subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pbu...@apache.org
Subject svn commit: r1325559 - in /subversion/branches/inheritable-props/subversion: include/svn_repos.h libsvn_repos/fs-wrap.c mod_dav_svn/reports/inherited-props.c svnserve/serve.c
Date Thu, 12 Apr 2012 22:27:39 GMT
Author: pburba
Date: Thu Apr 12 22:27:39 2012
New Revision: 1325559

URL: http://svn.apache.org/viewvc?rev=1325559&view=rev
Log:
On the inheritable-props branch: Implement authz checks when retrieving
inherited props.

* subversion/include/svn_repos.h
  (svn_repos_fs_get_inherited_props): New.

* subversion/libsvn_repos/fs-wrap.c
  (svn_sorts.h): New include.

  (svn_repos_fs_get_inherited_props): New, a wrapper around
   svn_fs_node_proplist2 that checks for authorization to parent paths which
   a path inherits from.

* subversion/mod_dav_svn/reports/inherited-props.c
  (dav_svn__get_inherited_props_report): Use svn_repos_fs_get_inherited_props
   in place of svn_fs_node_proplist2.

* subversion/svnserve/serve.c
  (get_props): Use svn_repos_fs_get_inherited_props in place of
   svn_fs_node_proplist2.

  (get_file,
   get_dir,
   get_inherited_props): Update calls to get_props.

Modified:
    subversion/branches/inheritable-props/subversion/include/svn_repos.h
    subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c
    subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
    subversion/branches/inheritable-props/subversion/svnserve/serve.c

Modified: subversion/branches/inheritable-props/subversion/include/svn_repos.h
URL: http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/include/svn_repos.h?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/include/svn_repos.h (original)
+++ subversion/branches/inheritable-props/subversion/include/svn_repos.h Thu Apr 12 22:27:39
2012
@@ -3127,6 +3127,34 @@ svn_repos_check_revision_access(svn_repo
                                 void *authz_read_baton,
                                 apr_pool_t *pool);
 
+/**
+ * Set @a *inherited_values to a depth-first ordered array of
+ * #svn_prop_inherited_item_t * structures (the path_or_url members of which
+ * are relative filesystem paths)  representing the properties inherited by
+ * @a path at @a revision in @a repos.  If no properties are inherited, then
+ * set @a *inherited_values to an empty array.
+ *
+ * If @a revision is #SVN_INVALID_REVNUM, it defaults to youngest.
+ *
+ * If optional @a authz_read_func is non-NULL, then use this function
+ * (along with optional @a authz_read_baton) to check the readability
+ * of each parent path from which properties are inherited. Silently omit
+ * properties for unreadable parent paths.
+ *
+ * Allocate @a *inherited_props in @a result_pool.  Use @a scratch_pool for
+ * temporary allocations.
+ *
+ * @since New in 1.8.
+ */
+svn_error_t *
+svn_repos_fs_get_inherited_props(apr_array_header_t **inherited_props,
+                                 svn_repos_t *repos,
+                                 const char *path,
+                                 svn_revnum_t revision,
+                                 svn_repos_authz_func_t authz_read_func,
+                                 void *authz_read_baton,
+                                 apr_pool_t *result_pool,
+                                 apr_pool_t *scratch_pool);
 
 
 /** Capabilities **/

Modified: subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c
URL: http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c (original)
+++ subversion/branches/inheritable-props/subversion/libsvn_repos/fs-wrap.c Thu Apr 12 22:27:39
2012
@@ -31,6 +31,7 @@
 #include "svn_props.h"
 #include "svn_repos.h"
 #include "svn_time.h"
+#include "svn_sorts.h"
 #include "repos.h"
 #include "svn_private_config.h"
 #include "private/svn_repos_private.h"
@@ -740,7 +741,42 @@ svn_repos_fs_pack2(svn_repos_t *repos,
                      cancel_func, cancel_baton, pool);
 }
 
+svn_error_t *
+svn_repos_fs_get_inherited_props(apr_array_header_t **inherited_props,
+                                 svn_repos_t *repos,
+                                 const char *path,
+                                 svn_revnum_t revision,
+                                 svn_repos_authz_func_t authz_read_func,
+                                 void *authz_read_baton,
+                                 apr_pool_t *result_pool,
+                                 apr_pool_t *scratch_pool)
+{
+  svn_fs_root_t *root;
+  int i;
+
+  if (!SVN_IS_VALID_REVNUM(revision))
+    SVN_ERR(svn_fs_youngest_rev(&revision, repos->fs, scratch_pool));
+  SVN_ERR(svn_fs_revision_root(&root, repos->fs, revision, scratch_pool));
+  SVN_ERR(svn_fs_node_proplist2(NULL, inherited_props, root, path,
+                                result_pool, scratch_pool));
+  for (i = 0; i < (*inherited_props)->nelts; i++)
+    {
+      svn_boolean_t allowed = TRUE;
+      svn_prop_inherited_item_t *iprop =
+        APR_ARRAY_IDX(*inherited_props, i, svn_prop_inherited_item_t *);
+
+      if (authz_read_func)
+        SVN_ERR(authz_read_func(&allowed, root, iprop->path_or_url,
+                                authz_read_baton, scratch_pool));
+      if (!allowed)
+        {
+          svn_sort__array_delete(*inherited_props, i, 1);
+          i--;
+        }
+    }
 
