Re: [PATCH] Error checking in authz

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-07-21 15:06:43 CEST

Obviously, trust me to be the village idiot and forget to attach the
file just as I leave for 6 days. Oh well, it gave me a chance to review
it again and iron out a few remaining problems. Here it is again, with
(I believe) everything corrected and set for commiting.

[[[
Make the authz lookup return errors when it runs into an invalid
configuration file during operation. Add a function which opens and
verifies that an authz configuration file does not contain any logic
errors.

* subversion/include/svn_error_codes.h: New error. Update copyright
notice.

* subversion/include/svn_repos.h
   (svn_authz_t): New opaque data type.
   (svn_repos_authz_read): New public API.
   (svn_repos_authz_check_access): Fix docstring typo. Use a
     svn_authz_t* instead of a svn_config_t*.

* subversion/libsvn_repos/authz.c
     Use svn_authz_t instead of svn_config_t for handles to authz
     configurations.
   (authz_baton): Add a svn_error_t* to throw errors out of authz
     enumeration functions.
   (authz_group_contains_user_internal): Remove function.
   (authz_group_contains_user,
    authz_get_path_access,
    authz_get_tree_access): Change prototype to return errors, add
     error checking code. All callers changed.
   (authz_parse_line, authz_parse_section): Throw errors and halt
     configuration traversal if necessary.
   (svn_repos_authz_check_access): Throw errors back to the caller.
   (authz_group_walk, authz_validate_rule,
    authz_validate_group, authz_validate_section):
     New internal functions.
   (svn_repos_authz_read): New function.

* subversion/tests/libsvn_repos/repos-test.c
     Use svn_authz_t instead of svn_config_t for handles to authz
     configurations.
   (authz_get_handle): New function. Factor out the converting a char*
     authz file contents to a parsed svn_authz_t* from the authz test
     function.
   (authz): Add a second batch of tests to ensure that invalid authz
     configurations are caught during the authz loading.

* subversion/mod_authz_svn/mod_authz_svn.c
     Use svn_authz_t instead of svn_config_t for handles to authz
     configurations.
   (req_check_access): replace call to svn_config_read with a call to
     svn_repos_authz_read.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

text/x-patch attachment: authz_error_checking.patch

Received on Thu Jul 21 15:07:41 2005

This message: [ Message body ]
Next message: Kouhei Sutou: "[PATCH] add svn_config_clear_auth_data"
Previous message: John Peacock: "Re: Logging: home-grown mechanism or syslog/event-log?"
In reply to: Greg Hudson: "Re: [PATCH] Error checking in authz"
Next in thread: Greg Hudson: "Re: [PATCH] Error checking in authz"
Reply: Greg Hudson: "Re: [PATCH] Error checking in authz"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]