On 12.09.2019 10:44, Sam Toliman wrote: > > How do you propose that the parser should know, in advance, which parts > > of the authz and groups files it can discard unless it parses all of > them? > > By this point > <https://github.com/apache/subversion/blob/6fb211a2f84c9fe69025e16bc564d2f8dc343249/subversion/svnserve/serve.c#L4261> > b->client_info->tunnel_user is properly set only in the tunnel mode. I > think it can be passed to the svn_authz__parse(), which should become > slightly more intelligent passing stream and tunnel_user to specific > callbacks for the [groups] and the [aliases] sections. By default > there are no discovered groups. Surfing the group section parser > should skip all users except tunnel_user and already discovered > groups, otherwise add such group with relevant data to the set of > discovered. Same for aliases. > Thus we will have parsed only groups related to a particular user and > svn_authz__parse() won't need to to expand all irrelevant groups > <https://github.com/apache/subversion/blob/f91051c82d38a732b546a84f4ead491514e81010/subversion/libsvn_repos/authz_parse.c#L1417> > (~3500k in my case)
You have more than 3 million groups? > and expand every acl (~100 in my case) applying access rules to all > irrelevant users > <https://github.com/apache/subversion/blob/f91051c82d38a732b546a84f4ead491514e81010/subversion/libsvn_repos/authz_parse.c#L1452> > (~35k in my case). > > Please correct me if I am naive somewhere. The best thing you can do is prepare a patch, with tests, that implements your suggestions. Considering of course that correctness is more important than performance. :) -- Brane
