Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-4416

Anonymous checkout of public directory hosted by pre-1.8 fails if repo root is not public

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 1.8.x
    • ---
    • libsvn_client
    • None

    Description

      The 1.8.0 and 1.8.1 clients (tested with Linux and OS X command line and
Windows TortoiseSVN, though not every possible version-OS combination) do not
allow anonymous users to check out a public directory in a repository hosted by
the 1.6.11 (CentOS) server, if the root of the repository is not publicly
readable.


Complete steps to set up a server to reproduce:
(Using HTTP for testing but the behavior is the same if HTTPS is used.)

1. Start a fresh CentOS 6.4 VM and run sudo yum install mod_dav_svn subversion httpd
(I tested with mod_dav_svn-1.6.11-9.el6_4.x86_64,
subversion-1.6.11-9.el6_4.x86_64, and httpd-2.2.15-29.el6_4.x86_64)

2. Open port 80, set ServerName in /etc/httpd/conf/httpd.conf

3. Put the following in /etc/httpd/conf.d/subversion.conf:
-- begin --
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn
   AuthType Basic
   AuthName "SVN Realm"
   AuthUserFile /etc/svn-auth-conf
   AuthzSVNAccessFile /etc/svn-acl-conf
   Satisfy Any
   Require valid-user
</Location>
-- end --

4. Set password for one user via sudo htpasswd -cm /etc/svn-auth-conf testadmin

5. Put the following in /etc/svn-acl-conf:
-- begin --
[/]
testadmin = rw
* =
[myrepo:/trunk]
testadmin = rw
* = r
-- end --

6. sudo svnadmin create /var/www/svn/myrepo

7. Import an initial revision containing the trunk directory

8. sudo service httpd start


Symptom:

With an 1.8.1 client,

$ svn co http://example.com/svn/myrepo/trunk
-> Requires username/password, unexpectedly

$ svn co http://example.com/svn/myrepo
-> Requires username/password, as expected

$ svn list http://example.com/svn/myrepo/trunk
-> Succeeds without username/password.

Whereas, with an 1.6.18 (neon), 1.7.11 (neon), or 1.7.11 (serf) client,

$ svn co http://example.com/svn/myrepo/trunk
-> Succeeds without username/password, as expected


Access log for successful checkout with 1.7.11 (neon) client:

xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
453 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
700 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 neon/0.29.6"
xx.xx.xx.xx - - [22/Aug/2013:00:41:01 -0400] "REPORT /svn/myrepo/!svn/vcc/default HTTP/1.1" 200 
1149 "-" "SVN/1.7.11 neon/0.29.6"


Access log for successful checkout with 1.7.11 (serf) client:

xx.xx.xx.xx - - [22/Aug/2013:00:49:19 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:19 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
330 "-" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.7.11 serf/1.3.1"
xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "REPORT /svn/myrepo/!svn/vcc/default HTTP/1.1" 200 
471 "-" "SVN/1.7.11 serf/1.3.1"

(Note the PROPFIND /svn/myrepo/!svn/bc/1/trunk)


Access log for unsuccessful anonymous checkout with 1.8.1 client:

xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
766 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 269 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
330 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:23 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
xx.xx.xx.xx - - [22/Aug/2013:00:46:23 -0400] "PROPFIND /svn/myrepo/!svn/bc/1 HTTP/1.1" 401 518 "-" 
"SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"

(Note the PROPFIND /svn/myrepo/!svn/bc/1, without the /trunk, which fails with a 401 Unauthorized)


Please also see: http://svn.haxx.se/users/archive-2013-08/0334.shtml

I have not tested with server 1.7.x (sorry).

      Original issue reported by marktsuchida

      Attachments

        Activity

          People

            Unassigned Unassigned
            subversion-importer Subversion Importer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: