subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Martin <phi...@codematters.co.uk>
Subject Re: Group contain problem in authz
Date Mon, 07 May 2018 17:05:04 GMT
黄磊 <raymond.huang@musjoy.com> writes:

> We meet a problem while upgrade the SVN server from 1.9 to 1.10. In
> the file 'authz', it seems not support for group to contain other
> group.
>
> I can give a simple example.
> In the 'authz' file:
>
> [groups]
> GuserA = userA
> GuserB = userB
> GroupA = @GuserA, @GuserB
>
> [/]
> @GroupA = rw
> *=
>
> In this way, the 'userA' can access the repository while ‘userB’
> can’t. And if i change it like this:
>
> [groups]
> GuserA = userA
> GuserB = userB
> GroupA = @GuserB, @GuserA
>
> [/]
> @GroupA = rw
> *=
>
> Only the 'userB' can access. It seems a group can only contain one
> group when it first appears. Even i change the group to 'GroupA =
> @GuserB, userA, @GuserA', the 'userA' still can’t access. It only gets
> error '170001’.
>
> I hope this problem can be fixed, so we can do this upgrade. Thanks.

Yes, that is a bug.  I've raised

https://issues.apache.org/jira/projects/SVN/issues/SVN-4741

It is fixed on trunk, r1831110, by the following patch:

Index: subversion/libsvn_repos/authz_parse.c
===================================================================
--- subversion/libsvn_repos/authz_parse.c	(revision 1830833)
+++ subversion/libsvn_repos/authz_parse.c	(working copy)
@@ -1058,14 +1058,15 @@ expand_group_callback(void *baton,
       else
         {
           /* Recursively expand the group membership */
-          members = svn_hash_gets(cb->parsed_groups, member);
-          if (!members)
+          apr_array_header_t *member_members
+            = svn_hash_gets(cb->parsed_groups, member);
+          if (!member_members)
             return svn_error_createf(
                 SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
                 _("Undefined group '%s'"),
                 member);
           SVN_ERR(expand_group_callback(cb, key, klen,
-                                        members, scratch_pool));
+                                        member_members, scratch_pool));
         }
     }
   return SVN_NO_ERROR;


-- 
Philip

Mime
View raw message