Re: [PATCH] Re: passwd file permissions with svn+ssh

From: Daniel Shahaf <d.s_at_daniel.shahaf.co.il>
Date: Wed, 30 Apr 2008 22:21:08 +0300 (IDT)

Greg Hudson wrote on Wed, 30 Apr 2008 at 15:11 -0400:
> That looks fine, but I would add a comment.

I'll add a comment, run 'make check' and commit.

Thanks Greg,

Daniel

> (Actually, I'm not sure why SVN_ERR_BAD_FILENAME is being ignored
> either.)
>
> Daniel Shahaf wrote:
> > [ Kristian, since you said you wouldn't have time, I went ahead and looked
> > into this. ]
> >
> > Greg Hudson wrote on Tue, 29 Apr 2008 at 11:27 -0400:
> >
> > > On Tue, 2008-04-29 at 17:55 +1000, Kristian Kauper wrote:
> > >
> > > > I just don't get why this is an issue in the first place. Why does the
> > > > code need to read the passwd file if a user has already authenticated
> > > > via SSH? I thought that was the point of the SSH access method.
> > > >
> > > I agree with Kristian here, and this is probably an oversight on my part
> > > when I wrote the code (although it's been a while). If the passwd file
> > > is unreadable, svnserve should just fail to authenticate anyone with
> > > passwords, so that the same repository can be used with svn+ssh and
> > > svnserve.
> > >
> >
> > Does this change look correct?
> >
> > Index: subversion/svnserve/serve.c
> > ===================================================================
> > --- subversion/svnserve/serve.c (revision 30863)
> > +++ subversion/svnserve/serve.c (working copy)
> > @@ -236,7 +236,9 @@ svn_error_t *load_configs(svn_config_t **cfg,
> > if (server)
> > /* Called by listening server; log error no matter what it is.
> > */
> > log_server_error(err, server, conn, pool);
> > - if (err->apr_err != SVN_ERR_BAD_FILENAME)
> > +
> > + if (err->apr_err != SVN_ERR_BAD_FILENAME
> > + && ! APR_STATUS_IS_EACCES(err->apr_err))
> > {
> > if (server)
> > {
> >
> > Here is the effect. In the examples, svnserve is run in --tunnel mode.
> >
> > 0:% chmod 0 repos/conf/passwd
> > 0:% grep anon-access repos/conf/svnserve.conf
> > anon-access = write
> >
> > # current trunk
> > 0:% svn co svn+trunk://`pwd`/repos wc
> > subversion/svnserve/serve.c:248: (apr_err=215004)
> > svn: Authentication failed
> >
> > # with the patch
> > 0:% svn co svn+patched://`pwd`/repos wc | tail -1
> > Checked out revision 1.
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-30 21:21:45 CEST

This message: [ Message body ]
Next message: Jamax: "Revision number in source, exported"
Previous message: Greg Hudson: "Re: [PATCH] Re: passwd file permissions with svn+ssh"
In reply to: Greg Hudson: "Re: [PATCH] Re: passwd file permissions with svn+ssh"
Next in thread: Daniel Shahaf: "Re: [PATCH] Re: passwd file permissions with svn+ssh"
Reply: Daniel Shahaf: "Re: [PATCH] Re: passwd file permissions with svn+ssh"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]