The work around is to enable (append or edit) to barbar/conf/svnserve.conf lines: password-db = passwd authz-db = authz
And this setting must remain all the time. But is NOT needed when using the old-repo I mentioned above. So apparently if repo was created in other way (the old one was done afair with svn+ssh at first) then some parts of settings in svnserver are not important. So this is ANOTHER of authz usage inconsistencies (see also bug#519083)! Really this should be more consistent and documented. I will contact upstream. Marking as security bug, really source code can be important, not everyone is [wide]open-source ;) ** This bug has been flagged as a security vulnerability ** Summary changed: - svn stoped asking for auth, and connects as anonymous - giving usually svn: Authorization failed + svn sometimes ignoring svnserve.conf. Then SVN not asking for auth, connects as anonymous - giving misleading error: Authorization failed ** Description changed: Binary package hint: subversion + Similar but *different* bug is bug#519083 where svn+ssh always just ignores authz. + Here svn's repo sometimes is enabled to be r/w even before editing svnserve.conf to allow any access, + and sometimes it blocks any access until svnserve.conf is edited. (SECURITY!) + Also access related error messages are not very helpful. - Suddenly svn client stoped asking for passphrase and now just connects always as anonymous to any newly create repo, + + Svn client sometimes do not ask for passphrase and just connects always as anonymous to any newly create repo, but when I connect to an older repo (create months ago) all works! For svn:// method, for svnserve -d server. User A + old repo = works User A + new repo = as anonymous always (even after rm -rf ~/.subversion) User B + new repo = as anonymous always Ubuntu 9.10 amd64 REPRODUCE - 5 minute test case - PLEASE CONFIRM MY BUG apt-get install subversion # on Karmic 9.10 for example Start subversion local server (server method: svnserve deamon) Create a repo and try to import to it - FAIL? On the server / as root: - (IF YOU RUN SVN APACHE server, then disable it first!) + (IF YOU RUN SVN APACHE server, then disable it first!) $ mkdir -p /srv/svn/repo/lc $ cd /srv/svn/repo/lc $ svnadmin create repofoo $ killall svnserve $ /usr/bin/svnserve -d -r /srv/svn/repo/ On the client / as user: $ mkdir testsvn $ cd testsvn/ $ mkdir repofoo $ cd repofoo $ echo "some text" > testfile.txt $ svn import svn://localhost/lc/repofoo -m "importing" and....? ******* THE RESULT: **** here you will get error: svn: Authorization failed (There is no question about authorization.) But checkout (by default allowed for anonymous) will work: $svn co svn://localhost/lc/repofoo Checked out revision 0. *********************************************************************************** If you get this above 2 messages, instead of prompt to enter password, then this is the bug described, it means svn connects always in anonymous mode, therefore blocked write but allowed read access. Please confirm my bug and select on top Affects me too! *********************************************************************************** Btw, I can not force authorization, look: r...@jumpi(2010-02-12 00:41:21)/srv/svn/repo/lc$ vim repofoo/conf/passwd r...@jumpi(2010-02-12 00:41:31)/srv/svn/repo/lc$ cat repofoo/conf/passwd [users] bob = secret us...@jumpi(2010-02-12 00:41:04)~/testsvn/repofoo$ svn --username bob import svn://localhost/lc/repofoo -m "importing" svn: Authorization failed us...@jumpi(2010-02-12 00:41:09)~/testsvn/repofoo$ svn --username bob --password secret import svn://localhost/lc/repofoo -m "importing" svn: Authorization failed Ubuntu 9.10 amd64 ii subversion 1.6.5dfsg-1ubuntu1 Btw, using an older already existing repo (created months ago) works 100% fine. -- svn sometimes ignoring svnserve.conf. Then SVN not asking for auth, connects as anonymous - giving misleading error: Authorization failed https://bugs.launchpad.net/bugs/520743 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
