[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r23804 - trunk/subversion/mod_dav_svn

From: Erik Huelsmann <ehuels_at_gmail.com>
Date: 2007-03-14 12:40:58 CET

Oh. Sorry :-)

My last mail was a bit premature, I see.

bye,

Erik.

On 3/14/07, djames@tigris.org <djames@tigris.org> wrote:
> Author: djames
> Date: Tue Mar 13 20:56:24 2007
> New Revision: 23804
>
> Log:
> Revert r23802 and r23803, which were intended to be committed to the
> artem-soc-work branch.
>
> Branch: trunk
>
>
>
> Modified:
> trunk/subversion/mod_dav_svn/authz.c
> trunk/subversion/mod_dav_svn/dav_svn.h
> trunk/subversion/mod_dav_svn/lock.c
> trunk/subversion/mod_dav_svn/mod_dav_svn.c
> trunk/subversion/mod_dav_svn/repos.c
> trunk/subversion/mod_dav_svn/version.c
>
> Modified: trunk/subversion/mod_dav_svn/authz.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/authz.c?pathrev=23804&r1=23803&r2=23804
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/authz.c (original)
> +++ trunk/subversion/mod_dav_svn/authz.c Tue Mar 13 20:56:24 2007
> @@ -18,12 +18,10 @@
>
> #include <http_request.h>
> #include <http_log.h>
> -#include <http_protocol.h>
>
> #include "svn_pools.h"
> #include "svn_path.h"
>
> -#include "svn_dav.h"
> #include "dav_svn.h"
>
>
> @@ -60,31 +58,15 @@
> /* Build a Version Resource uri representing (rev, path). */
> uri = dav_svn__build_uri(repos, uri_type, rev, path, FALSE, pool);
>
> - if (dav_svn__get_native_authz_file(r))
> - {
> - /* Do native auhorization lookup - read access */
> - dav_error *err = dav_svn__check_access(repos->repo_name,
> - path,
> - r,
> - svn_authz_read);
> -
> - if (! err)
> - allowed = TRUE;
> + /* Check if GET would work against this uri. */
> + subreq = ap_sub_req_method_uri("GET", uri, r, r->output_filters);
>
> - /* XXX: need to cleanup dav_error? */
> - }
> - else
> + if (subreq)
> {
> - /* Check if GET would work against this uri. */
> - subreq = ap_sub_req_method_uri("GET", uri, r, r->output_filters);
> -
> - if (subreq)
> - {
> - if (subreq->status == HTTP_OK)
> - allowed = TRUE;
> + if (subreq->status == HTTP_OK)
> + allowed = TRUE;
>
> - ap_destroy_sub_req(subreq);
> - }
> + ap_destroy_sub_req(subreq);
> }
>
> return allowed;
> @@ -198,195 +180,3 @@
> return allow_read(resource->info->r, resource->info->repos,
> resource->info->repos_path, rev, pool);
> }
> -
> -
> -/* Native path-based authorization */
> -
> -static int
> -check_access(const char *repos_name,
> - const char *repos_path,
> - request_rec* r,
> - svn_repos_authz_access_t required_access)
> -{
> - const char *authz_file = NULL;
> - svn_authz_t *access_conf = NULL;
> - svn_error_t *svn_err;
> - const char *cache_key;
> - void *user_data;
> - svn_boolean_t access_granted;
> - char errbuf[128];
> -
> - /* If native authz is off, there's nothing to do. Return DONE
> - * instead of OK to indicate that no checks have really been done.
> - */
> - if (! dav_svn__get_native_authz_file(r))
> - return DONE;
> -
> - authz_file = dav_svn__get_native_authz_file(r);
> - /* If access file had not been specified, the default
> - behavior is to allow access.
