Hi Masaru,
+1 to commit.
With regards
Kamesh Jayachandran
masaru tsuchiyama wrote:
> Hi.
>
> This commit causes some build errors on MS VC6.
> I created a patch to fix the errors.
>
> Log:
> Fix build error on MS VC6, which was introduced at r29875.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (): remove 'strings.h'.
> (makeupper, makelower): replace 'inline' with 'APR_INLINE'.
>
> Regards.
> Masaru.
>
> 2008/3/13, kameshj_at_tigris.org <kameshj_at_tigris.org>:
>
>> Author: kameshj
>> Date: Wed Mar 12 09:14:26 2008
>> New Revision: 29875
>>
>> Log:
>> Make mod_authz_svn to apply the authz checks against upper/lower-cased
>> usernames.
>>
>> * subversion/mod_authz_svn/mod_authz_svn.c
>> (): Include 'apr_lib.h' and 'strings.h'.
>> (struct authz_svn_config_rec): New member 'force_username_case'.
>> (authz_svn_cmds): Populate 'authz_svn_config_rec.force_username_case'
>> from configuration directive 'AuthzForceUsernameCase'.
>> (makeupper, makelower, convert_case, get_username_to_authorize):
>> New functions.
>> (req_check_access, subreq_bypass): Apply authz check against
>> upper/lower-cased usernames.
>>
>> Reviewed by: dlr
>>
>>
>> Modified:
>> trunk/subversion/mod_authz_svn/mod_authz_svn.c
>>
>> Modified: trunk/subversion/mod_authz_svn/mod_authz_svn.c
>> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/mod_authz_svn/mod_authz_svn.c?pathrev=29875&r1=29874&r2=29875
>> ==============================================================================
>> --- trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
>> +++ trunk/subversion/mod_authz_svn/mod_authz_svn.c Wed Mar 12 09:14:26 2008
>> @@ -28,6 +28,8 @@
>> #include <ap_config.h>
>> #include <ap_provider.h>
>> #include <apr_uri.h>
>> +#include <apr_lib.h>
>> +#include <strings.h>
>> #include <mod_dav.h>
>>
>> #include "mod_dav_svn.h"
>> @@ -46,6 +48,7 @@ typedef struct {
>> int no_auth_when_anon_ok;
>> const char *base_path;
>> const char *access_file;
>> + const char *force_username_case;
>> } authz_svn_config_rec;
>>
>> /*
>> @@ -90,6 +93,12 @@ static const command_rec authz_svn_cmds[
>> "Set to 'On' to suppress authentication and authorization "
>> "for requests which anonymous users are allowed to perform. "
>> "(default is Off.)"),
>> + AP_INIT_TAKE1("AuthzForceUsernameCase", ap_set_string_slot,
>> + (void *)APR_OFFSETOF(authz_svn_config_rec,
>> + force_username_case),
>> + OR_AUTHCFG,
>> + "Set to 'Upper' or 'Lower' to convert the username before "
>> + "checking for authorization."),
>> { NULL }
>> };
>>
>> @@ -135,6 +144,41 @@ static svn_authz_t *get_access_conf(requ
>> return access_conf;
>> }
>>
>> +/* Ugly wrappers to macros apr_to(upper|lower) to get a function pointers. */
>> +static inline int makeupper(int c)
>> +{
>> + return apr_toupper(c);
>> +}
>> +static inline int makelower(int c)
>> +{
>> + return apr_tolower(c);
>> +}
>> +
>> +/* Converts STR_TO_CONVERT to upper case if UPPER is true,
>> + else converts it to lower case. */
>> +static void convert_case(char *str_to_convert, svn_boolean_t upper)
>> +{
>> + char *c = str_to_convert;
>> + int (*convert_func)(int);
>> + convert_func=upper?makeupper:makelower;
>> + while (*c) {
>> + *c = convert_func(*c);
>> + ++c;
>> + }
>> +}
>> +
>> +static char* get_username_to_authorize(request_rec *r,
>> + authz_svn_config_rec *conf)
>> +{
>> + char *username_to_authorize = r->user;
>> + if (conf->force_username_case) {
>> + username_to_authorize = apr_pstrdup(r->pool, r->user);
>> + convert_case(username_to_authorize,
>> + (strcasecmp(conf->force_username_case, "upper") == 0));
>> + }
>> + return username_to_authorize;
>> +}
>> +
>> /* Check if the current request R is allowed. Upon exit *REPOS_PATH_REF
>> * will contain the path and repository name that an operation was requested
>> * on in the form 'name:path'. *DEST_REPOS_PATH_REF will contain the
>> @@ -162,6 +206,7 @@ static int req_check_access(request_rec
>> svn_authz_t *access_conf = NULL;
>> svn_error_t *svn_err;
>> char errbuf[256];
>> + const char *username_to_authorize = get_username_to_authorize(r, conf);
>>
>> switch (r->method_number) {
>> /* All methods requiring read access to all subtrees of r->uri */
>> @@ -307,7 +352,8 @@ static int req_check_access(request_rec
>> || (!repos_path && (authz_svn_type & svn_authz_write)))
>> {
>> svn_err = svn_repos_authz_check_access(access_conf, repos_name,
>> - repos_path, r->user,
>> + repos_path,
>> + username_to_authorize,
>> authz_svn_type,
>> &authz_access_granted,
>> r->pool);
>> @@ -353,7 +399,7 @@ static int req_check_access(request_rec
>> svn_err = svn_repos_authz_check_access(access_conf,
>> dest_repos_name,
>> dest_repos_path,
>> - r->user,
>> + username_to_authorize,
>> svn_authz_write
>> |svn_authz_recursive,
>> &authz_access_granted,
>> @@ -437,9 +483,11 @@ static int subreq_bypass(request_rec *r,
>> authz_svn_config_rec *conf = NULL;
>> svn_boolean_t authz_access_granted = FALSE;
>> char errbuf[256];
>> + const char *username_to_authorize;
>>
>> conf = ap_get_module_config(r->per_dir_config,
>> &authz_svn_module);
>> + username_to_authorize = get_username_to_authorize(r, conf);
>>
>> /* If configured properly, this should never be true, but just in case. */
>> if (!conf->anonymous || !conf->access_file) {
>> @@ -457,7 +505,8 @@ static int subreq_bypass(request_rec *r,
>> */
>> if (repos_path) {
>> svn_err = svn_repos_authz_check_access(access_conf, repos_name,
>> - repos_path, r->user,
>> + repos_path,
>> + username_to_authorize,
>> svn_authz_none|svn_authz_read,
>> &authz_access_granted,
>> r->pool);
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: svn-unsubscribe_at_subversion.tigris.org
>> For additional commands, e-mail: svn-help_at_subversion.tigris.org
>>
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-03-14 15:16:02 CET