You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by cm...@apache.org on 2012/08/27 14:26:09 UTC
svn commit: r1377652 - in /subversion/branches/authz-overhaul/subversion:
include/ libsvn_repos/ mod_authz_svn/ mod_dav_svn/
Author: cmpilato
Date: Mon Aug 27 12:26:08 2012
New Revision: 1377652
URL: http://svn.apache.org/viewvc?rev=1377652&view=rev
Log:
On the 'authz-overhaul' branch: Commit a local modifications leftover
from work I did back in late June and early July it appears. These
all appear to be mostly focused on upgrading the Apache modules to use
the new libsvn_repos-based authz APIs.
Disclaimer: I have absolutely *no idea* in what state of breakage this
stuff is. I just know that my working copy is not the
safest place to house this work.
* subversion/include/mod_authz_svn.h
(AUTHZ_SVN__SUBREQ_BYPASS2_PROV_GRP, AUTHZ_SVN__SUBREQ_BYPASS2_PROV_NAME,
AUTHZ_SVN__SUBREQ_BYPASS2_PROV_VER): New #defines.
(authz_svn__subreq_bypass_func2_t): New function type.
* subversion/libsvn_repos/authz.c
(upgrade_authz_func_wrapper): Fix an assertion.
(svn_repos__upgrade_authz_func, svn_repos__upgrade_authz_callback): Add
some assertions.
* subversion/libsvn_repos/deprecated.c
(svn_repos_begin_report2): Initialize the 'access_func' and
'access_baton' variables and conditionalize their use.
* subversion/libsvn_repos/fs-wrap.c
(svn_repos_fs_dir_entries): New function.
* subversion/mod_authz_svn/mod_authz_svn.c
(subreq_bypass2): New function.
(register_hooks): Register bypass2 function, too.
* subversion/mod_dav_svn/authz.c
(dav_svn__allow_read): Add 'required' parameter, and upgrade to use
of the new authz bypass interface. Leave a "FIXME" comment for later.
(get_authz_fspath_and_rev): New helper function.
(authz_read, dav_svn__authz_read_func): Ditch these functions...
(access_func, dav_svn__access_func): ...for these instead.
(dav_svn__allow_read_resource): Update call to
dav_svn__allow_read().
* subversion/mod_dav_svn/dav_svn.h
(dav_svn__get_pathauthz_bypass): Change return type.
(dav_svn__allow_read): Add 'required' and 'depth' parameters.
* subversion/mod_dav_svn/mod_dav_svn.c
(pathauthz_bypass_func, dav_svn__get_pathauthz_bypass): Change return type.
(SVNPathAuthz_cmd): Now fetch the bypass2 function.
* subversion/mod_dav_svn/repos.c
(deliver): Update call to dav_svn__allow_read().
Modified:
subversion/branches/authz-overhaul/subversion/include/mod_authz_svn.h
subversion/branches/authz-overhaul/subversion/libsvn_repos/authz.c
subversion/branches/authz-overhaul/subversion/libsvn_repos/deprecated.c
subversion/branches/authz-overhaul/subversion/libsvn_repos/fs-wrap.c
subversion/branches/authz-overhaul/subversion/mod_authz_svn/mod_authz_svn.c
subversion/branches/authz-overhaul/subversion/mod_dav_svn/authz.c
subversion/branches/authz-overhaul/subversion/mod_dav_svn/dav_svn.h
subversion/branches/authz-overhaul/subversion/mod_dav_svn/mod_dav_svn.c
subversion/branches/authz-overhaul/subversion/mod_dav_svn/repos.c
Modified: subversion/branches/authz-overhaul/subversion/include/mod_authz_svn.h
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/include/mod_authz_svn.h?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/include/mod_authz_svn.h (original)
+++ subversion/branches/authz-overhaul/subversion/include/mod_authz_svn.h Mon Aug 27 12:26:08 2012
@@ -34,7 +34,7 @@ extern "C" {
#endif /* __cplusplus */
/*
- * mod_dav_svn to mod_authz_svn bypass mechanism
+ * mod_dav_svn to mod_authz_svn bypass mechanism(s)
