Author: brane
Date: Mon Aug 18 17:08:40 2014
New Revision: 1618666
URL: http://svn.apache.org/r1618666
Log:
On the authzperf branch: Validate rights in access entries.
* subversion/libsvn_repos/authz_parse.c
(add_access_entry): Verify that any entry that grants write access
also grants read access.
Remove a fixme comment and add a missing space to an error message.
* subversion/tests/libsvn_repos/authz-test.c
(test_authz_parse_tng): Print the whole $anonymous and $authenticated
access rights if they're different from the common denominator.
* subversion/tests/libsvn_repos/authz.rules:
Fix access entries that fail validation under the new rules.
Modified:
subversion/branches/authzperf/subversion/libsvn_repos/authz_parse.c
subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c
subversion/branches/authzperf/subversion/tests/libsvn_repos/authz.rules
Modified: subversion/branches/authzperf/subversion/libsvn_repos/authz_parse.c
URL:
http://svn.apache.org/viewvc/subversion/branches/authzperf/subversion/libsvn_repos/authz_parse.c?rev=1618666&r1=1618665&r2=1618666&view=diff
==============================================================================
--- subversion/branches/authzperf/subversion/libsvn_repos/authz_parse.c
(original)
+++ subversion/branches/authzperf/subversion/libsvn_repos/authz_parse.c Mon Aug
18 17:08:40 2014
@@ -569,7 +569,6 @@ add_access_entry(ctor_baton_t *cb, svn_s
break;
case 'w':
- /* FIXME: Idiocy. Write access should imply read access. */
access |= svn_authz_write;
break;
@@ -578,11 +577,18 @@ add_access_entry(ctor_baton_t *cb, svn_s
return svn_error_createf(
SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
_("The access mode '%c' in access entry '%s'"
- "of rule [%s] is not valid"),
+ " of rule [%s] is not valid"),
access_code, option->data, section->data);
}
}
+ /* We do not support write-only access. */
+ if ((access & svn_authz_write) && !(access & svn_authz_read))
+ return svn_error_createf(
+ SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
+ _("Write-only access entry '%s' of rule [%s] is not valid"),
+ option->data, section->data);
+
/* Update the parsed ACL with this access entry. */
if (anonymous || authenticated)
{
Modified:
subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c
URL:
http://svn.apache.org/viewvc/subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c?rev=1618666&r1=1618665&r2=1618666&view=diff
==============================================================================
--- subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c
(original)
+++ subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c
Mon Aug 18 17:08:40 2014
@@ -170,12 +170,12 @@ test_authz_parse_tng(const svn_test_opts
if (acl->has_anon_access
&& (acl->anon_access & ~all_access) != svn_authz_none)
printf(" $anonymous = %s\n",
- access_string(acl->anon_access & ~all_access));
+ access_string(acl->anon_access));
if (acl->has_authn_access
&& (acl->authn_access & ~all_access) != svn_authz_none)
printf(" $authenticated = %s\n",
- access_string(acl->authn_access & ~all_access));
+ access_string(acl->authn_access));
for (j = 0; j < acl->user_access->nelts; ++j)
{
Modified:
subversion/branches/authzperf/subversion/tests/libsvn_repos/authz.rules
URL:
http://svn.apache.org/viewvc/subversion/branches/authzperf/subversion/tests/libsvn_repos/authz.rules?rev=1618666&r1=1618665&r2=1618666&view=diff
==============================================================================
--- subversion/branches/authzperf/subversion/tests/libsvn_repos/authz.rules
(original)
+++ subversion/branches/authzperf/subversion/tests/libsvn_repos/authz.rules Mon
Aug 18 17:08:40 2014
@@ -4,15 +4,15 @@
[:glob:/]
&x = r
-luser = w
+luser = rw
[bloop:/]
@x = r
-@y = w
+@y = rw
[:glob:bloop:/]
~luser =
-~@x = w
+~@x = r
luser = rw
[aliases]
