You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2012/12/31 19:39:21 UTC
svn commit: r1427217 - in /subversion/trunk/subversion: include/svn_repos.h
libsvn_repos/authz.c tests/libsvn_repos/repos-test.c
Author: breser
Date: Mon Dec 31 18:39:20 2012
New Revision: 1427217
URL: http://svn.apache.org/viewvc?rev=1427217&view=rev
Log:
Add a svn_repos_authz_parse() function which parses an authz config from
a stream.
This also switches most testing of the authz code to using streams, which
should result in a tiny bit faster testing since we're not needing to
do disk I/O.
* subversion/libsvn_repos/authz.c
(svn_repos__authz_read): Factor out walking the config for authz errors
into ...
(authz_validate): New function.
(svn_repos_authz_parse): New function.
* subversion/include/svn_repos.h
(svn_repos_authz_parse): New function.
* subversion/tests/libsvn_repos/repos-test.c
(authz_get_handle): Adjust to allow authz conf to be optionally written
to a in memory stream rather than always going to a temp file.
(authz): Change most of the tests to use in memory streams and duplicate
one test so that the code that is unique to the file path is excercised.
(commit_editor_authz,issue_4060): Use in memory streams.
Modified:
subversion/trunk/subversion/include/svn_repos.h
subversion/trunk/subversion/libsvn_repos/authz.c
subversion/trunk/subversion/tests/libsvn_repos/repos-test.c
Modified: subversion/trunk/subversion/include/svn_repos.h
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/include/svn_repos.h?rev=1427217&r1=1427216&r2=1427217&view=diff
==============================================================================
--- subversion/trunk/subversion/include/svn_repos.h (original)
+++ subversion/trunk/subversion/include/svn_repos.h Mon Dec 31 18:39:20 2012
@@ -3187,6 +3187,17 @@ svn_repos_authz_read2(svn_authz_t **auth
/**
+ * Read authz configuration data from @a stream into @a *authz_p,
+ * allocated in @a pool.
+ *
+ * @since New in 1.8
+ */
+svn_error_t *
+svn_repos_authz_parse(svn_authz_t **authz_p,
+ svn_stream_t *stream,
+ apr_pool_t *pool);
+
+/**
* Check whether @a user can access @a path in the repository @a
* repos_name with the @a required_access. @a authz lists the ACLs to
* check against. Set @a *access_granted to indicate if the requested
Modified: subversion/trunk/subversion/libsvn_repos/authz.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/authz.c?rev=1427217&r1=1427216&r2=1427217&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_repos/authz.c (original)
+++ subversion/trunk/subversion/libsvn_repos/authz.c Mon Dec 31 18:39:20 2012
@@ -751,6 +751,25 @@ static svn_boolean_t authz_validate_sect
return TRUE;
}
+
+/* Walk the configuration in AUTHZ looking for any errors. */
+static svn_error_t *
+authz_validate(svn_authz_t *authz, apr_pool_t *pool)
+{
+ struct authz_validate_baton baton = { 0 };
+
+ baton.err = SVN_NO_ERROR;
+ baton.config = authz->cfg;
+
+ /* Step through the entire rule file stopping on error. */
+ svn_config_enumerate_sections2(authz->cfg, authz_validate_section,
+ &baton, pool);
+ SVN_ERR(baton.err);
+
+ return SVN_NO_ERROR;
+}
+
+
/* Retrieve the file at DIRENT (contained in a repo) then parse it as a config
* file placing the result into CFG_P allocated in POOL.