> - XXX: is this right? */
> - if (authz_file == NULL)
> - return OK;
> -
> - /* Retrieve/cache authorization file */
> - cache_key = apr_pstrcat(r->pool, "mod_dav_svn:", authz_file, NULL);
> - apr_pool_userdata_get(&user_data, cache_key, r->connection->pool);
> - access_conf = user_data;
> - if (access_conf == NULL)
> - {
> - svn_err = svn_repos_authz_read(&access_conf, authz_file,
> - TRUE, r->connection->pool);
> - if (svn_err)
> - {
> - ap_log_rerror(APLOG_MARK, APLOG_ERR,
> - /* If it is an error code that APR can make sense
> - of, then show it, otherwise, pass zero to avoid
> - putting "APR does not understand this error code"
> - in the error log. */
> - ((svn_err->apr_err >= APR_OS_START_USERERR &&
> - svn_err->apr_err < APR_OS_START_CANONERR) ?
> - 0 : svn_err->apr_err),
> - r, "Failed to load the SVNNativeAuthzFile: %s",
> - svn_err_best_message(svn_err,
> - errbuf, sizeof(errbuf)));
> - svn_error_clear(svn_err);
> -
> - return DECLINED;
> - }
> -
> - /* Cache the open repos for the next request on this connection */
> - apr_pool_userdata_set(access_conf, cache_key,
> - NULL, r->connection->pool);
> - }
> -
> - /* Perform authz access control. */
> - svn_err = svn_repos_authz_check_access(access_conf, repos_name,
> - repos_path, r->user,
> - required_access,
> - &access_granted,
> - r->pool);
> -
> - if (svn_err)
> - {
> - ap_log_rerror(APLOG_MARK, APLOG_ERR,
> - /* If it is an error code that APR can make
> - sense of, then show it, otherwise, pass
> - zero to avoid putting "APR does not
> - understand this error code" in the error
> - log. */
> - ((svn_err->apr_err >= APR_OS_START_USERERR &&
> - svn_err->apr_err < APR_OS_START_CANONERR) ?
> - 0 : svn_err->apr_err),
> - r, "Failed to perform access control: %s",
> - svn_err_best_message(svn_err, errbuf, sizeof(errbuf)));
> - svn_error_clear(svn_err);
> -
> - return DECLINED;
> - }
> -
> - if (! access_granted)
> - return DECLINED;
> -
> - return OK;
> -}
> -
> -
> -/* Log a message indicating the access control decision made about a
> - request. FILE and LINE should be supplied via the APLOG_MARK macro.
> - ALLOWED is boolean. REPOS_PATH and DEST_REPOS_PATH are information
> - about the request. DEST_REPOS_PATH may be NULL. */
> -static void
> -log_access_verdict(const char *file, int line,
> - const request_rec *r,
> - int allowed,
> - const char *repos_path,
> - svn_repos_authz_access_t required_access)
> -{
> - int level = allowed ? APLOG_INFO : APLOG_ERR;
> - const char *verdict = allowed ? "granted" : "denied";
> -
> - char access_str[4] = { 0, 0, 0, 0 };
> - int access_idx = 0;
> -
> - if (required_access & svn_authz_read)
> - access_str[access_idx++] = 'r';
> -
> - if (required_access & svn_authz_write)
> - access_str[access_idx++] = 'w';
> -
> - if (required_access & svn_authz_recursive)
> - access_str[access_idx++] = 'R';
> -
> - if (repos_path == NULL)
> - repos_path = "<global>";
> -
> - if (r->user)
> - {
> - ap_log_rerror(file, line, level, 0, r,
> - "[native] Access %s: '%s' %s %s %s", verdict, r->user,
> - r->method, repos_path, access_str);
> - }
> - else
> - {
> - ap_log_rerror(file, line, level, 0, r,
> - "[native] Access %s: - %s %s %s", verdict,
> - r->method, repos_path, access_str);
> - }
> -}
> -
> -
> -dav_error *
> -dav_svn__check_access(const char *repos_name,
> - const char *repos_path,
> - request_rec *r,
> - svn_repos_authz_access_t required_access)
> -{
> - int status;
> -
> - status = check_access(repos_name, repos_path, r, required_access);
> -
> - /* If no checks had been done, native authz is off, so don't log
> - * a possibly misleading authorization verdict.
