subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmpil...@apache.org
Subject svn commit: r1066160 - /subversion/trunk/subversion/libsvn_repos/authz.c
Date Tue, 01 Feb 2011 19:29:13 GMT
Author: cmpilato
Date: Tue Feb  1 19:29:13 2011
New Revision: 1066160

URL: http://svn.apache.org/viewvc?rev=1066160&view=rev
Log:
Clarify some path formats, and update uses of deprecated path
functions.

* subversion/libsvn_repos/authz.c
  (struct authz_lookup_baton): Better document some baton members.
  (is_applicable_section): New helper function.
  (authz_parse_section): Now use is_applicable_section() instead of
    svn_path_is_ancestor().
  (authz_get_any_access_parser_cb): Test against the correct baton
    pathspec (qualified_repos_path, not repos_path).
  (authz_get_any_access): Set the baton's 'repos_path' and
    'qualified_repos_path' members accurately.
  (svn_repos_authz_check_access): Canonicalize the incoming PATH to
    avoid surprises.

Modified:
    subversion/trunk/subversion/libsvn_repos/authz.c

Modified: subversion/trunk/subversion/libsvn_repos/authz.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/authz.c?rev=1066160&r1=1066159&r2=1066160&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_repos/authz.c (original)
+++ subversion/trunk/subversion/libsvn_repos/authz.c Tue Feb  1 19:29:13 2011
@@ -33,6 +33,7 @@
 #include "svn_repos.h"
 #include "svn_config.h"
 #include "svn_ctype.h"
+#include "private/svn_fspath.h"
 
 
 /*** Structures. ***/
@@ -56,9 +57,9 @@ struct authz_lookup_baton {
 
   /* The following are used exclusively in recursive lookups. */
 
-  /* The path in the repository to authorize. */
+  /* The path in the repository (an fspath) to authorize. */
   const char *repos_path;
-  /* repos_path prefixed by the repository name. */
+  /* repos_path prefixed by the repository name and a colon. */
   const char *qualified_repos_path;
 
   /* Whether, at the end of a recursive lookup, access is granted. */
@@ -275,6 +276,23 @@ authz_parse_line(const char *name, const
 }
 
 
+/* Return TRUE iff the access rules in SECTION_NAME apply to PATH_SPEC
+ * (which is a repository name, colon, and repository fspath, such as
+ * "myrepos:/trunk/foo").
+ */
+static svn_boolean_t
+is_applicable_section(const char *path_spec,
+                      const char *section_name)
+{
+  apr_size_t path_spec_len = strlen(path_spec);
+
+  return ((strncmp(path_spec, section_name, path_spec_len) == 0)
+          && (path_spec[path_spec_len - 1] == '/'
+              || section_name[path_spec_len] == '/'
+              || section_name[path_spec_len] == '\0'));
+}
+
+
 /* Callback to parse a section and update the authz_baton if the
  * section denies access to the subtree the baton describes.
  */
@@ -285,10 +303,10 @@ authz_parse_section(const char *section_
   svn_boolean_t conclusive;
 
   /* Does the section apply to us? */
-  if (svn_path_is_ancestor(b->qualified_repos_path,
-                           section_name) == FALSE
-      && svn_path_is_ancestor(b->repos_path,
-                              section_name) == FALSE)
+  if (is_applicable_section(b->qualified_repos_path,
+                            section_name) == FALSE
+      && is_applicable_section(b->repos_path,
+                               section_name) == FALSE)
     return TRUE;
 
   /* Work out what this section grants. */
@@ -398,8 +416,8 @@ authz_get_any_access_parser_cb(const cha
 
   /* Does the section apply to the query? */
   if (section_name[0] == '/'
-      || strncmp(section_name, b->repos_path,
-                 strlen(b->repos_path)) == 0)
+      || strncmp(section_name, b->qualified_repos_path,
+                 strlen(b->qualified_repos_path)) == 0)
     {
       b->allow = b->deny = svn_authz_none;
 
@@ -433,7 +451,9 @@ authz_get_any_access(svn_config_t *cfg, 
   baton.user = user;
   baton.required_access = required_access;
   baton.access = FALSE; /* Deny access by default. */
-  baton.repos_path = apr_pstrcat(pool, repos_name, ":/", (char *)NULL);
+  baton.repos_path = "/";
+  baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
+                                           ":/", (char *)NULL);
   
   /* We could have used svn_config_enumerate2 for "repos_name:/".
    * However, this requires access for root explicitly (which the user
@@ -746,18 +766,20 @@ svn_repos_authz_check_access(svn_authz_t
                              svn_boolean_t *access_granted,
                              apr_pool_t *pool)
 {
-  const char *current_path = path;
+  const char *current_path;
 
   /* If PATH is NULL, check if the user has *any* access. */
   if (!path)
     {
       *access_granted = authz_get_any_access(authz->cfg, repos_name,
-                                             user, required_access,
-                                             pool);
+                                             user, required_access, pool);
       return SVN_NO_ERROR;
     }
 
   /* Determine the granted access for the requested path. */
+  path = svn_fspath__canonicalize(path, pool);
+  current_path = path;
+  
   while (!authz_get_path_access(authz->cfg, repos_name,
                                 current_path, user,
                                 required_access,
@@ -774,7 +796,7 @@ svn_repos_authz_check_access(svn_authz_t
         }
 
       /* Work back to the parent path. */
-      current_path = svn_dirent_dirname(current_path, pool);
+      current_path = svn_fspath__dirname(current_path, pool);
     }
 
   /* If the caller requested recursive access, we need to walk through



Mime
View raw message