You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Lieven Govaerts <lg...@mobsol.be> on 2007/08/26 07:08:27 UTC
Remaining issues in ra_serf-auth branch
[Ivan asked me for an update on the status of the ra_serf-auth branch, I
think this is interesting for all devs]
Ivan Zhakov wrote:
> Hi Lieven,
>
> Can I help someway you with ra_serf-auth branch? I'd like see ra_serf
> SSPI authentication in svn 1.5.x.
First of all I'd like to have ra_serf pass all tests, which we're almost
there (3 tests for 2 small issues). But it's my goal too to have sspi
finished for 1.5. Your help is very much appreciated!
> Do you have list of remaining issues?
>
On a high level it should be:
- add ntlm proxy support
- add kerberos support (is also sspi, but Challenge authentication
instead of NTLM)
- test special server configurations. I only test with mod_authz_sspi on
my local machine, but things like guest account or not, fallback to
basic etc remain to be tested.
- check if issue 2807 impacts ra_serf/sspi
- fix the remaining test issues:
I brought the ra_serf-auth branch up to date with trunk and I'm testing
right now on my pc. I'm running the full testsuite but with sspi
enabled, so instead of using jrandom svn uses my local account. When the
tests are finished I'll send the list of failures to the dev list, I
don't expect to many.
There are a few general other issues I noticed during testing:
- 404 errors are not always handled. I've fixed some of those already
(add status_code to the parser_ctx), there probable are some other too.
- all request body's should be created through the body_delegate
mechanism (see http://svn.haxx.se/dev/archive-2007-08/0153.shtml). So
when a request results in a 401, the message is send again with correct
authentication. Problem is that at this time the body buckets are
already consumed and freed. This typically results in corrupt data in
random places or double free aborts. These are issues you can't find in
testing, because they depend on the apache configuration etc.
There are two patches on the serf-dev list that remain to be committed,
I won't merge the ra_serf-auth branch back to trunk before those patches
are included in a new serf release, if you can review them (and commit)
them that would be nice. Justin has offered me commit access to serf,
two weeks ago, but I'm still waiting for the apache org to handle my ICLA.
So, if you want to run and test the ra_serf-auth code, you'll need the
two patches I sent to the serf list (two for serf, one for ra_serf),
attached patch for correct pool usage (didn't commit yet cause I don't
know the exact reason why it fails yet) and a correct apache config.
For apache I use mod_auth_sspi-1.0.4 and configuration like this:
<Location /svn-test-work/repositories>
DAV svn
SVNParentPath C:\..\svn-test-work/repositories
AuthzSVNAccessFile C:\../svn-test-work/authz
AuthType SSPI
SSPIAuth On
AuthName "Subversion Repository"
AuthUserFile "C:\Program Files\Apache Group\Apache2\conf.d/users"
Require valid-user
</Location>
<Location /svn-test-work/local_tmp/repos>
DAV svn
SVNPath C:\..\svn-test-work/local_tmp/repos
AuthzSVNAccessFile C:\..\svn-test-work/authz
AuthType SSPI
SSPIAuth On
AuthName "Subversion Repository"
AuthUserFile "C:\Program Files\Apache Group\Apache2\conf.d/users"
Require valid-user
</Location>
Lieven
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Remaining issues in ra_serf-auth branch
Posted by Lieven Govaerts <lg...@mobsol.be>.
Lieven Govaerts wrote:
> ..
> I brought the ra_serf-auth branch up to date with trunk and I'm testing
> right now on my pc. I'm running the full testsuite but with sspi
> enabled, so instead of using jrandom svn uses my local account. When the
> tests are finished I'll send the list of failures to the dev list, I
> don't expect to many.
>
These are the results of running the tests with the ra_serf-auth branch,
2 serf patches and one local patch included:
FAIL: commit_tests.py 49: start-commit hook failure case testing
FAIL: commit_tests.py 50: pre-commit hook failure case testing
FAIL: update_tests.py 28: handle eol-style propchange during update
FAIL: switch_tests.py 11: non-recursive switch
FAIL: prop_tests.py 12: set, get, and delete a revprop change
FAIL: copy_tests.py 11: working-copy to repository copy
FAIL: diff_tests.py 32: repos-wc diff showing added entries with props
FAIL: merge_tests.py 13: 3-way merge of 'file add' into existing binary
FAIL: merge_tests.py 21: merge --dry-run adding a new file with props
FAIL: merge_tests.py 24: merge changes to keyword expansion property
FAIL: merge_tests.py 41: handle eol-style propchange during merge
FAIL: merge_tests.py 48: merge works when target has copied children
FAIL: merge_tests.py 57: skipped paths get overriding mergeinfo
FAIL: stat_tests.py 17: status output in XML format
FAIL: stat_tests.py 21: status -v -N -u from different current directories
FAIL: stat_tests.py 24: run 'status -u' variations w/ incoming propchanges
FAIL: stat_tests.py 25: run 'status -uv' w/ incoming propchanges
FAIL: trans_tests.py 1: commit new files with keywords active from birth
FAIL: trans_tests.py 4: keyword expansion for lone file in directory
FAIL: autoprop_tests.py 8: import: config=yes, commandline=none
FAIL: autoprop_tests.py 9: import: config=no, commandline=yes
FAIL: autoprop_tests.py 10: import: config=yes, commandline=yes
FAIL: autoprop_tests.py 14: import directory
FAIL: blame_tests.py 4: blame output in XML format
FAIL: blame_tests.py 6: blame targets with peg-revisions
FAIL: blame_tests.py 8: ignore whitespace when blaming
FAIL: blame_tests.py 9: ignore eol styles when blaming
FAIL: blame_tests.py 12: blame target not in HEAD with peg-revisions
FAIL: lock_tests.py 7: examine the fields of a lockfile for correctness
FAIL: lock_tests.py 21: examine the fields of a lock from a URL
FAIL: lock_tests.py 29: (un)lock set of files, one already (un)locked
FAIL: lock_tests.py 31: ls locked path needing URL encoding
FAIL: lock_tests.py 33: verify recursive info shows lock info
FAIL: lock_tests.py 34: unlock file locked by other user
FAIL: authz_tests.py 1: authz issue #2486 - open root
FAIL: authz_tests.py 4: test authz for read operations
FAIL: authz_tests.py 10: test authz for aliases
FAIL: authz_tests.py 12: test authz for locking
FAIL: depth_tests.py 16: gradually update an empty wc to depth=infinity
That the authz tests are failing is probably normal, as I run the tests
on my own local account instead of user jrandom, and I don't have the
equivalent of switching to user jconstant.
I'll go over these tests one by one and fix them, if anyone is
interested in the debug log of these tests please let me know.
Lieven
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org