[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Fix for issue 2753 "SVNListParentPath feature doesn't work when svn authz is used."

From: Kamesh Jayachandran <kamesh_at_collab.net>
Date: Thu, 08 Apr 2010 18:32:20 +0530

Hi All,

Attached patch fixes issue 2753.

Quick description of 2753.

<Location /svn>
   DAV svn
   SVNParentPath /repositories
   AuthType Basic
   AuthName "My SVN"
   AuthUserFile /etc/httpd/conf.d/users
   allow from all
   AuthzSVNAccessFile /etc/httpd/conf.d/svn_access_file
</Location>

With the above configuration 'wget http://localhost/svn' gets 403 Access
forbidden.

Thrown from the following stack trace.

mod_dav_svn/repos.c:dav_svn_split_uri() <-- This function throws this
403 logging the following in the error_log
                                "The URI does not contain the name "
                                "of a repository.");
mod_authz_svn:req_check_access()
mod_authz_svn:access_checker()

The suggested work around for this issue is to define a <Location> with
a trailing slash i.e <Location /svn/>

Why this work around works?

Whatever that is defined in the <Location /svn> or <Location /svn/> is
passed as is in the variable name 'root_path'.
dav_svn_split_uri() always removes the trailing slash of the uri.

So uri becomes '/svn' and root_path becomes '/svn' or '/svn/' based on
how it is configured in the Location block.

In the work around case

relative = ap_stripprefix("/svn", "/svn/"); //relative becomes '/svn'
and hence passes rest of the code path without error.

While 'relative' becomes empty string for ap_stripprefix("/svn", "/svn")
and hence this 403.

About the fix:
Fix is to 'relax' mod_authz_svn for 'requests' that are for the repo parent.

I tested the following cases with this patch:
With the restrictive(read-only) authz, tried to set prop on the '/' of
the repo(configured to serve via SVNPath), it failed as expected.

Ran through the testsuite, It did not break any new tests.

[[[
[issue2753] Fix issue 2753.

Relax requests aimed at the repo Parent path from authz control.

* subversion/mod_authz_svn/mod_authz_svn.c
   (req_check_access): When canonicalized 'uri' and 'root_path' are same
    allow the request.
]]]

If there are no objections will commit this in next couple of days.

Thanks
With regards
Kamesh Jayachandran

Received on 2010-04-08 15:03:09 CEST

This is an archived mail posted to the Subversion Dev mailing list.