User authentication\authorization upper-lower case

[Claudio Corona <ib...@gmail.com>]

 Hi all. I have a problem with SVN. I have the (only) user 'test_user' (in
the 'passwd' file) having 'rw' on the entire repository. Why am I able to
get *authenticated* with the user  'TESTUSER' (but not *authorized* to
commit)? Note that only authenticated user can access and read from my
repository, so 'TESTUSER' should not be authenticated, as it happens for all
the users not appearing in the passwd file, for example the 'BlaBlaBla'
user.
Thanks

Re: User authentication\authorization upper-lower case

[Daniel Shahaf <d....@daniel.shahaf.name>]

No time to test, sorry, but agreed that usernames should be
case-sensitive.  Please file a bug if they aren't...

Bob Archer wrote on Fri, Oct 08, 2010 at 11:45:16 -0400:
> > On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bo...@amsi.com>
> > wrote:
> > > >> Hi all. I have a problem with SVN. I have the (only) user
> > > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > > >> repository. Why am I able to get *authenticated* with the user
> > > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > > >> authenticated user can access and read from my repository, so
> > > >> 'TESTUSER' should not be authenticated, as it happens for all
> > > the
> > > >> users not appearing in the passwd file, for example the
> > > 'BlaBlaBla'
> > > >> user.
> > > >> Thanks
> > > >You probably have anon access allowed. Are you using svn or
> > > apache/http? Perhaps showing us your config file would help. I
> > > >think authorization is only applied to authenticated users.
> > >
> > > >BOb
> > >
> > > anon-access = none
> > > password-db = passwd
> > > authz-db = authz
> > >
> > > I'm using svn (svnserve.exe). There is a mistake in the previous
> > > post: 'test_user' is without the '_' character. So the only user
> > in
> > > passwd is 'testuser'. Every user different from 'testuser' does
> > not
> > > get authentication, while 'TESTUSER' gets authentication, but
> > he's
> > > not authorized to commit. (while 'testuser' is). It seems that
> > > 'TESTUSER' and 'testuser' are the same from the authentication
> > > point of view, while they are different from the authorization
> > > point of view. Instead, I would expect for 'TESTUSER' to not be
> > > authenticated. Am I right or am I missing something? Thanks.
> > > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bo...@amsi.com>
> > > wrote:
> > You are possibly correct. I know that svn is case sensitive.
> > However, the authentication may not be. If you authenticate using
> > lower case can you do your commit?
> > 
> > BOb
> > 
> > Sure, 'testuser' can commit
> 
> So, it sounds like you have your answer. Authentication is not case sensitive, yet authorization is. Seems like a bit of a bug to me. Perhaps a svn dev will jump in here and let us know.
> 
> BOb
> 

Re: User authentication\authorization upper-lower case

[Claudio Corona <ib...@gmail.com>]

On Fri, Oct 8, 2010 at 5:45 PM, Bob Archer <Bo...@amsi.com> wrote:

> > On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bo...@amsi.com>
> > wrote:
> > > >> Hi all. I have a problem with SVN. I have the (only) user
> > > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > > >> repository. Why am I able to get *authenticated* with the user
> > > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > > >> authenticated user can access and read from my repository, so
> > > >> 'TESTUSER' should not be authenticated, as it happens for all
> > > the
> > > >> users not appearing in the passwd file, for example the
> > > 'BlaBlaBla'
> > > >> user.
> > > >> Thanks
> > > >You probably have anon access allowed. Are you using svn or
> > > apache/http? Perhaps showing us your config file would help. I
> > > >think authorization is only applied to authenticated users.
> > >
> > > >BOb
> > >
> > > anon-access = none
> > > password-db = passwd
> > > authz-db = authz
> > >
> > > I'm using svn (svnserve.exe). There is a mistake in the previous
> > > post: 'test_user' is without the '_' character. So the only user
> > in
> > > passwd is 'testuser'. Every user different from 'testuser' does
> > not
> > > get authentication, while 'TESTUSER' gets authentication, but
> > he's
> > > not authorized to commit. (while 'testuser' is). It seems that
> > > 'TESTUSER' and 'testuser' are the same from the authentication
> > > point of view, while they are different from the authorization
> > > point of view. Instead, I would expect for 'TESTUSER' to not be
> > > authenticated. Am I right or am I missing something? Thanks.
> > > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bo...@amsi.com>
> > > wrote:
> > You are possibly correct. I know that svn is case sensitive.
> > However, the authentication may not be. If you authenticate using
> > lower case can you do your commit?
> >
> > BOb
> >
> > Sure, 'testuser' can commit
>
> So, it sounds like you have your answer. Authentication is not case
> sensitive, yet authorization is. Seems like a bit of a bug to me. Perhaps a
> svn dev will jump in here and let us know.
>
> BOb
>
>
I hope...thank you very much

