[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug in authz exclusion markers

From: Branko Čibej <brane_at_apache.org>
Date: Mon, 7 Oct 2019 15:02:11 +0200

On 07.10.2019 13:49, Grierson, David (Lead Engineer) wrote:
> Hi,
>
> I've just deployed Subversion v1.11.1 and have run into an issue with the use of the exclusion marker within authz files.
>
> See the attached authz file for data for the test cases.
>
> This file contains two groups:
> 1. "user-group" is a list of users (which might be used for specific repository access later in the file); membership : namedUser
> 2. "blocked-group" is a list of users who are to be blocked : membership: blockedUser
>
> The authz file contains a rule for the top level access which declares that anyone NOT in the blocked-group should get read-write access. Users in the blocked-group should only get read-only access.
>
> TEST CASES:
> 1. What access does namedUser have?
>
> $ svnauthz accessof svn_access_test --username namedUser
> rw
>
> Result: PASS
>
> 2. What access does blockedUser have?
>
> $ svnauthz accessof svn_access_test --username blockedUser
> r
>
> Result: PASS
>
> 3. What access does unnamedUser (a user who is authenticated to access Subversion but not mentioned in the authz file) have?
>
> $ svnauthz accessof svn_access_test --username unnamedUser
> r
>
> Result: FAIL
>
> My interpretation of this is a bug in the authz validation - can anyone else confirm that my thinking on this is correct or am I missing something with this?

It's hard to say without seeing the actual authz and group definition
files. The authnz handling is interesting enough that we really need
complete information to reproduce and debug. Sometimes the correct
behaviour is not intuitive.

-- Brane
Received on 2019-10-07 15:02:19 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.