+  return SVN_NO_ERROR;
+}
 
 /*
  * vim:ts=4:sw=2:expandtab:tw=80:fo=tcroq

Modified: subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
URL: http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
(original)
+++ subversion/branches/inheritable-props/subversion/mod_dav_svn/reports/inherited-props.c
Thu Apr 12 22:27:39 2012
@@ -114,9 +114,11 @@ dav_svn__get_inherited_props_report(cons
                                 "couldn't retrieve revision root",
                                 resource->pool);
 
-  serr = svn_fs_node_proplist2(NULL, &inherited_props, root, path,
-                               resource->pool, iterpool);
-
+  serr = svn_repos_fs_get_inherited_props(&inherited_props,
+                                          resource->info->repos->repos,
+                                          path, rev,
+                                          dav_svn__authz_read_func(&arb),
+                                          &arb, resource->pool, iterpool);
   if (serr)
     {
       derr = dav_svn__convert_err(serr, HTTP_BAD_REQUEST, serr->message,

Modified: subversion/branches/inheritable-props/subversion/svnserve/serve.c
URL: http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/svnserve/serve.c?rev=1325559&r1=1325558&r2=1325559&view=diff
==============================================================================
--- subversion/branches/inheritable-props/subversion/svnserve/serve.c (original)
+++ subversion/branches/inheritable-props/subversion/svnserve/serve.c Thu Apr 12 22:27:39
2012
@@ -962,24 +962,30 @@ static svn_error_t *write_lock(svn_ra_sv
 }
 
 /* ### This really belongs in libsvn_repos. */
-/* Get the properties and/or inherited properties for a PATH in ROOT, with
-   hardcoded committed-info values. */
+/* Get the explicit properties and/or inherited properties for a PATH in
+   ROOT, with hardcoded committed-info values. */
 static svn_error_t *
 get_props(apr_hash_t **props,
           apr_array_header_t **iprops,
+          server_baton_t *b,
           svn_fs_root_t *root,
           const char *path,
           apr_pool_t *pool)
 {
-  /* Get the properties. */
-  SVN_ERR(svn_fs_node_proplist2(props, iprops, root, path, pool, pool));
-
+  /* Get the explicit properties. */
   if (props)
     {
       svn_string_t *str;
       svn_revnum_t crev;
       const char *cdate, *cauthor, *uuid;
 
+      /* Yes, we could grab the inherited properties here too, but while we
+         already know the user has read access to PATH, we don't know that
+         the same holds true for PATH's parents, so we call
+         svn_repos_fs_get_inherited_props below, which performs the necessary
+         authz checks. */
+      SVN_ERR(svn_fs_node_proplist2(props, NULL, root, path, pool, pool));
+
       /* Hardcode the values for the committed revision, date, and author. */
       SVN_ERR(svn_repos_get_committed_info(&crev, &cdate, &cauthor, root,
                                            path, pool));
@@ -1000,6 +1006,13 @@ get_props(apr_hash_t **props,
       apr_hash_set(*props, SVN_PROP_ENTRY_UUID, APR_HASH_KEY_STRING, str);
     }
 
+  /* Get any inherited properties the user is authorized to. */
+  if (iprops)
+    SVN_ERR(svn_repos_fs_get_inherited_props(
+      iprops, b->repos, path,
+      svn_fs_revision_root_revision(root),
+      authz_check_access_cb_func(b), b, pool, pool));
+
   return SVN_NO_ERROR;
 }
 
@@ -1435,7 +1448,8 @@ static svn_error_t *get_file(svn_ra_svn_
                                    full_path, TRUE, pool));
   hex_digest = svn_checksum_to_cstring_display(checksum, pool);
   if (want_props || wants_inherited_props)
-    SVN_CMD_ERR(get_props(&props, &inherited_props, root, full_path, pool));
+    SVN_CMD_ERR(get_props(&props, &inherited_props, b, root, full_path,
+                          pool));
   if (want_contents)
     SVN_CMD_ERR(svn_fs_file_contents(&contents, root, full_path, pool));
 
@@ -1576,7 +1590,8 @@ static svn_error_t *get_dir(svn_ra_svn_c
   /* Fetch the directory's explicit and/or inherited properties
      if requested. */
   if (want_props || wants_inherited_props)
-    SVN_CMD_ERR(get_props(&props, &inherited_props, root, full_path, pool));
+    SVN_CMD_ERR(get_props(&props, &inherited_props, b, root, full_path,
+                          pool));
 
   /* Begin response ... */
   SVN_ERR(svn_ra_svn_write_tuple(conn, pool, "w(r(!", "success", rev));
@@ -2942,7 +2957,7 @@ get_inherited_props(svn_ra_svn_conn_t *c
 
   /* Fetch the properties and a stream for the contents. */
   SVN_CMD_ERR(svn_fs_revision_root(&root, b->fs, rev, pool));
-  SVN_CMD_ERR(get_props(NULL, &inherited_props, root, full_path, pool));
+  SVN_CMD_ERR(get_props(NULL, &inherited_props, b, root, full_path, pool));
 
   /* Send successful command response with revision and props. */
   SVN_ERR(svn_ra_svn_write_tuple(conn, pool, "w(!", "success"));



Mime
View raw message