RE: User authentication\authorization upper-lower case

[Bob Archer <Bo...@amsi.com>]

> On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bo...@amsi.com>
> wrote:
> > >> Hi all. I have a problem with SVN. I have the (only) user
> > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > >> repository. Why am I able to get *authenticated* with the user
> > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > >> authenticated user can access and read from my repository, so
> > >> 'TESTUSER' should not be authenticated, as it happens for all
> > the
> > >> users not appearing in the passwd file, for example the
> > 'BlaBlaBla'
> > >> user.
> > >> Thanks
> > >You probably have anon access allowed. Are you using svn or
> > apache/http? Perhaps showing us your config file would help. I
> > >think authorization is only applied to authenticated users.
> >
> > >BOb
> >
> > anon-access = none
> > password-db = passwd
> > authz-db = authz
> >
> > I'm using svn (svnserve.exe). There is a mistake in the previous
> > post: 'test_user' is without the '_' character. So the only user
> in
> > passwd is 'testuser'. Every user different from 'testuser' does
> not
> > get authentication, while 'TESTUSER' gets authentication, but
> he's
> > not authorized to commit. (while 'testuser' is). It seems that
> > 'TESTUSER' and 'testuser' are the same from the authentication
> > point of view, while they are different from the authorization
> > point of view. Instead, I would expect for 'TESTUSER' to not be
> > authenticated. Am I right or am I missing something? Thanks.
> > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bo...@amsi.com>
> > wrote:
> You are possibly correct. I know that svn is case sensitive.
> However, the authentication may not be. If you authenticate using
> lower case can you do your commit?
> 
> BOb
> 
> Sure, 'testuser' can commit

So, it sounds like you have your answer. Authentication is not case sensitive, yet authorization is. Seems like a bit of a bug to me. Perhaps a svn dev will jump in here and let us know.

BOb

Re: User authentication\authorization upper-lower case

[Claudio Corona <ib...@gmail.com>]

On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bo...@amsi.com> wrote:

> > >> Hi all. I have a problem with SVN. I have the (only) user
> > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > >> repository. Why am I able to get *authenticated* with the user
> > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > >> authenticated user can access and read from my repository, so
> > >> 'TESTUSER' should not be authenticated, as it happens for all
> > the
> > >> users not appearing in the passwd file, for example the
> > 'BlaBlaBla'
> > >> user.
> > >> Thanks
> > >You probably have anon access allowed. Are you using svn or
> > apache/http? Perhaps showing us your config file would help. I
> > >think authorization is only applied to authenticated users.
> >
> > >BOb
> >
> > anon-access = none
> > password-db = passwd
> > authz-db = authz
> >
> > I'm using svn (svnserve.exe). There is a mistake in the previous
> > post: 'test_user' is without the '_' character. So the only user in
> > passwd is 'testuser'. Every user different from 'testuser' does not
> > get authentication, while 'TESTUSER' gets authentication, but he's
> > not authorized to commit. (while 'testuser' is). It seems that
> > 'TESTUSER' and 'testuser' are the same from the authentication
> > point of view, while they are different from the authorization
> > point of view. Instead, I would expect for 'TESTUSER' to not be
> > authenticated. Am I right or am I missing something? Thanks.
> > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bo...@amsi.com>
> > wrote:
>
> You are possibly correct. I know that svn is case sensitive. However, the
> authentication may not be. If you authenticate using lower case can you do
> your commit?
>
> BOb
>
>
Sure, 'testuser' can commit

