[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] introduce AuthzSVNRepoRelativeAccessFile configuration item for mod_authz_svn

From: Nick Piper <nick.piper_at_logica.com>
Date: Mon, 1 Nov 2010 13:24:39 +0000

Dear Subversion maintainers,

We would like to avoid having to mention each of our subversion
repositories inside an Apache configuration, so we use SVNParentPath.

However, this currently means we can only use a single authz
configuration file. We'd like to be able to have a different file for
each repository, to increase isolation.

We've implemented a patch that allows this, by introducing a new
Apache configuration directive:

      D. Example 4: Per-repository access file

         This configuration allows to use SVNParentPath but have
         different authz files per repository.

         <Location /svn>
           DAV svn
           SVNParentPath /path/to/reposparent

           AuthType Basic
           AuthName "Subversion repository"
           AuthUserFile /path/to/htpasswd/file

           AuthzSVNRepoRelativeAccessFile on

           Require valid-user

         NOTE: AuthzSVNRepoRelativeAccessFile on causes the authz file
         to be read from /path/to/reposparent/<repo>/conf/authz

Is this something that might be included in subversion?

Implement AuthzSVNRepoRelativeAccessFile to allow SVNParentPath to use
a different authz configuration file for each repository.

* subversion/mod_authz_svn/mod_authz_svn.c
  (get_access_conf) Check if AuthzSVNRepoRelativeAccessFile is on, and
  if so, load the conf/authz file from inside the repository being
  accessed rather than one which is statically configured in the
  Apache configuration.
  (subreq_bypass, access_checker, check_user_id, auth_checker)
  Recognise that it's valid not to have a AuthzSVNAccessFile if
  AuthzSVNRepoRelativeAccessFile is used.

Nick Piper MEng MIET RHCE| #define Joint Lead Architect
250 Brook Drive, Green Park, Reading RG2 6UA | United Kingdom
nick.piper_at_logica.com | www.logica.com 
Logica UK Limited, registered in England & Wales (registered number 947968)
Registered Office: 250 Brook Drive, Green Park, Reading RG2 6UA, United Kingdom 

Received on 2010-11-01 14:33:03 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.