[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r933194 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Mon, 12 Apr 2010 10:19:12 -0400

kameshj_at_apache.org wrote:
> Author: kameshj
> Date: Mon Apr 12 11:26:28 2010
> New Revision: 933194
>
> URL: http://svn.apache.org/viewvc?rev=933194&view=rev
> Log:
> [issue2753] Fix issue 2753.
>
> Relax requests aimed at the repo Parent path from authz control.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (create_authz_svn_dir_config): Canonicalize conf->base_path.
> (req_check_access): When canonicalized 'uri' and 'conf->base_path' are same
> allow the request.
> (access_checker, check_user_id, auth_checker):
> Initialize repos_path to 'NULL' otherwise it can point
> to stray values when req_check_access relaxes certain requests without
> initialising the out parameters.

In a perfect world, I would expect that requests to the parent directory
would not be authz-denied, but that each repository in the listing of
repositories would be authz-checked against the authz configuration. In
other words, say I have a parent-path with three repositories: calc, watch,
lamp. And say I have an authz file like so:

[lamp:/]
* =

I would expect that a request to the parent directory would yield a listing
that included the 'calc' and 'watch' repositories, but not the 'lamp' one.

Is that the case?

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on 2010-04-12 16:19:46 CEST

This is an archived mail posted to the Subversion Dev mailing list.