[
https://issues.apache.org/jira/browse/SVN-4794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Branko Čibej updated SVN-4794:
------------------------------
Description:
In the authz semantics up to 1.9, a duplicate access entry for the same rule
would replace a previous such entry:
{noformat}
[/]
user = rw
user = r
{noformat}
This was valid, and the second entry replaced the first, giving _user_
read-only access.
In 1.10+, these entries are merged, giving _user_ rear/write access. This is
clearly bad because it can *silently* change the meaning of access rules.
*Proposal:* duplicate authz rules should be rejected, i.e., the example above
should become an error. Whilst this will break some existing pre-1.10 authz
files, it will not silently change their meaning. Besides, duplicate entries
are most likely either an error or the result of duplicate rules, which are
also forbidden in 1.10+.
The attached patch implements this proposal. Examples:
{noformat}
$ cat authz.conf
[/]
user = rw
user = r
$ svnauthz validate authz.conf
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry 'user' in rule [/]
{noformat}
{noformat}
$ cat authz.conf
[/]
$authenticated = rw
~$anonymous = r
$ svnauthz validate authz.conf
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry '~$anonymous' (matches
'$authenticated') in rule [/]
{noformat}
{noformat}
$ cat authz.conf
[aliases]
resu = user
[/]
~&resu = rw
~user = r
$ svnauthz validate authz.conf
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry '~&resu' (matches '~user') in rule [/]
{noformat}
was:
In the authz semantics up to 1.9, a duplicate access entry for the same rule
would replace a previous such entry:
{noformat}
[/]
user = rw
user = r
{noformat}
This was valid, and the second entry replaced the first, giving _user_
read-only access.
In 1.10+, these entries are silently merged, giving _user_ rear/write access.
This is clearly bad because it can *silently* change the meaning of access
rules.
*Proposal:* duplicate authz rules should be rejected, i.e., the example above
should become an error. Whilst this will break some existing pre-1.10 authz
files, it will not silently change their meaning. Besides, duplicate entries
are most likely either an error or the result of duplicate rules, which are
also forbidden in 1.10+.
The attached patch implements this proposal. Examples:
{noformat}
$ cat authz.conf
[/]
user = rw
user = r
$ svnauthz validate authz.conf
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry 'user' in rule [/]
{noformat}
{noformat}
$ cat authz.conf
[/]
$authenticated = rw
~$anonymous = r
$ svnauthz validate authz.conf
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry '~$anonymous' (matches
'$authenticated') in rule [/]
{noformat}
{noformat}
$ cat authz.conf
[aliases]
resu = user
[/]
~&resu = rw
~user = r
$ svnauthz validate authz.conf
svnauthz: E220003: Error while parsing authz file: 'authz.conf':
svnauthz: E220003: Duplicate access entry '~&resu' (matches '~user') in rule [/]
{noformat}
> Duplicate ACEs are merged but should be rejected
> ------------------------------------------------
>
> Key: SVN-4794
> URL: https://issues.apache.org/jira/browse/SVN-4794
> Project: Subversion
> Issue Type: Bug
> Components: libsvn_repos, svnauthz
> Affects Versions: trunk, 1.10.x, 1.11.x
> Reporter: Branko Čibej
> Priority: Major
> Attachments: authz-entry-collision.patch
>
>
> In the authz semantics up to 1.9, a duplicate access entry for the same rule
> would replace a previous such entry:
> {noformat}
> [/]
> user = rw
> user = r
> {noformat}
> This was valid, and the second entry replaced the first, giving _user_
> read-only access.
> In 1.10+, these entries are merged, giving _user_ rear/write access. This is
> clearly bad because it can *silently* change the meaning of access rules.
> *Proposal:* duplicate authz rules should be rejected, i.e., the example above
> should become an error. Whilst this will break some existing pre-1.10 authz
> files, it will not silently change their meaning. Besides, duplicate entries
> are most likely either an error or the result of duplicate rules, which are
> also forbidden in 1.10+.
> The attached patch implements this proposal. Examples:
> {noformat}
> $ cat authz.conf
> [/]
> user = rw
> user = r
> $ svnauthz validate authz.conf
> svnauthz: E220003: Error while parsing authz file: 'authz.conf':
> svnauthz: E220003: Duplicate access entry 'user' in rule [/]
> {noformat}
> {noformat}
> $ cat authz.conf
> [/]
> $authenticated = rw
> ~$anonymous = r
> $ svnauthz validate authz.conf
> svnauthz: E220003: Error while parsing authz file: 'authz.conf':
> svnauthz: E220003: Duplicate access entry '~$anonymous' (matches
> '$authenticated') in rule [/]
> {noformat}
> {noformat}
> $ cat authz.conf
> [aliases]
> resu = user
> [/]
> ~&resu = rw
> ~user = r
> $ svnauthz validate authz.conf
> svnauthz: E220003: Error while parsing authz file: 'authz.conf':
> svnauthz: E220003: Duplicate access entry '~&resu' (matches '~user') in rule
> [/]
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
