[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Add anonymous user and inverted authz rule matching.

From: Jonathan Gilbert <o2w9gs702_at_sneakemail.com>
Date: 2006-12-03 23:33:29 CET

I just thought I'd bring this back into the collective consciousness now
that there isn't an important version number change happening in 2 weeks :-)

I've updated the patch to work with the new aliases feature. Please find it
attached. Unfortunately, I am forced to gzip it because otherwise my mail
client will send it unencoded, and my mail server will complain about the
lines not ending in CRLF. Ugh.

I have in fact been using a build of Subversion with this functionality it
on my own production server for many months now, and I find the feature
indispensable, as it allows me to make rules matching only anonymous users
or only authenticated users.

Add pure anonymous rules & inverted rules to the authz system.

* subversion/libsvn_repos/authz.c
  (authz_line_applies_to_user): New method factored out of
   authz_parse_line() and extended to support pure anonymous
   rules & inverted rules.
  (authz_validate_rule): Reject doubly-inverted rules ("double

Jonathan Gilbert

At 12:55 AM 17/08/2006 -0500, I wrote:
>The following patch adds two new types of rule to Subversion's
>authz system:
> * Rules with the text "$" or "anonymous" match *only* the
> anonymous user, and not authenticated users.
> * Rules preceded with a "~" are inverted, so that, for
> instance, "~anonymous" will match all authenticated users.
>As part of the change, the code to test whether a rule applies to
>the current user has been factored out into a new method in
>authz.c called authz_line_applies_to_user().
>The authz_validate_rule() method has also been updated to check
>for "double negatives" -- inversion used repeatedly within a
>single rule -- which I have explicitly denied to help assure
>a modicum of sanity.
>My e-mail client isn't very good at converting newlines and
>such with plain text attachments, so I'm including the patch
>text inline for review, and attaching the actual patch file as
>a binary file (gzipped) to avoid posting messages with LF line
>endings interspersed with CRLF line endings :-)
>Send all comments, and (hopefully) enjoy,
>Jonathan Gilbert

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sun Dec 3 23:32:03 2006

This is an archived mail posted to the Subversion Dev mailing list.