[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Mark Phippard <markphip_at_gmail.com>
Date: Fri, 2 Nov 2012 09:50:58 -0400

On Fri, Nov 2, 2012 at 4:13 AM, Ivan Zhakov <ivan_at_visualsvn.com> wrote:
> On Tue, Oct 23, 2012 at 4:23 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
>> On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
>>> I'm working on the patch to list only readable repositories. There is
>>> already TODO comment in the code by cmpilato:
>>> subversion\mod_dav_svn\repos.c:3461
>>> [[[
>>> /* ### TODO: We could test for readability of the root
>>> directory of each repository and hide those that
>>> the user can't see. */
>>> ]]]
>>
>> I, too, started looking into this, Ivan, but I realized that I was probably
>> about to run into a whole mess of code refactoring that I wasn't really up
>> for dealing with at the time. (Trying to stay as 1.8-focused as I can.)
>> I'm happy to review any work you do on this issue, though.
>>
> Hi Mike,
>
> Please find attached patch to hide unreadable repositories in
> "Collection of Repositories":
> [[[
> mod_dav_svn: Hide repositories from list that are not accessible for user.
>
> * subversion/mod_dav_svn/authz.c
> * subversion/mod_dav_svn/dav_svn.h
> (dav_svn__allow_list_repos): New.
>
> * subversion/mod_dav_svn/repos.c
> (deliver): Check for readability of the root directory of each
> repository and hide those that the user can't see.
> ]]]
>
> Code in deliver() method is not best now, but I was trying to minimize
> changes in my patch. I'm going to refactor code later after committing
> my patch.
>
> Looking forward for your review. Thanks!

+ /* Build a Public Resource uri representing repository root. */
+ uri = svn_urlpath__join(dav_svn__get_root_dir(r),
+ svn_path_uri_encode(repos_name, pool), pool);
+
+ /* Check if GET would work against this uri. */
+ subreq = ap_sub_req_method_uri("GET", uri, r, r->output_filters);

Just a drive-by, so if I am way-off just say so.

I am assuming that since this is doing a GET, the server will have to
fully process it as if it would for a web browser making the same
request. So on a repository like the ASF or Wordpress where there are
a lot of top level folders then the server might have to do a fair
amount of work to process the request and return. I assume we do not
care about the content of the response, just the success or failure.

So I am just wondering if there is a lighter weight HTTP request we
could do that would still trigger the authz check? Something like
OPTIONS or PROPFIND. Whatever would make sense and be quick to
process. 

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2012-11-02 14:51:33 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.