[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache SVN module and LUA authentification hook

From: Stefan Hauffe <Stefan.Hauffe_at_mgm-tp.com>
Date: Fri, 5 Jan 2018 15:00:32 +0000

Hello community,

I have an Apache 2.4 which shall deliver SVN repos by the http-Protocol. I'm experienced with standard Basic Authentification and path-based authorization for the Subversion repo.

In my new application, the authentication will be done by a LUA-script using the directive "LuaHookCheckUserID". Generally, the LUA script works as expected (used this documentation<https://httpd.apache.org/docs/trunk/mod/mod_lua.html#luahookcheckuserid>).

Unfortunately it seems, that the authorization file (Subversion Accessfile) is not read out correctly. I see an empty repo with my (authorized) user.

From the logfile (Debug/Error) I see, that LUA granted my user. But also a "Access denied" message on a SVN file path:

[lua:debug] [pid 6872:tid ] @/path/to/hook.lua(29): [client ip] Accepted user myuser
[authz_svn:info] [pid 6872:tid ] [client ip] Access granted: 'myuser' GET (null)
[authz_svn:debug] [pid 6872:tid ] subversion/mod_authz_svn/mod_authz_svn.c(450): [client ip] Path to authz file is /path/to/accessfile
[authz_svn:info] [pid 6872:tid ] [client ip] Access denied: - GET repo002:/file.txt

My simplest working LUA-Scripts goes here:

require 'apache2'
function authcheck_hook(r)
    r.user = "myuser"
    r:debug("Accepted user " .. r.user)
    return apache2.OK

This is the configuration for the Repo:
<Location /svn/repo002>
    DAV svn
    SVNPath "/path/to/repo002"

    AuthzSVNAccessFile "/path/to/accessfile"

    Require valid-user
    LuaHookCheckUserID "/path/to/hook.lua" authcheck_hook

I have a basic-auth secured repo with the same accessfile nearby and it works correctly.

Question: How can I give the "authz_svn" module my username from LUA? I think this is the problem.

Thanks and Kind Regards,
Stefan Hauffe
Received on 2018-01-05 16:00:46 CET

This is an archived mail posted to the Subversion Users mailing list.