Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: svn update failures
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 10 Apr 2012 00:07:32 -0500

Here's the error I am getting:

$ svn up nmap
Authentication realm: <https://svn.nmap.org:443> svn.nmap.org
Password for 'miller':
Authentication realm: <https://svn.nmap.org:443> svn.nmap.org
Password for '':
Authentication realm: <https://svn.nmap.org:443> svn.nmap.org
Password for '':
svn: OPTIONS of 'https://svn.nmap.org': authorization failed: Could
not authenticate to server: rejected Digest challenge, rejected Digest
challenge (https://svn.nmap.org)

So I decided to check OPTIONS of all the files in my copy of the repository:

PRUNE_SVN="( -name .svn -prune -false )"
find nmap $PRUNE_SVN -o -print | while read dir; do echo $dir >&2;
printf "OPTIONS /$dir HTTP/1.1\r\nHost: svn.nmap.org\r\n\r\n"; sleep
0.5; done | ncat --ssl svn.nmap.org 443

All of these come back with 200 OK. However, the root (/) is forbidden:

$ printf "OPTIONS / HTTP/1.1\r\nHost: svn.nmap.org\r\n\r\n" | ncat
--ssl svn.nmap.org 443
HTTP/1.1 401 Authorization Required
Date: Tue, 10 Apr 2012 05:06:56 GMT
Server: Apache/2.2.3 (CentOS)
WWW-Authenticate: Digest realm="svn.nmap.org",
algorithm=MD5, qop="auth", Digest realm="svn.nmap.org",
algorithm=MD5, qop="auth"
Content-Length: 611
Content-Type: text/html; charset=iso-8859-1

<title>401 Authorization Required</title>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<p>Additionally, a 401 Authorization Required
error was encountered while trying to use an ErrorDocument to handle
the request.</p>
<address>Apache/2.2.3 (CentOS) Server at svn.nmap.org Port 443</address>

Hope this helps.

On Mon, Apr 9, 2012 at 4:54 PM, Fyodor <fyodor () insecure org> wrote:
On Mon, Apr 09, 2012 at 04:15:13PM -0400, Forrest Aldrich wrote:

I'm not sure whether this is the issue.   For one, when I check out a
new, fresh copy of the repository the SVN update will work through a
couple of trees, then fail, asking for a login.

What happens if you just accept the default username (or type guest)
and then just hit return at the password prompt (to mean blank
password)?  Now you shouldn't HAVE to do this, but I'm just wondering
if it will work.  Also, do you only have to do it (the blank password
auth) once, or does it ask you multiple times during the checkout?  Do
you get it again when you svn up?

For what it is worth, I wasn't able to reproduce the problem when I
just tried:

svn co --username foobar https://svn.nmap.org/nmap

It just checked out the files without an authentication prompt.  svn
up didn't trigger one either.

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]