[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Access control client error messages very poor?

From: Stefan Sperling <stsp_at_elego.de>
Date: Fri, 16 Jul 2010 10:45:24 +0200

On Thu, Jul 15, 2010 at 11:47:48PM +0100, John Beranek wrote:
> Hello all,
>
> I've just had a look through the mailing lists and the issue tracker for
> this topic, and not found it discussed before. So, I'll start in?
>
> Is the current behaviour on performing SVN activities (with Neon RA)
> that violate access controls known to be bad?
>
> Environment is:
>
> Client SVN: 1.6.9 with ra_neon
> Server SVN: Either of 1.6.12 or 1.5.6
>
> If a directory in a repository is open for read for a particular user,
> but closed for write, the following is the error message given to the
> user. It's hardly friendly, is it!?
>
> svn: Commit failed (details follow):
> svn: Server sent unexpected return value (403 Forbidden) in response to
> CHECKOUT request for '/svn/sources/!svn/ver/43/Read/Only/Area/tags'
> svn: Your commit message was left in a temporary file:
> svn: 'svn-commit.tmp'
>
> To me, the worst part of this is the "Server sent _unexpected_ return
> value". Why is "Forbidden" considered unexpected!? ra_neon is talking to
> a mod_dav_svn server, which allows access to the repository to be
> restricted - what's unexpected about that access being denied?
>
> Equally, if a user tries to check out an area of the repository they
> don't have read access to, they get:
>
> svn: Server sent unexpected return value (403 Forbidden) in response to
> OPTIONS request for 'http://svn.example.com/svn/svntest1/Private/Area'
>
> Again, "Forbidden" is "unexpected".
>
> Has no-one else reported this? Is it being worked on - anything?

Looks like this was improved in trunk ages ago, but not backported
to 1.6.x. Can you try patching a client with the diff below and let
us know if this fixes the problem?

Thanks,
Stefan

$ svn log --diff -r 876615 https://svn.apache.org/repos/asf
------------------------------------------------------------------------
r876615 | jrvernooij | 2009-03-14 16:07:08 +0100 (Sat, 14 Mar 2009) | 6 lines

* subversion/libsvn_ra_neon/util.c(generate_error): Return
  SVN_ERR_RA_DAV_FORBIDDEN for 403 errors.

Approved by: rhuijben
             dlr

Index: subversion/trunk/subversion/libsvn_ra_neon/util.c
===================================================================
--- subversion/trunk/subversion/libsvn_ra_neon/util.c (revision 876614)
+++ subversion/trunk/subversion/libsvn_ra_neon/util.c (revision 876615)
@@ -546,6 +546,10 @@ generate_error(svn_ra_neon__request_t *req, apr_po
           return svn_error_create(SVN_ERR_FS_NOT_FOUND, NULL,
                                   apr_psprintf(pool, _("'%s' path not found"),
                                                req->url));
+ case 403:
+ return svn_error_create(SVN_ERR_RA_DAV_FORBIDDEN, NULL,
+ apr_psprintf(pool, _("access to '%s' forbidden"),
+ req->url));

         case 301:
         case 302:

------------------------------------------------------------------------
$
Received on 2010-07-16 10:46:19 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.