[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r933194 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

From: Kamesh Jayachandran <kamesh_at_collab.net>
Date: Mon, 12 Apr 2010 20:15:37 +0530

On 04/12/2010 07:49 PM, C. Michael Pilato wrote:
> kameshj_at_apache.org wrote:
>> Author: kameshj
>> Date: Mon Apr 12 11:26:28 2010
>> New Revision: 933194
>> URL: http://svn.apache.org/viewvc?rev=933194&view=rev
>> Log:
>> [issue2753] Fix issue 2753.
>> Relax requests aimed at the repo Parent path from authz control.
>> * subversion/mod_authz_svn/mod_authz_svn.c
>> (create_authz_svn_dir_config): Canonicalize conf->base_path.
>> (req_check_access): When canonicalized 'uri' and 'conf->base_path' are same
>> allow the request.
>> (access_checker, check_user_id, auth_checker):
>> Initialize repos_path to 'NULL' otherwise it can point
>> to stray values when req_check_access relaxes certain requests without
>> initialising the out parameters.
> In a perfect world, I would expect that requests to the parent directory
> would not be authz-denied, but that each repository in the listing of
> repositories would be authz-checked against the authz configuration. In
> other words, say I have a parent-path with three repositories: calc, watch,
> lamp. And say I have an authz file like so:
> [lamp:/]
> * =

> I would expect that a request to the parent directory would yield a listing
> that included the 'calc' and 'watch' repositories, but not the 'lamp' one.
> Is that the case?

These authz rule should *not* list anything inside the repo 'lamp' but
not lamp itself when requested for the parent path root.

The feature that you ask for is possible only if 'mod_dav_svn'(which
implements SVNListParentPath) consults mod_authz_svn(or some authorizer)
for every item listed which is not the case today.

With regards
Kamesh Jayachandran
Received on 2010-04-12 16:46:35 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.