[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cannot check out public directory with client 1.8.x without access to repo root

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Mon, 19 Aug 2013 23:14:23 +0400

On Mon, Aug 19, 2013 at 10:19 PM, Mark Tsuchida <marktsuchida_at_gmail.com> wrote:
> Hello,
>
> I'm having an issue with our partially-public SVN repository.
>
> The server is running SVN 1.6.11 (CentOS 6.4) with Apache and TLS.
> Our repository (let's call it "myrepo") allows public read access (* =
> r) to myrepo/trunk, but not to myrepo/ (the root). There is also a
> directory myrepo/trunk/secret to which only specific users have access
> to.
>
> Everything has been working as expected with SVN 1.6 and 1.7 clients:
> in particular, no username or password is requested when checking out
> myrepo/trunk.
>
> However, with SVN 1.8.0 and 1.8.1 clients, it is not possible to check
> out any directory without supplying the credentials of a user who has
> access to the repository root.
>
> svn co https://our.server.com/svn/myrepo/trunk -> Requires
> authentication with client 1.8.x but not with 1.6.x or 1.7.x
> svn list https://our.server.com/svn/myrepo/trunk -> Works even with 1.8.1
> svn list https://our.server.com/svn/myrepo -> Requires auth, as expected
>
> The 1.8.x clients can successfully check out myrepo/trunk if a
> username and password are given, for a user with access to the
> repository root.
>
> I have so far been unable to reproduce this with a simplified test
> repository, so any hints as to where to look would be much
> appreciated.
>
> The following is the section of ssl_access_log produced by checking
> out myrepo/trunk using client 1.6.18 (OS X):
> xx.xx.xx.xx - - [16/Aug/2013:17:36:35 -0700] "OPTIONS
> /svn/myrepo/trunk HTTP/1.1" 200 197
[...]
> /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 420
> xx.xx.xx.xx - - [16/Aug/2013:17:36:35 -0700] "PROPFIND
> /svn/myrepo/!svn/bln/123 HTTP/1.1" 207 479
>
> And the following is the section of ssl_access_log produced by
> checking out myrepo/trunk using client 1.8.1 (TortoiseSVN on Windows
> 7):
> xx.xx.xx.xx - - [16/Aug/2013:17:34:05 -0700] "OPTIONS
> /svn/myrepo/trunk HTTP/1.1" 200 197
[...]
> xx.xx.xx.xx - - [16/Aug/2013:17:34:06 -0700] "PROPFIND
> /svn/myrepo/!svn/bc/123 HTTP/1.1" 401 483
>
> It appears that the 1.8.1 client requests /svn/myrepo/!svn/bc/123, to
> which access is denied (401), whereas client 1.6.18 only ever requests
> /svn/myrepo/!svn/bc/123/trunk, to which access is granted.
>
Most likely it is some problem with inherited properties feature
implemented in Subversion 1.8.

@Paul: Do you have any ideas?

-- 
Ivan Zhakov
CTO | VisualSVN | http://www.visualsvn.com
Received on 2013-08-19 21:15:15 CEST

This is an archived mail posted to the Subversion Users mailing list.