[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories

From: Thomas ┼kesson <thomas.akesson_at_simonsoft.se>
Date: Thu, 8 Nov 2012 15:49:09 +0100

On 5 nov 2012, at 00:21, Thomas ┼kesson wrote:
>
> I have meant to set up a test server with our reference configuration to validate the patch under realistic circumstances. Unfortunately, the SLES activation servers have been down for several hours (we don't have dev tools on our VM Appliance by default). I will do some tests with parentpath under "/svn/" and both variations of Satisfy as soon as possible.

Right, it took a while to get that test server up and running with the dev setup. I had to refresh some knowledge.

I have performed the following tests with patch 2012-11-02. All tests with access file configured and "Require valid-user".

Parentpath on /svn/ and Satisfy Any:

 - Access without auth displays repositories with anonymous access, auth is not requested.
 - Access with auth displays filtered list. Works well when browser has previously been on an authenticated path. This is the situation when Satisfy Any and filtered Collection of Repositories does not work well.
 - Did a test with AuthzSVNAnonymous Off, which gave the quite surprising result that all content was listed both on Collection of Repositories and within the repositories. I doubt this is the intended behaviour?!?

Parentpath on /svn/ and Satisfy All:

 - Authentication is required everywhere and the Collection of Repositories is beautifully filtered. Works very well with improved user experience on many installations.

AuthzSVNAnonymous seems to have no effect in this case, which is expected.

 
Parentpath on /:

Tested both Satisfy Any/All with same results as on /svn/. Good, I had some concerns since there have historically been issues.

The remaining concerns I have:
 - The combination of this patch with Satisfy Any. I am a bit more concerned than I was initially.
 - What is going on with AuthzSVNAnonymous Off? I will do more analysis of the code (focusing on access_checker in mod_authz_svn.c) but it would be great if someone could elaborate a bit on the intent.

Thanks,
Thomas ┼.
Received on 2012-11-08 16:04:46 CET

This is an archived mail posted to the Subversion Dev mailing list.