On 04/12/2010 07:49 PM, C. Michael Pilato wrote:
kame...@apache.org wrote:
Author: kameshj
Date: Mon Apr 12 11:26:28 2010
New Revision: 933194
URL: http://svn.apache.org/viewvc?rev=933194&view=rev
Log:
[issue2753] Fix issue 2753.
Relax requests aimed at the repo Parent path from authz control.
* subversion/mod_authz_svn/mod_authz_svn.c
(create_authz_svn_dir_config): Canonicalize conf->base_path.
(req_check_access): When canonicalized 'uri' and 'conf->base_path' are same
allow the request.
(access_checker, check_user_id, auth_checker):
Initialize repos_path to 'NULL' otherwise it can point
to stray values when req_check_access relaxes certain requests without
initialising the out parameters.
In a perfect world, I would expect that requests to the parent directory
would not be authz-denied, but that each repository in the listing of
repositories would be authz-checked against the authz configuration. In
other words, say I have a parent-path with three repositories: calc, watch,
lamp. And say I have an authz file like so:
[lamp:/]
* =
I would expect that a request to the parent directory would yield a listing
that included the 'calc' and 'watch' repositories, but not the 'lamp' one.
Is that the case?
No.
These authz rule should *not* list anything inside the repo 'lamp' but
not lamp itself when requested for the parent path root.
The feature that you ask for is possible only if 'mod_dav_svn'(which
implements SVNListParentPath) consults mod_authz_svn(or some authorizer)
for every item listed which is not the case today.
With regards
Kamesh Jayachandran
