[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cannot check out public directory with client 1.8.x without access to repo root

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Tue, 20 Aug 2013 11:02:44 +0400

On Mon, Aug 19, 2013 at 11:14 PM, Ivan Zhakov <ivan_at_visualsvn.com> wrote:
> On Mon, Aug 19, 2013 at 10:19 PM, Mark Tsuchida <marktsuchida_at_gmail.com> wrote:
>> Hello,
>>
>> I'm having an issue with our partially-public SVN repository.
>>
>> The server is running SVN 1.6.11 (CentOS 6.4) with Apache and TLS.
>> Our repository (let's call it "myrepo") allows public read access (* =
>> r) to myrepo/trunk, but not to myrepo/ (the root). There is also a
>> directory myrepo/trunk/secret to which only specific users have access
>> to.
>>
>> Everything has been working as expected with SVN 1.6 and 1.7 clients:
>> in particular, no username or password is requested when checking out
>> myrepo/trunk.
>>
>> However, with SVN 1.8.0 and 1.8.1 clients, it is not possible to check
>> out any directory without supplying the credentials of a user who has
>> access to the repository root.
>>
>> svn co https://our.server.com/svn/myrepo/trunk -> Requires
>> authentication with client 1.8.x but not with 1.6.x or 1.7.x
>> svn list https://our.server.com/svn/myrepo/trunk -> Works even with 1.8.1
>> svn list https://our.server.com/svn/myrepo -> Requires auth, as expected
>>
>> The 1.8.x clients can successfully check out myrepo/trunk if a
>> username and password are given, for a user with access to the
>> repository root.
>>
>> I have so far been unable to reproduce this with a simplified test
>> repository, so any hints as to where to look would be much
>> appreciated.
>>
>> The following is the section of ssl_access_log produced by checking
>> out myrepo/trunk using client 1.6.18 (OS X):
>> xx.xx.xx.xx - - [16/Aug/2013:17:36:35 -0700] "OPTIONS
>> /svn/myrepo/trunk HTTP/1.1" 200 197
> [...]
>> /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 420
>> xx.xx.xx.xx - - [16/Aug/2013:17:36:35 -0700] "PROPFIND
>> /svn/myrepo/!svn/bln/123 HTTP/1.1" 207 479
>>
>> And the following is the section of ssl_access_log produced by
>> checking out myrepo/trunk using client 1.8.1 (TortoiseSVN on Windows
>> 7):
>> xx.xx.xx.xx - - [16/Aug/2013:17:34:05 -0700] "OPTIONS
>> /svn/myrepo/trunk HTTP/1.1" 200 197
> [...]
>> xx.xx.xx.xx - - [16/Aug/2013:17:34:06 -0700] "PROPFIND
>> /svn/myrepo/!svn/bc/123 HTTP/1.1" 401 483
It should be "403 Forbidden", not "401 Unauthorized". Looks like some
issue with server configuration.

>>
>> It appears that the 1.8.1 client requests /svn/myrepo/!svn/bc/123, to
>> which access is denied (401), whereas client 1.6.18 only ever requests
>> /svn/myrepo/!svn/bc/123/trunk, to which access is granted.
>>
> Most likely it is some problem with inherited properties feature
> implemented in Subversion 1.8.
>
The issue doesn't reproduces with server configured for non-anonymous
access: the server returns 401 Forbidden for PROPFIND request on
repository root and handled properly by Subversion 1.8 client.

-- 
Ivan Zhakov
CTO | VisualSVN | http://www.visualsvn.com
Received on 2013-08-20 09:03:43 CEST

This is an archived mail posted to the Subversion Users mailing list.