[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Support character classes in glob authz rules

From: Branko Čibej <brane_at_apache.org>
Date: Mon, 3 Dec 2018 07:12:10 +0100

TL;DR:

https://issues.apache.org/jira/browse/SVN-4204
https://issues.apache.org/jira/browse/SVN-4795

The longer story:

Even though apr_fnmatch(), which we use for matching glob patterns in
authz rules, supports character classes ([A-Z] etc.), we can't use them
in the glob rules because of the way the config parser works. For
example, the following rule:

[:glob:/**/*.[Dd]oc]
* = rw

will be silently parsed to ":glob:/**/*.[Dd" and will match neither
'x.doc' nor 'x.Doc' but will match 'x.[Dd', which the user almost
certainly does not want. The reason for this is that our config parser,
which we still use for the syntactical part of parsing the authz files,
strictly follows the semantics of Python's ConfigParser and treats the
first ']' it finds as the section terminator, ignoring any remaining
characters to the end of the line.

The proposed patch changes this behaviour as follows:

  * the /last/ ']' in the line is the section terminator;
  * only whitespace is allowed after the terminator to the end of the line.

The proposed change in the parser is only enabled for parsing authz and
global group files, other Subversion configuration files will use the
current semantics.

Comments? Suggestions?

-- Brane

[[[
Change the authz file parser to allow character classes in glob rules.

* subversion/include/private/svn_config_private.h
  (svn_config__parse_stream): Add new parameter 'strict_sections'
   and update the docstring to describe what it does.

* subversion/include/private/svn_string_private.h
  (svn_stringbuf__strip_trailing_whitespace): New.

* subversion/libsvn_repos/authz_parse.c
  (svn_authz__parse): Invoke the new behaviour of svn_config__parse_stream.

* subversion/libsvn_subr/config.c
  (svn_config_parse): Use the old behaviour of svn_config__parse_stream.

* subversion/libsvn_subr/config_file.c: Inclulde private/svn_string_private.h.
  (parse_context_t): New member 'strict_sections'.
  (parse_section_name): Select how sections are parsed depending on the
   value of the 'strict_sections' flag. Update docstring.
  (svn_config__parse_file): Use the old behaviour of svn_config__parse_stream.
  (svn_config__parse_stream): Update implementation; store the new
   'strict_sections' flag in the parser context.

* subversion/libsvn_subr/string.c
  (svn_stringbuf__strip_trailing_whitespace): Implement; extracted from ...
  (svn_stringbuf_strip_whitespace): ... here.

Fixes: SVN-4204, SVN-4795
]]]

Received on 2018-12-03 07:12:21 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.