You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Joe Orton <jo...@manyfish.co.uk> on 2002/09/30 19:35:34 UTC
Re: [neon] Re: "Authorization failed" with windows server and solaris client
On Mon, Sep 30, 2002 at 12:52:26PM -0500, Florin Iucha wrote:
> On Tue, Sep 24, 2002 at 11:10:10AM -0500, Florin Iucha wrote:
> > Hello,
> >
> > I have sucessfully installed a Subversion servers using Apache 2.0.42
> > prerelease install and Subversion-r3200 on windows. I have configured
> > the subversion repository to use basic authentication. I have compiled
> > the client on Solaris using the r3200 source tarball.
> >
> > I can checkin/checkout fine using a windows client (svn.exe from the
> > r3200 zip file) but when I attempt to do a checkout from Solaris using the
> > same URL, it fails with:
> >
> > > svn co http://ahost__:8080/svn/scripts work
> > fiucha's password:
> >
> > username: fiucha
> > fiucha's password:
> >
> > svn: Authorization failed
> > svn: PROPFIND of /svn/scripts: authorization failed
>
> I have compiled subversion in maintainer mode, enabled neon logging to
> stderr and then manually generated the base64 encoded password and
> compared its length to the number of xxxes in the dumped header. Lo and
> behold, the Authorization header generated by neon contained 4 xes less
> than the one I manually generated.
Hi, can you change the debug line in libsvn_ra_dav/session.c from:
ne_debug_init(stderr, NE_DBG_HTTP|NE_DBG_HTTPBODY);
to:
ne_debug_init(stderr, NE_DBG_HTTP|NE_DBG_HTTPBODY|NE_DBG_HTTPPLAIN);
and post the debug log of a session using a non-sensitive long password?
I can't reproduce any problems using long passwords over basic auth with
neon here - bear in mind that 'x'es in the neon debug output includes
the "Basic " string and the base64 encoded text includes the username
and a colon.
Regards,
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [neon] Re: "Authorization failed" with windows server and solaris client
Posted by Florin Iucha <fl...@iucha.net>.
On Mon, Sep 30, 2002 at 10:03:27PM +0100, Joe Orton wrote:
> On Mon, Sep 30, 2002 at 03:04:06PM -0500, Florin Iucha wrote:
> > On Mon, Sep 30, 2002 at 08:35:34PM +0100, Joe Orton wrote:
> > > I can't reproduce any problems using long passwords over basic auth with
> > > neon here - bear in mind that 'x'es in the neon debug output includes
> > > the "Basic " string and the base64 encoded text includes the username
> > > and a colon.
> >
> > I have created "testuser" with "longpasswordsarecool".
> >
> > $ cat | base64-encode
> > testuser:longpasswordsarecool
> > dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
> > $ grep dGVzdHVzZXI6bG9u err_long
> > Authorization: Basic dGVzdHVzZXI6bG9uZ3Bhc3M=
> >
> > Correct: dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
> > Neon : dGVzdHVzZXI6bG9uZ3Bhc3M=
>
> The password has been truncated to 8 characters, and I'm guessing this
> happens before it gets to neon. Google tells me that the Solaris
> getpass() implementation, which is used by APR, will do this.
>
> Can you try commenting out the
>
> #define HAVE_GETPASS 1
>
> line in apr/include/arch/unix/apr_private.h, or adding an
>
> #undef HAVE_GETPASS
>
> in an appropriate place in passwd/apr_getpass.c so that the replacement
> getpass() implementation is used in APR?
That fixed the problem. I have copied the apr devel mailing list hoping
somebody will make that change for Solaris for the next version.
Thank you,
florin
--
"If it's not broken, let's fix it till it is."
41A9 2BDE 8E11 F1C5 87A6 03EE 34B3 E075 3B90 DFE4
Re: [neon] Re: "Authorization failed" with windows server and solaris client
Posted by Florin Iucha <fl...@iucha.net>.
On Mon, Sep 30, 2002 at 10:03:27PM +0100, Joe Orton wrote:
> On Mon, Sep 30, 2002 at 03:04:06PM -0500, Florin Iucha wrote:
> > On Mon, Sep 30, 2002 at 08:35:34PM +0100, Joe Orton wrote:
> > > I can't reproduce any problems using long passwords over basic auth with
> > > neon here - bear in mind that 'x'es in the neon debug output includes
> > > the "Basic " string and the base64 encoded text includes the username
> > > and a colon.
> >
> > I have created "testuser" with "longpasswordsarecool".
> >
> > $ cat | base64-encode
> > testuser:longpasswordsarecool
> > dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
> > $ grep dGVzdHVzZXI6bG9u err_long
> > Authorization: Basic dGVzdHVzZXI6bG9uZ3Bhc3M=
> >
> > Correct: dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
> > Neon : dGVzdHVzZXI6bG9uZ3Bhc3M=
>
> The password has been truncated to 8 characters, and I'm guessing this
> happens before it gets to neon. Google tells me that the Solaris
> getpass() implementation, which is used by APR, will do this.
