Bug in authz exclusion markers

From: Grierson, David (Lead Engineer) <David.Grierson_at_sky.uk>
Date: Mon, 7 Oct 2019 11:49:26 +0000

Hi,

I've just deployed Subversion v1.11.1 and have run into an issue with the use of the exclusion marker within authz files.

See the attached authz file for data for the test cases.

This file contains two groups:
1. "user-group" is a list of users (which might be used for specific repository access later in the file); membership : namedUser
2. "blocked-group" is a list of users who are to be blocked : membership: blockedUser

The authz file contains a rule for the top level access which declares that anyone NOT in the blocked-group should get read-write access. Users in the blocked-group should only get read-only access.

TEST CASES:
1. What access does namedUser have?

$ svnauthz accessof svn_access_test --username namedUser
rw

Result: PASS

2. What access does blockedUser have?

$ svnauthz accessof svn_access_test --username blockedUser
r

Result: PASS

3. What access does unnamedUser (a user who is authenticated to access Subversion but not mentioned in the authz file) have?

$ svnauthz accessof svn_access_test --username unnamedUser
r

Result: FAIL

My interpretation of this is a bug in the authz validation - can anyone else confirm that my thinking on this is correct or am I missing something with this?

Thanks,

David.

--
David Grierson - Lead Engineer
Sky - UK Information Systems - Tools Team
Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.
Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD

application/octet-stream attachment: svn_access_test

Received on 2019-10-07 13:49:44 CEST

This message: [ Message body ]
Next message: Branko Čibej: "Re: Bug in authz exclusion markers"
Previous message: Branko Čibej: "Re: correct API to get current textual WC modifications, for parsing postprocessing"
Next in thread: Branko Čibej: "Re: Bug in authz exclusion markers"
Reply: Branko Čibej: "Re: Bug in authz exclusion markers"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]