[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Add anonymous user and inverted authz rule matching.

From: Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu>
Date: 2006-12-11 15:28:50 CET

Jonathan Gilbert wrote:
> I just thought I'd bring this back into the collective consciousness now
> that there isn't an important version number change happening in 2 weeks :-)
>
> I've updated the patch to work with the new aliases feature. Please find it
> attached. Unfortunately, I am forced to gzip it because otherwise my mail
> client will send it unencoded, and my mail server will complain about the
> lines not ending in CRLF. Ugh.
>
> I have in fact been using a build of Subversion with this functionality it
> on my own production server for many months now, and I find the feature
> indispensable, as it allows me to make rules matching only anonymous users
> or only authenticated users.

Jonathan,
I've tried opening your patch, both through my mail-reader, as well as
through the archive, and it doesn't seem to have any content. Could you
repost your patch?

If you are having trouble sending the patch through your mail server,
you might consider posting it somewhere online and posting the URL to
the list.

-Hyrum

> [[[
> Add pure anonymous rules & inverted rules to the authz system.
>
> * subversion/libsvn_repos/authz.c
> (authz_line_applies_to_user): New method factored out of
> authz_parse_line() and extended to support pure anonymous
> rules & inverted rules.
> (authz_validate_rule): Reject doubly-inverted rules ("double
> negatives").
> ]]]
>
> Jonathan Gilbert
>
> At 12:55 AM 17/08/2006 -0500, I wrote:
>> The following patch adds two new types of rule to Subversion's
>> authz system:
>>
>> * Rules with the text "$" or "anonymous" match *only* the
>> anonymous user, and not authenticated users.
>> * Rules preceded with a "~" are inverted, so that, for
>> instance, "~anonymous" will match all authenticated users.
>>
>> As part of the change, the code to test whether a rule applies to
>> the current user has been factored out into a new method in
>> authz.c called authz_line_applies_to_user().
>>
>> The authz_validate_rule() method has also been updated to check
>> for "double negatives" -- inversion used repeatedly within a
>> single rule -- which I have explicitly denied to help assure
>> a modicum of sanity.
>>
>> My e-mail client isn't very good at converting newlines and
>> such with plain text attachments, so I'm including the patch
>> text inline for review, and attaching the actual patch file as
>> a binary file (gzipped) to avoid posting messages with LF line
>> endings interspersed with CRLF line endings :-)
>>
>> Send all comments, and (hopefully) enjoy,
>>
>> Jonathan Gilbert

Received on Mon Dec 11 15:29:17 2006

This is an archived mail posted to the Subversion Dev mailing list.