Author: brane Date: Sat Jan 19 20:09:44 2019 New Revision: 1851687 URL: http://svn.apache.org/viewvc?rev=1851687&view=rev Log: Fix a bug in the authz parser where using a group with no members in an access entry was treated as an error instead of being ignored.
* subversion/libsvn_repos/authz_parse.c (add_to_group): Allow NULL user, to create empty groups. Update docstring. (expand_group_callback): Handle the case where a group has no users. (array_insert_ace): Ignore ACEs for empty groups. * subversion/tests/cmdline/svnauthz_tests.py (svnauthz_empty_group_test): Remove XFail decorator. Extend the testcase to test recursive empty group expansion. Found by: Doug Robinson Modified: subversion/trunk/subversion/libsvn_repos/authz_parse.c subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py Modified: subversion/trunk/subversion/libsvn_repos/authz_parse.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/authz_parse.c?rev=1851687&r1=1851686&r2=1851687&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_repos/authz_parse.c (original) +++ subversion/trunk/subversion/libsvn_repos/authz_parse.c Sat Jan 19 20:09:44 2019 @@ -1011,7 +1011,8 @@ close_section(void *baton, svn_stringbuf /* Add a user to GROUP. - GROUP is never internalized, but USER always is. */ + GROUP is never internalized, but USER always is. + Adding a NULL user will create an empty group, if it doesn't exist. */ static void add_to_group(ctor_baton_t *cb, const char *group, const char *user) { @@ -1022,7 +1023,8 @@ add_to_group(ctor_baton_t *cb, const cha members = svn_hash__make(cb->authz->pool); svn_hash_sets(cb->expanded_groups, group, members); } - svn_hash_sets(members, user, interned_empty_string); + if (user) + svn_hash_sets(members, user, interned_empty_string); } @@ -1038,8 +1040,15 @@ expand_group_callback(void *baton, ctor_baton_t *const cb = baton; const char *const group = key; apr_array_header_t *members = value; - int i; + + if (0 == members->nelts) + { + /* Create the group with no members. */ + add_to_group(cb, group, NULL); + return SVN_NO_ERROR; + } + for (i = 0; i < members->nelts; ++i) { const char *member = APR_ARRAY_IDX(members, i, const char*); @@ -1169,10 +1178,18 @@ array_insert_ace(void *baton, SVN_ERR_ASSERT(ace->members == NULL); ace->members = svn_hash_gets(iab->cb->expanded_groups, ace->name); if (!ace->members) - return svn_error_createf( - SVN_ERR_AUTHZ_INVALID_CONFIG, NULL, - _("Access entry refers to undefined group '%s'"), - ace->name); + { + return svn_error_createf( + SVN_ERR_AUTHZ_INVALID_CONFIG, NULL, + _("Access entry refers to undefined group '%s'"), + ace->name); + } + else if (0 == apr_hash_count(ace->members)) + { + /* TODO: Somehow emit a warning about the use of an empty group. */ + /* An ACE for an empty group has no effect, so ignore it. */ + return SVN_NO_ERROR; + } } APR_ARRAY_PUSH(iab->ace_array, authz_ace_t) = *ace; Modified: subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py?rev=1851687&r1=1851686&r2=1851687&view=diff ============================================================================== --- subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py (original) +++ subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py Sat Jan 19 20:09:44 2019 @@ -965,23 +965,31 @@ def svnauthz_inverted_selector_test(sbox os.remove(authz_path) -@XFail() #TODO: @Issue(XXX) def svnauthz_empty_group_test(sbox): "test empty group definition" - # build an authz file authz_content = ("[groups]\n" - "grouped =\n" + "group1 =\n" + "group2 = @group1\n" + "group3 = @group2, user\n" + "[A:/]\n" - "@grouped = rw\n") + "@group1 = rw\n" + "@group2 = rw\n" + "@group3 = r\n") (authz_fd, authz_path) = tempfile.mkstemp() svntest.main.file_write(authz_path, authz_content) + + svntest.actions.run_and_verify_svnauthz( + [], None, 0, False, 'validate', authz_path) + svntest.actions.run_and_verify_svnauthz( - [], [], 0, False, 'validate', authz_path) + 'r', None, 0, False, 'accessof', + '--repository', 'A', '--username', 'user', authz_path) ########################################################################