*/
#define AUTHZ_SVN__SUBREQ_BYPASS_PROV_GRP "dav2authz_subreq_bypass"
#define AUTHZ_SVN__SUBREQ_BYPASS_PROV_NAME "mod_authz_svn_subreq_bypass"
@@ -43,6 +43,14 @@ typedef int (*authz_svn__subreq_bypass_f
const char *repos_path,
const char *repos_name);
+#define AUTHZ_SVN__SUBREQ_BYPASS2_PROV_GRP "dav2authz_subreq_bypass2"
+#define AUTHZ_SVN__SUBREQ_BYPASS2_PROV_NAME "mod_authz_svn_subreq_bypass2"
+#define AUTHZ_SVN__SUBREQ_BYPASS2_PROV_VER "00.00a"
+typedef int (*authz_svn__subreq_bypass_func2_t)(request_rec *r,
+ const char *repos_path,
+ const char *repos_name,
+ int list_only);
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
Modified: subversion/branches/authz-overhaul/subversion/libsvn_repos/authz.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/libsvn_repos/authz.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/libsvn_repos/authz.c (original)
+++ subversion/branches/authz-overhaul/subversion/libsvn_repos/authz.c Mon Aug 27 12:26:08 2012
@@ -768,7 +768,7 @@ upgrade_authz_func_wrapper(svn_boolean_t
/* Callers shouldn't be asking about write permission via this
interface. */
SVN_ERR_ASSERT(required && (required < svn_repos_access_readwrite));
- SVN_ERR_ASSERT(b->authz_callback);
+ SVN_ERR_ASSERT(b->authz_func);
return svn_error_trace(b->authz_func(allowed, root, path,
b->authz_func_baton, scratch_pool));
@@ -785,6 +785,8 @@ svn_repos__upgrade_authz_func(svn_repos_
svn_repos__upgrade_authz_baton_t *new_baton =
apr_pcalloc(pool, sizeof(*new_baton));
+ SVN_ERR_ASSERT(authz_read_func);
+
new_baton->authz_func = authz_read_func;
new_baton->authz_func_baton = authz_baton;
*access_func = upgrade_authz_func_wrapper;
@@ -833,6 +835,8 @@ svn_repos__upgrade_authz_callback(svn_re
svn_repos__upgrade_authz_baton_t *new_baton =
apr_pcalloc(pool, sizeof(*new_baton));
+ SVN_ERR_ASSERT(authz_callback);
+
new_baton->authz_callback = authz_callback;
new_baton->authz_callback_baton = authz_baton;
*access_func = upgrade_authz_callback_wrapper;
Modified: subversion/branches/authz-overhaul/subversion/libsvn_repos/deprecated.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/libsvn_repos/deprecated.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/libsvn_repos/deprecated.c (original)
+++ subversion/branches/authz-overhaul/subversion/libsvn_repos/deprecated.c Mon Aug 27 12:26:08 2012
@@ -236,12 +236,13 @@ svn_repos_begin_report2(void **report_ba
void *authz_read_baton,
apr_pool_t *pool)
{
- svn_repos_access_func_t access_func;
- void *access_baton;
+ svn_repos_access_func_t access_func = NULL;
+ void *access_baton = NULL;
- SVN_ERR(svn_repos__upgrade_authz_func(&access_func, &access_baton,
- authz_read_func, authz_read_baton,
- pool));
+ if (authz_read_func)
+ SVN_ERR(svn_repos__upgrade_authz_func(&access_func, &access_baton,
+ authz_read_func, authz_read_baton,
+ pool));
return svn_repos_begin_report3(report_baton, revnum, repos, fs_base,
s_operand, switch_path, text_deltas,
depth, ignore_ancestry, send_copyfrom_args,
Modified: subversion/branches/authz-overhaul/subversion/libsvn_repos/fs-wrap.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/libsvn_repos/fs-wrap.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/libsvn_repos/fs-wrap.c (original)
+++ subversion/branches/authz-overhaul/subversion/libsvn_repos/fs-wrap.c Mon Aug 27 12:26:08 2012
@@ -668,6 +668,51 @@ svn_repos_fs_get_mergeinfo(svn_mergeinfo
return SVN_NO_ERROR;
}
+
+svn_error_t *