> - */
> - if (status == DONE)
> - return NULL;
> -
> - if(status == DECLINED)
> - {
> - log_access_verdict(APLOG_MARK, r, 0, repos_path, required_access);
> - ap_note_auth_failure(r); // XXX: need this?
> -
> - // XXX: need better error message
> - return dav_svn__new_error_tag(r->pool, HTTP_FORBIDDEN, 0,
> - "Insufficient rights to access resource.",
> - SVN_DAV_ERROR_NAMESPACE,
> - SVN_DAV_ERROR_TAG);
> - }
> -
> - log_access_verdict(APLOG_MARK, r, 1, repos_path, required_access);
> -
> - return NULL;
> -}
> -
> -
> -dav_error *
> -dav_svn__check_resource_access(const dav_resource *resource,
> - const svn_repos_authz_access_t required_access)
> -{
> - return dav_svn__check_access(resource->info->repos->repo_name,
> - resource->info->repos_path,
> - resource->info->r,
> - required_access);
> -}
> -
> -
> -dav_error *
> -dav_svn__check_global_access(const dav_resource *resource,
> - const svn_repos_authz_access_t required_access)
> -{
> - return dav_svn__check_access(resource->info->repos->repo_name,
> - NULL, /* global access */
> - resource->info->r,
> - required_access);
> -}
>
> Modified: trunk/subversion/mod_dav_svn/dav_svn.h
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/dav_svn.h?pathrev=23804&r1=23803&r2=23804
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/dav_svn.h (original)
> +++ trunk/subversion/mod_dav_svn/dav_svn.h Tue Mar 13 20:56:24 2007
> @@ -255,9 +255,6 @@
> SVNParentPath allowed? */
> svn_boolean_t dav_svn__get_list_parentpath_flag(request_rec *r);
>
> -/* for the repository referred to by this request, where is the access
> - file for native authz */
> -const char *dav_svn__get_native_authz_file(request_rec *r);
>
> /* SPECIAL URI
>
> @@ -540,22 +537,6 @@
> svn_repos_authz_func_t
> dav_svn__authz_read_func(dav_svn__authz_read_baton *baton);
>
> -/* Native path-based authorization */
> -dav_error *
> -dav_svn__check_access(const char *repos_name,
> - const char *repos_path,
> - request_rec *r,
> - svn_repos_authz_access_t required_access);
> -
> -/* Helpers for path-based authorization */
> -dav_error *
> -dav_svn__check_resource_access(const dav_resource *resource,
> - const svn_repos_authz_access_t required_access);
> -
> -dav_error *
> -dav_svn__check_global_access(const dav_resource *resource,
> - const svn_repos_authz_access_t required_access);
> -
>
> /*** util.c ***/
>
>
> Modified: trunk/subversion/mod_dav_svn/lock.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/lock.c?pathrev=23804&r1=23803&r2=23804
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/lock.c (original)
> +++ trunk/subversion/mod_dav_svn/lock.c Tue Mar 13 20:56:24 2007
> @@ -630,30 +630,12 @@
> svn_error_t *serr;
> dav_error *derr;
>
> - /* This whole if statement is a hack until we get rid of mod_authz_svn
> - * completely. During the times of mod_dav_svn, there was no
> - * equivalent of dav_svn__allow_read() for writing.
> - *
> - * LOCK command needs write access to resource. If native authz
> - * is turned off, we resort to the old way of requiring read access
> - * on the resource.
