You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Froenchenko Leonid <gr...@mail.ru> on 2006/11/22 11:33:19 UTC
Bug in authentication when working with "needs-lock"
When performing commit against svnserve for file which being locked (and
have svn:needs-lock), and user have write access only to affected
directory (not repository root), commit is failed with:
svn: Commit failed (details follow):
svn: Authorization failed
If lock removed before commit, everithing is fine.
Setup:
authz:
[groups]
g0=yosi
g1=moshe
[/]
*=r
[/trunk/dir0]
@g0=rw
[/trunk/dir1]
@g1=rw
When user "yosi" commits in dir0, error is happen.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Bug in authentication when working with "needs-lock"
Posted by Ben Collins-Sussman <su...@red-bean.com>.
No, you just need to have a tigris account to file a bug. And the
homepage says, "please don't file a bug without discussing it on a
list first, and making sure a developer has agreed that it should be
filed." :-)
On 1/17/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> AFAIK only developers can file bugs. At least svn homepage say so.
>
> On Mon, 2007-01-15 at 13:12 -0600, Ben Collins-Sussman wrote:
> > Would you file the bug, please?
> >
> >
> > On 1/15/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > AFAIK there's no bug has been files
> > >
> > > On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> > > > Actually, in trying to reproduce this error, I've discovered that user
> > > > 'yosi' can't even 'svn lock' the file in the first place:
> > > >
> > > > $ svn lock file -m "blahblah" --username yosi
> > > > Authentication realm: <svn://localhost:3690> My First Repository
> > > > Password for 'yosi':
> > > > subversion/svnserve/serve.c:1754: (apr_err=170001)
> > > > svn: Authorization failed
> > > >
> > > > I think we should file this as a bug.
> > > >
> > > >
> > > >
> > > > On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > > > When performing commit against svnserve for file which being locked (and
> > > > > have svn:needs-lock), and user have write access only to affected
> > > > > directory (not repository root), commit is failed with:
> > > > >
> > > > > svn: Commit failed (details follow):
> > > > > svn: Authorization failed
> > > > >
> > > > > If lock removed before commit, everithing is fine.
> > > > >
> > > > > Setup:
> > > > > authz:
> > > > >
> > > > > [groups]
> > > > > g0=yosi
> > > > > g1=moshe
> > > > >
> > > > > [/]
> > > > > *=r
> > > > >
> > > > > [/trunk/dir0]
> > > > > @g0=rw
> > > > >
> > > > > [/trunk/dir1]
> > > > > @g1=rw
> > > > >
> > > > > When user "yosi" commits in dir0, error is happen.
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > > > >
> > > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > >
> > >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Bug in authentication when working with "needs-lock"
Posted by Froenchenko Leonid <gr...@mail.ru>.
AFAIK only developers can file bugs. At least svn homepage say so.
On Mon, 2007-01-15 at 13:12 -0600, Ben Collins-Sussman wrote:
> Would you file the bug, please?
>
>
> On 1/15/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> > AFAIK there's no bug has been files
> >
> > On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> > > Actually, in trying to reproduce this error, I've discovered that user
> > > 'yosi' can't even 'svn lock' the file in the first place:
> > >
> > > $ svn lock file -m "blahblah" --username yosi
> > > Authentication realm: <svn://localhost:3690> My First Repository
> > > Password for 'yosi':
> > > subversion/svnserve/serve.c:1754: (apr_err=170001)
> > > svn: Authorization failed
> > >
> > > I think we should file this as a bug.
> > >
> > >
> > >
> > > On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > > When performing commit against svnserve for file which being locked (and
> > > > have svn:needs-lock), and user have write access only to affected
> > > > directory (not repository root), commit is failed with:
> > > >
> > > > svn: Commit failed (details follow):
> > > > svn: Authorization failed
> > > >
> > > > If lock removed before commit, everithing is fine.
> > > >
> > > > Setup:
> > > > authz:
> > > >
> > > > [groups]
> > > > g0=yosi
> > > > g1=moshe
> > > >
> > > > [/]
> > > > *=r
> > > >
> > > > [/trunk/dir0]
> > > > @g0=rw
> > > >
> > > > [/trunk/dir1]
> > > > @g1=rw
> > > >
> > > > When user "yosi" commits in dir0, error is happen.
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > > >
> > > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Bug in authentication when working with "needs-lock"
Posted by Ben Collins-Sussman <su...@red-bean.com>.
Would you file the bug, please?
On 1/15/07, Froenchenko Leonid <gr...@mail.ru> wrote:
> AFAIK there's no bug has been files
>
> On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> > Actually, in trying to reproduce this error, I've discovered that user
> > 'yosi' can't even 'svn lock' the file in the first place:
> >
> > $ svn lock file -m "blahblah" --username yosi
> > Authentication realm: <svn://localhost:3690> My First Repository
> > Password for 'yosi':
> > subversion/svnserve/serve.c:1754: (apr_err=170001)
> > svn: Authorization failed
> >
> > I think we should file this as a bug.
