subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmpil...@apache.org
Subject svn commit: r1071781 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Date Thu, 17 Feb 2011 20:54:37 GMT
Author: cmpilato
Date: Thu Feb 17 20:54:37 2011
New Revision: 1071781

URL: http://svn.apache.org/viewvc?rev=1071781&view=rev
Log:
Some follow-ups to r1030536, mostly to fix a bug which caused access
to be incorrectly denied in certain configurations.

* subversion/mod_authz_svn/mod_authz_svn.c
  (AuthzSVNAccessFile_cmd, AuthzSVNReposRelativeAccessFile_cmd): Tweak
    error message string.
  (subreq_bypass): Correct a conditional which was causing perfect
    good configurations to deny access to everything.
  (access_checker, check_user_id, auth_checker): Apply DeMorgan to
    visually group the "has a configured access file" checks.

Modified:
    subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1071781&r1=1071780&r2=1071781&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Thu Feb 17 20:54:37 2011
@@ -85,8 +85,8 @@ AuthzSVNAccessFile_cmd(cmd_parms *cmd, v
   authz_svn_config_rec *conf = config;
 
   if (conf->repo_relative_access_file != NULL)
-    return "AuthzSVNAccessFile cannot be defined at "
-           "same time as AuthzSVNReposRelativeAccessFile.";
+    return "AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile "
+           "directives are mutually exclusive.";
 
   conf->access_file = ap_server_root_relative(cmd->pool, arg1);
 
@@ -102,8 +102,8 @@ AuthzSVNReposRelativeAccessFile_cmd(cmd_
   authz_svn_config_rec *conf = config;
 
   if (conf->access_file != NULL)
-    return "AuthzSVNReposRelativeAccessFile cannot be defined at "
-           "same time as AuthzSVNAccessFile.";
+    return "AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile "
+           "directives are mutually exclusive.";
 
   conf->repo_relative_access_file = arg1;
 
@@ -577,15 +577,15 @@ subreq_bypass(request_rec *r,
   username_to_authorize = get_username_to_authorize(r, conf);
 
   /* If configured properly, this should never be true, but just in case. */
-  if (!conf->anonymous || !conf->access_file
-      || !conf->repo_relative_access_file)
+  if (!conf->anonymous
+      || (! (conf->access_file || conf->repo_relative_access_file)))
     {
       log_access_verdict(APLOG_MARK, r, 0, repos_path, NULL);
       return HTTP_FORBIDDEN;
     }
 
   /* Retrieve authorization file */
-  access_conf = get_access_conf(r,conf);
+  access_conf = get_access_conf(r, conf);
   if (access_conf == NULL)
     return HTTP_FORBIDDEN;
 
@@ -643,7 +643,7 @@ access_checker(request_rec *r)
 
   /* We are not configured to run */
   if (!conf->anonymous
-      || (!conf->access_file && !conf->repo_relative_access_file))
+      || (! (conf->access_file || conf->repo_relative_access_file)))
     return DECLINED;
 
   if (ap_some_auth_required(r))
@@ -701,8 +701,8 @@ check_user_id(request_rec *r)
 
   /* We are not configured to run, or, an earlier module has already
    * authenticated this request. */
-  if ((!conf->access_file && !conf->repo_relative_access_file)
-      || !conf->no_auth_when_anon_ok || r->user)
+  if (!conf->no_auth_when_anon_ok || r->user
+      || (! (conf->access_file || conf->repo_relative_access_file)))
     return DECLINED;
 
   /* If anon access is allowed, return OK, preventing later modules
@@ -729,7 +729,7 @@ auth_checker(request_rec *r)
   int status;
 
   /* We are not configured to run */
-  if (!conf->access_file && !conf->repo_relative_access_file)
+  if (! (conf->access_file || conf->repo_relative_access_file))
     return DECLINED;
 
   /* Previous hook (check_user_id) already did all the work,



Mime
View raw message