Stefan Hauffe
2018-01-05 15:00:32 UTC
Hello community,
I have an Apache 2.4 which shall deliver SVN repos by the http-Protocol. I'm experienced with standard Basic Authentification and path-based authorization for the Subversion repo.
In my new application, the authentication will be done by a LUA-script using the directive "LuaHookCheckUserID". Generally, the LUA script works as expected (used this documentation<https://httpd.apache.org/docs/trunk/mod/mod_lua.html#luahookcheckuserid>).
Unfortunately it seems, that the authorization file (Subversion Accessfile) is not read out correctly. I see an empty repo with my (authorized) user.
From the logfile (Debug/Error) I see, that LUA granted my user. But also a "Access denied" message on a SVN file path:
[lua:debug] [pid 6872:tid ] @/path/to/hook.lua(29): [client ip] Accepted user myuser
[authz_svn:info] [pid 6872:tid ] [client ip] Access granted: 'myuser' GET (null)
[authz_svn:debug] [pid 6872:tid ] subversion/mod_authz_svn/mod_authz_svn.c(450): [client ip] Path to authz file is /path/to/accessfile
[authz_svn:info] [pid 6872:tid ] [client ip] Access denied: - GET repo002:/file.txt
My simplest working LUA-Scripts goes here:
require 'apache2'
function authcheck_hook(r)
r.user = "myuser"
r:debug("Accepted user " .. r.user)
return apache2.OK
end
This is the configuration for the Repo:
<Location /svn/repo002>
DAV svn
SVNPath "/path/to/repo002"
AuthzSVNAccessFile "/path/to/accessfile"
Require valid-user
LuaHookCheckUserID "/path/to/hook.lua" authcheck_hook
</Location>
I have a basic-auth secured repo with the same accessfile nearby and it works correctly.
Question: How can I give the "authz_svn" module my username from LUA? I think this is the problem.
Thanks and Kind Regards,
Stefan Hauffe
I have an Apache 2.4 which shall deliver SVN repos by the http-Protocol. I'm experienced with standard Basic Authentification and path-based authorization for the Subversion repo.
In my new application, the authentication will be done by a LUA-script using the directive "LuaHookCheckUserID". Generally, the LUA script works as expected (used this documentation<https://httpd.apache.org/docs/trunk/mod/mod_lua.html#luahookcheckuserid>).
Unfortunately it seems, that the authorization file (Subversion Accessfile) is not read out correctly. I see an empty repo with my (authorized) user.
From the logfile (Debug/Error) I see, that LUA granted my user. But also a "Access denied" message on a SVN file path:
[lua:debug] [pid 6872:tid ] @/path/to/hook.lua(29): [client ip] Accepted user myuser
[authz_svn:info] [pid 6872:tid ] [client ip] Access granted: 'myuser' GET (null)
[authz_svn:debug] [pid 6872:tid ] subversion/mod_authz_svn/mod_authz_svn.c(450): [client ip] Path to authz file is /path/to/accessfile
[authz_svn:info] [pid 6872:tid ] [client ip] Access denied: - GET repo002:/file.txt
My simplest working LUA-Scripts goes here:
require 'apache2'
function authcheck_hook(r)
r.user = "myuser"
r:debug("Accepted user " .. r.user)
return apache2.OK
end
This is the configuration for the Repo:
<Location /svn/repo002>
DAV svn
SVNPath "/path/to/repo002"
AuthzSVNAccessFile "/path/to/accessfile"
Require valid-user
LuaHookCheckUserID "/path/to/hook.lua" authcheck_hook
</Location>
I have a basic-auth secured repo with the same accessfile nearby and it works correctly.
Question: How can I give the "authz_svn" module my username from LUA? I think this is the problem.
Thanks and Kind Regards,
Stefan Hauffe