[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Apache SVN module and LUA authentification hook

From: Torsten Krah <krah.tm_at_gmail.com>
Date: Mon, 22 Jan 2018 13:05:33 +0100

Am Freitag, den 05.01.2018, 16:29 +0100 schrieb Branko Čibej:
> Are you really changing the username stored in the request in your
> authentication script? That could certainly be the problem, AFAIK
> there's no guarantee that that change gets propagated back to
> mod_authz_svn.
>
> (It's also a horribly wrong approach to authentication.)

Just curious - why should that be a problem.

Its a normal authentication hook provided via mod_lua since Apache HTTPD
2.4.

Look here [1].

Even the example in the docs sets that user in the auth phase:

..
if auth ~= nil then
     -- fake the user
     r.user = 'foo'
   end
...

So to me this should not make a problem and other httpd 2.4 resources do
not exhibit any problem with that documented approach to authenticate
users (you could even hard code a user like in the example done here by
the OP, should work regarding to svn).

And if it is - its a bug in mod_authz_svn imho, don't you agree?

What's so horribly wrong?
Its the auth phase module - its what the basic_auth or any other auth
module probably does, it sets r.user - the only difference here is, that
a lua script is used to be the auth handler - can you explain what's
wrong with a auth hook that it sets r.user - seems legit to be done and
the docs [1] do agree here - don't you think?

thanks and kind regards

Torsten

[1]
https://httpd.apache.org/docs/2.4/mod/mod_lua.html#luahookauthchecker

  • application/x-pkcs7-signature attachment: smime.p7s
Received on 2018-01-22 13:05:47 CET

This is an archived mail posted to the Subversion Users mailing list.