svn propget problem(?)

From: Andrea Simonini <andrea.simonini_at_gmail.com>
Date: Thu, 19 Apr 2012 15:00:43 +0200

Hello svn users,

I run into the following problem(?) when trying to get revision
properties on a repository with mod_dav_authz enabled.
Specifically I've installed CollabNetSubversion-server-1.6.12-1
( apache 2.2 + DAV ) on Linux REL 5.5.
I've configured path based authorization with mod_svn_authz.

Now if I issue from svn client a propget command to get a revision
property (e.g. svn:log) on a URL the user has access to the behavior is
different when the creation history of the path is different.

Here follows the steps to reproduce the behavior:

1)Create a fresh repository:
$svnadmin create propget
$ vi propget/hooks/
$ mv propget/hooks/pre-revprop-change.tmpl propget/hooks/pre-revprop-change
$ chmod +x propget/hooks/pre-revprop-change

2) Add "ACL" in the svn-authz.conf file:
[groups]
propget=username

[propget:/level1/level2]
@propget = rw

3) Add a two folder tree in the repository structure (level1/level2):

$ svn co http://server/svn/propget
Authentication realm: <http://server:80> Subversion Repository
Password for 'ADMIN':
Checked out revision 0.
$ cd propget/
$ mkdir level1
$ mkdir level1/level2
$ svn add level1
A level1
A level1/level2
$ svn ci -m"message 000"
Authentication realm: <http://server:80> Subversion Repository
Password for 'ADMIN':
Adding level1
Adding level1/level2

Committed revision 1.

4) get revision properties with the specific user:

C:\tmp\test>svn pg svn:log --revprop -r HEAD
http://server/svn/propget/level1/level2
--username username

Authentication realm: <http://server:80> Subversion Repository
Password for 'username': ********

>>>>empty reply

The apache logs reports the following request made by the svn client:

[info] [client 10.10.10.10] Access granted: 'username' OPTIONS
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND propget:
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND propget:
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND propget:
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[error] [client 10.10.10.10] Access denied: 'username' GET
propget:/level1 <<<<<
denied
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/level1
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/level1
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/
[info] [client 10.10.10.10] Access granted: 'username' GET propget:

Now if I do the same but with a slightly different command sequence:

1) repeat step 1
2) repeat step 2

3) Now the tree (level1/level2) is created in two steps:
3.1)$ svn co http://server/svn/propget
Authentication realm: <http://server:80> Subversion Repository
Password for 'ADMIN':
Checked out revision 0.
$ cd propget/
$ mkdir level1
$ svn add level1
A level1
$ svn ci -m"message 000"
Authentication realm: <http://server:80> Subversion Repository
Password for 'ADMIN':
Adding level1

Committed revision 1.

3.2)$ cd level1
$ mkdir level2
$ svn add level2
A level2
$ svn ci -m"message 001"
Authentication realm: <http://server:80> Subversion Repository
Password for 'ADMIN':
Adding level1/level2

Committed revision 2.

4) get revision properties:
C:\tmp\test>svn pg svn:log --revprop -r HEAD
http://server/svn/propget/level1/level2 --username username

Authentication realm: <http://server:80> Subversion Repository
Password for 'username': ********
>>>> correct answer: message 001

here follows the trace on apache logs, no calls are made to the upper level
(level1):

[info] [client 10.10.10.10] Access granted: 'username' OPTIONS
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND propget:
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND propget:
[info] [client 10.10.10.10] Access granted: 'username' PROPFIND propget:
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[info] [client 10.10.10.10] Access granted: 'username' GET
propget:/level1/level2
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/
[error] [client 10.10.10.10] Access denied: 'username' GET propget:/
[info] [client 10.10.10.10] Access granted: 'username' GET propget:

Please note that I've checked against:
svn client on Linux
svn, version 1.6.12 (r955767) compiled Jun 21 2010, 14:15:05

svn client on Windows
svn, version 1.7.4 (r1295709) compiled Mar 5 2012, 09:29:21
with the same behavior.

Is this the correct behavior ? Am I missing something ?

Many thanks for your help.

Ciao
Andrea
Received on 2012-04-19 15:35:47 CEST

This message: [ Message body ]
Next message: Johan Corveleyn: "Re: Sparse Checkout With Externals (1.7.6)"
Previous message: Wolfram Nyaa~: "XDG Base Directory Specification support?"
Next in thread: Stefan Sperling: "Re: svn propget problem(?)"
Reply: Stefan Sperling: "Re: svn propget problem(?)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]