You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Garrett, Benjamin D" <be...@lmco.com> on 2004/04/02 16:17:04 UTC
Re: SVN, Apache, and SSPI: binary form of fix available?
Is there a compiled .so version of this mod_sspi module with these fixes
(mentioned below) available somewhere?
I know the TortoiseSVN folks have a version with a fix in it. But this isn't
the same fix as the one mentioned below, is it?
http://tortoisesvn.tigris.org/docs/TortoiseSVN_en/ch03.html#tsvn-serversetup-apache-5
-----Original Message-----
From: Jeremy Bettis [mailto:jeremy@deadbeef.com]
Sent: Wednesday, March 24, 2004 3:05 PM
To: Stephen Berard; users@subversion.tigris.org
Subject: {Spam?} Re: {Spam?} SVN, Apache, and SSPI
mod_sspi is broken, it has a base64 decoding problem.
I have a fix, and I have attached it.
Also, I didn't like having the domain prepended onto the username, so I
added a new option to remove it. Use "SSPIOmitDomain on" to enable.
----- Original Message -----
From: "Stephen Berard" <sr...@hotmail.com>
To: <us...@subversion.tigris.org>
Sent: Wednesday, March 24, 2004 10:59 AM
Subject: {Spam?} SVN, Apache, and SSPI
> I'm trying to get our SubVersion server setup to authenticate users via
our
> Windows Domain. I've managed to get it working for some (namely myself)
but
> not for all users. I have SVN 1.0.0 with Apache and the mod_SSPI module
> (configuration is listed below). When a user performs and operation via
the
> SVN client it prompts for the username and password. It then proceeds
> through its operation for a while. Then it prompts for credentials again.
> Eventually this cycle causes the Windows DC to lock out the account due to
> repeated auth failures and all further operations fail.
>
> Upon examining the logfiles for Apache I seem to have located what is
going
> on. Apparently, the username is passed correctly sometimes while other
> times it is just blank. I've attached the logs below. You can see that
the
> user "DOMAIN\autobuild" completed a number of actions but the username is
> blank on others. The weird thing is that the Access.log has a blank
> username but the Error.log file does not. Does anyone have an idea as to
> how to correct this?
>
> Cheers,
> Stephen
>
> Httpd.cond:
> <Location /repos>
> DAV svn
> SVNParentPath "C:\SVNROOT"
> SVNIndexXSLT "/svnindex.xsl"
>
> AuthType SSPI
> AuthName "SubVersion Respositories"
> Require group "DOMAIN\SVN Users"
>
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain AMS
> SSPIOfferBasic On
>
> AuthzSVNAccessFile C:\SVNROOT\.svnaccess
> </Location>
>
> .svnaccess:
> [/]
> * = rw
>
> [/Tags]
> * = r
> DOMAIN\Admin = rw
>
> Access.log:
> X.X.X.X- - [24/Mar/2004:10:13:57 -0500] "PROPFIND
> /repos/TestRepository/Trunk HTTP/1.1" 401 511
> .
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:57 -0500] "PROPFIND
> /repos/TestRepository/Trunk HTTP/1.1" 207 462
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:57 -0500] "PROPFIND
> /repos/TestRepository/!svn/vcc/default HTTP/1.1" 207 422
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:57 -0500] "CHECKOUT
> /repos/TestRepository/!svn/bln/8 HTTP/1.1" 201 363
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "PROPPATCH
> /repos/TestRepository/!svn/wbl/749466cf-4a69-9d43-b03e-58de5697f373/8
> HTTP/1.1" 207 365
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "PROPFIND
> /repos/TestRepository/Trunk HTTP/1.1" 207 418
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "CHECKOUT
> /repos/TestRepository/!svn/ver/8/Trunk HTTP/1.1" 201 367
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "MKCOL
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3
> HTTP/1.1" 201 363
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "PUT
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/SourceFile1.txt
> HTTP/1.1" 201 376
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:59 -0500] "PROPPATCH
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/SourceFile2.txt
> HTTP/1.1" 207 503
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:59 -0500] "PUT
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/SourceFile3.txt
> HTTP/1.1" 201 381
> .
