subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Support character classes in glob authz rules
Date Mon, 03 Dec 2018 06:12:10 GMT
TL;DR:

https://issues.apache.org/jira/browse/SVN-4204
https://issues.apache.org/jira/browse/SVN-4795


The longer story:

Even though apr_fnmatch(), which we use for matching glob patterns in
authz rules, supports character classes ([A-Z] etc.), we can't use them
in the glob rules because of the way the config parser works. For
example, the following rule:

[:glob:/**/*.[Dd]oc]
* = rw


will be silently parsed to ":glob:/**/*.[Dd" and will match neither
'x.doc' nor 'x.Doc' but will match 'x.[Dd', which the user almost
certainly does not want. The reason for this is that our config parser,
which we still use for the syntactical part of parsing the authz files,
strictly follows the semantics of Python's ConfigParser and treats the
first ']' it finds as the section terminator, ignoring any remaining
characters to the end of the line.

The proposed patch changes this behaviour as follows:

  * the /last/ ']' in the line is the section terminator;
  * only whitespace is allowed after the terminator to the end of the line.

The proposed change in the parser is only enabled for parsing authz and
global group files, other Subversion configuration files will use the
current semantics.

Comments? Suggestions?

-- Brane

[[[
Change the authz file parser to allow character classes in glob rules.

* subversion/include/private/svn_config_private.h
  (svn_config__parse_stream): Add new parameter 'strict_sections'
   and update the docstring to describe what it does.

* subversion/include/private/svn_string_private.h
  (svn_stringbuf__strip_trailing_whitespace): New.

* subversion/libsvn_repos/authz_parse.c
  (svn_authz__parse): Invoke the new behaviour of svn_config__parse_stream.

* subversion/libsvn_subr/config.c
  (svn_config_parse): Use the old behaviour of svn_config__parse_stream.

* subversion/libsvn_subr/config_file.c: Inclulde private/svn_string_private.h.
  (parse_context_t): New member 'strict_sections'.
  (parse_section_name): Select how sections are parsed depending on the
   value of the 'strict_sections' flag. Update docstring.
  (svn_config__parse_file): Use the old behaviour of svn_config__parse_stream.
  (svn_config__parse_stream): Update implementation; store the new
   'strict_sections' flag in the parser context.

* subversion/libsvn_subr/string.c
  (svn_stringbuf__strip_trailing_whitespace): Implement; extracted from ...
  (svn_stringbuf_strip_whitespace): ... here.

Fixes: SVN-4204, SVN-4795
]]]


Mime
View raw message