> - */
> - if (dav_svn__get_native_authz_file(resource->info->r))
> - {
> - /* Path-based authorization: LOCK needs write access to resource */
> - derr = dav_svn__check_resource_access(resource, svn_authz_write);
> - if (derr)
> - return derr;
> - }
> - else
> - {
> - /* If the resource's fs path is unreadable, we don't allow a lock to
> - be created on it. */
> - if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
> - return dav_new_error(resource->pool, HTTP_FORBIDDEN,
> - DAV_ERR_LOCK_SAVE_LOCK,
> - "Path is not accessible.");
> - }
> + /* If the resource's fs path is unreadable, we don't allow a lock to
> + be created on it. */
> + if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
> + return dav_new_error(resource->pool, HTTP_FORBIDDEN,
> + DAV_ERR_LOCK_SAVE_LOCK,
> + "Path is not accessible.");
>
> if (lock->next)
> return dav_new_error(resource->pool, HTTP_BAD_REQUEST,
> @@ -813,24 +795,12 @@
> if (info->keep_locks)
> return 0;
>
> - if (dav_svn__get_native_authz_file(resource->info->r))
> - {
> - /* Path-based authorization: UNLOCK needs write access to resource */
> - dav_error *derr;
> -
> - derr = dav_svn__check_resource_access(resource, svn_authz_write);
> - if (derr)
> - return derr;
> - }
> - else
> - {
> - /* If the resource's fs path is unreadable, we don't allow a lock to
> - be removed from it. */
> - if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
> - return dav_new_error(resource->pool, HTTP_FORBIDDEN,
> - DAV_ERR_LOCK_SAVE_LOCK,
> - "Path is not accessible.");
> - }
> + /* If the resource's fs path is unreadable, we don't allow a lock to
> + be removed from it. */
> + if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
> + return dav_new_error(resource->pool, HTTP_FORBIDDEN,
> + DAV_ERR_LOCK_SAVE_LOCK,
> + "Path is not accessible.");
>
> if (locktoken == NULL)
> {
>
> Modified: trunk/subversion/mod_dav_svn/mod_dav_svn.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/mod_dav_svn.c?pathrev=23804&r1=23803&r2=23804
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/mod_dav_svn.c (original)
> +++ trunk/subversion/mod_dav_svn/mod_dav_svn.c Tue Mar 13 20:56:24 2007
> @@ -67,7 +67,6 @@
> enum conf_flag list_parentpath; /* whether to allow GET of parentpath */
> const char *root_dir; /* our top-level directory */
> const char *master_uri; /* URI to the master SVN repos */
> - const char *native_authz_file; /* rule file for native authz */
> } dir_conf_t;
>
>
> @@ -165,7 +164,6 @@
> newconf->list_parentpath = INHERIT_VALUE(parent, child, list_parentpath);
> /* Prefer our parent's value over our new one - hence the swap. */
> newconf->root_dir = INHERIT_VALUE(child, parent, root_dir);
> - newconf->native_authz_file = INHERIT_VALUE(parent, child, native_authz_file);
>
> return newconf;
> }
> @@ -307,17 +305,6 @@
> return NULL;
> }
>
> -static const char *
> -SVNNativeAuthzFile_cmd(cmd_parms *cmd, void *config, const char *arg1)
> -{
> - dir_conf_t *conf = config;
> -
> - conf->native_authz_file
> - = svn_path_canonicalize(apr_pstrdup(cmd->pool, arg1), cmd->pool);
> -
> - return NULL;
> -}
> -
>
> /** Accessor functions for the module's configuration state **/
>
> @@ -467,16 +454,6 @@
> }
>
>
> -const char *
> -dav_svn__get_native_authz_file(request_rec *r)
> -{
> - dir_conf_t *conf;
> -
> - conf = ap_get_module_config(r->per_dir_config, &dav_svn_module);
> - return conf->native_authz_file;
> -}
> -
> -
> static void
> merge_xml_filter_insert(request_rec *r)
> {
> @@ -642,12 +619,6 @@
> AP_INIT_TAKE1("SVNMasterURI", SVNMasterURI_cmd, NULL, ACCESS_CONF,
> "specifies a URI to access a master Subversion repository"),
>
> - /* per directory/location */
> - AP_INIT_TAKE1("SVNNativeAuthzFile", SVNNativeAuthzFile_cmd, NULL,
> - ACCESS_CONF|RSRC_CONF,
> - "Text file containing permissions of repository paths "
> - "for mod_dav_svn native path-based authorization"),
> -
> { NULL }
> };
>
>
> Modified: trunk/subversion/mod_dav_svn/repos.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/repos.c?pathrev=23804&r1=23803&r2=23804
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/repos.c (original)
> +++ trunk/subversion/mod_dav_svn/repos.c Tue Mar 13 20:56:24 2007
> @@ -1485,45 +1485,6 @@
> if (err)
> return err;
>
> -#ifdef SVN_DEBUG
> - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
> - "dav_svn_get_resource(): %s %s %s (%s)",
> - (r->user ? r->user : "-"), r->method, repos_path, r->uri);
> -#endif
> -
> - /* A special case of path-based authorization for methods
> - * that don't have any saner place to insert authorization to.
