[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Fri, 2 Nov 2012 12:13:33 +0400

On Tue, Oct 23, 2012 at 4:23 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
> On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
>> I'm working on the patch to list only readable repositories. There is
>> already TODO comment in the code by cmpilato:
>> subversion\mod_dav_svn\repos.c:3461
>> [[[
>> /* ### TODO: We could test for readability of the root
>> directory of each repository and hide those that
>> the user can't see. */
>> ]]]
> I, too, started looking into this, Ivan, but I realized that I was probably
> about to run into a whole mess of code refactoring that I wasn't really up
> for dealing with at the time. (Trying to stay as 1.8-focused as I can.)
> I'm happy to review any work you do on this issue, though.
Hi Mike,

Please find attached patch to hide unreadable repositories in
"Collection of Repositories":
mod_dav_svn: Hide repositories from list that are not accessible for user.

* subversion/mod_dav_svn/authz.c
* subversion/mod_dav_svn/dav_svn.h
  (dav_svn__allow_list_repos): New.

* subversion/mod_dav_svn/repos.c
  (deliver): Check for readability of the root directory of each
   repository and hide those that the user can't see.

Code in deliver() method is not best now, but I was trying to minimize
changes in my patch. I'm going to refactor code later after committing
my patch.

Looking forward for your review. Thanks!

Ivan Zhakov

Received on 2012-11-02 09:14:30 CET

This is an archived mail posted to the Subversion Dev mailing list.