On Sun, 2003-11-16 at 07:15, Rodrigo B. de Oliveira wrote:
> <Location /boo/svn>
> DAV svn
> SVNPath /svnroot/boo
>
> AuthType Basic
> AuthName "boo subversion repository"
> AuthUserFile /etc/httpd/conf/boosvn-auth-file
>
> <LimitExcept PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> </Location>
>
> Anyways, since you told me it was an authorization related error I tried to
> remove
> the REPORT method from the LimitExcept directive and it started
> working again. I don't understand why though...
Well, I can explain what's going on inside apache...
To perform a checkout, your svn client sends a REPORT request. The
server's response is a long description of a tree, complete with inline
files and properties.
In your vanilla setup above, the REPORT request doesn't require any
authentication or authorization, which is totally reasonable: you've
set things up for anonymous read-access.
What's new in svn 0.33, however, is that each path coming back to the
client is the report-response is now 'internally' authorized by
mod_dav_svn. Before putting the path in the response, mod_dav_svn makes
an internal 'subrequest' to apache: "hey, would a GET of this
repository path succeed?" If yes, then everything's fine.
So the error you're seeing is that somehow mod_dav_svn has decided that
a GET of the root-directory of your checkout would not succeed. That's
a bit of a mystery, no?
Your workaround simply forced all REPORT requests (and thus all
checkouts/updates) to require authentication. That's probably not at
all what you want for the long-term. We need to figure out the real
problem here. I'd like to know if you've found some sort of edge-case
bug in our new mod_dav_svn authorization system. But I'm not sure how
to reproduce the problem.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Nov 16 14:43:22 2003