+svn_repos_fs_dir_entries(apr_hash_t **entries,
+ svn_fs_root_t *root,
+ const char *path,
+ svn_repos_access_func_t access_func,
+ void *access_baton,
+ svn_repos_access_t required,
+ apr_pool_t *pool)
+{
+ apr_hash_t *tmp_entries;
+ apr_pool_t *iterpool = svn_pool_create(pool);
+ apr_hash_index_t *hi;
+
+ SVN_ERR(svn_fs_dir_entries(&tmp_entries, root, path, pool));
+
+ *entries = apr_hash_make(pool);
+
+ if (! access_func)
+ {
+ *entries = tmp_entries;
+ return SVN_NO_ERROR;
+ }
+
+ for (hi = apr_hash_first(pool, tmp_entries); hi; hi = apr_hash_next(hi))
+ {
+ const void *key;
+ apr_ssize_t keylen;
+ void *val;
+ svn_boolean_t allowed;
+
+ apr_hash_this(hi, &key, &keylen, &val);
+ svn_pool_clear(iterpool);
+
+ SVN_ERR(access_func(&allowed, root, this_path, required,
+ svn_depth_empty, access_baton, iterpool));
+
+ if (allowed)
+ apr_hash_set(entries, key, keylen, val);
+ }
+
+ svn_pool_destroy(iterpool);
+ return SVN_NO_ERROR;
+}
+
struct pack_notify_baton
{
svn_repos_notify_func_t notify_func;
Modified: subversion/branches/authz-overhaul/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/mod_authz_svn/mod_authz_svn.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/branches/authz-overhaul/subversion/mod_authz_svn/mod_authz_svn.c Mon Aug 27 12:26:08 2012
@@ -582,6 +582,83 @@ log_access_verdict(LOG_ARGS_SIGNATURE,
* "mod_dav_svn/authz.c" .
*/
static int
+subreq_bypass2(request_rec *r,
+ const char *repos_path,
+ const char *repos_name,
+ int list_only)
+{
+ svn_error_t *svn_err = NULL;
+ svn_authz_t *access_conf = NULL;
+ authz_svn_config_rec *conf = NULL;
+ svn_boolean_t authz_access_granted = FALSE;
+ char errbuf[256];
+ const char *username_to_authorize;
+
+ conf = ap_get_module_config(r->per_dir_config,
+ &authz_svn_module);
+ username_to_authorize = get_username_to_authorize(r, conf);
+
+ /* If configured properly, this should never be true, but just in case. */
+ if (!conf->anonymous
+ || (! (conf->access_file || conf->repo_relative_access_file)))
+ {
+ log_access_verdict(APLOG_MARK, r, 0, repos_path, NULL);
+ return HTTP_FORBIDDEN;
+ }
+
+ /* Retrieve authorization file */
+ access_conf = get_access_conf(r, conf);
+ if (access_conf == NULL)
+ return HTTP_FORBIDDEN;
+
+ /* Perform authz access control.
+ * See similarly labeled comment in req_check_access.
+ */
+ if (repos_path)
+ {
+ svn_err = svn_repos_authz_check_access2(access_conf, repos_name,
+ repos_path,
+ username_to_authorize,
+ list_only ?
+ svn_repos_access_list :
+ svn_repos_access_read,
+ svn_depth_empty,
+ &authz_access_granted,
+ r->pool);
+ if (svn_err)
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR,
+ /* If it is an error code that APR can make
+ sense of, then show it, otherwise, pass
+ zero to avoid putting "APR does not
+ understand this error code" in the error
+ log. */
+ ((svn_err->apr_err >= APR_OS_START_USERERR &&
+ svn_err->apr_err < APR_OS_START_CANONERR) ?
+ 0 : svn_err->apr_err),
+ r, "Failed to perform access control: %s",
+ svn_err_best_message(svn_err, errbuf, sizeof(errbuf)));
+ svn_error_clear(svn_err);
+ return HTTP_FORBIDDEN;
+ }
+ if (!authz_access_granted)
+ {
+ log_access_verdict(APLOG_MARK, r, 0, repos_path, NULL);
+ return HTTP_FORBIDDEN;
+ }
+ }
+
+ log_access_verdict(APLOG_MARK, r, 1, repos_path, NULL);
+
+ return OK;
+}
+
+/*
+ * This function is used as a provider to allow mod_dav_svn to bypass the
+ * generation of an apache request when checking GET access from
+ * "mod_dav_svn/authz.c" .
