You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Froenchenko Leonid <gr...@mail.ru> on 2006/11/22 11:33:19 UTC

Bug in authentication when working with "needs-lock"

When performing commit against svnserve for file which being locked (and
have svn:needs-lock), and user have write access only to affected
directory (not repository root), commit is failed with:

svn: Commit failed (details follow):
svn: Authorization failed

If lock removed before commit, everithing is fine.

Setup:
authz:

[groups]
g0=yosi
g1=moshe

[/]
*=r

[/trunk/dir0]
@g0=rw

[/trunk/dir1]
@g1=rw

When user "yosi" commits in dir0, error is happen.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Bug in authentication when working with "needs-lock"

Posted by Ben Collins-Sussman <su...@red-bean.com>.

No, you just need to have a tigris account to file a bug.  And the
homepage says, "please don't file a bug  without discussing it on a
list first, and making sure a developer has agreed that it should be
filed."  :-)

On 1/17/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> AFAIK only developers can file bugs. At least svn homepage say so.
>
> On Mon, 2007-01-15 at 13:12 -0600, Ben Collins-Sussman wrote:
> > Would you file the bug, please?
> >
> >
> > On 1/15/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > AFAIK there's no bug has been files
> > >
> > > On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> > > > Actually, in trying to reproduce this error, I've discovered that user
> > > > 'yosi' can't even 'svn lock' the file in the first place:
> > > >
> > > > $ svn lock file -m "blahblah" --username yosi
> > > > Authentication realm: <svn://localhost:3690> My First Repository
> > > > Password for 'yosi':
> > > > subversion/svnserve/serve.c:1754: (apr_err=170001)
> > > > svn: Authorization failed
> > > >
> > > > I think we should file this as a bug.
> > > >
> > > >
> > > >
> > > > On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > > > When performing commit against svnserve for file which being locked (and
> > > > > have svn:needs-lock), and user have write access only to affected
> > > > > directory (not repository root), commit is failed with:
> > > > >
> > > > > svn: Commit failed (details follow):
> > > > > svn: Authorization failed
> > > > >
> > > > > If lock removed before commit, everithing is fine.
> > > > >
> > > > > Setup:
> > > > > authz:
> > > > >
> > > > > [groups]
> > > > > g0=yosi
> > > > > g1=moshe
> > > > >
> > > > > [/]
> > > > > *=r
> > > > >
> > > > > [/trunk/dir0]
> > > > > @g0=rw
> > > > >
> > > > > [/trunk/dir1]
> > > > > @g1=rw
> > > > >
> > > > > When user "yosi" commits in dir0, error is happen.
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > > > >
> > > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > >
> > >
> >
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Bug in authentication when working with "needs-lock"

Posted by Froenchenko Leonid <gr...@mail.ru>.

AFAIK only developers can file bugs. At least svn homepage say so.

On Mon, 2007-01-15 at 13:12 -0600, Ben Collins-Sussman wrote:
> Would you file the bug, please?
> 
> 
> On 1/15/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> > AFAIK there's no bug has been files
> >
> > On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> > > Actually, in trying to reproduce this error, I've discovered that user
> > > 'yosi' can't even 'svn lock' the file in the first place:
> > >
> > > $ svn lock file -m "blahblah" --username yosi
> > > Authentication realm: <svn://localhost:3690> My First Repository
> > > Password for 'yosi':
> > > subversion/svnserve/serve.c:1754: (apr_err=170001)
> > > svn: Authorization failed
> > >
> > > I think we should file this as a bug.
> > >
> > >
> > >
> > > On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > > When performing commit against svnserve for file which being locked (and
> > > > have svn:needs-lock), and user have write access only to affected
> > > > directory (not repository root), commit is failed with:
> > > >
> > > > svn: Commit failed (details follow):
> > > > svn: Authorization failed
> > > >
> > > > If lock removed before commit, everithing is fine.
> > > >
> > > > Setup:
> > > > authz:
> > > >
> > > > [groups]
> > > > g0=yosi
> > > > g1=moshe
> > > >
> > > > [/]
> > > > *=r
> > > >
> > > > [/trunk/dir0]
> > > > @g0=rw
> > > >
> > > > [/trunk/dir1]
> > > > @g1=rw
> > > >
> > > > When user "yosi" commits in dir0, error is happen.
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > > >
> > > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Bug in authentication when working with "needs-lock"

Posted by Ben Collins-Sussman <su...@red-bean.com>.

Would you file the bug, please?