> X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:14:03 -0500] "PUT
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/File.txt
> HTTP/1.1" 201 376
> X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/File.txt
> HTTP/1.1" 401 511
> X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/File.txt
> HTTP/1.1" 401 511
> X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/File.txt
> HTTP/1.1" 401 511
> X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
st3/File.txt
> HTTP/1.1" 401 511
>
> Error.log:
> [Wed Mar 24 10:13:57 2004] [error] [client X.X.X.X] (OS 1326)Logon
failure:
> unknown user name or bad password. : user DOMAIN\autobuild:
authentication
> failure for "/repos/TestRepository/Trunk"
> .
> [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
failure:
> unknown user name or bad password. : user DOMAIN\autobuild:
authentication
> failure for
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
est3/File.txt"
> [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
failure:
> unknown user name or bad password. : user DOMAIN\autobuild:
authentication
> failure for
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
est3/File.txt"
> [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
failure:
> unknown user name or bad password. : user DOMAIN\autobuild:
authentication
> failure for
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
est3/File.txt"
> [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
failure:
> unknown user name or bad password. : user DOMAIN\autobuild:
authentication
> failure for
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
est3/File.txt"
>
> _________________________________________________________________
> Find a broadband plan that fits. Great local deals on high-speed Internet
> access.
> https://broadband.msn.com/?pgmarket=en-us/go/onm00200360ave/direct/01/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVN, Apache, and SSPI: binary form of fix available?
Posted by Jeremy Bettis <je...@deadbeef.com>.
I have placed my fix on http://www.deadbeef.com/software/sspi.html I can't
locate Vladimir Berezniker's patch, so I don't know what it fixes.
----- Original Message -----
From: "Garrett, Benjamin D" <be...@lmco.com>
To: <us...@subversion.tigris.org>
Sent: Friday, April 02, 2004 10:17 AM
Subject: Re: SVN, Apache, and SSPI: binary form of fix available?
> Is there a compiled .so version of this mod_sspi module with these fixes
> (mentioned below) available somewhere?
>
> I know the TortoiseSVN folks have a version with a fix in it. But this
isn't
> the same fix as the one mentioned below, is it?
>
http://tortoisesvn.tigris.org/docs/TortoiseSVN_en/ch03.html#tsvn-serversetup-apache-5
>
> -----Original Message-----
> From: Jeremy Bettis [mailto:jeremy@deadbeef.com]
> Sent: Wednesday, March 24, 2004 3:05 PM
> To: Stephen Berard; users@subversion.tigris.org
> Subject: {Spam?} Re: {Spam?} SVN, Apache, and SSPI
>
>
> mod_sspi is broken, it has a base64 decoding problem.
>
> I have a fix, and I have attached it.
>
> Also, I didn't like having the domain prepended onto the username, so I
> added a new option to remove it. Use "SSPIOmitDomain on" to enable.
>
> ----- Original Message -----
> From: "Stephen Berard" <sr...@hotmail.com>
> To: <us...@subversion.tigris.org>
> Sent: Wednesday, March 24, 2004 10:59 AM
> Subject: {Spam?} SVN, Apache, and SSPI
>
>
> > I'm trying to get our SubVersion server setup to authenticate users via
> our
> > Windows Domain. I've managed to get it working for some (namely myself)
> but
> > not for all users. I have SVN 1.0.0 with Apache and the mod_SSPI module
> > (configuration is listed below). When a user performs and operation via
> the
> > SVN client it prompts for the username and password. It then proceeds
> > through its operation for a while. Then it prompts for credentials
again.
> > Eventually this cycle causes the Windows DC to lock out the account due
to
> > repeated auth failures and all further operations fail.
> >
> > Upon examining the logfiles for Apache I seem to have located what is
> going
> > on. Apparently, the username is passed correctly sometimes while other
> > times it is just blank. I've attached the logs below. You can see that
> the
> > user "DOMAIN\autobuild" completed a number of actions but the username
is
> > blank on others. The weird thing is that the Access.log has a blank
> > username but the Error.log file does not. Does anyone have an idea as
to
> > how to correct this?
