Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-4416

Anonymous checkout of public directory hosted by pre-1.8 fails if repo root is not public

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 1.8.x
    • Fix Version/s: ---
    • Component/s: libsvn_client
    • Labels:
      None

      Description

      The 1.8.0 and 1.8.1 clients (tested with Linux and OS X command line and
      Windows TortoiseSVN, though not every possible version-OS combination) do not
      allow anonymous users to check out a public directory in a repository hosted by
      the 1.6.11 (CentOS) server, if the root of the repository is not publicly
      readable.
      
      
      Complete steps to set up a server to reproduce:
      (Using HTTP for testing but the behavior is the same if HTTPS is used.)
      
      1. Start a fresh CentOS 6.4 VM and run sudo yum install mod_dav_svn subversion httpd
      (I tested with mod_dav_svn-1.6.11-9.el6_4.x86_64,
      subversion-1.6.11-9.el6_4.x86_64, and httpd-2.2.15-29.el6_4.x86_64)
      
      2. Open port 80, set ServerName in /etc/httpd/conf/httpd.conf
      
      3. Put the following in /etc/httpd/conf.d/subversion.conf:
      -- begin --
      LoadModule dav_svn_module     modules/mod_dav_svn.so
      LoadModule authz_svn_module   modules/mod_authz_svn.so
      
      <Location /svn>
         DAV svn
         SVNParentPath /var/www/svn
         AuthType Basic
         AuthName "SVN Realm"
         AuthUserFile /etc/svn-auth-conf
         AuthzSVNAccessFile /etc/svn-acl-conf
         Satisfy Any
         Require valid-user
      </Location>
      -- end --
      
      4. Set password for one user via sudo htpasswd -cm /etc/svn-auth-conf testadmin
      
      5. Put the following in /etc/svn-acl-conf:
      -- begin --
      [/]
      testadmin = rw
      * =
      [myrepo:/trunk]
      testadmin = rw
      * = r
      -- end --
      
      6. sudo svnadmin create /var/www/svn/myrepo
      
      7. Import an initial revision containing the trunk directory
      
      8. sudo service httpd start
      
      
      Symptom:
      
      With an 1.8.1 client,
      
      $ svn co http://example.com/svn/myrepo/trunk
      -> Requires username/password, unexpectedly
      
      $ svn co http://example.com/svn/myrepo
      -> Requires username/password, as expected
      
      $ svn list http://example.com/svn/myrepo/trunk
      -> Succeeds without username/password.
      
      Whereas, with an 1.6.18 (neon), 1.7.11 (neon), or 1.7.11 (serf) client,
      
      $ svn co http://example.com/svn/myrepo/trunk
      -> Succeeds without username/password, as expected
      
      
      Access log for successful checkout with 1.7.11 (neon) client:
      
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      453 "-" "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
      700 "-" "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:00 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.7.11 neon/0.29.6"
      xx.xx.xx.xx - - [22/Aug/2013:00:41:01 -0400] "REPORT /svn/myrepo/!svn/vcc/default HTTP/1.1" 200 
      1149 "-" "SVN/1.7.11 neon/0.29.6"
      
      
      Access log for successful checkout with 1.7.11 (serf) client:
      
      xx.xx.xx.xx - - [22/Aug/2013:00:49:19 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:19 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
      330 "-" "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.7.11 serf/1.3.1"
      xx.xx.xx.xx - - [22/Aug/2013:00:49:20 -0400] "REPORT /svn/myrepo/!svn/vcc/default HTTP/1.1" 200 
      471 "-" "SVN/1.7.11 serf/1.3.1"
      
      (Note the PROPFIND /svn/myrepo/!svn/bc/1/trunk)
      
      
      Access log for unsuccessful anonymous checkout with 1.8.1 client:
      
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
      766 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 269 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:21 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/bc/1/trunk HTTP/1.1" 207 
      330 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 190 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "OPTIONS /svn/myrepo/trunk HTTP/1.1" 200 97 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/trunk HTTP/1.1" 207 690 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:22 -0400] "PROPFIND /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 
      402 "-" "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:23 -0400] "PROPFIND /svn/myrepo/!svn/bln/1 HTTP/1.1" 207 453 "-
      " "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      xx.xx.xx.xx - - [22/Aug/2013:00:46:23 -0400] "PROPFIND /svn/myrepo/!svn/bc/1 HTTP/1.1" 401 518 "-" 
      "SVN/1.8.1 (x86-microsoft-windows) serf/1.3.0 TortoiseSVN-1.8.1.24570"
      
      (Note the PROPFIND /svn/myrepo/!svn/bc/1, without the /trunk, which fails with a 401 Unauthorized)
      
      
      Please also see: http://svn.haxx.se/users/archive-2013-08/0334.shtml
      
      I have not tested with server 1.7.x (sorry).
      

      Original issue reported by marktsuchida

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              subversion-importer Subversion Importer
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: