Author: breser
Date: Mon Dec 17 22:27:36 2012
New Revision: 1423199
URL: http://svn.apache.org/viewvc?rev=1423199&view=rev
Log:
On in-repo-authz branch: Make authz-db and password-db config options load
the files every connection with --config-file.
* subversion/svnserve/svnserve.h
(server_baton_t): Add base member, remove authz_repos_relative member.
(serve_params_t): Add base member, remove pwdb, authzdb, and
authz_repos_relative members.
(load_pwdb_config, load_authz_config): Remove unnecessary arguments.
* subversion/svnserve/svnserve.c
(main): Set the new params.base member, remove the initialization for
the params members that have been removed, and remove the calls
to load_pwdb_config() and load_authz_config().
* subversion/svnserve/serve.c
(load_pwdb_config, load_authz_config): Remove all support for this function
to be called on startup by using arguments on the server baton.
(load_authz_config): Remove the authz_repos_relative flag.
(find_repos): Set the server base to the repos conf dir when config hasn't
been loaded yet. Adjust calls to load_*_config() functions to match
changes in parameters, and always try to load the pwdb and authz file
when the config file is already loaded.
(serve): Copy the base from the params into the server baton. Initialize
pwdb and authzdb server baton members to NULL rather than copying. Remove
authz_repos_relative member initialization.
Modified:
subversion/branches/in-repo-authz/subversion/svnserve/serve.c
subversion/branches/in-repo-authz/subversion/svnserve/server.h
subversion/branches/in-repo-authz/subversion/svnserve/svnserve.c
Modified: subversion/branches/in-repo-authz/subversion/svnserve/serve.c
URL:
http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/svnserve/serve.c?rev=1423199&r1=1423198&r2=1423199&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/svnserve/serve.c (original)
+++ subversion/branches/in-repo-authz/subversion/svnserve/serve.c Mon Dec 17
22:27:36 2012
@@ -221,31 +221,26 @@ static svn_error_t *log_command(server_b
return log_write(b->log_file, line, nbytes, pool);
}
-svn_error_t *load_pwdb_config(svn_config_t **pwdb,
- svn_config_t *cfg,
- const char *base,
- server_baton_t *server,
+svn_error_t *load_pwdb_config(server_baton_t *server,
svn_ra_svn_conn_t *conn,
apr_pool_t *pool)
{
const char *pwdb_path;
svn_error_t *err;
- svn_config_get(cfg, &pwdb_path, SVN_CONFIG_SECTION_GENERAL,
+ svn_config_get(server->cfg, &pwdb_path, SVN_CONFIG_SECTION_GENERAL,
SVN_CONFIG_OPTION_PASSWORD_DB, NULL);
- *pwdb = NULL;
+ server->pwdb = NULL;
if (pwdb_path)
{
pwdb_path = svn_dirent_canonicalize(pwdb_path, pool);
- pwdb_path = svn_dirent_join(base, pwdb_path, pool);
+ pwdb_path = svn_dirent_join(server->base, pwdb_path, pool);
- err = svn_config_read2(pwdb, pwdb_path, TRUE, FALSE, pool);
+ err = svn_config_read2(&server->pwdb, pwdb_path, TRUE, FALSE, pool);
if (err)
{
- if (server)
- /* Called by listening server; log error no matter what it is. */
- log_server_error(err, server, conn, pool);
+ log_server_error(err, server, conn, pool);
/* Because it may be possible to read the pwdb file with some
access methods and not others, ignore errors reading the pwdb
@@ -259,18 +254,11 @@ svn_error_t *load_pwdb_config(svn_config
if (err->apr_err != SVN_ERR_BAD_FILENAME
&& ! APR_STATUS_IS_EACCES(err->apr_err))
{
- if (server)
- {
- /* Called by listening server: Now that we've logged
- * the error, clear it and return a nice, generic
- * error to the user
- *
(http://subversion.tigris.org/issues/show_bug.cgi?id=2271). */
- svn_error_clear(err);
- return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL, NULL);
- }
- /* Called during startup; return the error, whereupon it
- * will go to standard error for the admin to see. */
- return err;
+ /* Now that we've logged the error, clear it and return a
+ * nice, generic error to the user:
+ * http://subversion.tigris.org/issues/show_bug.cgi?id=2271 */
+ svn_error_clear(err);
+ return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL, NULL);
}
else
/* Ignore SVN_ERR_BAD_FILENAME and APR_EACCES and proceed. */
@@ -281,91 +269,56 @@ svn_error_t *load_pwdb_config(svn_config
return SVN_NO_ERROR;
}
-svn_error_t *load_authz_config(svn_authz_t **authzdb,
- enum username_case_type *username_case,
- svn_tristate_t *authz_repos_relative,
- svn_config_t *cfg,
- const char *base,
- const char *repos_root,
- server_baton_t *server,
+svn_error_t *load_authz_config(server_baton_t *server,
svn_ra_svn_conn_t *conn,
+ const char *repos_root,
apr_pool_t *pool)
{
const char *authzdb_path;
svn_error_t *err;
/* Read authz configuration. */
- svn_config_get(cfg, &authzdb_path, SVN_CONFIG_SECTION_GENERAL,
+ svn_config_get(server->cfg, &authzdb_path, SVN_CONFIG_SECTION_GENERAL,
SVN_CONFIG_OPTION_AUTHZ_DB, NULL);
if (authzdb_path)
{
const char *case_force_val;
- if (svn_tristate_unknown == *authz_repos_relative)
- {
- /* Find out if the authzdb is repos relative if we didn't
- * already know. */
- if (svn_path_is_repos_relative_url(authzdb_path))
- *authz_repos_relative = svn_tristate_true;
- else
- *authz_repos_relative = svn_tristate_false;
- }
-
- if (!server && svn_tristate_true == *authz_repos_relative)
- {
- /* Called during startup with a repos relative URL, since we
- * don't know the repos yet, skip loading the authzdb. */
- *authzdb = NULL;
- *username_case = CASE_ASIS;
- return SVN_NO_ERROR;
- }
-
- if (svn_tristate_false == *authz_repos_relative &&
+ if (!svn_path_is_repos_relative_url(authzdb_path) &&
!svn_path_is_url(authzdb_path))
{
/* Canonicalize and add the base onto authzdb_path (if needed)
* when authzdb_path is not a URL (repos relative or absolute). */
authzdb_path = svn_dirent_canonicalize(authzdb_path, pool);
- authzdb_path = svn_dirent_join(base, authzdb_path, pool);
+ authzdb_path = svn_dirent_join(server->base, authzdb_path, pool);
}
- err = svn_repos_authz_read2(authzdb, authzdb_path, TRUE,
- repos_root, pool);
+ err = svn_repos_authz_read2(&server->authzdb, authzdb_path, TRUE,
+ repos_root, pool);
if (err)
{
- if (server)
- {
- /* Called by listening server: Log the error, clear it,
- * and return a nice, generic error to the user
- * (http://subversion.tigris.org/issues/show_bug.cgi?id=2271). */
- log_server_error(err, server, conn, pool);
- svn_error_clear(err);
- return svn_error_create(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
NULL);
- }
- else
- /* Called during startup; return the error, whereupon it
- * will go to standard error for the admin to see. */
- return err;
+ log_server_error(err, server, conn, pool);
+ svn_error_clear(err);
+ return svn_error_create(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL, NULL);
}
/* Are we going to be case-normalizing usernames when we consult
* this authz file? */
- svn_config_get(cfg, &case_force_val, SVN_CONFIG_SECTION_GENERAL,
+ svn_config_get(server->cfg, &case_force_val, SVN_CONFIG_SECTION_GENERAL,
SVN_CONFIG_OPTION_FORCE_USERNAME_CASE, NULL);
if (case_force_val)
{
if (strcmp(case_force_val, "upper") == 0)
- *username_case = CASE_FORCE_UPPER;
+ server->username_case = CASE_FORCE_UPPER;
else if (strcmp(case_force_val, "lower") == 0)
- *username_case = CASE_FORCE_LOWER;
+ server->username_case = CASE_FORCE_LOWER;
else
- *username_case = CASE_ASIS;
+ server->username_case = CASE_ASIS;
}
}
else
{
- *authzdb = NULL;
- *username_case = CASE_ASIS;
- *authz_repos_relative = svn_tristate_false;
+ server->authzdb = NULL;
+ server->username_case = CASE_ASIS;
}
return SVN_NO_ERROR;
@@ -3179,26 +3132,21 @@ static svn_error_t *find_repos(const cha
* repository. */
if (NULL == b->cfg)
{
- const char *conf_dir = svn_repos_conf_dir(b->repos, pool);
+ b->base = svn_repos_conf_dir(b->repos, pool);
SVN_ERR(svn_config_read2(&b->cfg, svn_repos_svnserve_conf(b->repos,
pool),
FALSE, /* must_exist */
FALSE, /* section_names_case_sensitive */
pool));
- SVN_ERR(load_pwdb_config(&b->pwdb, b->cfg, conf_dir, b, conn, pool));