On 1/15/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> AFAIK there's no bug has been files
>
> On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> > Actually, in trying to reproduce this error, I've discovered that user
> > 'yosi' can't even 'svn lock' the file in the first place:
> >
> > $ svn lock file -m "blahblah" --username yosi
> > Authentication realm: <svn://localhost:3690> My First Repository
> > Password for 'yosi':
> > subversion/svnserve/serve.c:1754: (apr_err=170001)
> > svn: Authorization failed
> >
> > I think we should file this as a bug.
> >
> >
> >
> > On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > When performing commit against svnserve for file which being locked (and
> > > have svn:needs-lock), and user have write access only to affected
> > > directory (not repository root), commit is failed with:
> > >
> > > svn: Commit failed (details follow):
> > > svn: Authorization failed
> > >
> > > If lock removed before commit, everithing is fine.
> > >
> > > Setup:
> > > authz:
> > >
> > > [groups]
> > > g0=yosi
> > > g1=moshe
> > >
> > > [/]
> > > *=r
> > >
> > > [/trunk/dir0]
> > > @g0=rw
> > >
> > > [/trunk/dir1]
> > > @g1=rw
> > >
> > > When user "yosi" commits in dir0, error is happen.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Bug in authentication when working with "needs-lock"

Posted by Froenchenko Leonid <gr...@mail.ru>.

AFAIK there's no bug has been files

On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> Actually, in trying to reproduce this error, I've discovered that user
> 'yosi' can't even 'svn lock' the file in the first place:
> 
> $ svn lock file -m "blahblah" --username yosi
> Authentication realm: <svn://localhost:3690> My First Repository
> Password for 'yosi':
> subversion/svnserve/serve.c:1754: (apr_err=170001)
> svn: Authorization failed
> 
> I think we should file this as a bug.
> 
> 
> 
> On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > When performing commit against svnserve for file which being locked (and
> > have svn:needs-lock), and user have write access only to affected
> > directory (not repository root), commit is failed with:
> >
> > svn: Commit failed (details follow):
> > svn: Authorization failed
> >
> > If lock removed before commit, everithing is fine.
> >
> > Setup:
> > authz:
> >
> > [groups]
> > g0=yosi
> > g1=moshe
> >
> > [/]
> > *=r
> >
> > [/trunk/dir0]
> > @g0=rw
> >
> > [/trunk/dir1]
> > @g1=rw
> >
> > When user "yosi" commits in dir0, error is happen.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Bug in authentication when working with "needs-lock"

Posted by Froenchenko Leonid <gr...@mail.ru>.

The problem seems to be in following code:
        static svn_error_t *add_lock_tokens(svn_ra_svn_conn_t *conn,
                                            apr_array_header_t
        *lock_tokens,
                                            server_baton_t *sb,
                                            apr_pool_t *pool)
        {
         
        ...
              if (! lookup_access(pool, sb, svn_authz_write,
                                  path_item->u.string->data, TRUE))
                return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED,
                                        NULL, NULL);
        ...
        }
        
The problem that lookup_access() is called for path_item->u.string->data
which equal to filename. As a result, access check is performed for
something called "/filename" ("/" is added internally). Since user have
no write access to repository root, authentication is failed.


On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> Actually, in trying to reproduce this error, I've discovered that user
> 'yosi' can't even 'svn lock' the file in the first place:
> 
> $ svn lock file -m "blahblah" --username yosi
> Authentication realm: <svn://localhost:3690> My First Repository
> Password for 'yosi':
> subversion/svnserve/serve.c:1754: (apr_err=170001)
> svn: Authorization failed
> 
> I think we should file this as a bug.
> 
> 
> 
> On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > When performing commit against svnserve for file which being locked (and
> > have svn:needs-lock), and user have write access only to affected
> > directory (not repository root), commit is failed with:
> >
> > svn: Commit failed (details follow):
> > svn: Authorization failed
> >
> > If lock removed before commit, everithing is fine.
> >
> > Setup:
> > authz:
> >
> > [groups]
> > g0=yosi
> > g1=moshe
> >
> > [/]
> > *=r
> >
> > [/trunk/dir0]
> > @g0=rw
> >
> > [/trunk/dir1]
> > @g1=rw
> >
> > When user "yosi" commits in dir0, error is happen.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Bug in authentication when working with "needs-lock"

Posted by Ben Collins-Sussman <su...@red-bean.com>.

Actually, in trying to reproduce this error, I've discovered that user
'yosi' can't even 'svn lock' the file in the first place:

$ svn lock file -m "blahblah" --username yosi
Authentication realm: <svn://localhost:3690> My First Repository
Password for 'yosi':
subversion/svnserve/serve.c:1754: (apr_err=170001)
svn: Authorization failed

I think we should file this as a bug.



On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> When performing commit against svnserve for file which being locked (and
> have svn:needs-lock), and user have write access only to affected
> directory (not repository root), commit is failed with:
>
> svn: Commit failed (details follow):
> svn: Authorization failed
>
> If lock removed before commit, everithing is fine.
>
> Setup:
> authz:
>
> [groups]
> g0=yosi
> g1=moshe
>
> [/]
> *=r
>
> [/trunk/dir0]
> @g0=rw
>
> [/trunk/dir1]
> @g1=rw
>
> When user "yosi" commits in dir0, error is happen.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org