[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: REPORT request failed after migrating to 0.33

From: Rodrigo B. de Oliveira <rbo_at_acm.org>
Date: 2003-11-16 14:59:12 CET

----- Original Message -----
From: "Ben Collins-Sussman" <sussman@collab.net>

> On Sun, 2003-11-16 at 07:15, Rodrigo B. de Oliveira wrote:
>
> > ...
> > Anyways, since you told me it was an authorization related error I tried
to
> > remove
> > the REPORT method from the LimitExcept directive and it started
> > working again. I don't understand why though...
>
> Well, I can explain what's going on inside apache...
>
> To perform a checkout, your svn client sends a REPORT request. The
> server's response is a long description of a tree, complete with inline
> files and properties.
>
> In your vanilla setup above, the REPORT request doesn't require any
> authentication or authorization, which is totally reasonable: you've
> set things up for anonymous read-access.
>

Yes. That's what I intended.

> What's new in svn 0.33, however, is that each path coming back to the
> client is the report-response is now 'internally' authorized by
> mod_dav_svn. Before putting the path in the response, mod_dav_svn makes
> an internal 'subrequest' to apache: "hey, would a GET of this
> repository path succeed?" If yes, then everything's fine.
>
> So the error you're seeing is that somehow mod_dav_svn has decided that
> a GET of the root-directory of your checkout would not succeed. That's
> a bit of a mystery, no?
>

Hmmm... What is considered the root of a checkout? I'm asking it because
in the way I've set my server up the repository is accessible through the
/boo/svn path but any path above it is actually inaccessible, in other
words:

    /boo/svn - read-only by anonymous, writable by valid users
    /boo/ - access denied
    / - access denied

Do you think it has something to do with it?

> Your workaround simply forced all REPORT requests (and thus all
> checkouts/updates) to require authentication. That's probably not at
> all what you want for the long-term.

You're right.

> I'd like to know if you've found some sort of edge-case
> bug in our new mod_dav_svn authorization system. But I'm not sure how
> to reproduce the problem.
>

I'll try allowing read-only access to both paths / and /boo to see if
it all works then and let you know.

Thanks again!
Rodrigo

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Nov 16 14:58:44 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.