+ */
+static int
subreq_bypass(request_rec *r,
const char *repos_path,
const char *repos_name)
@@ -799,6 +876,12 @@ register_hooks(apr_pool_t *p)
AUTHZ_SVN__SUBREQ_BYPASS_PROV_NAME,
AUTHZ_SVN__SUBREQ_BYPASS_PROV_VER,
(void*)subreq_bypass);
+
+ ap_register_provider(p,
+ AUTHZ_SVN__SUBREQ_BYPASS2_PROV_GRP,
+ AUTHZ_SVN__SUBREQ_BYPASS2_PROV_NAME,
+ AUTHZ_SVN__SUBREQ_BYPASS2_PROV_VER,
+ (void*)subreq_bypass2);
}
module AP_MODULE_DECLARE_DATA authz_svn_module =
Modified: subversion/branches/authz-overhaul/subversion/mod_dav_svn/authz.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/mod_dav_svn/authz.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/mod_dav_svn/authz.c (original)
+++ subversion/branches/authz-overhaul/subversion/mod_dav_svn/authz.c Mon Aug 27 12:26:08 2012
@@ -39,6 +39,7 @@ dav_svn__allow_read(request_rec *r,
const dav_svn_repos *repos,
const char *path,
svn_revnum_t rev,
+ svn_repos_access_t required,
apr_pool_t *pool)
{
const char *uri;
@@ -46,6 +47,7 @@ dav_svn__allow_read(request_rec *r,
enum dav_svn__build_what uri_type;
svn_boolean_t allowed = FALSE;
authz_svn__subreq_bypass_func_t allow_read_bypass = NULL;
+ int list_only = (required < svn_repos_access_read) ? 1 : 0;
/* Easy out: if the admin has explicitly set 'SVNPathAuthz Off',
then this whole callback does nothing. */
@@ -67,18 +69,29 @@ dav_svn__allow_read(request_rec *r,
allow_read_bypass = dav_svn__get_pathauthz_bypass(r);
if (allow_read_bypass != NULL)
{
- if (allow_read_bypass(r, path, repos->repo_basename) == OK)
+ if (allow_read_bypass(r, path, repos->repo_basename, list_only) == OK)
return TRUE;
else
return FALSE;
}
+ /* Our ultimate goal here is to create a Version Resource (VR) url,
+ which is a url that represents a path within a revision. We then
+ send a subrequest to apache, so that any installed authz modules
+ can allow/disallow the path.
+
+ ### That means that we're assuming that any installed authz
+ module is *only* paying attention to revision-paths, not paths in
+ uncommitted transactions. Someday we need to widen our horizons. */
+
/* If no revnum is specified, assume HEAD. */
if (SVN_IS_VALID_REVNUM(rev))
uri_type = DAV_SVN__BUILD_URI_VERSION;
else
uri_type = DAV_SVN__BUILD_URI_PUBLIC;
+ /* ### FIXME: How do we handle LIST_ONLY=1 here? CGI parameters? */
+
/* Build a Version Resource uri representing (rev, path). */
uri = dav_svn__build_uri(repos, uri_type, rev, path, FALSE, pool);
@@ -96,38 +109,13 @@ dav_svn__allow_read(request_rec *r,
return allowed;
}
-
-/* This function implements 'svn_repos_authz_func_t', specifically
- for read authorization.
-
- Convert incoming ROOT and PATH into a version-resource URI and
- perform a GET subrequest on it. This will invoke any authz modules
- loaded into apache. Set *ALLOWED to TRUE if the subrequest
- succeeds, FALSE otherwise.
-
- BATON must be a pointer to a dav_svn__authz_read_baton.
- Use POOL for for any temporary allocation.
-*/
static svn_error_t *
-authz_read(svn_boolean_t *allowed,
- svn_fs_root_t *root,
- const char *path,
- void *baton,
- apr_pool_t *pool)
+get_authz_fspath_and_rev(const char **fspath,
+ svn_revnum_t *revision,
+ svn_fs_root_t *root,
+ const char *path,
+ apr_pool_t *pool)
{
- dav_svn__authz_read_baton *arb = baton;
- svn_revnum_t rev = SVN_INVALID_REVNUM;
- const char *revpath = NULL;
-
- /* Our ultimate goal here is to create a Version Resource (VR) url,
- which is a url that represents a path within a revision. We then
- send a subrequest to apache, so that any installed authz modules
- can allow/disallow the path.
