[PATCH] Error checking in authz

This mail is in fact a followup to
http://svn.haxx.se/dev/archive-2005-07/0090.shtml . I'm now submitting
the complete implementation of error checking in one go (albeit in three
patches), hence the thread change.

The first patch adds error throwing to existing authz functions.
The second adds a function which parsing and validating of an authz file
atomically (which is a drop-in replacement of svn_config_read for authz
files).
The third implements the change, requested by Greg Hudson, to have an
opaque data type representing an authz file, in prevision of a future
change in said representation. You may want to delay this change until
there is actually a change in representation, the change is small enough
to not matter much until then.

As a side note, I'm keeping track of requested enhancements to design
and bring to the authz code once authz is in svnserve. So far I have:
  - Rewrite authz to use a different, more efficient internal
representation of authz files.
  - Add wildcard support to authz files (exactly what that means to be
defined).
  - Enable writing of ACLs on properties (and revprops?).

If you have other todos to add to this list, please let me know. When
the time comes I'll send implementation proposals to the list for
further discussion.

- Dave.

----
Commit message for patch 1:
[[[
Make the authz lookup return errors when it runs into an invalid
configuration file during operation.
* subversion/include/svn_error_codes.h: New error. Update copyright
     notice.
* subversion/libsvn_repos/authz.c
   (authz_baton): Add a svn_error_t* to throw errors out of enumeration
     functions.
   (authz_group_contains_user_internal,
    authz_group_contains_user,
    authz_get_path_access,
    authz_get_tree_access): Change prototype to return errors, add
     error checking code. All callers changed.
   (authz_parse_line, authz_parse_section): Throw errors and halt
     configuration traversal if necessary.
   (svn_repos_authz_check_access): Throw errors back to the caller.
* subversion/tests/libsvn_repos/repos-test.c
   (authz_get_handle): New function. Factor out the converting a char*
     authz file contents to a parsed svn_config_t* from the authz test
     function.
   (authz): Add a second batch of tests to ensure that invalid authz
     configurations are caught during the authz lookup.
]]]
----
Commit message for patch 2:
[[[
Add a function which opens and verifies that an authz configuration file
does not contain any logic errors.
* subversion/include/svn_repos.h
   (svn_repos_authz_read): New public API.
* subversion/libsvn_repos/authz.c
   (authz_validate_rule, authz_validate_group, authz_validate_section):
     New internal functions.
   (svn_repos_authz_read): New function.
* subversion/mod_authz_svn/mod_authz_svn.c
   (req_check_access): replace call to svn_config_read with a call to
     svn_repos_authz_read.
* subversion/tests/libsvn_repos/repos-test.c
   (authz_get_handle): Replace call to svn_config_read with a call to
     svn_repos_authz_read.
   (authz): Modify the error-checking tests to test immediately after
     file load rather than after an authz lookup.
]]]
----
Commit message for patch 3:
[[[
Introduce a new data type to represent authz access control lists, in
prevision of rewriting the current authz algorithm to use a different
internal representation.
* subversion/include/svn_repos.h
   (svn_authz_t): New opaque data type.
   (svn_repos_authz_read, svn_repos_authz_check_access): use svn_authz_t
     for authz configuration.
* subversion/mod_authz_svn/mod_authz_svn.c,
   subversion/tests/libsvn_repos/repos-test.c,
   subversion/libsvn_repos/authz.c:
     Use svn_authz_t instead of svn_config_t for handles to authz
     configurations.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org