>
> Can you try commenting out the
>
> #define HAVE_GETPASS 1
>
> line in apr/include/arch/unix/apr_private.h, or adding an
>
> #undef HAVE_GETPASS
>
> in an appropriate place in passwd/apr_getpass.c so that the replacement
> getpass() implementation is used in APR?
That fixed the problem. I have copied the apr devel mailing list hoping
somebody will make that change for Solaris for the next version.
Thank you,
florin
--
"If it's not broken, let's fix it till it is."
41A9 2BDE 8E11 F1C5 87A6 03EE 34B3 E075 3B90 DFE4
Re: [neon] Re: "Authorization failed" with windows server and solaris client
Posted by Joe Orton <jo...@manyfish.co.uk>.
On Mon, Sep 30, 2002 at 03:04:06PM -0500, Florin Iucha wrote:
> On Mon, Sep 30, 2002 at 08:35:34PM +0100, Joe Orton wrote:
> > I can't reproduce any problems using long passwords over basic auth with
> > neon here - bear in mind that 'x'es in the neon debug output includes
> > the "Basic " string and the base64 encoded text includes the username
> > and a colon.
>
> I have created "testuser" with "longpasswordsarecool".
>
> $ cat | base64-encode
> testuser:longpasswordsarecool
> dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
> $ grep dGVzdHVzZXI6bG9u err_long
> Authorization: Basic dGVzdHVzZXI6bG9uZ3Bhc3M=
>
> Correct: dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
> Neon : dGVzdHVzZXI6bG9uZ3Bhc3M=
The password has been truncated to 8 characters, and I'm guessing this
happens before it gets to neon. Google tells me that the Solaris
getpass() implementation, which is used by APR, will do this.
Can you try commenting out the
#define HAVE_GETPASS 1
line in apr/include/arch/unix/apr_private.h, or adding an
#undef HAVE_GETPASS
in an appropriate place in passwd/apr_getpass.c so that the replacement
getpass() implementation is used in APR?
Regards,
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [neon] Re: "Authorization failed" with windows server and solaris client
Posted by Florin Iucha <fl...@iucha.net>.
On Mon, Sep 30, 2002 at 08:35:34PM +0100, Joe Orton wrote:
> On Mon, Sep 30, 2002 at 12:52:26PM -0500, Florin Iucha wrote:
> > On Tue, Sep 24, 2002 at 11:10:10AM -0500, Florin Iucha wrote:
> > > Hello,
> > >
> > > I have sucessfully installed a Subversion servers using Apache 2.0.42
> > > prerelease install and Subversion-r3200 on windows. I have configured
> > > the subversion repository to use basic authentication. I have compiled
> > > the client on Solaris using the r3200 source tarball.
> > >
> > > I can checkin/checkout fine using a windows client (svn.exe from the
> > > r3200 zip file) but when I attempt to do a checkout from Solaris using the
> > > same URL, it fails with:
> > >
> > > > svn co http://ahost__:8080/svn/scripts work
> > > fiucha's password:
> > >
> > > username: fiucha
> > > fiucha's password:
> > >
> > > svn: Authorization failed
> > > svn: PROPFIND of /svn/scripts: authorization failed
> >
> > I have compiled subversion in maintainer mode, enabled neon logging to
> > stderr and then manually generated the base64 encoded password and
> > compared its length to the number of xxxes in the dumped header. Lo and
> > behold, the Authorization header generated by neon contained 4 xes less
> > than the one I manually generated.
>
> Hi, can you change the debug line in libsvn_ra_dav/session.c from:
>
> ne_debug_init(stderr, NE_DBG_HTTP|NE_DBG_HTTPBODY);
> to:
> ne_debug_init(stderr, NE_DBG_HTTP|NE_DBG_HTTPBODY|NE_DBG_HTTPPLAIN);
>
> and post the debug log of a session using a non-sensitive long password?
>
> I can't reproduce any problems using long passwords over basic auth with
> neon here - bear in mind that 'x'es in the neon debug output includes
> the "Basic " string and the base64 encoded text includes the username
> and a colon.
I have created "testuser" with "longpasswordsarecool".
$ cat | base64-encode
testuser:longpasswordsarecool
dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
$ grep dGVzdHVzZXI6bG9u err_long
Authorization: Basic dGVzdHVzZXI6bG9uZ3Bhc3M=
Correct: dGVzdHVzZXI6bG9uZ3Bhc3N3b3Jkc2FyZWNvb2wK
Neon : dGVzdHVzZXI6bG9uZ3Bhc3M=
The stderr log is attached.
If this matters, I am compiling with gcc-3.1 on Solaris 2.8:
> gcc-3.1 -v
Reading specs from
/scratch/fiucha/tools/lib/gcc-lib/sparc-sun-solaris2.8/3.1/specs
Configured with: ../gcc-3.1/configure --prefix=/scratch/fiucha/tools
--enable-languages=c,c++ --program-suffix=-3.1 --enable-threads
Thread model: posix
gcc version 3.1
> uname -a
SunOS devsun1 5.8 Generic_111433-02 sun4u sparc SUNW,Sun-Blade-1000
Cheers,
florin
--
"NT is to UNIX what a dougnut is to a particle accelerator."
41A9 2BDE 8E11 F1C5 87A6 03EE 34B3 E075 3B90 DFE4