> >
> > Cheers,
> > Stephen
> >
> > Httpd.cond:
> > <Location /repos>
> > DAV svn
> > SVNParentPath "C:\SVNROOT"
> > SVNIndexXSLT "/svnindex.xsl"
> >
> > AuthType SSPI
> > AuthName "SubVersion Respositories"
> > Require group "DOMAIN\SVN Users"
> >
> > SSPIAuth On
> > SSPIAuthoritative On
> > SSPIDomain AMS
> > SSPIOfferBasic On
> >
> > AuthzSVNAccessFile C:\SVNROOT\.svnaccess
> > </Location>
> >
> > .svnaccess:
> > [/]
> > * = rw
> >
> > [/Tags]
> > * = r
> > DOMAIN\Admin = rw
> >
> > Access.log:
> > X.X.X.X- - [24/Mar/2004:10:13:57 -0500] "PROPFIND
> > /repos/TestRepository/Trunk HTTP/1.1" 401 511
> > .
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:57 -0500] "PROPFIND
> > /repos/TestRepository/Trunk HTTP/1.1" 207 462
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:57 -0500] "PROPFIND
> > /repos/TestRepository/!svn/vcc/default HTTP/1.1" 207 422
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:57 -0500] "CHECKOUT
> > /repos/TestRepository/!svn/bln/8 HTTP/1.1" 201 363
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "PROPPATCH
> > /repos/TestRepository/!svn/wbl/749466cf-4a69-9d43-b03e-58de5697f373/8
> > HTTP/1.1" 207 365
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "PROPFIND
> > /repos/TestRepository/Trunk HTTP/1.1" 207 418
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "CHECKOUT
> > /repos/TestRepository/!svn/ver/8/Trunk HTTP/1.1" 201 367
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "MKCOL
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3
> > HTTP/1.1" 201 363
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:58 -0500] "PUT
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/SourceFile1.txt
> > HTTP/1.1" 201 376
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:59 -0500] "PROPPATCH
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/SourceFile2.txt
> > HTTP/1.1" 207 503
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:13:59 -0500] "PUT
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/SourceFile3.txt
> > HTTP/1.1" 201 381
> > .
> > X.X.X.X- DOMAIN\\autobuild [24/Mar/2004:10:14:03 -0500] "PUT
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/File.txt
> > HTTP/1.1" 201 376
> > X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/File.txt
> > HTTP/1.1" 401 511
> > X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/File.txt
> > HTTP/1.1" 401 511
> > X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/File.txt
> > HTTP/1.1" 401 511
> > X.X.X.X- - [24/Mar/2004:10:14:03 -0500] "PROPPATCH
> >
>
/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/Te
> st3/File.txt
> > HTTP/1.1" 401 511
> >
> > Error.log:
> > [Wed Mar 24 10:13:57 2004] [error] [client X.X.X.X] (OS 1326)Logon
> failure:
> > unknown user name or bad password. : user DOMAIN\autobuild:
> authentication
> > failure for "/repos/TestRepository/Trunk"
> > .
> > [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
> failure:
> > unknown user name or bad password. : user DOMAIN\autobuild:
> authentication
> > failure for
> >
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
> est3/File.txt"
> > [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
> failure:
> > unknown user name or bad password. : user DOMAIN\autobuild:
> authentication
> > failure for
> >
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
> est3/File.txt"
> > [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
> failure:
> > unknown user name or bad password. : user DOMAIN\autobuild:
> authentication
> > failure for
> >
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
> est3/File.txt"
> > [Wed Mar 24 10:14:03 2004] [error] [client X.X.X.X] (OS 1326)Logon
> failure:
> > unknown user name or bad password. : user DOMAIN\autobuild:
> authentication
> > failure for
> >
>
"/repos/TestRepository/!svn/wrk/749466cf-4a69-9d43-b03e-58de5697f373/Trunk/T
> est3/File.txt"
> >
> > _________________________________________________________________
> > Find a broadband plan that fits. Great local deals on high-speed
Internet
> > access.
> > https://broadband.msn.com/?pgmarket=en-us/go/onm00200360ave/direct/01/
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org