> >
> >
> >
> > On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > > When performing commit against svnserve for file which being locked (and
> > > have svn:needs-lock), and user have write access only to affected
> > > directory (not repository root), commit is failed with:
> > >
> > > svn: Commit failed (details follow):
> > > svn: Authorization failed
> > >
> > > If lock removed before commit, everithing is fine.
> > >
> > > Setup:
> > > authz:
> > >
> > > [groups]
> > > g0=yosi
> > > g1=moshe
> > >
> > > [/]
> > > *=r
> > >
> > > [/trunk/dir0]
> > > @g0=rw
> > >
> > > [/trunk/dir1]
> > > @g1=rw
> > >
> > > When user "yosi" commits in dir0, error is happen.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > > For additional commands, e-mail: dev-help@subversion.tigris.org
> > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Bug in authentication when working with "needs-lock"
Posted by Froenchenko Leonid <gr...@mail.ru>.
AFAIK there's no bug has been files
On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> Actually, in trying to reproduce this error, I've discovered that user
> 'yosi' can't even 'svn lock' the file in the first place:
>
> $ svn lock file -m "blahblah" --username yosi
> Authentication realm: <svn://localhost:3690> My First Repository
> Password for 'yosi':
> subversion/svnserve/serve.c:1754: (apr_err=170001)
> svn: Authorization failed
>
> I think we should file this as a bug.
>
>
>
> On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > When performing commit against svnserve for file which being locked (and
> > have svn:needs-lock), and user have write access only to affected
> > directory (not repository root), commit is failed with:
> >
> > svn: Commit failed (details follow):
> > svn: Authorization failed
> >
> > If lock removed before commit, everithing is fine.
> >
> > Setup:
> > authz:
> >
> > [groups]
> > g0=yosi
> > g1=moshe
> >
> > [/]
> > *=r
> >
> > [/trunk/dir0]
> > @g0=rw
> >
> > [/trunk/dir1]
> > @g1=rw
> >
> > When user "yosi" commits in dir0, error is happen.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Bug in authentication when working with "needs-lock"
Posted by Froenchenko Leonid <gr...@mail.ru>.
The problem seems to be in following code:
static svn_error_t *add_lock_tokens(svn_ra_svn_conn_t *conn,
apr_array_header_t
*lock_tokens,
server_baton_t *sb,
apr_pool_t *pool)
{
...
if (! lookup_access(pool, sb, svn_authz_write,
path_item->u.string->data, TRUE))
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED,
NULL, NULL);
...
}
The problem that lookup_access() is called for path_item->u.string->data
which equal to filename. As a result, access check is performed for
something called "/filename" ("/" is added internally). Since user have
no write access to repository root, authentication is failed.
On Sun, 2006-11-26 at 11:33 -0600, Ben Collins-Sussman wrote:
> Actually, in trying to reproduce this error, I've discovered that user
> 'yosi' can't even 'svn lock' the file in the first place:
>
> $ svn lock file -m "blahblah" --username yosi
> Authentication realm: <svn://localhost:3690> My First Repository
> Password for 'yosi':
> subversion/svnserve/serve.c:1754: (apr_err=170001)
> svn: Authorization failed
>
> I think we should file this as a bug.
>
>
>
> On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> > When performing commit against svnserve for file which being locked (and
> > have svn:needs-lock), and user have write access only to affected
> > directory (not repository root), commit is failed with:
> >
> > svn: Commit failed (details follow):
> > svn: Authorization failed
> >
> > If lock removed before commit, everithing is fine.
> >
> > Setup:
> > authz:
> >
> > [groups]
> > g0=yosi
> > g1=moshe
> >
> > [/]
> > *=r
> >
> > [/trunk/dir0]
> > @g0=rw
> >
> > [/trunk/dir1]
> > @g1=rw
> >
> > When user "yosi" commits in dir0, error is happen.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Bug in authentication when working with "needs-lock"
Posted by Ben Collins-Sussman <su...@red-bean.com>.
Actually, in trying to reproduce this error, I've discovered that user
'yosi' can't even 'svn lock' the file in the first place:
$ svn lock file -m "blahblah" --username yosi
Authentication realm: <svn://localhost:3690> My First Repository
Password for 'yosi':
subversion/svnserve/serve.c:1754: (apr_err=170001)
svn: Authorization failed
I think we should file this as a bug.
On 11/22/06, Froenchenko Leonid <gr...@mail.ru> wrote:
> When performing commit against svnserve for file which being locked (and
> have svn:needs-lock), and user have write access only to affected
> directory (not repository root), commit is failed with:
>
> svn: Commit failed (details follow):
> svn: Authorization failed
>
> If lock removed before commit, everithing is fine.
>
> Setup:
> authz:
>
> [groups]
> g0=yosi
> g1=moshe
>
> [/]
> *=r
>
> [/trunk/dir0]
> @g0=rw
>
> [/trunk/dir1]
> @g1=rw
>
> When user "yosi" commits in dir0, error is happen.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org