- SVN_ERR(load_authz_config(&b->authzdb, &b->username_case,
- &b->authz_repos_relative, b->cfg,
- conf_dir, repos_root, b, conn, pool));
- }
- /* svnserve.conf has been loaded but authz is repos relative so it needs
- * to be loaded */
- else if (svn_tristate_true == b->authz_repos_relative)
- {
- const char *conf_dir = svn_repos_conf_dir(b->repos, pool);
-
- SVN_ERR(load_authz_config(&b->authzdb, &b->username_case,
- &b->authz_repos_relative, b->cfg,
- conf_dir, repos_root, b, conn, pool));
+ SVN_ERR(load_pwdb_config(b, conn, pool));
+ SVN_ERR(load_authz_config(b, conn, repos_root, pool));
+ }
+ /* svnserve.conf has been loaded via the --config-file option so need
+ * to load pwdb and authz. */
+ else
+ {
+ SVN_ERR(load_pwdb_config(b, conn, pool));
+ SVN_ERR(load_authz_config(b, conn, repos_root, pool));
}
#ifdef SVN_HAVE_SASL
@@ -3403,10 +3351,10 @@ svn_error_t *serve(svn_ra_svn_conn_t *co
b.user = NULL;
b.username_case = params->username_case;
b.authz_user = NULL;
+ b.base = params->base;
b.cfg = params->cfg;
- b.pwdb = params->pwdb;
- b.authzdb = params->authzdb;
- b.authz_repos_relative = params->authz_repos_relative;
+ b.pwdb = NULL;
+ b.authzdb = NULL;
b.realm = NULL;
b.log_file = params->log_file;
b.pool = pool;
Modified: subversion/branches/in-repo-authz/subversion/svnserve/server.h
URL:
http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/svnserve/server.h?rev=1423199&r1=1423198&r2=1423199&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/svnserve/server.h (original)
+++ subversion/branches/in-repo-authz/subversion/svnserve/server.h Mon Dec 17
22:27:36 2012
@@ -42,10 +42,10 @@ typedef struct server_baton_t {
svn_repos_t *repos;
const char *repos_name; /* URI-encoded name of repository (not for authz) */
svn_fs_t *fs; /* For convenience; same as svn_repos_fs(repos) */
+ const char *base; /* Base directory for config files */
svn_config_t *cfg; /* Parsed repository svnserve.conf */
svn_config_t *pwdb; /* Parsed password database */
svn_authz_t *authzdb; /* Parsed authz rules */
- svn_tristate_t authz_repos_relative; /* authzdb is repos relative URL */
const char *authz_repos_name; /* The name of the repository for authz */
const char *realm; /* Authentication realm */
const char *repos_url; /* URL to base of repository */
@@ -88,29 +88,15 @@ typedef struct serve_params_t {
which forces all connections to be read-only. */
svn_boolean_t read_only;
+ /* The base directory for any relative configuration files. */
+ const char *base;
+
/* A parsed repository svnserve configuration file, ala
svnserve.conf. If this is NULL, then no configuration file was
specified on the command line. If this is non-NULL, then
per-repository svnserve.conf are not read. */
svn_config_t *cfg;
- /* A parsed repository password database. If this is NULL, then
- either no svnserve configuration file was specified on the
- command line, or it was specified and it did not refer to a
- password database. */
- svn_config_t *pwdb;
-
- /* A parsed repository authorization database. If this is NULL,
- then either no svnserve configuration file was specified on the
- command line, or it was specified and it did not refer to a
- authorization database. */
- svn_authz_t *authzdb;
-
- /* Tristate value that is true if the authz file is repos relative and needs
- * to be loaded for each access, false if it is not and unknown if this
- * hasn't been determined yet. */
- svn_tristate_t authz_repos_relative;
-
/* A filehandle open for writing logs to; possibly NULL. */
apr_file_t *log_file;
@@ -151,44 +137,23 @@ typedef struct serve_params_t {
svn_error_t *serve(svn_ra_svn_conn_t *conn, serve_params_t *params,
apr_pool_t *pool);
-/* Provided a parsed svnserve configuration in CFG then set *PWDB to any
- referenced password database
-
- BASE may be specified as the base path to any referenced password files
- found in CFG
+/* Load the password database for the listening server based on the
+ entries in the SERVER struct.
- If SERVER is not NULL, log the real errors with SERVER and CONN but
- return generic errors to the client. CONN must not be NULL if SERVER
- is not NULL. */
-svn_error_t *load_pwdb_config(svn_config_t **pwdb,
- svn_config_t *cfg,
- const char *base,
- server_baton_t *server,
+ SERVER and CONN must not be NULL. The real errors will be logged with
+ SERVER and CONN but return generic errors to the client. */
+svn_error_t *load_pwdb_config(server_baton_t *server,
svn_ra_svn_conn_t *conn,
apr_pool_t *pool);
-/* Provided a parsed svnserve configuration in CFG then:
+/* Load the authz database for the listening server based on the
+ entries in the SERVER struct.
- - set *AUTHZDB to any referenced authorized database,
- - set *AUTHZ_REPOS_RELATIVE to a tristate represening if authorization
- is a repos relative URL, and
- - set *USERNAME_CASE to the enumerated value of the
- 'force-username-case' configuration value (or its default).
-
- BASE may be specified as the base path to any referenced password files
- found in CFG
-
- If SERVER is not NULL, log the real errors with SERVER and CONN but
- return generic errors to the client. CONN must not be NULL if SERVER
- is not NULL. */
-svn_error_t *load_authz_config(svn_authz_t **authzdb,
- enum username_case_type *username_case,
- svn_tristate_t *authz_repos_relative,
- svn_config_t *cfg,
- const char *base,
- const char *repos_root,
- server_baton_t *server,
+ SERVER and CONN must not be NULL. The real errors will be logged with
+ SERVER and CONN but return generic errors to the client. */
+svn_error_t *load_authz_config(server_baton_t *server,
svn_ra_svn_conn_t *conn,
+ const char *repos_root,
apr_pool_t *pool);
/* Initialize the Cyrus SASL library. POOL is used for allocations. */
Modified: subversion/branches/in-repo-authz/subversion/svnserve/svnserve.c
URL:
http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/svnserve/svnserve.c?rev=1423199&r1=1423198&r2=1423199&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/svnserve/svnserve.c (original)
+++ subversion/branches/in-repo-authz/subversion/svnserve/svnserve.c Mon Dec 17
22:27:36 2012
@@ -503,10 +503,8 @@ int main(int argc, const char *argv[])
params.tunnel = FALSE;
params.tunnel_user = NULL;
params.read_only = FALSE;
+ params.base = NULL;
params.cfg = NULL;
- params.pwdb = NULL;
- params.authzdb = NULL;
- params.authz_repos_relative = svn_tristate_unknown;
params.compression_level = SVN_DELTA_COMPRESSION_LEVEL_DEFAULT;
params.log_file = NULL;
params.vhost = FALSE;
@@ -749,21 +747,12 @@ int main(int argc, const char *argv[])
* password and authorization files. */
if (config_filename)
{
- const char *base = svn_dirent_dirname(config_filename, pool);
+ params.base = svn_dirent_dirname(config_filename, pool);
SVN_INT_ERR(svn_config_read2(¶ms.cfg, config_filename,
TRUE, /* must_exist */
FALSE, /* section_names_case_sensitive */
pool));
- SVN_INT_ERR(load_pwdb_config(¶ms.pwdb, params.cfg, base,
- NULL, NULL, /* server baton, conn */
- pool));
-
- SVN_INT_ERR(load_authz_config(¶ms.authzdb, ¶ms.username_case,
- ¶ms.authz_repos_relative, params.cfg,
- base, NULL, /* repos_root */
- NULL, NULL, /*server baton, conn */
- pool));
}
if (log_filename)
