Paul Burba wrote:
> For now I'm going to continue testing my 1.3 ebcdic port (which is
> how I originally came across the same problem you did) with my patch
> in place and see if anything else falls out. In the meantime, if
> someone out there knows this section of code and can spare some time
> to take a look at either patch, please do.
I've just had a peek (I wrote the original authz code for svnserve).
From what we're able to determine over IRC, the bug is due to an
oversight on my part: thinking that 0 lock tokens meant lock_tokens ==
NULL, when in fact NULL is for pre-1.2 compatibility and a list of 0
tokens is default post-1.2.
In that context, it is Philip's patch that fixes the bug in the correct
way. Your patch also corrects it, but at a lower level, inside a
routine used by many other routines. And in some contexts in which this
function gets called, the absence of an authz_db doesn't mean you can
skip needs_username requirements. So, I think your fix could trigger
invalid clearances in some other places.
I'll commit Philip's patch in a minute, and nominate it for 1.3.x.
Thanks to both of you for spending the time to track this one down!
- Dave.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Nov 2 22:49:02 2005