Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-3781

Match paths against authz rules in case sensitive way.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: 1.7.0
    • Component/s: mod_authz_svn
    • Labels:
      None

      Description

      Repo name in disk: /repositories/ABC
      
      <AuthnProviderAlias file file-users>
        AuthUserFile "conf.d/svn_auth_file"
      </AuthnProviderAlias>
      <Location /svn>
         DAV svn
         SVNParentPath "/repositories"
         AuthType Basic
         AuthName Subversion
         AuthBasicProvider file-users
         AuthzSVNAccessFile "conf.d/svn_access_file"
         Require valid-user
      </Location>
      
      cat conf.d/svn_access_file
      [AbC:/]
      admin = rw
      
      --------------------------
      
      With the above authz I could checkout /svn/ABC but could *not* commit.
      
      What is inconsistent is why checkout works(unexpected) while commit fails(expected).
      
      We need to check why checkout authorizer does it in a case insensitive way while
      commit authorizer do the same in a case sensitive way.
      

      Original issue reported by kameshj

        Issue Links

          Activity

          Hide
          cmpilato C. Michael Pilato added a comment -

          *** Issue 2485 has been marked as a duplicate of this issue. ***
          

          Show
          cmpilato C. Michael Pilato added a comment - *** Issue 2485 has been marked as a duplicate of this issue. ***
          Hide
          julianfoad Julian Foad added a comment -

          The fix was released in Subversion 1.7.0.
          
          
          

          Show
          julianfoad Julian Foad added a comment - The fix was released in Subversion 1.7.0.
          Hide
          subversion-importer Subversion Importer added a comment -

          Testcases is added in r1068411 & r1068802 and subsequent fix is committed on
          r1069791.
          

          Original comment by kameshj

          Show
          subversion-importer Subversion Importer added a comment - Testcases is added in r1068411 & r1068802 and subsequent fix is committed on r1069791. Original comment by kameshj
          Hide
          subversion-importer Subversion Importer added a comment -

          Reverted r1064093 in r1064729 while Arwin is working on a proper fix of always
          being case sensitive.
          

          Original comment by kameshj

          Show
          subversion-importer Subversion Importer added a comment - Reverted r1064093 in r1064729 while Arwin is working on a proper fix of always being case sensitive. Original comment by kameshj
          Hide
          subversion-importer Subversion Importer added a comment -

          In this thread http://svn.haxx.se/dev/archive-2011-01/0441.shtml We decided to
          make all authz checks case sensitive.
          

          Original comment by kameshj

          Show
          subversion-importer Subversion Importer added a comment - In this thread http://svn.haxx.se/dev/archive-2011-01/0441.shtml We decided to make all authz checks case sensitive. Original comment by kameshj
          Hide
          subversion-importer Subversion Importer added a comment -

          When I filed this issue I thought 'checkout' does wrong authorization, later
          learnt that authz is parsed using config parser which parses the authz section
          names in a case *insensitive* way. So *all* authorizations should do the same
          case insensitive checks. Read operations already do that, while Write operations
          do *not*. 
          
          Committed the fix r1064093 which fixes Write operations to do case insensitive
          checks.
          

          Original comment by kameshj

          Show
          subversion-importer Subversion Importer added a comment - When I filed this issue I thought 'checkout' does wrong authorization, later learnt that authz is parsed using config parser which parses the authz section names in a case *insensitive* way. So *all* authorizations should do the same case insensitive checks. Read operations already do that, while Write operations do *not*. Committed the fix r1064093 which fixes Write operations to do case insensitive checks. Original comment by kameshj

            People

            • Assignee:
              subversion-importer Subversion Importer
              Reporter:
              subversion-importer Subversion Importer
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development