[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Work-in-progress native authz for mod_dav_svn

From: Max Bowsher <maxb1_at_ukf.net>
Date: 2006-07-30 18:07:24 CEST

Artem Egorkine wrote:
> Hi,
>
> This is a snapshot of the code I'm writing for the Google Summer of
> Code. Please feel free to poke at it and give me feedback.
>
> The main idea: do path-based authorization natively within mod_dav_svn
> apache module without the help and overhead of mod_authz_svn.
>
> On per-location basis there are two new config statements:
>
> SVNNativeAuthz <on|off> - turn on native mod_dav_svn authorization
> SVNNativeAuthzFile <path> - the file containing permissions for the
> repository

Branko already commented about the naming and redundancy of these,
please follow up to his mail.

Please arrange for your mailer to attach patches using a text/plain MIME
type, instead of application/octet-stream, which inhibits inline display
and easy replying to specific portions of patches.

Some further comments on the patch:

In authz.c:check_access:
It seems to me that the use of the Apache hook return codes of
DONE/DECLINED/OK is entirely misleading here, since this function is
never called upon to operate in an Apache hook, instead always being
called from inside a mod_dav hook function which expects a dav_error*.
Unless there is ever a likelyhood to need to use check_access
functionality in another way, I strongly suggest inlining check_access
at its only call-site: dav_svn_check_access.

As for the rest of the patch - I'm currently studying mod_dav_svn so I
can review it properly.

It would be good if you could clarify what the intended final
disposition of your "#if 0"-ed code is - is it truly temporary, or
should we consider keeping it on "#ifdef SVN_DEBUG" ?

Max.

Max.

Received on Sun Jul 30 18:08:05 2006

This is an archived mail posted to the Subversion Dev mailing list.