On Mon, Aug 19, 2013 at 11:14 PM, Ivan Zhakov <i...@visualsvn.com> wrote: > On Mon, Aug 19, 2013 at 10:19 PM, Mark Tsuchida <marktsuch...@gmail.com> > wrote: >> Hello, >> >> I'm having an issue with our partially-public SVN repository. >> >> The server is running SVN 1.6.11 (CentOS 6.4) with Apache and TLS. >> Our repository (let's call it "myrepo") allows public read access (* = >> r) to myrepo/trunk, but not to myrepo/ (the root). There is also a >> directory myrepo/trunk/secret to which only specific users have access >> to. >> >> Everything has been working as expected with SVN 1.6 and 1.7 clients: >> in particular, no username or password is requested when checking out >> myrepo/trunk. >> >> However, with SVN 1.8.0 and 1.8.1 clients, it is not possible to check >> out any directory without supplying the credentials of a user who has >> access to the repository root. >> >> svn co https://our.server.com/svn/myrepo/trunk -> Requires >> authentication with client 1.8.x but not with 1.6.x or 1.7.x >> svn list https://our.server.com/svn/myrepo/trunk -> Works even with 1.8.1 >> svn list https://our.server.com/svn/myrepo -> Requires auth, as expected >> >> The 1.8.x clients can successfully check out myrepo/trunk if a >> username and password are given, for a user with access to the >> repository root. >> >> I have so far been unable to reproduce this with a simplified test >> repository, so any hints as to where to look would be much >> appreciated. >> >> The following is the section of ssl_access_log produced by checking >> out myrepo/trunk using client 1.6.18 (OS X): >> xx.xx.xx.xx - - [16/Aug/2013:17:36:35 -0700] "OPTIONS >> /svn/myrepo/trunk HTTP/1.1" 200 197 > [...] >> /svn/myrepo/!svn/vcc/default HTTP/1.1" 207 420 >> xx.xx.xx.xx - - [16/Aug/2013:17:36:35 -0700] "PROPFIND >> /svn/myrepo/!svn/bln/123 HTTP/1.1" 207 479 >> >> And the following is the section of ssl_access_log produced by >> checking out myrepo/trunk using client 1.8.1 (TortoiseSVN on Windows >> 7): >> xx.xx.xx.xx - - [16/Aug/2013:17:34:05 -0700] "OPTIONS >> /svn/myrepo/trunk HTTP/1.1" 200 197 > [...] >> xx.xx.xx.xx - - [16/Aug/2013:17:34:06 -0700] "PROPFIND >> /svn/myrepo/!svn/bc/123 HTTP/1.1" 401 483 It should be "403 Forbidden", not "401 Unauthorized". Looks like some issue with server configuration.
>> >> It appears that the 1.8.1 client requests /svn/myrepo/!svn/bc/123, to >> which access is denied (401), whereas client 1.6.18 only ever requests >> /svn/myrepo/!svn/bc/123/trunk, to which access is granted. >> > Most likely it is some problem with inherited properties feature > implemented in Subversion 1.8. > The issue doesn't reproduces with server configured for non-anonymous access: the server returns 401 Forbidden for PROPFIND request on repository root and handled properly by Subversion 1.8 client. -- Ivan Zhakov CTO | VisualSVN | http://www.visualsvn.com
