You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Mats Fors <ma...@iar.se> on 2006/11/16 11:42:57 UTC
Error in authz file
Hi,
Version 1.4.0 and 1.4.2 generates an error that previous versions of subversion
doesn't (1.3, 1.3.1). Is this a bug or has there been some changes to the authz
file syntax?
I'm running subversion on a Windows 2003 server through apache.
Error
-----
[Tue Nov 14 14:28:33 2006] [error] [client 10.200.20.63] Failed to load the
AuthzSVNAccessFile: The character 's' in rule '@Users' is not allowed in authz
rules
Contents of AuthzSVNAccessFile
------------------------------
Devg = ambjorn, anders, andersh, anderslu, apikas, bengtv, bertils, chris, dan,
daniel, eric, eva, fredrikc, fredrikh, fredrik, grzm, hanswa, hakanto, jaan,
jan, dalle, jesperes, johana, holmberg, johanru, johnny, jonasbl, love, lotta,
matsp, micaelb, mikael, owi, heerdt, peter, petter, sture, sussi, richardc
Users = daniel, grzm, dalle, johnny, peterny
Managers = subber, mats, wacek, andersl
[/]
@Devg = r # Give Devg read rights in all repos
[/]
@Users = rw # Give Users rw rights everywhere,
[/tags]
@Users = r # except in tags directories
[/]
@Managers = rw # Give Managers rw rights everywhere
--
The hurrier I go, the behinder I get.
old folk saying
Mats Fors
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Error in authz file
Posted by David Glasser <gl...@mit.edu>.
On 11/17/06, David Glasser <gl...@mit.edu> wrote:
> I think this patch fixes it. Also fixes an error leak. Have to run
> now, and have merely determined that it compiles; somebody else should
> sanity-check, run (and write?) tests, and commit.
(And put the brace on the right line.)
--dave
--
David Glasser | glasser@mit.edu | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Error in authz file
Posted by Daniel Rall <dl...@collab.net>.
On Mon, 20 Nov 2006, Peter Lundblad wrote:
> Daniel L. Rall writes:
...
> > I've tested this patch, committed it to trunk, and nominated it for
> > backport to the 1.4.x line. We already had a test for invalid authz
> > files -- subversion/tests/cmdline/authz_tests.py:broken_authz_file()
> > -- but it didn't test the specific error message. FWIW, I've add a
> > comment character to it.
>
> Did you try merging it? It causes conflicts here.
I've created backport branch 1.4.x-r22329, in which the conflicts have
been addressed.
- Dan
Re: Error in authz file
Posted by Peter Lundblad <pl...@google.com>.
Daniel L. Rall writes:
> On Fri, 17 Nov 2006, David Glasser wrote:
>
> > On 11/17/06, Peter Lundblad <pl...@google.com> wrote:
> > >A quick look at the code yields that it shold do so. I haven't tried
> > >it and don't know why it complains about the 's', though. So, if the
> > >quoted
> > >config file is the one that generates the error, then this might be a
> > >bugt.
> >
> > I think this patch fixes it. Also fixes an error leak. Have to run
> > now, and have merely determined that it compiles; somebody else should
> > sanity-check, run (and write?) tests, and commit.
>
Ouch! I said it was a quick look, right? ;) More scaring is that I,
according to the log message, already reviewed this and missed it back
then as well:-(
> I've tested this patch, committed it to trunk, and nominated it for
> backport to the 1.4.x line. We already had a test for invalid authz
> files -- subversion/tests/cmdline/authz_tests.py:broken_authz_file()
> -- but it didn't test the specific error message. FWIW, I've add a
> comment character to it.
>
Did you try merging it? It causes conflicts here.
Regards,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Error in authz file
Posted by "Daniel L. Rall" <dl...@finemaltcoding.com>.
On Fri, 17 Nov 2006, David Glasser wrote:
> On 11/17/06, Peter Lundblad <pl...@google.com> wrote:
> >A quick look at the code yields that it shold do so. I haven't tried
> >it and don't know why it complains about the 's', though. So, if the
> >quoted
> >config file is the one that generates the error, then this might be a
> >bugt.
>
> I think this patch fixes it. Also fixes an error leak. Have to run
> now, and have merely determined that it compiles; somebody else should
> sanity-check, run (and write?) tests, and commit.
I've tested this patch, committed it to trunk, and nominated it for
backport to the 1.4.x line. We already had a test for invalid authz
files -- subversion/tests/cmdline/authz_tests.py:broken_authz_file()
-- but it didn't test the specific error message. FWIW, I've add a
comment character to it.
- Dan
Re: Error in authz file
Posted by David Glasser <gl...@mit.edu>.
On 11/17/06, Peter Lundblad <pl...@google.com> wrote:
> A quick look at the code yields that it shold do so. I haven't tried
> it and don't know why it complains about the 's', though. So, if the quoted
> config file is the one that generates the error, then this might be a
> bugt.