-
- ### That means that we're assuming that any installed authz
- module is *only* paying attention to revision-paths, not paths in
- uncommitted transactions. Someday we need to widen our horizons. */
-
if (svn_fs_is_txn_root(root))
{
/* This means svn_repos_dir_delta2 is comparing two txn trees,
@@ -148,12 +136,12 @@ authz_read(svn_boolean_t *allowed,
while (! (svn_path_is_empty(path_s->data)
|| svn_fspath__is_root(path_s->data, path_s->len)))
{
- SVN_ERR(svn_fs_copied_from(&rev, &revpath, root,
+ SVN_ERR(svn_fs_copied_from(revision, fspath, root,
path_s->data, pool));
- if (SVN_IS_VALID_REVNUM(rev) && revpath)
+ if (SVN_IS_VALID_REVNUM(*revision) && *fspath)
{
- revpath = svn_fspath__join(revpath, lopped_path, pool);
+ *fspath = svn_fspath__join(*fspath, lopped_path, pool);
break;
}
@@ -166,42 +154,75 @@ authz_read(svn_boolean_t *allowed,
/* If no copy produced this path, its path in the original
revision is the same as its path in this txn. */
- if ((rev == SVN_INVALID_REVNUM) && (revpath == NULL))
+ if ((*revision == SVN_INVALID_REVNUM) && (*fspath == NULL))
{
- rev = svn_fs_txn_root_base_revision(root);
- revpath = path;
+ *fspath = path;
+ *revision = svn_fs_txn_root_base_revision(root);
}
}
else /* revision root */
{
- rev = svn_fs_revision_root_revision(root);
- revpath = path;
+ *fspath = path;
+ *revision = svn_fs_revision_root_revision(root);
}
- /* We have a (rev, path) pair to check authorization on. */
- *allowed = dav_svn__allow_read(arb->r, arb->repos, revpath, rev, pool);
+ return SVN_NO_ERROR;
+}
+
+/* This function implements 'svn_repos_access_func_t', specifically
+ for read authorization.
+
+ Convert incoming ROOT and PATH into a version-resource URI and
+ perform a GET subrequest on it. This will invoke any authz modules
+ loaded into apache. Set *ALLOWED to TRUE if the subrequest
+ succeeds, FALSE otherwise.
+
+ BATON must be a pointer to a dav_svn__authz_read_baton.
+ Use POOL for for any temporary allocation.
+*/
+static svn_error_t *
+access_func(svn_boolean_t *allowed,
+ svn_fs_root_t *root,
+ const char *path,
+ svn_repos_access_t required,
+ svn_depth_t depth,
+ void *baton,
+ apr_pool_t *scratch_pool)
+{
+ dav_svn__authz_read_baton *arb = baton;
+ svn_revnum_t rev = SVN_INVALID_REVNUM;
+ const char *revpath = NULL;
+
+ SVN_ERR_ASSERT(required < svn_repos_access_readwrite);
+ SVN_ERR_ASSERT(depth == svn_depth_empty);
+ SVN_ERR(get_authz_fspath_and_rev(&revpath, &rev, root, path,
+ scratch_pool));
+ *allowed = dav_svn__allow_read(arb->r, arb->repos, revpath, rev,
+ required, scratch_pool);
return SVN_NO_ERROR;
}
-svn_repos_authz_func_t
-dav_svn__authz_read_func(dav_svn__authz_read_baton *baton)
+svn_repos_access_func_t
+dav_svn__access_func(dav_svn__access_baton *baton)
{
/* Easy out: If the admin has explicitly set 'SVNPathAuthz Off',
then we don't need to do any authorization checks. */
if (! dav_svn__get_pathauthz_flag(baton->r))
return NULL;
- return authz_read;
+ return access_func;
}
svn_boolean_t
dav_svn__allow_read_resource(const dav_resource *resource,
svn_revnum_t rev,
+ svn_repos_access_t required,
apr_pool_t *pool)
{
return dav_svn__allow_read(resource->info->r, resource->info->repos,
- resource->info->repos_path, rev, pool);
+ resource->info->repos_path, rev,
+ required, svn_depth_empty, pool);
}
Modified: subversion/branches/authz-overhaul/subversion/mod_dav_svn/dav_svn.h
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/mod_dav_svn/dav_svn.h?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/mod_dav_svn/dav_svn.h (original)
+++ subversion/branches/authz-overhaul/subversion/mod_dav_svn/dav_svn.h Mon Aug 27 12:26:08 2012
@@ -322,7 +322,7 @@ svn_boolean_t dav_svn__get_revprop_cache
/* for the repository referred to by this request, are subrequests bypassed?
* A function pointer if yes, NULL if not.