> - * XXX: Think of how to do it differently!
> - *
> - * OPTIONS:
> - * A general check, if access is allowed to this resouce,
> - * then OPTIONS will return a valid response. Otherwise
> - * an "Insufficient rights ..." will be returned.
> - *
> - * PROPFIND, PROPPATCH:
> - * An initial check. If the user is not allowed to access
> - * the resouce, no information about it should be revealed
> - * (even "resource does not exist"). Depending on the "Depth"
> - * header, there will be separate authz checks for every
> - * child of this resource.
> - */
> - if (r->method_number == M_OPTIONS
> - || r->method_number == M_PROPFIND
> - || r->method_number == M_PROPPATCH)
> - {
> - /* NOTE: We cannot use "repos_path" or "relative" straight away,
> - * need to add a slash at the beginning...
> - */
> - char *path = NULL;
> -
> - if (repos_path)
> - path = svn_path_join("/", repos_path, r->pool);
> -
> - err = dav_svn__check_access(repos_name, path, r, svn_authz_read);
> - if (err)
> - return err;
> - }
> -
> /* The path that we will eventually try to open as an svn
> repository. Normally defined by the SVNPath directive. */
> fs_path = dav_svn__get_fs_path(r);
> @@ -1817,11 +1778,10 @@
> {
> dav_resource *parent;
> dav_resource_private *parentinfo;
> -
> - svn_stringbuf_t *uri_path = resource->info->uri_path;
> + svn_stringbuf_t *path = resource->info->uri_path;
>
> /* the root of the repository has no parent */
> - if (uri_path->len == 1 && *uri_path->data == '/')
> + if (path->len == 1 && *path->data == '/')
> {
> *parent_resource = NULL;
> return NULL;
> @@ -2106,11 +2066,6 @@
> "Resource body changes may only be made to "
> "working resources [at this time].");
> }
> -
> - /* Path-based authorization: PUT requires write access to resource. */
> - derr = dav_svn__check_resource_access(resource, svn_authz_write);
> - if (derr)
> - return derr;
> }
>
> #if 1
> @@ -2416,23 +2371,12 @@
> set_headers(request_rec *r, const dav_resource *resource)
> {
> svn_error_t *serr;
> - dav_error *derr;
> svn_filesize_t length;
> const char *mimetype = NULL;
> apr_time_t last_modified;
>
> if (!resource->exists)
> return NULL;
> -
> - /* Path-based authorization: if the user doesn't have access
> - * to this resource, no information about it should be revealed.
> - *
> - * Here we check for read access, as dav_svn_set_headers() is a
> - * first step of processing a GET request.
