Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@subversion.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1292462 -
 /subversion/trunk/subversion/libsvn_repos/log.c
Date: Wed, 22 Feb 2012 19:26:17 -0000
To: commits@subversion.apache.org
From: cmpilato@apache.org
Message-Id: <20120222192617.82EB82388860@eris.apache.org>

Author: cmpilato
Date: Wed Feb 22 19:26:16 2012
New Revision: 1292462

URL: http://svn.apache.org/viewvc?rev=1292462&view=rev
Log:
Fix an inconsistency between the way mod_dav_svn and svnserve handled
requests for revision logs of the repository root directory when that
directory was unreadable by the user (per authz rules).  mod_dav_svn
would fail the operation outright with an "access denied" type of
error; svnserve would allow the operation to proceed but simply mask
out information the user was not authorized to see.

Now, both RA layers fail with the "access denied" error message, which
is not only consistent across RA layers, but is also consistent with
the way that log queries on other (non-root) unreadable directories
were handled.

* subversion/libsvn_repos/log.c
  (svn_repos_get_logs4): In the special-case code for handling log
    queries of the root directory alone, consult the authz read callback
    function.

Modified:
    subversion/trunk/subversion/libsvn_repos/log.c

Modified: subversion/trunk/subversion/libsvn_repos/log.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/log.c?rev=1292462&r1=1292461&r2=1292462&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_repos/log.c (original)
+++ subversion/trunk/subversion/libsvn_repos/log.c Wed Feb 22 19:26:16 2012
@@ -2265,17 +2265,40 @@ svn_repos_get_logs4(svn_repos_t *repos,
       int i;
       apr_pool_t *iterpool = svn_pool_create(pool);
 
+      /* If we are provided an authz callback function, use it to
+         verify that the user has read access to the root path in the
+         first of our revisions.
+
+         ### FIXME:  Strictly speaking, we should be checking this
+         ### access in every revision along the line.  But currently,
+         ### there are no known authz implementations which concern
+         ### themselves will per-revision access.  */
+      if (authz_read_func)
+        {
+          svn_boolean_t readable;
+          svn_fs_root_t *rev_root;
+
+          SVN_ERR(svn_fs_revision_root(&rev_root, fs, 
+                                       descending_order ? end : start, pool));
+          SVN_ERR(authz_read_func(&readable, rev_root, "",
+                                  authz_read_baton, pool));
+          if (! readable)
+            return svn_error_create(SVN_ERR_AUTHZ_UNREADABLE, NULL, NULL);
+        }
+
       send_count = end - start + 1;
       if (limit && send_count > limit)
         send_count = limit;
       for (i = 0; i < send_count; ++i)
         {
-          svn_revnum_t rev = start + i;
+          svn_revnum_t rev;
 
           svn_pool_clear(iterpool);
 
           if (descending_order)
             rev = end - i;
+          else
+            rev = start + i;
           SVN_ERR(send_log(rev, fs, NULL, NULL, discover_changed_paths, FALSE,
                            FALSE, revprops, FALSE, receiver,
                            receiver_baton, authz_read_func,