[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AuthzSVNAccessFile groups

From: Sander Striker <striker_at_apache.org>
Date: 2004-10-04 00:52:17 CEST

On Fri, 2004-10-01 at 15:03, Ben Collins-Sussman wrote:
> On Oct 1, 2004, at 1:41 AM, Timothee Besset wrote:
>
> > Agreed. I am suffering from this as well.
> >
> >
>
> Perhaps an enhancement request should be filed?
>
> Sander Striker: is this enhancement even doable? I don't know enough
> about the apache API.

Not currently possible, no. There are three phases in httpd
authentication:

 - access_checker, typically used for host/ip based authorization
 - check_user_id, typically used to authenticate a user
 - auth_checker, typically used to verify if a user is in a certain
   group, and/or, if the user/group has access to the resource being
   accessed.

Now, mod_authz_svn uses both access_checker and auth_checker.
access_checker is used to determine if anonymous access is allowed.
auth_checker is used to determine whether r->user is allowed
access. Since there is no API that allows for resolving in which
groups a user is in httpd 2.0, and whatever was done with respect
to groups in a previous auth_checker hook isn't stored anywhere,
it is fairly hard to implement without doing a crude copy 'n
paste from another auth_module.

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 4 00:52:40 2004

This is an archived mail posted to the Subversion Dev mailing list.