> - */
> - derr = dav_svn__check_resource_access(resource, svn_authz_read);
> - if (derr)
> - return derr;
>
> last_modified = get_last_modified(resource);
> if (last_modified != -1)
> @@ -2778,35 +2722,6 @@
> const char *href = name;
> svn_boolean_t is_dir = (entry->kind == svn_node_dir);
>
> - /* Path-based authorization: check if the user has read access
> - * on the entry - if not, hide it.
> - */
> - {
> - dav_error *derr;
> - const char *path;
> - const char *repos_path = resource->info->repos_path;
> -
> - svn_pool_clear(entry_pool);
> -
> - /* Make a repos_path for an entry we are checking -
> - * If repos_path is "/", we only need to add an entry name.
> - * If repos_path is "/...", we need to add a slash and
> - * then the entry name.
> - */
> - path = apr_psprintf(entry_pool, "%s%s%s",
> - repos_path,
> - (repos_path[0] == '/'
> - && repos_path[1] == 0 ? "" : "/"),
> - name);
> -
> - derr = dav_svn__check_access(resource->info->repos->repo_name,
> - path,
> - resource->info->r,
> - svn_authz_read);
> - if (derr)
> - continue;
> - }
> -
> svn_pool_clear(entry_pool);
>
> /* append a trailing slash onto the name for directories. we NEED
> @@ -3040,11 +2955,6 @@
> "MKCOL called on regular resource, but "
> "autoversioning is not active.");
>
> - /* Path-based authorization: MKCOL requires write access to the resource */
> - err = dav_svn__check_resource_access(resource, svn_authz_write);
> - if (err)
> - return err;
> -
> /* ### note that the parent was checked out at some point, and this
> ### is being preformed relative to the working rsrc for that parent */
>
> @@ -3122,20 +3032,6 @@
> "COPY called on regular resource, but "
> "autoversioning is not active.");
>
> - /* Path-based authorization: COPY requires recursive read access
> - * to the source resource and recursive write access to the
> - * destination resource.
> - */
> - err = dav_svn__check_resource_access(src,
> - svn_authz_read | svn_authz_recursive);
> - if (err)
> - return err;
> -
> - err = dav_svn__check_resource_access(dst,
> - svn_authz_write | svn_authz_recursive);
> - if (err)
> - return err;
> -
> /* Auto-versioning copy of regular resource: */
> if (dst->type == DAV_RESOURCE_TYPE_REGULAR)
> {
> @@ -3213,25 +3109,10 @@
> /* Handle activity deletions (early exit). */
> if (resource->type == DAV_RESOURCE_TYPE_ACTIVITY)
> {
> - /* Path-based authorization: DELETE of an activity requires
> - * global write access to the repository.
> - */
> - err = dav_svn__check_global_access(resource, svn_authz_write);
> - if (err)
> - return err;
> -
> return dav_svn__delete_activity(resource->info->repos,
> resource->info->root.activity_id);
> }
>
> - /* Path-based authorization: DELETE requires recursive write access
> - * to the resource.
> - */
> - err = dav_svn__check_resource_access(resource,
> - svn_authz_write | svn_authz_recursive);
> - if (err)
> - return err;
> -
> /* ### note that the parent was checked out at some point, and this
> ### is being preformed relative to the working rsrc for that parent */
>
> @@ -3349,20 +3230,6 @@
> "MOVE only allowed on two public URIs, and "
> "autoversioning must be active.");
>
> - /* Path-based authorization: MOVE requires recursive write access
> - * to the source resource and recursive write access to the
> - * destinaton resource.
