[PATCH] Native path-based authorization for mod_dav_svn

From: Artem Egorkine <arteme_at_gmail.com>
Date: 2006-08-24 00:48:40 CEST

Hi,

It has been a while since I last sent in anything. The native
path-based authorization patch is now feature-complete and up-to-date
with the latest changes in the trunk.

A few words:

* SVNNativeAuthz and SVNNativeAuthzFile derectives I have kept
contrary to comments by Max and Justin. My original justification that
this is for testing purposes, to be able to test mod_authz_svn and
mod_dav_svn authorization side-by-side in one server. Once this patch
makes it to trunk, they can be changed to something less redundant.

* I don't have the performance statistics right here with me, but
expect to see them very soon.

Best Regards,
Artem

[[[
in subversion/mod_dav_svn/

* dav_svn_h
   (dav_svn__get_native_authz_flag,
    dav_svn__get_native_authz_file,
    dav_svn__check_access,
    dav_svn__check_resource_access,
    dav_svn__check_parent_access,
    dav_svn__check_global_access): Exported functions for
    path-based authorization.
    dav_svn__get_parent_path): Exported helper hunction.

* mod_dav_svn.c
   (SVNNativeAuthz_cmd, SVNNativeAuthzFile_cmd):
   Command functions for 'SVNNativeAuthz' and 'SVNNativeAuthzFile'
   directives.
   (dav_svn__get_native_authz_flag, dav_svn__get_native_authz_file):
   Access functions to native authz configuration settings.
   (cmds): Registered new directives.

* authz.c
   (allow_read): Do native authz lookups if SVNNativeAuthz
   directive is on for this resource.
   (check_access, log_access_verdict,dav_svn__check_access):
   New functions to perform path-based authorization within
   mod_dav_svn.
   (dav_svn__check_resource_access,
    dav_svn__check_parent_access,
    dav_svn__check_global_access): New helper functions;
   Wrappers around dav_svn__check_access.

* lock.c
(append_locks, remove_lock): Do native authz if it is active.

* repos.c
   (get_resource, open_stream, set_headers,
    create_collection, copy_resource, remove_resource,
    move_resource, do_walk): Simple native authz checks.
   (get_parent_resource): Switch to using dav_svn__get_parent_path.
   (deliver): If collection resource, do authorization for
   each child.

* util.c
(dav_svn__get_parent_path): New helper function.

* version.c
(dav_svn__checkout, deliver_report, make_activity):
Simple native authz checks.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

text/plain attachment: r21200-native-authz.diff.txt

Received on Thu Aug 24 00:49:24 2006

This message: [ Message body ]
Next message: Julian Foad: "Re: Extending new update --force switch to handle local additions -- also new related FAQ"
Previous message: Kobayashi Noritada: "Do not update po files all together in the trunk (was: Re: svn commit: r21233 - trunk/subversion/po)"
Next in thread: Max Bowsher: "Re: [PATCH] Native path-based authorization for mod_dav_svn"
Reply: Max Bowsher: "Re: [PATCH] Native path-based authorization for mod_dav_svn"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]