Ok, so here's the first cut of a patch to add the ability to control
replay access to our authz system. It takes the form of a new
permission (p, for 'play', since r is taken) and is implemented by
adding appropriate authz checks in the ra_svn replay impl and in
mod_authz_svn (by adding a filter that looks for replay reports).
This is not my final word on this subject, there are a number of
issues I want to resolve before going forward, but I wanted to get the
patch out there so that people can take a look at the direction I'm
going in.
Known problems/deviations from previous discussions:
This defaults to turning replay off, not on. Why? Well, it seems to
fit better with our authz system, otherwise if you turn replay off at
the top level it's too easy to accidentally turn it on at a lower
level of the tree as part of a rule that's intended to turn access
off. For example, a common idiom now is to add a * = line to keep
people from accessing a directory, if replay was on by default and you
had to add a p permission to turn it off, that idiom would suddenly
ALLOW replay.
This doesn't do anything about the problem of people being able to
check out huge parts of the tree. The update report (used for
checkout) is really complex, and I haven't had time to revisit it and
find good ways to detect that sort of behavior yet. I'm not sure if
I'll have time to get to that before 1.4 branches, but we'll see. I
figured getting something out there for replay alone was better than
not getting anything out at all.
The report filter is not very generic. Right now it's located in
mod_authz_svn and specifically looks for just the replay report. I'd
like to make it more general and callback driven, and move it to
mod_dav_svn, so it can be reused, since filtering the report bodies is
kind of tricky and might be useful for other purposes in the future.
I can envision custom logging modules that might want it, or
specialized authz modules, and there's no reason to make them
duplicate that code.
The report filter's error is not very friendly. I'd like to figure
out how to make it send back an XML serialized error that'll show up
nicely in the client's output, but I haven't gotten around to that
yet.
The report filter's xml parsing doesn't handle namespaces correctly.
I may just steal this code from ra_serf, since Justin has already
written it, but it would be nice if we could move it someplace generic
instead of duplicating it.
Anyway, let me know what you think. Log message and diff follows.
-garrett
[[[
Add the concept of replay permission to our authz system.
* subversion/include/svn_repos.h
(svn_authz_recursive): New authz access type.
* subversion/libsvn_repos/authz.c
(authz_access_is_granted): Handle replay authz.
(authz_parse_line): Parse replay permissions out of the line.
* subversion/libsvn_ra_svn/client.c
(ra_svn_replay): Add in an extra read_cmd_response so we can bail
out before starting the editor drive.
* subversion/svnserve/serve.c
(authz_check_access_cb_func): Fix indentation.
(replay): Check replay authz, add a write_cmd_response so we can
successfully bail if replay isn't allowed.
* subversion/mod_authz_svn/mod_authz_svn.c
(report_type_t): New enum.
(report_filter_ctx): New struct, holds data for our report filter.
(report_filter): New filter function, parses incoming reports to
determine their type and takes appropriate action.
(start_element): New function, figures out what type of report this
is.
(end_element, cdata): Dummy expat callback functions, empty for now.
(req_check_access): Make formatting consistent, set up a report
filter if this is a report request.
(register_hooks): Register our report filter.
* subversion/tests/cmdline/svnsync_tests.py
(basic_authz, copy_from_unreadable_dir): Turn replay on for these
tests.
(blocked_replay): New test for the ability to block replay.
(test_list): Add the new test.
]]]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 25 23:57:18 2006