I think this patch fixes it. Also fixes an error leak. Have to run
now, and have merely determined that it compiles; somebody else should
sanity-check, run (and write?) tests, and commit.
--dave
[[[
Signal first error in parsing authz values, not last. This both
returns a more useful error,
and doesn't leak a bunch of errors in the middle.
* subversion/libsvn_repos/authz.c
(authz_validate_rule): Return after creating an error.
]]]
=== subversion/libsvn_repos/authz.c
==================================================================
--- subversion/libsvn_repos/authz.c (revision 108568)
+++ subversion/libsvn_repos/authz.c (local)
@@ -530,10 +530,12 @@
while (*val)
{
- if (*val != 'r' && *val != 'w' && ! svn_ctype_isspace(*val))
+ if (*val != 'r' && *val != 'w' && ! svn_ctype_isspace(*val)) {
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"The character '%c' in rule '%s' is not "
"allowed in authz rules", *val, name);
+ return FALSE;
+ }
++val;
}
--
David Glasser | glasser@mit.edu | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Error in authz file
Posted by Peter Lundblad <pl...@google.com>.
Malcolm Rowe writes:
> On Fri, Nov 17, 2006 at 12:55:20PM +0100, Peter Lundblad wrote:
> > Daniel Rall writes:
> > > On Thu, 16 Nov 2006, Mats Fors wrote:
> > >
> > > Are you sure this is the authz file which is actually in use? Unless
> > > those comments at the end of the line are a problem, I'd expect your
> > > authz file to have a improperly defined rule like:
> > >
> >
> > But this is exactly the problem. The config file parser does not strip
> > off comments inside values. So, put your comments above the lines or something.
>
> It would be nice if the authz parser complained about the first invalid
> character in the value, rather than (it appears) the last. In most
> cases of this type, that'd be '#', which would more quickly clue us in
> on the problem.
>
A quick look at the code yields that it shold do so. I haven't tried
it and don't know why it complains about the 's', though. So, if the quoted
config file is the one that generates the error, then this might be a
bugt.
Later,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Error in authz file
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Fri, Nov 17, 2006 at 12:55:20PM +0100, Peter Lundblad wrote:
> Daniel Rall writes:
> > On Thu, 16 Nov 2006, Mats Fors wrote:
> >
> > Are you sure this is the authz file which is actually in use? Unless
> > those comments at the end of the line are a problem, I'd expect your
> > authz file to have a improperly defined rule like:
> >
>
> But this is exactly the problem. The config file parser does not strip
> off comments inside values. So, put your comments above the lines or something.
It would be nice if the authz parser complained about the first invalid
character in the value, rather than (it appears) the last. In most
cases of this type, that'd be '#', which would more quickly clue us in
on the problem.
Regards,
Malcolm
Re: Error in authz file
Posted by Peter Lundblad <pl...@google.com>.
Daniel Rall writes:
> On Thu, 16 Nov 2006, Mats Fors wrote:
>
> Are you sure this is the authz file which is actually in use? Unless
> those comments at the end of the line are a problem, I'd expect your
> authz file to have a improperly defined rule like:
>
But this is exactly the problem. The config file parser does not strip
off comments inside values. So, put your comments above the lines or something.
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Error in authz file
Posted by Daniel Rall <dl...@collab.net>.
On Thu, 16 Nov 2006, Mats Fors wrote:
> Hi,
>
> Version 1.4.0 and 1.4.2 generates an error that previous versions of
> subversion doesn't (1.3, 1.3.1). Is this a bug or has there been some
> changes to the authz file syntax?
Earlier this year (r19471, 2006-04-28), code was added to
libsvn_repos/authz.c:authz_validate_rule() which checks that there are
no characters other than 'r' and 'w' and spaces in the authz file's
rule definition.
...
> [Tue Nov 14 14:28:33 2006] [error] [client 10.200.20.63] Failed to load the
> AuthzSVNAccessFile: The character 's' in rule '@Users' is not allowed in
> authz rules
Are you sure this is the authz file which is actually in use? Unless
those comments at the end of the line are a problem, I'd expect your
authz file to have a improperly defined rule like:
[/tags]
@Users = s
> Contents of AuthzSVNAccessFile
> ------------------------------
> Devg = ambjorn, anders, andersh, anderslu, apikas, bengtv, bertils, chris,
> dan, daniel, eric, eva, fredrikc, fredrikh, fredrik, grzm, hanswa, hakanto,
> jaan, jan, dalle, jesperes, johana, holmberg, johanru, johnny, jonasbl,
> love, lotta, matsp, micaelb, mikael, owi, heerdt, peter, petter, sture,
> sussi, richardc
>
> Users = daniel, grzm, dalle, johnny, peterny
> Managers = subber, mats, wacek, andersl
>
> [/]
> @Devg = r # Give Devg read rights in all repos
>
> [/]
> @Users = rw # Give Users rw rights everywhere,
>
> [/tags]
> @Users = r # except in tags directories
>
> [/]
> @Managers = rw # Give Managers rw rights everywhere