Daniel Shahaf wrote on Wed, 30 Apr 2008 at 22:21 +0300:
> Greg Hudson wrote on Wed, 30 Apr 2008 at 15:11 -0400:
> > That looks fine, but I would add a comment.
>
> I'll add a comment, run 'make check' and commit.
>
Committed r30868 and nominated for backport.
Thanks,
Daniel
> Thanks Greg,
>
> Daniel
>
> > (Actually, I'm not sure why SVN_ERR_BAD_FILENAME is being ignored
> > either.)
> >
> > Daniel Shahaf wrote:
> > > [ Kristian, since you said you wouldn't have time, I went ahead and looked
> > > into this. ]
> > >
> > > Greg Hudson wrote on Tue, 29 Apr 2008 at 11:27 -0400:
> > >
> > > > On Tue, 2008-04-29 at 17:55 +1000, Kristian Kauper wrote:
> > > >
> > > > > I just don't get why this is an issue in the first place. Why does the
> > > > > code need to read the passwd file if a user has already authenticated
> > > > > via SSH? I thought that was the point of the SSH access method.
> > > > >
> > > > I agree with Kristian here, and this is probably an oversight on my part
> > > > when I wrote the code (although it's been a while). If the passwd file
> > > > is unreadable, svnserve should just fail to authenticate anyone with
> > > > passwords, so that the same repository can be used with svn+ssh and
> > > > svnserve.
> > > >
> > >
> > > Does this change look correct?
> > >
> > > Index: subversion/svnserve/serve.c
> > > ===================================================================
> > > --- subversion/svnserve/serve.c (revision 30863)
> > > +++ subversion/svnserve/serve.c (working copy)
> > > @@ -236,7 +236,9 @@ svn_error_t *load_configs(svn_config_t **cfg,
> > > if (server)
> > > /* Called by listening server; log error no matter what it is.
> > > */
> > > log_server_error(err, server, conn, pool);
> > > - if (err->apr_err != SVN_ERR_BAD_FILENAME)
> > > +
> > > + if (err->apr_err != SVN_ERR_BAD_FILENAME
> > > + && ! APR_STATUS_IS_EACCES(err->apr_err))
> > > {
> > > if (server)
> > > {
> > >
> > > Here is the effect. In the examples, svnserve is run in --tunnel mode.
> > >
> > > 0:% chmod 0 repos/conf/passwd
> > > 0:% grep anon-access repos/conf/svnserve.conf
> > > anon-access = write
> > >
> > > # current trunk
> > > 0:% svn co svn+trunk://`pwd`/repos wc
> > > subversion/svnserve/serve.c:248: (apr_err=215004)
> > > svn: Authentication failed
> > >
> > > # with the patch
> > > 0:% svn co svn+patched://`pwd`/repos wc | tail -1
> > > Checked out revision 1.
> > >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-30 22:18:30 CEST