RE: User authentication\authorization upper-lower case

[Bob Archer <Bo...@amsi.com>]

> >> Hi all. I have a problem with SVN. I have the (only) user
> >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> >> repository. Why am I able to get *authenticated* with the user
> >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> >> authenticated user can access and read from my repository, so
> >> 'TESTUSER' should not be authenticated, as it happens for all
> the
> >> users not appearing in the passwd file, for example the
> 'BlaBlaBla'
> >> user.
> >> Thanks
> >You probably have anon access allowed. Are you using svn or
> apache/http? Perhaps showing us your config file would help. I
> >think authorization is only applied to authenticated users.
> 
> >BOb
> 
> anon-access = none
> password-db = passwd
> authz-db = authz
> 
> I'm using svn (svnserve.exe). There is a mistake in the previous
> post: 'test_user' is without the '_' character. So the only user in
> passwd is 'testuser'. Every user different from 'testuser' does not
> get authentication, while 'TESTUSER' gets authentication, but he's
> not authorized to commit. (while 'testuser' is). It seems that
> 'TESTUSER' and 'testuser' are the same from the authentication
> point of view, while they are different from the authorization
> point of view. Instead, I would expect for 'TESTUSER' to not be
> authenticated. Am I right or am I missing something? Thanks.
> On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bo...@amsi.com>
> wrote:

You are possibly correct. I know that svn is case sensitive. However, the authentication may not be. If you authenticate using lower case can you do your commit?

BOb

Re: User authentication\authorization upper-lower case

[Claudio Corona <ib...@gmail.com>]

anon-access = none
password-db = passwd
authz-db = authz

I'm using svn (svnserve.exe). There is a mistake in the previous post:
'test_user' is without the '_' character. So the only user in passwd is
'testuser'. Every user different from 'testuser' does not get
authentication, while 'TESTUSER' gets authentication, but he's not
authorized to commit. (while 'testuser' is). It seems that 'TESTUSER' and
'testuser' are the same from the authentication point of view, while they
are different from the authorization point of view. Instead, I would expect
for 'TESTUSER' to not be authenticated. Am I right or am I missing
something? Thanks.

On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bo...@amsi.com> wrote:

> > Hi all. I have a problem with SVN. I have the (only) user
> > 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > repository. Why am I able to get *authenticated* with the user
> > 'TESTUSER' (but not *authorized* to commit)? Note that only
> > authenticated user can access and read from my repository, so
> > 'TESTUSER' should not be authenticated, as it happens for all the
> > users not appearing in the passwd file, for example the 'BlaBlaBla'
> > user.
> > Thanks
>
> You probably have anon access allowed. Are you using svn or apache/http?
> Perhaps showing us your config file would help. I think authorization is
> only applied to authenticated users.
>
> BOb
>
>

RE: User authentication\authorization upper-lower case

[Bob Archer <Bo...@amsi.com>]

> Hi all. I have a problem with SVN. I have the (only) user
> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> repository. Why am I able to get *authenticated* with the user
> 'TESTUSER' (but not *authorized* to commit)? Note that only
> authenticated user can access and read from my repository, so
> 'TESTUSER' should not be authenticated, as it happens for all the
> users not appearing in the passwd file, for example the 'BlaBlaBla'
> user.
> Thanks

You probably have anon access allowed. Are you using svn or apache/http? Perhaps showing us your config file would help. I think authorization is only applied to authenticated users. 

BOb