> - */
> - err = dav_svn__check_resource_access(src,
> - svn_authz_write | svn_authz_recursive);
> - if (err)
> - return err;
> -
> - err = dav_svn__check_resource_access(dst,
> - svn_authz_write | svn_authz_recursive);
> - if (err)
> - return err;
> -
> /* Change the dst VCR into a WR, in place. This creates a txn and
> changes dst->info->root from a rev-root into a txn-root. */
> err = dav_svn__checkout(dst,
> @@ -3431,23 +3298,6 @@
> /* Clear the temporary pool. */
> svn_pool_clear(ctx->info.pool);
>
> - /* Path-based authorization: initial file resource or
> - * collection resource. Require read access. */
> - if (params->walk_type & DAV_WALKTYPE_AUTH)
> - {
> - err = dav_svn__check_resource_access(&ctx->res, svn_authz_read);
> - if (err)
> - {
> - /* Apache's mod_dav doesn't have any mechanism to handle
> - * access rights violation and returning "403 Forbidden"
> - * status. For now, we just silently skip the entries
> - * that are not accessible.
> - * XXX: better way?
> - */
> - return NULL;
> - }
> - }
> -
> /* The current resource is a collection (possibly here thru recursion)
> and this is the invocation for the collection. Alternatively, this is
> the first [and only] entry to do_walk() for a member resource, so
> @@ -3531,6 +3381,12 @@
> apr_hash_this(hi, &key, &klen, &val);
> dirent = val;
>
> + /* authorize access to this resource, if applicable */
> + if (params->walk_type & DAV_WALKTYPE_AUTH)
> + {
> + /* ### how/what to do? */
> + }
> +
> /* append this child to our buffers */
> svn_stringbuf_appendbytes(ctx->info.uri_path, key, klen);
> svn_stringbuf_appendbytes(ctx->uri, key, klen);
> @@ -3542,22 +3398,6 @@
>
> if (dirent->kind == svn_node_file)
> {
> - /* Path-based authorization: file resource. Require read access. */
> - if (params->walk_type & DAV_WALKTYPE_AUTH)
> - {
> - err = dav_svn__check_resource_access(&ctx->res, svn_authz_read);
> - if (err)
> - {
> - /* Apache's mod_dav doesn't have any mechanism to handle
> - * access rights violation and returning "403 Forbidden"
> - * status. For now, we just silently skip the entries
> - * that are not accessible.
> - * XXX: better way?
> - */
> - return NULL;
> - }
> - }
> -
> err = (*params->func)(&ctx->wres, DAV_CALLTYPE_MEMBER);
> if (err != NULL)
> return err;
>
> Modified: trunk/subversion/mod_dav_svn/version.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_dav_svn/version.c?pathrev=23804&r1=23803&r2=23804
> ==============================================================================
> --- trunk/subversion/mod_dav_svn/version.c (original)
> +++ trunk/subversion/mod_dav_svn/version.c Tue Mar 13 20:56:24 2007
> @@ -261,13 +261,6 @@
> dav_error *derr;
> dav_svn__uri_info parse;
>
> - /* Path-based authorization: CHECKOUT requires write access
> - * to the resource.
> - */
> - derr = dav_svn__check_resource_access(resource, svn_authz_write);
> - if (derr)
> - return derr;
> -
> /* Auto-Versioning Stuff */
> if (auto_checkout)
> {
> @@ -965,15 +958,7 @@
> const apr_xml_doc *doc,
> ap_filter_t *output)
> {
> - int ns;
> - dav_error *err;
> -
> - /* Path-based authorization: REPORT requires read access to the resource */
> - err = dav_svn__check_resource_access(resource, svn_authz_read);
> - if (err)
> - return err;
> -
> - ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
> + int ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>
> if (doc->root->ns == ns)
> {
> @@ -1052,14 +1037,7 @@
> "DAV:activity-collection-set property.",
> SVN_DAV_ERROR_NAMESPACE,
> SVN_DAV_ERROR_TAG);
> -
> - /* Path-based authorization: MKACTIVITY needs global write access
> - * to the repository.
> - */
> - err = dav_svn__check_global_access(resource, svn_authz_write);
> - if (err)
> - return err;
> -
> +
> err = dav_svn__create_activity(resource->info->repos, &txn_name,
> resource->pool);
> if (err != NULL)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svn-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: svn-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 14 12:41:17 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.