[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Fri, 9 Nov 2012 21:45:35 +0400

On Thu, Nov 8, 2012 at 6:49 PM, Thomas Ã…kesson
<thomas.akesson_at_simonsoft.se> wrote:
> On 5 nov 2012, at 00:21, Thomas Ã…kesson wrote:
>>

Hi Thomas,

Thank you for comprehensive testing! See my reply inline.

>> I have meant to set up a test server with our reference configuration to validate the patch under realistic circumstances. Unfortunately, the SLES activation servers have been down for several hours (we don't have dev tools on our VM Appliance by default). I will do some tests with parentpath under "/svn/" and both variations of Satisfy as soon as possible.
>
> Right, it took a while to get that test server up and running with the dev setup. I had to refresh some knowledge.
>
> I have performed the following tests with patch 2012-11-02. All tests with access file configured and "Require valid-user".
>
> Parentpath on /svn/ and Satisfy Any:
>
> - Access without auth displays repositories with anonymous access, auth is not requested.
> - Access with auth displays filtered list. Works well when browser has previously
> been on an authenticated path. This is the situation when Satisfy Any and filtered
> Collection of Repositories does not work well.
That's why mixing anonymous and authenticated access is not good thing.

> - Did a test with AuthzSVNAnonymous Off, which gave the quite surprising result
> that all content was listed both on Collection of Repositories and within the
> repositories. I doubt this is the intended behaviour?!?
I agree, this is really strange behavior. Could you check this
behavior with my patch? It's very low chance that my patch changes
this behavior.

>
>
> Parentpath on /svn/ and Satisfy All:
>
> - Authentication is required everywhere and the Collection of Repositories is beautifully filtered. Works very well with improved user experience on many installations.
>
> AuthzSVNAnonymous seems to have no effect in this case, which is expected.
>
>
> Parentpath on /:
>
> Tested both Satisfy Any/All with same results as on /svn/. Good, I had some
> concerns since there have historically been issues.
Good.

> The remaining concerns I have:
> - The combination of this patch with Satisfy Any. I am a bit more concerned than I was initially.
> - What is going on with AuthzSVNAnonymous Off? I will do more analysis of the
> code (focusing on access_checker in mod_authz_svn.c) but it would be great if
> someone could elaborate a bit on the intent.
>
It would be nice if you confirm that my patch does not change
AuthzSVNAnonymous Off behavior in this case I'll commit my patch and
we may focus on this issue.

-- 
Ivan Zhakov
Received on 2012-11-09 18:46:27 CET

This is an archived mail posted to the Subversion Dev mailing list.