[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: anonymous svn checkout fails in 1.9.4

From: Ateljevich, Eli_at_DWR <Eli_at_DWR>
Date: Thu, 23 Jun 2016 23:59:07 +0000

Stefan,
This was a very helpful answer. So if I understand correctly, the reason I am being asked for credentials is because the 1.9 client needs to query properties from the root to construct a string of inheritance and overriding and anonymous doesn't have the authorization to look at these in the root. Presumably a 1.9 server would understand this was special form of query and resolve all the inheritance first before drawing hasty conclusions about permissions. So the only way to make this client work with a 1.6 server would be to give $anonymous or * read access and then "ungive" this permission in places like /trunk where we don't want it to avoid the inheritance? Am I paraphrasing you correctly?

You bring up a difference between * and $anonymous, I thought that $anonymous evaluated to "non-authenticated user". How are they different? If this is true the SVN book is unclear -- it really implies $anonymous is the complement of $authenticated. Are there practical implications? Am I going to need to say user=anonymous and passwd='' with the client? Or was this always true and it is a situation Tortoise detects and takes care of behind the scene? I have to know because we have linux users and tortoise users.

Finally, I agree with your suggestion to upgrade. I will pitch version 1.9 of the server to the administrator and point out trouble is brewing. I also understand it isn't a Tortoise issue and can communicate that point. If I may make a small suggestion, some of the documentation indicates that 1.9 clients are compatible with earlier versions of the servers with the caveat that they will have performance problems with inherited properties. This isn't a strong enough statement for pre-1.8 servers.

Eli

________________________________________
From: Stefan Küng [tortoisesvn_at_gmail.com]
Sent: Thursday, June 23, 2016 11:01 AM
To: users_at_tortoisesvn.tigris.org
Subject: Re: anonymous svn checkout fails in 1.9.4

On 23.06.2016 00:19, Ateljevich, Eli_at_DWR wrote:
> Thanks for the reply, Stefan. It took a while to gather some
> details. The repository server is using svn version 1.6.18. It is
> using basic authentication with its own password file. Below is the
> svn.authz file, and the directory in that we are trying to access
> anonymously using http is the branches/v5.3 directory.
>
> Again, I've tried several operating systems and versions of tortoise
> on the client end. The server is the same across the experiment. The
> challenge for authentication happens for tortoise 1.9.x.
>
>
>
> ____________________________________________________________________
>
> [/] $authenticated = rw
>
> [/tags] $anonymous = r
>
> [/branches/v5.3] $anonymous = r

Not sure how you've set this up, but "$anonymous" is not really a
non-authenticated setup. If you want to give read access to anyone,
you'd have to use

[/branches/v5.3]
*=r

Anyway, I think I found the problem:

svn 1.9 has a feature named "inherited properties". Which means that
properties are passed down from parent folders to subfolders
automatically. You can even set properties on the repository root and
still have them take effect on e.g. trunk - you don't even have to check
out from the root.

In this case, svn tries to read the properties from the repository root
when you do a checkout. And since the repository root has no anonymous
read access, you're asked for credentials.

To avoid this issue, you'd have to upgrade your server to svn 1.9 as
well, or make the repository root accessible to anonymous as well.

I would recommend that you upgrade your server, because the 1.6 branch
is 7 years old and is not supported anymore. And it already lacks a few
security fixes. And your server is accessible over the internet.

Note: the problem with you getting asked for authentication is not TSVN
specific but will happen with any svn 1.9 client.

Stefan

--
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3176527
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3176580
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-06-24 01:59:21 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.