Re: svn update failures

[Daniel Miller <bonsaiviking () gmail com>]

Here's the error I am getting:

$ svn up nmap
Authentication realm: <https://svn.nmap.org:443> svn.nmap.org
Password for 'miller':
Authentication realm: <https://svn.nmap.org:443> svn.nmap.org
Username:
Password for '':
Authentication realm: <https://svn.nmap.org:443> svn.nmap.org
Username:
Password for '':
svn: OPTIONS of 'https://svn.nmap.org': authorization failed: Could
not authenticate to server: rejected Digest challenge, rejected Digest
challenge (https://svn.nmap.org)

So I decided to check OPTIONS of all the files in my copy of the repository:

PRUNE_SVN="( -name .svn -prune -false )"
find nmap $PRUNE_SVN -o -print | while read dir; do echo $dir >&2;
printf "OPTIONS /$dir HTTP/1.1\r\nHost: svn.nmap.org\r\n\r\n"; sleep
0.5; done | ncat --ssl svn.nmap.org 443

All of these come back with 200 OK. However, the root (/) is forbidden:

$ printf "OPTIONS / HTTP/1.1\r\nHost: svn.nmap.org\r\n\r\n" | ncat
--ssl svn.nmap.org 443
HTTP/1.1 401 Authorization Required
Date: Tue, 10 Apr 2012 05:06:56 GMT
Server: Apache/2.2.3 (CentOS)
WWW-Authenticate: Digest realm="svn.nmap.org",
nonce="fICDF0y9BAA=259b4dacb8b1595b71a32c0803fb58401d55382f",
algorithm=MD5, qop="auth", Digest realm="svn.nmap.org",
nonce="fICDF0y9BAA=259b4dacb8b1595b71a32c0803fb58401d55382f",
algorithm=MD5, qop="auth"
Content-Length: 611
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<p>Additionally, a 401 Authorization Required
error was encountered while trying to use an ErrorDocument to handle
the request.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at svn.nmap.org Port 443</address>
</body></html>

Hope this helps.
Dan

On Mon, Apr 9, 2012 at 4:54 PM, Fyodor <fyodor () insecure org> wrote:
> On Mon, Apr 09, 2012 at 04:15:13PM -0400, Forrest Aldrich wrote:
> > I'm not sure whether this is the issue.   For one, when I check out a
> > new, fresh copy of the repository the SVN update will work through a
> > couple of trees, then fail, asking for a login.
>
> What happens if you just accept the default username (or type guest)
> and then just hit return at the password prompt (to mean blank
> password)?  Now you shouldn't HAVE to do this, but I'm just wondering
> if it will work.  Also, do you only have to do it (the blank password
> auth) once, or does it ask you multiple times during the checkout?  Do
> you get it again when you svn up?
>
> For what it is worth, I wasn't able to reproduce the problem when I
> just tried:
>
> svn co --username foobar https://svn.nmap.org/nmap
>
> It just checked out the files without an authentication prompt.  svn
> up didn't trigger one either.
>
> Cheers,
> -F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/