[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: [Issue 4416] New - Anonymous checkout of public directory hosted bypre-1.8 fails if repo root is not public

From: Bert Huijben <bert_at_qqmail.nl>
Date: Thu, 22 Aug 2013 10:12:43 +0200

This is most likely related to obtaining inherited properties,..

Could be a huge regression in soms setups.

Bert

-----Original Message-----
From: "marktsuchida_at_tigris.org" <marktsuchida_at_tigris.org>
Sent: ‎22-‎8-‎2013 07:09
To: "issues_at_subversion.tigris.org" <issues_at_subversion.tigris.org>
Subject: [Issue 4416] New - Anonymous checkout of public directory hosted bypre-1.8 fails if repo root is not public

http://subversion.tigris.org/issues/show_bug.cgi?id=4416
                 Issue #|4416
                 Summary|Anonymous checkout of public directory hosted by pre-1
                        |.8 fails if repo root is not public
               Component|subversion
                 Version|1.8.x
                Platform|All
                     URL|
              OS/Version|All
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P2
            Subcomponent|libsvn_client
             Assigned to|issues_at_subversion
             Reported by|marktsuchida

------- Additional comments from marktsuchida_at_tigris.org Wed Aug 21 22:04:38 -0700 2013 -------
The 1.8.0 and 1.8.1 clients (tested with Linux and OS X command line and
Windows TortoiseSVN, though not every possible version-OS combination) do not
allow anonymous users to check out a public directory in a repository hosted by
the 1.6.11 (CentOS) server, if the root of the repository is not publicly
readable.

Complete steps to set up a server to reproduce:
(Using HTTP for testing but the behavior is the same if HTTPS is used.)

1. Start a fresh CentOS 6.4 VM and run sudo yum install mod_dav_svn subversion httpd
(I tested with mod_dav_svn-1.6.11-9.el6_4.x86_64,
subversion-1.6.11-9.el6_4.x86_64, and httpd-2.2.15-29.el6_4.x86_64)

2. Open port 80, set ServerName in /etc/httpd/conf/httpd.conf

3. Put the following in /etc/httpd/conf.d/subversion.conf:
-- begin --
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn
   AuthType Basic
   AuthName "SVN Realm"
   AuthUserFile /etc/svn-auth-conf
   AuthzSVNAccessFile /etc/svn-acl-conf
   Satisfy Any
   Require valid-user
</Location>
-- end --

4. Set password for one user via sudo htpasswd -cm /etc/svn-auth-conf testadmin

5. Put the following in /etc/svn-acl-conf:
-- begin --
[/]
testadmin = rw
* =
[myrepo:/trunk]
testadmin = rw
* = r
-- end --

6. sudo svnadmin create /var/www/svn/myrepo

7. Import an initial revision containing the trunk directory

8. sudo service httpd start

Symptom:

With an 1.8.1 client,

$ svn co http://example.com/svn/myrepo/trunk
-> Requires username/password, unexpectedly

$ svn co http://example.com/svn/myrepo
-> Requires username/password, as expected

$ svn list http://example.com/svn/myrepo/trunk
-> Succeeds without username/password.

Whereas, with an 1.6.18 (neon), 1.7.11 (neon), or 1.7.11 (serf) client,

$ svn co http://example.com/svn/myrepo/trunk
-> Succeeds without username/password, as expected

Access log for successful checkout with 1.7.11 (neon) client:

xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
453 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207
700 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:01 -0400] "REPORT /svn/myrepo/!svn/vcc/default HTTP/1.1" 200
1149 "-" "SVN/1.7.11 neon/0.29.6"

Access log for successful checkout with 1.7.11 (serf) client:

xx.xx.xx.xx - - [22/Aug/2013:00:49:19 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:19 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207
330 "-" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "REPORT /svn/myrepo/!svn/vcc/default HTTP/1.1" 200
471 "-" "SVN/1.7.11 serf/1.3.1"

(Note the PROPFIND /svn/myrepo/!svn/bc/1/trunk)

Access log for unsuccessful anonymous checkout with 1.8.1 client:

xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207
766 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 269 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207
330 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:23 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:23 -0400] "PROPFIND /svn/myrepo/!svn/bc/1 HTTP/1.1" 401 518 "-"
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"

(Note the PROPFIND /svn/myrepo/!svn/bc/1, without the /trunk, which fails with a 401 Unauthorized)

Please also see: http://svn.haxx.se/users/archive-2013-08/0334.shtml

I have not tested with server 1.7.x (sorry).

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=463&dsMessageId=3063177

To unsubscribe from this discussion, e-mail: [issues-unsubscribe_at_subversion.tigris.org].
Received on 2013-08-22 10:15:15 CEST

This is an archived mail posted to the Subversion Dev mailing list.