*/
-authz_svn__subreq_bypass_func_t dav_svn__get_pathauthz_bypass(request_rec *r);
+authz_svn__subreq_bypass_func2_t dav_svn__get_pathauthz_bypass(request_rec *r);
/* for the repository referred to by this request, is a GET of
SVNParentPath allowed? */
@@ -700,17 +700,20 @@ typedef struct dav_svn__authz_read_baton
/* Return TRUE iff the current user (as determined by Apache's
- authentication system) has permission to read PATH in REPOS at REV
- (where an invalid REV means "HEAD"). This will invoke any authz
- modules loaded into Apache unless this Subversion location has been
- configured to bypass those in favor of a direct lookup in the
- Subversion authz subsystem. Use POOL for any temporary allocation.
+ authentication system) has the REQUIRED access level on PATH (to
+ DEPTH) in REPOS at REV (where an invalid REV means "HEAD"). This
+ will invoke any authz modules loaded into Apache unless this
+ Subversion location has been configured to bypass those in favor of
+ a direct lookup in the Subversion authz subsystem. Use POOL for
+ any temporary allocation.
*/
svn_boolean_t
dav_svn__allow_read(request_rec *r,
const dav_svn_repos *repos,
const char *path,
svn_revnum_t rev,
+ svn_repos_access_t required,
+ svn_depth_t depth,
apr_pool_t *pool);
/* Return TRUE iff the current user (as determined by Apache's
Modified: subversion/branches/authz-overhaul/subversion/mod_dav_svn/mod_dav_svn.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/mod_dav_svn/mod_dav_svn.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/mod_dav_svn/mod_dav_svn.c (original)
+++ subversion/branches/authz-overhaul/subversion/mod_dav_svn/mod_dav_svn.c Mon Aug 27 12:26:08 2012
@@ -107,7 +107,7 @@ typedef struct dir_conf_t {
extern module AP_MODULE_DECLARE_DATA dav_svn_module;
/* The authz_svn provider for bypassing path authz. */
-static authz_svn__subreq_bypass_func_t pathauthz_bypass_func = NULL;
+static authz_svn__subreq_bypass_func2_t pathauthz_bypass_func = NULL;
/* The compression level we will pass to svn_txdelta_to_svndiff3()
* for wire-compression */
@@ -360,9 +360,9 @@ SVNPathAuthz_cmd(cmd_parms *cmd, void *c
if (pathauthz_bypass_func == NULL)
{
pathauthz_bypass_func =
- ap_lookup_provider(AUTHZ_SVN__SUBREQ_BYPASS_PROV_GRP,
- AUTHZ_SVN__SUBREQ_BYPASS_PROV_NAME,
- AUTHZ_SVN__SUBREQ_BYPASS_PROV_VER);
+ ap_lookup_provider(AUTHZ_SVN__SUBREQ_BYPASS2_PROV_GRP,
+ AUTHZ_SVN__SUBREQ_BYPASS2_PROV_NAME,
+ AUTHZ_SVN__SUBREQ_BYPASS2_PROV_VER);
}
}
else if (apr_strnatcasecmp("on", arg1) == 0)
@@ -807,9 +807,10 @@ dav_svn__get_pathauthz_flag(request_rec
return conf->path_authz_method != CONF_PATHAUTHZ_OFF;
}
+
/* Function pointer if we should use the bypass directly to mod_authz_svn.
* NULL otherwise. */
-authz_svn__subreq_bypass_func_t
+authz_svn__subreq_bypass_func2_t
dav_svn__get_pathauthz_bypass(request_rec *r)
{
dir_conf_t *conf;
Modified: subversion/branches/authz-overhaul/subversion/mod_dav_svn/repos.c
URL: http://svn.apache.org/viewvc/subversion/branches/authz-overhaul/subversion/mod_dav_svn/repos.c?rev=1377652&r1=1377651&r2=1377652&view=diff
==============================================================================
--- subversion/branches/authz-overhaul/subversion/mod_dav_svn/repos.c (original)
+++ subversion/branches/authz-overhaul/subversion/mod_dav_svn/repos.c Mon Aug 27 12:26:08 2012
@@ -3445,8 +3445,8 @@ deliver(const dav_resource *resource, ap
name, entry_pool);
if (! dav_svn__allow_read(resource->info->r,
resource->info->repos,
- repos_relpath,
- dir_rev,
+ repos_relpath, dir_rev,
+ svn_repos_access_list,
entry_pool))
continue;
}