[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Add anonymous user and inverted authz rule matching.

From: Jonathan Gilbert <o2w9gs702_at_sneakemail.com>
Date: 2007-03-08 07:43:53 CET

At 06:56 AM 3/8/2007 +0100, David Anderson wrote:
>I made a few more style tweaks on the second pass. Also, I saw that
>the validation code didn't carry out further validation on an inverted
>rule (eg. '~@non_existent_group' didn't get caught). I rejiggered the
>authz validation function to account for inversions and keep sanity
>checking past the inversion.

Ah, yes. I think when I first made my changes there I had recursion in
mind, much the way authz_line_applies_to_user recurses to handle inversion,
but it evidently never actually came to fruition.

>I've got to head out, and my trunk hasn't finished building, so I'm
>posting the tweaked patch back here. If you have a minute, I'd
>appreciate another pair of eyes on the tweaks. If my trunk builds and
>passes basic sanity checks, I'll submit the patch when I get back, in
>a little over 6hrs.
>
>Also, the new syntax and logic could really do with unit tests. Do you
>feel up to writing those? If you do, great! If not, no big deal, I'll
>put some together and submit them back to back with your patch.

I'm not really sure how to do that, but if I remember and have some spare
time, I'm sure I can figure it out :-) If you were hoping to have them
before doing the check-in, then it'd probably be better if you did them. If
it's okay for them to arrive over the week-end, then I'll put it on my TODO
list.

I did notice one thing in the patch, a comment I neglected to update when
switching from having '$' to having '$authenticated':

+ /* If we get here, then the rule is:
+ * - Not an inversion rule.
+ * - Not a pure-anonymous rule.
+ * - Not a wildcard rule.

"Not a pure-anonymous rule." should read something like "Not a special
authz token."

Other than that, your changes look good to me. We'll have to wait to hear
back from your build to be certain :-)

For what it's worth, while I didn't have a Subversion unit test for these
changes, their initial development was done in a separate mini-project
which tested them before I went and integrated them into authz.c.

Jonathan Gilbert

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Mar 8 07:42:14 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.