正如标题已经说的那样,SVN身份验证在mod_authn_dbd和MySQL上工作正常,但是如果我使用/repos/testrepo的凭据登录,我可以在浏览器中切换到/repos/{any-other-existing-repo},并在成功登录后看到其他存储库。我的配置有什么问题?
Apache2 VirtualHost:
DBDriver mysql
DBDParams "host=127.0.0.1 port=3306 dbname=svndb user=svnuser pass=svnpass"
DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 200
<Location /repos>
DAV svn
SVNParentPath /var/www/svn/repos/
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
MySQL 数据库:
"svndb.users"
id (int)
user (varchar)
password (varchar)
有两种方法可以解决这个问题。第一个是将 SVNParentPath 指令更改为 SVNPath,并且只指向您的/var/www/svn/repos/testrepo。另一种解决方案是启用authz_svn_module(每个目录访问控制)并使用AuthzSVNAccessFile指令添加授权文件。您的配置允许访问/var/www/svn/repos 路径下的所有存储库的原因是 SVNParentPath 共享子目录。这是来自SVNParentPath文档:
指定父目录在文件系统中的位置,其 子目录是 Subversion 存储库。在配置中 块的 Subversion 仓库,无论是这个指令还是 SVNPath 必须存在,但不能同时存在。
解决方案 1:
...
<Location /repos>
DAV svn
SVNPath /var/www/svn/repos/testrepo
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
解决方案 2:
...
<Location /repos>
DAV svn
SVNParentPath /var/www/svn/repos/
AuthzSVNAccessFile /path/to/access-file.txt
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
====== access-file.txt ======
[groups]
admins = joe, kee
developers = marry
deployers = build
[testrepo:/]
@admins = rw
@deployers = r
@developers = rw
[someotherrepo:/]
@admins = rw
@developers =
@deployers =
zack = rw