[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: [PATCH] Fix for issue 2753 "SVNListParentPath feature doesn't work when svn authz is used."

From: Kamesh Jayachandran <kamesh_at_collab.net>
Date: Fri, 9 Apr 2010 00:18:51 +0530

Thanks for the review Philip.

>Let me see if I understand: The issue is that when SVNListParentPath
>and AuthzSVNAccessFile are configured then GET requests for the parent
>path get passed through the authz stuff. This is a bug because the
>authz file doesn't control parent path.

>Your patch recognises this request and avoids doing the authz check.

Yes, exactly.

>> + canonicalized_uri = svn_uri_canonicalize(r->uri, r->pool);
>> + canonicalized_root_path = svn_uri_canonicalize(conf->base_path, r->pool);

>Can conf->base_path be canonicalised once in
>create_authz_svn_dir_config rather than for every request?

Yes should be, Will update my patch to handle this.

>> + if (strcmp(canonicalized_uri, canonicalized_root_path) == 0)
>> + {
>> + /*Do no access control when root_path(as configured in <Location>) and
>> + given uri are same.*/
>> + return OK;
>> + }

>What happens if SVNParentPath is not being used? Is base_path is the
>root of the repository? Does this disable authz on the root of that
>repository? Perhaps you should be checking dav_svn__get_list_parentpath?

I tested this

$svn co http://localhost/svn <-- Repo itself instead of parent of repositories.
$cd svn
$svn ps 'a' 'b' .
$svn ci -m "commit" <-This worked as per the authz rules. Anyway will do the directory/file creations to check in case!.

>I think this check would make more sense in access_checker rather than
>req_check_access.

Let me see and do if needed.

>The code needs a comment to say why no access control is neccessary in
>this case.

Will update the comment.

With regards
Kamesh Jayachandran
Received on 2010-04-08 20:53:44 CEST

This is an archived mail posted to the Subversion Dev mailing list.