Author: pburba
Date: Thu Apr 12 22:27:39 2012
New Revision: 1325559
URL: http://svn.apache.org/viewvc?rev=1325559&view=rev
Log:
On the inheritable-props branch: Implement authz checks when retrieving
inherited props.
* subversion/include/svn_repos.h
(svn_repos_fs_get_inherited_props): New.
* subversion/libsvn_repos/fs-wrap.c
(svn_sorts.h): New include.
(svn_repos_fs_get_inherited_props): New, a wrapper around
svn_fs_node_proplist2 that checks for authorization to parent paths which
a path inherits from.
* subversion/mod_dav_svn/reports/inherited-props.c
(dav_svn__get_inherited_props_report): Use svn_repos_fs_get_inherited_props
in place of svn_fs_node_proplist2.
* subversion/svnserve/serve.c
(get_props): Use svn_repos_fs_get_inherited_props in place of
svn_fs_node_proplist2.
(get_file,
get_dir,
get_inherited_props): Update calls to get_props.
Modified:
subversion/branches/inheritable-props/subversion/include/svn_repos.h
subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c
subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
subversion/branches/inheritable-props/subversion/svnserve/serve.c
Modified: subversion/branches/inheritable-props/subversion/include/svn_repos.h
URL:
http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/include/svn_repos.h?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/include/svn_repos.h
(original)
+++ subversion/branches/inheritable-props/subversion/include/svn_repos.h Thu
Apr 12 22:27:39 2012
@@ -3127,6 +3127,34 @@ svn_repos_check_revision_access(svn_repo
void *authz_read_baton,
apr_pool_t *pool);
+/**
+ * Set @a *inherited_values to a depth-first ordered array of
+ * #svn_prop_inherited_item_t * structures (the path_or_url members of which
+ * are relative filesystem paths) representing the properties inherited by
+ * @a path at @a revision in @a repos. If no properties are inherited, then
+ * set @a *inherited_values to an empty array.
+ *
+ * If @a revision is #SVN_INVALID_REVNUM, it defaults to youngest.
+ *
+ * If optional @a authz_read_func is non-NULL, then use this function
+ * (along with optional @a authz_read_baton) to check the readability
+ * of each parent path from which properties are inherited. Silently omit
+ * properties for unreadable parent paths.
+ *
+ * Allocate @a *inherited_props in @a result_pool. Use @a scratch_pool for
+ * temporary allocations.
+ *
+ * @since New in 1.8.
+ */
+svn_error_t *
+svn_repos_fs_get_inherited_props(apr_array_header_t **inherited_props,
+ svn_repos_t *repos,
+ const char *path,
+ svn_revnum_t revision,
+ svn_repos_authz_func_t authz_read_func,
+ void *authz_read_baton,
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool);
�
/** Capabilities **/
Modified:
subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c
URL:
http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c
(original)
+++ subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c Thu
Apr 12 22:27:39 2012
@@ -31,6 +31,7 @@
#include "svn_props.h"
#include "svn_repos.h"
#include "svn_time.h"
+#include "svn_sorts.h"
#include "repos.h"
#include "svn_private_config.h"
#include "private/svn_repos_private.h"
@@ -740,7 +741,42 @@ svn_repos_fs_pack2(svn_repos_t *repos,
cancel_func, cancel_baton, pool);
}
+svn_error_t *
+svn_repos_fs_get_inherited_props(apr_array_header_t **inherited_props,
+ svn_repos_t *repos,
+ const char *path,
+ svn_revnum_t revision,
+ svn_repos_authz_func_t authz_read_func,
+ void *authz_read_baton,
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool)
+{
+ svn_fs_root_t *root;
+ int i;
+
+ if (!SVN_IS_VALID_REVNUM(revision))
+ SVN_ERR(svn_fs_youngest_rev(&revision, repos->fs, scratch_pool));
+ SVN_ERR(svn_fs_revision_root(&root, repos->fs, revision, scratch_pool));
+ SVN_ERR(svn_fs_node_proplist2(NULL, inherited_props, root, path,
+ result_pool, scratch_pool));
+ for (i = 0; i < (*inherited_props)->nelts; i++)
+ {
+ svn_boolean_t allowed = TRUE;
+ svn_prop_inherited_item_t *iprop =
+ APR_ARRAY_IDX(*inherited_props, i, svn_prop_inherited_item_t *);
+
+ if (authz_read_func)
+ SVN_ERR(authz_read_func(&allowed, root, iprop->path_or_url,
+ authz_read_baton, scratch_pool));
+ if (!allowed)
+ {
