:55 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.