subversion-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko Čibej (JIRA) <j...@apache.org>
Subject [jira] [Created] (SVN-4794) Duplicate ACEs are merged but should be rejected
Date Sun, 02 Dec 2018 16:20:00 GMT
Branko Čibej created SVN-4794:
---------------------------------

             Summary: Duplicate ACEs are merged but should be rejected
                 Key: SVN-4794
                 URL: https://issues.apache.org/jira/browse/SVN-4794
             Project: Subversion
          Issue Type: Bug
          Components: svnauthz, libsvn_repos
    Affects Versions: trunk, 1.10.x, 1.11.x
            Reporter: Branko Čibej
         Attachments: authz-entry-collision.patch

In the authz semantics up to 1.9, a duplicate access entry for the same rule would replace
a previous such entry:
{noformat}
[/]
user = rw
user = r
{noformat}
This was valid, and the second entry replaced the first, giving _user_ read-only access.

In 1.10+, these entries are silently merged, giving _user_ rear/write access. This is clearly
bad because it can *silently* change the meaning of access rules.

*Proposal:* duplicate authz rules should be rejected, i.e., the example above should become
an error. Whilst this will break some existing pre-1.10 authz files, it will not silently
change their meaning. Besides, duplicate entries are most likely either an error or the result
of duplicate rules, which are also forbidden in 1.10+.

The attached patch implements this proposal. Examples:
{noformat}
$ cat authz.conf 
[/]
user = rw
user = r
$ svnauthz validate authz.conf 
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry 'user' in rule [/]
{noformat}
{noformat}
$ cat authz.conf 
[/]
$authenticated = rw
~$anonymous = r
$ svnauthz validate authz.conf 
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry '~$anonymous' (matches '$authenticated') in rule
[/]
{noformat}
{noformat}
$ cat authz.conf 
[aliases]
resu = user

[/]
~&resu = rw
~user = r
$ svnauthz validate authz.conf 
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry '~&resu' (matches '~user') in rule [/]
{noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message