Re: [PATCH] Add anonymous user and inverted authz rule matching.

From: Jonathan Gilbert <o2w9gs702_at_sneakemail.com>
Date: 2006-12-03 23:33:29 CET

I just thought I'd bring this back into the collective consciousness now
that there isn't an important version number change happening in 2 weeks :-)

I've updated the patch to work with the new aliases feature. Please find it
attached. Unfortunately, I am forced to gzip it because otherwise my mail
client will send it unencoded, and my mail server will complain about the
lines not ending in CRLF. Ugh.

I have in fact been using a build of Subversion with this functionality it
on my own production server for many months now, and I find the feature
indispensable, as it allows me to make rules matching only anonymous users
or only authenticated users.

[[[
Add pure anonymous rules & inverted rules to the authz system.

* subversion/libsvn_repos/authz.c
  (authz_line_applies_to_user): New method factored out of
   authz_parse_line() and extended to support pure anonymous
   rules & inverted rules.
  (authz_validate_rule): Reject doubly-inverted rules ("double
   negatives").
]]]

Jonathan Gilbert

At 12:55 AM 17/08/2006 -0500, I wrote:
>The following patch adds two new types of rule to Subversion's
>authz system:
>
> * Rules with the text "$" or "anonymous" match *only* the
> anonymous user, and not authenticated users.
> * Rules preceded with a "~" are inverted, so that, for
> instance, "~anonymous" will match all authenticated users.
>
>As part of the change, the code to test whether a rule applies to
>the current user has been factored out into a new method in
>authz.c called authz_line_applies_to_user().
>
>The authz_validate_rule() method has also been updated to check
>for "double negatives" -- inversion used repeatedly within a
>single rule -- which I have explicitly denied to help assure
>a modicum of sanity.
>
>My e-mail client isn't very good at converting newlines and
>such with plain text attachments, so I'm including the patch
>text inline for review, and attaching the actual patch file as
>a binary file (gzipped) to avoid posting messages with LF line
>endings interspersed with CRLF line endings :-)
>
>Send all comments, and (hopefully) enjoy,
>
>Jonathan Gilbert

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

application/octet-stream attachment: svn-authz-patch-new.diff.gz

Received on Sun Dec 3 23:32:03 2006

This message: [ Message body ]
Next message: Madan U Sreenivasan: "[MERGE-TRACKING][PATCH] Make use of the svn_client_commit_item2_t->wcprop_changes member during commit of wc to repos copy"
Previous message: Vladimir Berezniker: "[POC] Giving Subversion more control ove SSPI credentials [was Re: On backporting r21531 to 1.4.x.]"
Next in thread: Hyrum K. Wright: "Re: [PATCH] Add anonymous user and inverted authz rule matching."
Reply: Hyrum K. Wright: "Re: [PATCH] Add anonymous user and inverted authz rule matching."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]