+ svn_sort__array_delete(*inherited_props, i, 1);
+ i--;
+ }
+ }
+ return SVN_NO_ERROR;
+}
�
/*
* vim:ts=4:sw=2:expandtab:tw=80:fo=tcroq
Modified:
subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
URL:
http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
---
subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
(original)
+++
subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
Thu Apr 12 22:27:39 2012
@@ -114,9 +114,11 @@ dav_svn__get_inherited_props_report(cons
"couldn't retrieve revision root",
resource->pool);
- serr = svn_fs_node_proplist2(NULL, &inherited_props, root, path,
- resource->pool, iterpool);
-
+ serr = svn_repos_fs_get_inherited_props(&inherited_props,
+ resource->info->repos->repos,
+ path, rev,
+ dav_svn__authz_read_func(&arb),
+ &arb, resource->pool, iterpool);
if (serr)
{
derr = dav_svn__convert_err(serr, HTTP_BAD_REQUEST, serr->message,
Modified: subversion/branches/inheritable-props/subversion/svnserve/serve.c
URL:
http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/svnserve/serve.c?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/svnserve/serve.c (original)
+++ subversion/branches/inheritable-props/subversion/svnserve/serve.c Thu Apr
12 22:27:39 2012
@@ -962,24 +962,30 @@ static svn_error_t *write_lock(svn_ra_sv
}
/* ### This really belongs in libsvn_repos. */
-/* Get the properties and/or inherited properties for a PATH in ROOT, with
- hardcoded committed-info values. */
+/* Get the explicit properties and/or inherited properties for a PATH in
+ ROOT, with hardcoded committed-info values. */
static svn_error_t *
get_props(apr_hash_t **props,
apr_array_header_t **iprops,
+ server_baton_t *b,
svn_fs_root_t *root,
const char *path,
apr_pool_t *pool)
{
- /* Get the properties. */
- SVN_ERR(svn_fs_node_proplist2(props, iprops, root, path, pool, pool));
-
+ /* Get the explicit properties. */
if (props)
{
svn_string_t *str;
svn_revnum_t crev;
const char *cdate, *cauthor, *uuid;
+ /* Yes, we could grab the inherited properties here too, but while we
+ already know the user has read access to PATH, we don't know that
+ the same holds true for PATH's parents, so we call
+ svn_repos_fs_get_inherited_props below, which performs the necessary
+ authz checks. */
+ SVN_ERR(svn_fs_node_proplist2(props, NULL, root, path, pool, pool));
+
/* Hardcode the values for the committed revision, date, and author. */
SVN_ERR(svn_repos_get_committed_info(&crev, &cdate, &cauthor, root,
path, pool));
@@ -1000,6 +1006,13 @@ get_props(apr_hash_t **props,
apr_hash_set(*props, SVN_PROP_ENTRY_UUID, APR_HASH_KEY_STRING, str);
}
+ /* Get any inherited properties the user is authorized to. */
+ if (iprops)
+ SVN_ERR(svn_repos_fs_get_inherited_props(
+ iprops, b->repos, path,
+ svn_fs_revision_root_revision(root),
+ authz_check_access_cb_func(b), b, pool, pool));
+
return SVN_NO_ERROR;
}
@@ -1435,7 +1448,8 @@ static svn_error_t *get_file(svn_ra_svn_
full_path, TRUE, pool));
hex_digest = svn_checksum_to_cstring_display(checksum, pool);
if (want_props || wants_inherited_props)
- SVN_CMD_ERR(get_props(&props, &inherited_props, root, full_path, pool));
+ SVN_CMD_ERR(get_props(&props, &inherited_props, b, root, full_path,
+ pool));
if (want_contents)
SVN_CMD_ERR(svn_fs_file_contents(&contents, root, full_path, pool));
@@ -1576,7 +1590,8 @@ static svn_error_t *get_dir(svn_ra_svn_c
/* Fetch the directory's explicit and/or inherited properties
if requested. */
if (want_props || wants_inherited_props)
- SVN_CMD_ERR(get_props(&props, &inherited_props, root, full_path, pool));
+ SVN_CMD_ERR(get_props(&props, &inherited_props, b, root, full_path,
+ pool));
/* Begin response ... */
SVN_ERR(svn_ra_svn_write_tuple(conn, pool, "w(r(!", "success", rev));
@@ -2942,7 +2957,7 @@ get_inherited_props(svn_ra_svn_conn_t *c
/* Fetch the properties and a stream for the contents. */
SVN_CMD_ERR(svn_fs_revision_root(&root, b->fs, rev, pool));
- SVN_CMD_ERR(get_props(NULL, &inherited_props, root, full_path, pool));
+ SVN_CMD_ERR(get_props(NULL, &inherited_props, b, root, full_path, pool));
/* Send successful command response with revision and props. */
SVN_ERR(svn_ra_svn_write_tuple(conn, pool, "w(!", "success"));
