Hi,

 

Per the webpage – I am not a regular subscriber (yet) so please cc ‘greg@gregj.me’ on any responses – thank you!

 

I am trying to implement path based authentication with webdav over http.  It looks like it is failing because there is no userid specified on the webdav MERGE command when it attempts to finalize the commit.

 

Details…

 

In this case if my auth access file has:

 

[groups]

Svnadmins = gjohnson

 

[/ec-svn/branches/eCommerce/proto_3.x]

* = rw

@svnadmins = rw

@edi-dev = rw

@bldadmin = rw

 

I can commit a change as user ‘gjohnson’.  No problem.

 

However we don’t want it wide open like this.  If I remove the * = rw like this:

 

[groups]

svnadmins = gjohnson

 

[/ec-svn/branches/eCommerce/proto_3.x]

@svnadmins = rw

 

(note my username (gjohnson) is a member of the svnadmins group so should have rw access)

 

And attempt to commit a change I get:  (Client Windows 2012  - subversion 1.9.5)

 

D:\src\svn\cedi>svn commit pom.xml

Sending        pom.xml

Transmitting file data .done

Committing transaction...

svn: E175013: Commit failed (details follow):

svn: E175013: Access to '/ec-svn/branches/eCommerce/proto_3.x/9.9.8.3-4/cedi' forbidden

svn: E175013: Your commit message was left in a temporary file:

svn: E175013:    'D:\src\svn\cedi\svn-commit.4.tmp'

 

The same thing happens if I specify my userid directly:

 

[/ec-svn/branches/eCommerce/proto_3.x]

gjohnson = rw

 

If I look at the http transaction log I see the following sequence:

 

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "OPTIONS /ec-svn/branches/eCommerce/proto_3.x/9.9.8.3-4/cedi HTTP/1.1" 200 186 "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "OPTIONS /ec-svn/branches/eCommerce/proto_3.x/9.9.8.3-4/cedi HTTP/1.1" 200 97 "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "POST /ec-svn/!svn/me HTTP/1.1" 201 - "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "PROPPATCH /ec-svn/!svn/txn/74220-1lbn HTTP/1.1" 207 430 "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "HEAD /ec-svn/branches/eCommerce/proto_3.x/9.9.8.3-4/cedi/testfile2.txt HTTP/1.1" 404 - "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "PUT /ec-svn/!svn/txr/74220-1lbn/branches/eCommerce/proto_3.x/9.9.8.3-4/cedi/testfile2.txt HTTP/1.1" 201 404 "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - - [03/Aug/2017:20:40:12 +0000] "MERGE /ec-svn/branches/eCommerce/proto_3.x/9.9.8.3-4/cedi HTTP/1.1" 403 397 "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

3.20.224.231 - gjohnson [03/Aug/2017:20:40:12 +0000] "DELETE /ec-svn/!svn/txn/74220-1lbn HTTP/1.1" 204 - "-" "SVN/1.9.5 (x64-microsoft-windows) serf/1.3.9"

 

This looks like it follows what I know (via google) from the protocol used.

 

Note that the MERGE line (line 7 – 2nd from the last) does *not* have a user identified – others have ‘3.20.224.131 – gjohnson’ but this has ‘3.20.224.131 - -‘.  This seems to be the command that is failing.   If the auth file had ‘* = rw’ it would pass – since a user is not required in that instance.

 

Could this be the cause of the ‘permission denied’ and, if so, is there a way to get subversion to send the username?  (or any other way to fix it?).

 

Thank you – Greg