Re: SVNListParentPath without path based authz checks?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 11 Aug 2015 22:33:28 +0000

Thorsten Schöning wrote on Mon, Aug 10, 2015 at 20:22:49 +0200:
> Is this behavior by design or am I doing something wrong? From my
> point of view "SVNListParentPath" is managed outside of the repo and
> therefore authz should be ignored on that level.

SVNListParentPath used to list all repositories, but not too long ago
that was changed to only list repositories that the authenticated user
has access to. (I can't find the commit that made the change, and
I don't recall whether the required access is "r access to the root of
that repository" or "r access to at least one path in that repository".)

I don't believe we made that configurable.

I'm not sure how to achieve what you want with mod_dav_svn 1.9.0.
Perhaps there's an httpd.conf trick you could use? You'll want to have
the authz check return TRUE when the original request is for the
SVNListParentPath dir, and FALSE when the original request is attempting
to access the repository root or anything within the repository.
Received on 2015-08-12 00:33:33 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: mod_dav_svn: httpd hangs when using PerlAuthenHandler"
Previous message: Dave Huang: "Re: question about subversion 1.9 unicode normalization status"
In reply to: Thorsten SchÃ¶ning: "SVNListParentPath without path based authz checks?"
Next in thread: Philip Martin: "Re: SVNListParentPath without path based authz checks?"
Reply: Philip Martin: "Re: SVNListParentPath without path based authz checks?"
Reply: Thorsten Schöning: "Re: SVNListParentPath without path based authz checks?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]