Author: stsp Date: Fri Jan 22 12:35:57 2021 New Revision: 1885788 URL: http://svn.apache.org/viewvc?rev=1885788&view=rev Log: 1.10.x fix for issue #4762 "authz doesn't combine global and repository rules"
These changes do not merge cleanly to 1.10.x because of a whitespace change. * subversion/libsvn_repos/authz.c (create_user_authz): Resolve a trivial text conflict due to trailing whitespace which was removed on trunk in r1875617. Added: subversion/branches/1.10.x-issue4762/ (props changed) - copied from r1885787, subversion/branches/1.10.x/ Modified: subversion/branches/1.10.x-issue4762/subversion/libsvn_repos/authz.c subversion/branches/1.10.x-issue4762/subversion/tests/libsvn_repos/authz-test.c Propchange: subversion/branches/1.10.x-issue4762/ ------------------------------------------------------------------------------ --- svn:auto-props (added) +++ svn:auto-props Fri Jan 22 12:35:57 2021 @@ -0,0 +1,13 @@ +*.c = svn:eol-style=native +*.cpp = svn:eol-style=native +*.h = svn:eol-style=native +*.hpp = svn:eol-style=native +*.java = svn:eol-style=native +*.py = svn:eol-style=native +*.pl = svn:eol-style=native +*.rb = svn:eol-style=native +*.sql = svn:eol-style=native +*.txt = svn:eol-style=native +README = svn:eol-style=native +BRANCH-README = svn:eol-style=native +STATUS = svn:eol-style=native Propchange: subversion/branches/1.10.x-issue4762/ ------------------------------------------------------------------------------ --- svn:ignore (added) +++ svn:ignore Fri Jan 22 12:35:57 2021 @@ -0,0 +1,54 @@ +ChangeLog* +Makefile +config.cache +config.log +config.nice +config.status +configure +libtool +.gdb_history +.swig_checked +*.orig +*.rej +TAGS +tags +neon +build-outputs.mk +autogen-standalone.mk +autom4te.cache +gen-make.opts +tests.log* +fails.log* +db4-win32 +db +*.o +*~ +.*~ +apr +apr-util +apr-iconv +Release +Debug +ipch +subversion_msvc.dsw +subversion_msvc.ncb +subversion_msvc.opt +subversion_msvc.plg +subversion_vcnet.* +mkmf.log +.project +.classpath +.cdtproject +.settings +.cproject +zlib +sqlite-amalgamation +serf +googlemock +.git +.gitignore +.idea +compile_commands.json +.kdev4 +*.kdev4 +.vs Propchange: subversion/branches/1.10.x-issue4762/ ------------------------------------------------------------------------------ --- svn:mergeinfo (added) +++ svn:mergeinfo Fri Jan 22 12:35:57 2021 @@ -0,0 +1,107 @@ +/subversion/branches/1.10-cache-improvements:1669168-1694487 +/subversion/branches/1.10.x-issue4686:1823212-1823727 +/subversion/branches/1.10.x-issue4758:1834611-1842578 +/subversion/branches/1.10.x-r1846299:1846844-1847605 +/subversion/branches/1.10.x-r1855419:1855420-1863299 +/subversion/branches/1.10.x-x-shelve:1827566-1827916 +/subversion/branches/1.5.x-r30215:870312 +/subversion/branches/1.7.x-fs-verify:1146708,1161180 +/subversion/branches/1.9-cache-improvements:1678948-1679863 +/subversion/branches/1.9.x:1735680 +/subversion/branches/10Gb:1388102,1388163-1388190,1388195,1388202,1388205,1388211,1388276,1388362,1388375,1388394,1388636,1388639-1388640,1388643-1388644,1388654,1388720,1388789,1388795,1388801,1388805,1388807,1388810,1388816,1389044,1389276,1389289,1389662,1389867,1390017,1390209,1390216,1390407,1390409,1390414,1390419,1390955 +/subversion/branches/atomic-revprop:965046-1000689 +/subversion/branches/authzperf:1613053-1776831 +/subversion/branches/auto-props-sdc:1384106-1401643 +/subversion/branches/bdb-reverse-deltas:872050-872529 +/subversion/branches/cache-server:1458643-1476567 +/subversion/branches/diff-callbacks3:870059-870761 +/subversion/branches/diff-optimizations:1031270-1037352 +/subversion/branches/diff-optimizations-bytes:1037353-1067789 +/subversion/branches/dont-save-plaintext-passwords-by-default:870728-871118 +/subversion/branches/double-delete:870511-872970 +/subversion/branches/dump-load-cross-check:1654853-1657295 +/subversion/branches/ev2-export:1325914,1332738,1413107 +/subversion/branches/explore-wc:875486,875493,875497,875507,875511,875514,875559,875580-875581,875584,875587,875611,875627,875647,875667-875668,875711-875712,875733-875734,875736,875744-875748,875751,875758,875782,875795-875796,875830,875836,875838,875842,875852,875855,875864,875870,875873,875880,875885-875888,875890,875897-875898,875905,875907-875909,875935,875943-875944,875946,875979,875982-875983,875985-875986,875990,875997 +/subversion/branches/file-externals:871779-873302 +/subversion/branches/fs-rep-sharing:869036-873803 +/subversion/branches/fsfs-format7:1426304,1430673,1433848,1438408,1438982,1441129,1442051,1442068,1442504,1442910,1443171,1443803,1444690,1444693,1444695,1445040,1445080,1446103,1451129,1453590,1454307,1460579,1461851,1461865,1462837,1462904,1463120,1467362,1467382,1469487,1471208,1477166,1478055,1481447,1489817,1489949,1490673-1490674,1491784,1493042,1498029,1498103,1498155,1500054,1507729-1507731,1507735-1507736 +/subversion/branches/fsfs-improvements:1499981-1547039 +/subversion/branches/fsfs-lock-many:1571740-1577217 +/subversion/branches/fsfs-pack:873717-874575 +/subversion/branches/fsx:1507845-1509914 +/subversion/branches/fsx-1.10:1658219-1694500 +/subversion/branches/fsx-id:1645603-1649011 +/subversion/branches/gnome-keyring:870558-871410 +/subversion/branches/gpg-agent-password-store:1005036-1150766 +/subversion/branches/gtest_addition:1452117-1502138 +/subversion/branches/http-protocol-v2:874395-876041 +/subversion/branches/in-memory-cache:869829-871452 +/subversion/branches/in-repo-authz:1414342-1424779 +/subversion/branches/inheritable-props:1297080-1395089 +/subversion/branches/integrate-cache-item-serialization:1068724-1068739 +/subversion/branches/integrate-cache-membuffer:998649-998852 +/subversion/branches/integrate-compression-level:1068651-1072287 +/subversion/branches/integrate-io-improvements:1068684-1072297 +/subversion/branches/integrate-is-cachable:1072568-1074082 +/subversion/branches/integrate-partial-getter:1072558-1076552 +/subversion/branches/integrate-readline-speedup:1072553-1072555 +/subversion/branches/integrate-stream-api-extensions:1068695-1072516 +/subversion/branches/integrate-string-improvements:1068251-1190617 +/subversion/branches/integrate-txdelta-caching:1072541-1078213 +/subversion/branches/issue-2779-dev:965496-984198 +/subversion/branches/issue-2843-dev:871432-874179 +/subversion/branches/issue-3000:871713,871716-871719,871721-871726,871728,871734 +/subversion/branches/issue-3067-deleted-subtrees:873375-874084 +/subversion/branches/issue-3148-dev:875193-875204 +/subversion/branches/issue-3220-dev:872210-872226 +/subversion/branches/issue-3242-dev:879653-896436 +/subversion/branches/issue-3334-dirs:875156-875867 +/subversion/branches/issue-3975:1152931-1160746 +/subversion/branches/issue-4116-dev:1424719-1425040 +/subversion/branches/issue-4194-dev:1410507-1414880 +/subversion/branches/javahl-ra:991978-1494640 +/subversion/branches/kwallet:870785-871314 +/subversion/branches/log-addressing:1509279-1546844 +/subversion/branches/log-g-performance:870941-871032 +/subversion/branches/merge-skips-obstructions:874525-874615 +/subversion/branches/move-tracking-2:1606692-1714632 +/subversion/branches/multi-layer-moves:1239019-1300930 +/subversion/branches/nfc-nfd-aware-client:870276,870376 +/subversion/branches/node_pool:1304828-1305388 +/subversion/branches/patch-exec:1692717-1705390 +/subversion/branches/performance:979193,980118,981087,981090,981189,981194,981287,981684,981827,982043,982355,983398,983406,983430,983474,983488,983490,983760,983764,983766,983770,984927,984973,984984,985014,985037,985046,985472,985477,985482,985487-985488,985493,985497,985500,985514,985601,985603,985606,985669,985673,985695,985697,986453,986465,986485,986491-986492,986517,986521,986605,986608,986817,986832,987865,987868-987869,987872,987886-987888,987893,988319,988898,990330,990533,990535-990537,990541,990568,990572,990574-990575,990600,990759,992899,992904,992911,993127,993141,994956,995478,995507,995603,998012,998858,999098,1001413,1001417,1004291,1022668,1022670,1022676,1022715,1022719,1025660,1025672,1027193,1027203,1027206,1027214,1027227,1028077,1028092,1028094,1028104,1028107,1028111,1028354,1029038,1029042-1029043,1029054-1029055,1029062-1029063,1029078,1029080,1029090,1029092-1029093,1029111,1029151,1029158,1029229-1029230,1029232,1029335-1029336,1029339-1029340,1029342,10 29344,1030763,1030827,1031203,1031235,1032285,1032333,1033040,1033057,1033294,1035869,1035882,1039511,1043705,1053735,1056015,1066452,1067683,1067697-1078365 +/subversion/branches/pin-externals:1643757-1659392 +/subversion/branches/py-tests-as-modules:956579-1033052 +/subversion/branches/ra-svn-tuning:1658201-1694489 +/subversion/branches/ra_serf-digest-authn:875693-876404 +/subversion/branches/reintegrate-improvements:873853-874164 +/subversion/branches/remote-only-status:1581845-1586090 +/subversion/branches/resolve-incoming-add:1762797-1764284 +/subversion/branches/revprop-cache:1298521-1326293 +/subversion/branches/revprop-caching-ng:1620597,1620599 +/subversion/branches/revprop-packing:1143907,1143971,1143997,1144017,1144499,1144568,1146145 +/subversion/branches/shelve:1802592-1815226 +/subversion/branches/shelve-checkpoint:1801593-1801923,1801970,1817320 +/subversion/branches/subtree-mergeinfo:876734-878766 +/subversion/branches/svn-auth-x509:1603509-1655900 +/subversion/branches/svn-info-detail:1660035-1662618 +/subversion/branches/svn-mergeinfo-enhancements:870119-870195,870197-870288 +/subversion/branches/svn-mergeinfo-normalizer:1642232-1695991 +/subversion/branches/svn-patch-improvements:918519-934609 +/subversion/branches/svn_mutex:1141683-1182099 +/subversion/branches/svnpatch-diff:865738-876477 +/subversion/branches/svnraisetc:874709-875149 +/subversion/branches/svnserve-logging:869828-870893 +/subversion/branches/tc-issue-3334:874697-874773 +/subversion/branches/tc-merge-notify:874017-874062 +/subversion/branches/tc-resolve:874191-874239 +/subversion/branches/tc_url_rev:874351-874483 +/subversion/branches/tree-conflicts:868291-873154 +/subversion/branches/tree-conflicts-notify:873926-874008 +/subversion/branches/tristate-chunked-request:1502394-1502681 +/subversion/branches/tweak-build-take-two:1424288-1425049,1425051-1425613 +/subversion/branches/uris-as-urls:1060426-1064427 +/subversion/branches/verify-at-commit:1462039-1462408 +/subversion/branches/verify-keep-going:1439280-1546110 +/subversion/branches/wc-collate-path:1402685-1480384 +/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822587,1822591,1822996,1823202-1823203,1823211,1823327,1823791,1823966,1823989,1824033,1825024,1825045,1825215,1825266,1825306,1825709,1825711,1825721,1825736,1825778,1825783,1825787-1825788,1825979,1826720-1826721,1826747,1826811,1826814,1826877,1826907,1826971,1827105,1827114,1827191,1827562,1827574,1827670,1828613,1829012,1829015,1829241,1829260,1829344,1830083,1830882-1830883,1830885,1830900-1830901,1831110,1831112,1831540,1833465,1833621,1833836,1833842,1833864,1833866,1833895,1833897,1833899,1833901,1835049,1835760,1836306,1836762,1836802,1836960,1836963,1836968,1836976,1837037,1837790,1838813,1839662,1839703,1839734,1839739,1840991,1842260,1842262,184 2264,1843888,1844882,1844987,1845204,1845212,1845261,1845408,1845555,1845577,1846299,1846403,1846406,1846704,1847181-1847182,1847188,1847264,1847572,1847596,1847598,1847697,1847922,1847924,1847946,1850348,1850621,1850651,1851676,1851687,1851791,1851920,1852013,1852436,1853450,1853483,1853761,1854072,1854074,1854216,1855419,1856397,1857367,1857391,1860936,1860951,1860958,1863262,1863987,1863990,1864440,1865266,1865987,1866425,1866588,1868151,1876054,1879198,1880886,1882326 Modified: subversion/branches/1.10.x-issue4762/subversion/libsvn_repos/authz.c URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x-issue4762/subversion/libsvn_repos/authz.c?rev=1885788&r1=1885787&r2=1885788&view=diff ============================================================================== --- subversion/branches/1.10.x-issue4762/subversion/libsvn_repos/authz.c (original) +++ subversion/branches/1.10.x-issue4762/subversion/libsvn_repos/authz.c Fri Jan 22 12:35:57 2021 @@ -889,9 +889,7 @@ create_user_authz(authz_full_t *authz, /* Use a separate sub-pool to keep memory usage tight. */ apr_pool_t *subpool = svn_pool_create(scratch_pool); - /* Find all ACLs for REPOSITORY. - * Note that repo-specific rules replace global rules, - * even if they don't apply to the current user. */ + /* Find all ACLs for REPOSITORY. */ apr_array_header_t *acls = apr_array_make(subpool, authz->acls->nelts, sizeof(authz_acl_t *)); for (i = 0; i < authz->acls->nelts; ++i) @@ -908,15 +906,36 @@ create_user_authz(authz_full_t *authz, = APR_ARRAY_IDX(acls, acls->nelts - 1, const authz_acl_t *); if (svn_authz__compare_paths(&prev_acl->rule, &acl->rule) == 0) { + svn_boolean_t global_acl_applies; + svn_boolean_t repos_acl_applies; + + /* Previous ACL is a global rule. */ SVN_ERR_ASSERT_NO_RETURN(!strcmp(prev_acl->rule.repos, AUTHZ_ANY_REPOSITORY)); + /* Current ACL is a per-repository rule. */ SVN_ERR_ASSERT_NO_RETURN(strcmp(acl->rule.repos, AUTHZ_ANY_REPOSITORY)); - apr_array_pop(acls); + + global_acl_applies = + svn_authz__get_acl_access(NULL, prev_acl, user, repository); + repos_acl_applies = + svn_authz__get_acl_access(NULL, acl, user, repository); + + /* Prefer rules which apply to both this user and this path + * over rules which apply only to the path. In cases where + * both rules apply to user and path, always prefer the + * repository-specific rule. */ + if (!global_acl_applies || repos_acl_applies) + { + apr_array_pop(acls); + APR_ARRAY_PUSH(acls, const authz_acl_t *) = acl; + } } + else + APR_ARRAY_PUSH(acls, const authz_acl_t *) = acl; } - - APR_ARRAY_PUSH(acls, const authz_acl_t *) = acl; + else + APR_ARRAY_PUSH(acls, const authz_acl_t *) = acl; } } Modified: subversion/branches/1.10.x-issue4762/subversion/tests/libsvn_repos/authz-test.c URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x-issue4762/subversion/tests/libsvn_repos/authz-test.c?rev=1885788&r1=1885787&r2=1885788&view=diff ============================================================================== --- subversion/branches/1.10.x-issue4762/subversion/tests/libsvn_repos/authz-test.c (original) +++ subversion/branches/1.10.x-issue4762/subversion/tests/libsvn_repos/authz-test.c Fri Jan 22 12:35:57 2021 @@ -478,6 +478,39 @@ issue_4741_groups(apr_pool_t *pool) return SVN_NO_ERROR; } +static svn_error_t * +reposful_reposless_stanzas_inherit(apr_pool_t *pool) +{ + const char rules[] = + "[groups]" NL + "company = user1, user2, user3" NL + "customer = customer1, customer2" NL + "" NL + "# company can read-write on everything" NL + "[/]" NL + "@company = rw" NL + "" NL + "[project1:/]" NL + "@customer = r" NL + "" NL + "[project2:/]" NL; + + svn_stringbuf_t *buf = svn_stringbuf_create(rules, pool); + svn_stream_t *stream = svn_stream_from_stringbuf(buf, pool); + svn_authz_t *authz; + svn_boolean_t access_granted; + + SVN_ERR(svn_repos_authz_parse(&authz, stream, NULL, pool)); + + SVN_ERR(svn_repos_authz_check_access(authz, "project1", "/foo", "user1", + svn_authz_write | svn_authz_recursive, + &access_granted, + pool)); + SVN_TEST_ASSERT(access_granted == TRUE); + + return SVN_NO_ERROR; +} + static int max_threads = 4; static struct svn_test_descriptor_t test_funcs[] = @@ -489,6 +522,8 @@ static struct svn_test_descriptor_t test "test svn_authz__get_global_rights"), SVN_TEST_PASS2(issue_4741_groups, "issue 4741 groups"), + SVN_TEST_PASS2(reposful_reposless_stanzas_inherit, + "[foo:/] inherits [/]"), SVN_TEST_NULL };