#466000 libapache2-svn: Incorrect parsing of authz file

#466000#5
Date:
2008-02-15 21:36:33 UTC
From:
To:
My /etc/apache2/sites-enabled/default:

  NameVirtualHost *
  <VirtualHost *>
  ...
      <Location /svn>
	  DAV svn
	  SVNPath /var/svn/repos
	  AuthType Basic
	  AuthName "Pent's Subversion Repository"
	  AuthUserFile /var/svn/.dav_svn.passwd

	  # Enable advanced svn access rights management
	  AuthzSVNAccessFile /var/svn/repos/conf/authz

	  # Enable anonymous read-only access
	  <LimitExcept GET PROPFIND OPTIONS REPORT>
	      Require valid-user
	  </LimitExcept>
      </Location>
  ...
  </VirtualHost>

My /var/svn/repos/conf/authz:

  ### This file is an example authorization file for svnserve.
  ### Its format is identical to that of mod_authz_svn authorization
  ### files.
  ### As shown below each section defines authorizations for the path and
  ### (optional) repository specified by the section name.
  ### The authorizations follow. An authorization line can refer to a
  ### single user, to a group of users defined in a special [groups]
  ### section, or to anyone using the '*' wildcard.  Each definition can
  ### grant read ('r') access, read-write ('rw') access, or no access
  ### ('').

  [groups]
  # harry_and_sally = harry,sally
  cmr = pent,vokram,nazy,riviera,neco,gilby,caston

  # [/foo/bar]
  # harry = rw
  # * =

  # [repository:/baz/fuz]
  # @harry_and_sally = rw
  # * = r

  [/]
  * = r
  pent = rw

  [/sandbox]
  * = rw

  [/private]
  * =

  [/private/caston]
  caston = rw

  [/study]
  @cmr = rw

  [/study/practice-2007]
  solaris = rw

I expect /private/caston to be readable by caston and no one
else. However, when I try to checkout /private/caston, I get an error:

  pent@neo:~/test$ svn co http://neo/svn/private/caston --username caston
  svn: PROPFIND request failed on '/svn/private/caston'
  svn: PROPFIND of '/svn/private/caston': 403 Forbidden (http://neo)

Even if I change

  [/private]
  * =

  [/private/caston]
  caston = rw

to

  [/private/caston]
  caston = rw
  * =

I still can not checkout the directory due to the same error.
Apparently the problem is with "* =" directive.

I'm ready to provide any additional information.