[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Authz support in Svnserve

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-08-23 10:51:41 CEST

After some time away from subversion for personal reasons, it's here!
Hot off the R&D floor, seen on TV, advertised on IRC and now finally
available in your local copy of this mail!

This patch adds authz support in svnserve. That is, it adds an authz-db
configuration directive which points to a mod_authz_svn style authz
file, and makes svnserve do the magic so that it can enforce path-based
access control rules on client requests.

This is the final patch submission for my Summer of Code work. Once
this change is integrated, the feature I proposed to implement is
complete. In that respect, if the patch could get reviewed and done
with before Sept. 1st (pens-down for SoC), I'd appreciate it.

I took the liberty of updating the authz-policy.txt notes, which didn't
mention a few functions and commands that need authz checks; mostly
involving locking and functions that batch network transmissions for
efficiency, introduced in the more recent releases of svn. The list of
things to do to get authz implemented in a RA server should now be up to
date with respect to trunk.

The observant among you will notice that this patch is lacking tests.
This is true. While I dislike this situation as much as you do, I draw
your attention to the fact that mod_authz_svn doesn't have a test suite
either, because testing authz over the RA layer isn't that simple. I
have briefly discussed working such tests (which would have to a lot of
automatic generation all over the place) into the python test suite with
kfogel, sussman, ghudson and eh over IRC. These tests are needed, and I
will probably tackle it soon, once I've scratched a few other itches
that I have located in subversion.

In the meantime, careful review of this patch, along with the tests that
test the internal authz lookup routines and behaviour in the commit
editor should suffice to declare the implementation complete. I would
have liked my SoC work to include a full test suite covering all aspects
of my work, but personal problems have slowed me down these past few
weeks, so if you have no objection, this patch would complete my SoC
related task. Python tests would then be contributed (by me or someone
else) outside the scope of SoC.

For those who care, the revisions I had a hand in surrounding authz and
svnserve are r15242, r15400, r15435, r15447, r15455, r15463 and r15608,
plus the rev that'll include this changeset (quick kudos to the
"contribution tracking" log lines that helped me find this)

Anyway, </my life> and <patch>.

- Dave.

Make svnserve enforce path-based access control configuration during the
processing of client operations.

* notes/authz_policy.txt: Update the list of functions that take authz
     callbacks. Update the list of operations that require manual
     authz lookups.

* subversion/include/svn_config.h

* subversion/libsvn_repos/repos.c
   (create_conf): update the contents svnserve.conf to document the new
     configuration option for authz. Create a 'authz' configuration
     file with documentation and a few authz setting examples.

* subversion/libsvn_repos/repos.c
   (SVN_REPOS__CONF_AUTHZ): New define.

* subversion/svnserve/serve.c
   (server_baton_t): Add a handle to the authz configuration and the
     repository name for authz lookups.
   (authz_check_access, authz_check_access_cb, lookup_access): New
   (must_have_access): Add optional authz lookups if a specific path is
     passed. All callers updated.
   (change_rev_prop): Check for write access to the repository and pass
     an authz read callback to svn_repos_fs_change_rev_prop2.
   (accept_report, rev_proplist, rev_prop, log_cmd, get_locations,
    get_file_revs): Pass an authz read callback to libsvn_repos
   (add_lock_tokens): Use the svn RA utility functions to parse the
     client command. Perform authz lookups during the processing of
     lock tokens.
   (commit): Pass an authz read/write callback to the commit editor.
   (get_file, get_dir, check_path, stat, lock, lock_many, unlock,
    unlock_many, get_lock, get_locks): Enforce authz access control on
     the path(s) touched by the commands.
   (find_repos): Read the authz configuration if present and add the
     necessary information to the server baton.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Aug 23 10:58:16 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.