[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Allow anonymous ra_svn write access

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-11-02 22:44:52 CET

Paul Burba wrote:
> For now I'm going to continue testing my 1.3 ebcdic port (which is
> how I originally came across the same problem you did) with my patch
> in place and see if anything else falls out. In the meantime, if
> someone out there knows this section of code and can spare some time
> to take a look at either patch, please do.

I've just had a peek (I wrote the original authz code for svnserve).
 From what we're able to determine over IRC, the bug is due to an
oversight on my part: thinking that 0 lock tokens meant lock_tokens ==
NULL, when in fact NULL is for pre-1.2 compatibility and a list of 0
tokens is default post-1.2.

In that context, it is Philip's patch that fixes the bug in the correct
way. Your patch also corrects it, but at a lower level, inside a
routine used by many other routines. And in some contexts in which this
function gets called, the absence of an authz_db doesn't mean you can
skip needs_username requirements. So, I think your fix could trigger
invalid clearances in some other places.

I'll commit Philip's patch in a minute, and nominate it for 1.3.x.
Thanks to both of you for spending the time to track this one down!

- Dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Nov 2 22:49:02 2005

This is an archived mail posted to the Subversion Dev mailing list.