Author: brane
Date: Sat Jan 19 20:09:44 2019
New Revision: 1851687
URL: http://svn.apache.org/viewvc?rev=1851687&view=rev
Log:
Fix a bug in the authz parser where using a group with no members in
an access entry was treated as an error instead of being ignored.
* subversion/libsvn_repos/authz_parse.c
(add_to_group): Allow NULL user, to create empty groups. Update docstring.
(expand_group_callback): Handle the case where a group has no users.
(array_insert_ace): Ignore ACEs for empty groups.
* subversion/tests/cmdline/svnauthz_tests.py
(svnauthz_empty_group_test): Remove XFail decorator.
Extend the testcase to test recursive empty group expansion.
Found by: Doug Robinson
Modified:
subversion/trunk/subversion/libsvn_repos/authz_parse.c
subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py
Modified: subversion/trunk/subversion/libsvn_repos/authz_parse.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/authz_parse.c?rev=1851687&r1=1851686&r2=1851687&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_repos/authz_parse.c (original)
+++ subversion/trunk/subversion/libsvn_repos/authz_parse.c Sat Jan 19 20:09:44
2019
@@ -1011,7 +1011,8 @@ close_section(void *baton, svn_stringbuf
/* Add a user to GROUP.
- GROUP is never internalized, but USER always is. */
+ GROUP is never internalized, but USER always is.
+ Adding a NULL user will create an empty group, if it doesn't exist. */
static void
add_to_group(ctor_baton_t *cb, const char *group, const char *user)
{
@@ -1022,7 +1023,8 @@ add_to_group(ctor_baton_t *cb, const cha
members = svn_hash__make(cb->authz->pool);
svn_hash_sets(cb->expanded_groups, group, members);
}
- svn_hash_sets(members, user, interned_empty_string);
+ if (user)
+ svn_hash_sets(members, user, interned_empty_string);
}
@@ -1038,8 +1040,15 @@ expand_group_callback(void *baton,
ctor_baton_t *const cb = baton;
const char *const group = key;
apr_array_header_t *members = value;
-
int i;
+
+ if (0 == members->nelts)
+ {
+ /* Create the group with no members. */
+ add_to_group(cb, group, NULL);
+ return SVN_NO_ERROR;
+ }
+
for (i = 0; i < members->nelts; ++i)
{
const char *member = APR_ARRAY_IDX(members, i, const char*);
@@ -1169,10 +1178,18 @@ array_insert_ace(void *baton,
SVN_ERR_ASSERT(ace->members == NULL);
ace->members = svn_hash_gets(iab->cb->expanded_groups, ace->name);
if (!ace->members)
- return svn_error_createf(
- SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
- _("Access entry refers to undefined group '%s'"),
- ace->name);
+ {
+ return svn_error_createf(
+ SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
+ _("Access entry refers to undefined group '%s'"),
+ ace->name);
+ }
+ else if (0 == apr_hash_count(ace->members))
+ {
+ /* TODO: Somehow emit a warning about the use of an empty group. */
+ /* An ACE for an empty group has no effect, so ignore it. */
+ return SVN_NO_ERROR;
+ }
}
APR_ARRAY_PUSH(iab->ace_array, authz_ace_t) = *ace;
Modified: subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py?rev=1851687&r1=1851686&r2=1851687&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py (original)
+++ subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py Sat Jan 19
20:09:44 2019
@@ -965,23 +965,31 @@ def svnauthz_inverted_selector_test(sbox
os.remove(authz_path)
-@XFail()
#TODO: @Issue(XXX)
def svnauthz_empty_group_test(sbox):
"test empty group definition"
-
# build an authz file
authz_content = ("[groups]\n"
- "grouped =\n"
+ "group1 =\n"
+ "group2 = @group1\n"
+ "group3 = @group2, user\n"
+
"[A:/]\n"
- "@grouped = rw\n")
+ "@group1 = rw\n"
+ "@group2 = rw\n"
+ "@group3 = r\n")
(authz_fd, authz_path) = tempfile.mkstemp()
svntest.main.file_write(authz_path, authz_content)
+
+ svntest.actions.run_and_verify_svnauthz(
+ [], None, 0, False, 'validate', authz_path)
+
svntest.actions.run_and_verify_svnauthz(
- [], [], 0, False, 'validate', authz_path)
+ 'r', None, 0, False, 'accessof',
+ '--repository', 'A', '--username', 'user', authz_path)
########################################################################
