subversion-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko Čibej (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SVN-4795) Support character classes in glob authz rules
Date Mon, 03 Dec 2018 04:33:00 GMT

     [ https://issues.apache.org/jira/browse/SVN-4795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Branko Čibej updated SVN-4795:
------------------------------
    Description: 
*Proposal*
 Change the way section names are parsed in authz files, so that anything between the initial
{{\[}} and the last {{\]}} are treated as the section name/rule pattern. This will restrict
the use of inline comments on rules, but will allow fuller use of glob patterns.

*Discussion*
 Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match patterns to path
segments. APR's matcher supports character classes ({{[A-Z]}} etc.), however, there is no
way to use them in the authz file. For example, given this rule:
{noformat}
[:glob:/**/*.[Dd]oc]
* = rw
{noformat}
the pattern will be parsed as "{{/\*\*/\*.[Dd}}", which is probably not what the user intended
and matches, for example, "{{/path/x.\[Dd}}" instead of the expected "{{/path/x.doc}}".

This limitation was present in the authz rules since their inception and is a side effect
of how Subversion's config parser parses section names. See: {{parse_section_name()}} in {{libsvn_subr/config_file.c}}.

  was:
*Proposal*
 Change the way section names are parsed in authz files, so that anything between the initial
{{[}} and the last {{]}} are treated as the section name/rule pattern. This will restrict
the use of inline comments on rules, but will allow fuller use of glob patterns.

*Discussion*
 Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match patterns to path
segments. APR's matcher supports character classes ({{[A-Z]}} etc.), however, there is no
way to use them in the authz file. For example, given this rule:
{noformat}
[:glob:/**/*.[Dd]oc]
* = rw
{noformat}
the pattern will be parsed as "{{/**/*.[Dd}}", which is probably not what the user intended
and matches, for example, "{{/path/x.[Dd}}" instead of the expected "{{/path/x.doc}}".

This limitation was present in the authz rules since their inception and is a side effect
of how Subversion's config parser parses section names. See: {{parse_section_name()}} in {{libsvn_subr/config_file.c}}.


> Support character classes in glob authz rules
> ---------------------------------------------
>
>                 Key: SVN-4795
>                 URL: https://issues.apache.org/jira/browse/SVN-4795
>             Project: Subversion
>          Issue Type: Improvement
>          Components: libsvn_repos, svnauthz
>    Affects Versions: all
>            Reporter: Branko Čibej
>            Priority: Major
>
> *Proposal*
>  Change the way section names are parsed in authz files, so that anything between the
initial {{\[}} and the last {{\]}} are treated as the section name/rule pattern. This will
restrict the use of inline comments on rules, but will allow fuller use of glob patterns.
> *Discussion*
>  Wildcard rules in Subversion's authz file use {{apr_fnmatch()}} to match patterns to
path segments. APR's matcher supports character classes ({{[A-Z]}} etc.), however, there is
no way to use them in the authz file. For example, given this rule:
> {noformat}
> [:glob:/**/*.[Dd]oc]
> * = rw
> {noformat}
> the pattern will be parsed as "{{/\*\*/\*.[Dd}}", which is probably not what the user
intended and matches, for example, "{{/path/x.\[Dd}}" instead of the expected "{{/path/x.doc}}".
> This limitation was present in the authz rules since their inception and is a side effect
of how Subversion's config parser parses section names. See: {{parse_section_name()}} in {{libsvn_subr/config_file.c}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message