[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVNListParentPath without path based authz checks?

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Thu, 13 Aug 2015 12:30:45 +0200

Guten Tag Daniel Shahaf,
am Mittwoch, 12. August 2015 um 00:33 schrieben Sie:

> SVNListParentPath used to list all repositories, but not too long ago
> that was changed to only list repositories that the authenticated user
> has access to. (I can't find the commit that made the change, and
> I don't recall whether the required access is "r access to the root of
> that repository" or "r access to at least one path in that repository".)

For the docs: Regarding my tests it's "r access to the root of that
repository" and therefore doesn't work very well with my intended
setup to allow all "the world" to see the list of repos, because for
that to work, "*" would need to be granted read access at the root
level, which would get inherited and need to be revoked for subdirs
until one adds a new subdir and forgets to revoke...

> I'm not sure how to achieve what you want with mod_dav_svn 1.9.0.
> Perhaps there's an httpd.conf trick you could use? You'll want to have
> the authz check return TRUE when the original request is for the
> SVNListParentPath dir, and FALSE when the original request is attempting
> to access the repository root or anything within the repository.

I tried that using a PerlAuthzHandler, but 1. it needs authentication
first, whereas I thought of letting everyone see the list, and 2. and
more problematic I can't get it to forward the authz handling to
mod_dav_svn for every request which is not only listing the repos. I
can distinct both simply using the requested URL and can allow access
for the listing itself, but returning DECLINED to forward to other
handlers doesn't seem to have any effect. I guess because mod_dav_svn
simply is not part of mod_perl handlers[2].

Looks like I need to present the list of repos some other way if
really needed.

[1] https://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAuthzHandler
[2] https://perl.apache.org/docs/2.0/user/handlers/intro.html#Stacked_Handlers

Mit freundlichen Grüßen,

Thorsten Schöning 

-- 
Thorsten Schöning       E-Mail: Thorsten.Schoening_at_AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/
Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04
AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
Received on 2015-08-13 12:53:18 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.