*
@@ -908,9 +927,6 @@ svn_repos__authz_read(svn_authz_t **auth
const char *repos_root, apr_pool_t *pool)
{
svn_authz_t *authz = apr_palloc(pool, sizeof(*authz));
- struct authz_validate_baton baton = { 0 };
-
- baton.err = SVN_NO_ERROR;
/* Load the rule file */
if (accept_urls)
@@ -918,12 +934,9 @@ svn_repos__authz_read(svn_authz_t **auth
pool));
else
SVN_ERR(svn_config_read2(&authz->cfg, path, must_exist, TRUE, pool));
- baton.config = authz->cfg;
- /* Step through the entire rule file, stopping on error. */
- svn_config_enumerate_sections2(authz->cfg, authz_validate_section,
- &baton, pool);
- SVN_ERR(baton.err);
+ /* Make sure there are no errors in the configuration. */
+ SVN_ERR(authz_validate(authz, pool));
*authz_p = authz;
return SVN_NO_ERROR;
@@ -943,6 +956,22 @@ svn_repos_authz_read2(svn_authz_t **auth
}
+svn_error_t *
+svn_repos_authz_parse(svn_authz_t **authz_p, svn_stream_t *stream,
+ apr_pool_t *pool)
+{
+ svn_authz_t *authz = apr_palloc(pool, sizeof(*authz));
+
+ /* Parse the stream */
+ SVN_ERR(svn_config_parse(&authz->cfg, stream, TRUE, pool));
+
+ /* Make sure there are no errors in the configuration. */
+ SVN_ERR(authz_validate(authz, pool));
+
+ *authz_p = authz;
+ return SVN_NO_ERROR;
+}
+
svn_error_t *
svn_repos_authz_check_access(svn_authz_t *authz, const char *repos_name,
Modified: subversion/trunk/subversion/tests/libsvn_repos/repos-test.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/libsvn_repos/repos-test.c?rev=1427217&r1=1427216&r2=1427217&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/libsvn_repos/repos-test.c (original)
+++ subversion/trunk/subversion/tests/libsvn_repos/repos-test.c Mon Dec 31 18:39:20 2012
@@ -1123,26 +1123,46 @@ rmlocks(const svn_test_opts_t *opts,
/* Helper for the authz test. Set *AUTHZ_P to a representation of
- AUTHZ_CONTENTS, using POOL for temporary allocation. */
+ AUTHZ_CONTENTS, using POOL for temporary allocation. If DISK
+ is TRUE then write the contents to a temp file and use
+ svn_repos_authz_read() to get the data if FALSE write the
+ data to a buffered stream and use svn_repos_authz_parse(). */
static svn_error_t *
authz_get_handle(svn_authz_t **authz_p, const char *authz_contents,
- apr_pool_t *pool)
+ svn_boolean_t disk, apr_pool_t *pool)
{
- const char *authz_file_path;
+ if (disk)
+ {
+ const char *authz_file_path;
+
+ /* Create a temporary file. */
+ SVN_ERR_W(svn_io_write_unique(&authz_file_path, NULL,
+ authz_contents, strlen(authz_contents),
+ svn_io_file_del_on_pool_cleanup, pool),
+ "Writing temporary authz file");
+
+ /* Read the authz configuration back and start testing. */
+ SVN_ERR_W(svn_repos_authz_read(authz_p, authz_file_path, TRUE, pool),
+ "Opening test authz file");
+
+ /* Done with the file. */
+ SVN_ERR_W(svn_io_remove_file(authz_file_path, pool),
+ "Removing test authz file");
+ }
+ else
+ {
+ svn_stream_t *stream;
- /* Create a temporary file. */
- SVN_ERR_W(svn_io_write_unique(&authz_file_path, NULL,
- authz_contents, strlen(authz_contents),
- svn_io_file_del_on_pool_cleanup, pool),
- "Writing temporary authz file");
-
- /* Read the authz configuration back and start testing. */
- SVN_ERR_W(svn_repos_authz_read(authz_p, authz_file_path, TRUE, pool),
- "Opening test authz file");
-
- /* Done with the file. */
- SVN_ERR_W(svn_io_remove_file(authz_file_path, pool),
- "Removing test authz file");
+ stream = svn_stream_buffered(pool);
+ SVN_ERR_W(svn_stream_puts(stream, authz_contents),
+ "Writing authz contents to stream");
+
+ SVN_ERR_W(svn_repos_authz_parse(authz_p, stream, pool),
+ "Parsing the authz contents");
+
+ SVN_ERR_W(svn_stream_close(stream),
+ "Closing the stream");
+ }
return SVN_NO_ERROR;
}
@@ -1287,11 +1307,15 @@ authz(apr_pool_t *pool)
"" NL;
/* Load the test authz rules. */
- SVN_ERR(authz_get_handle(&authz_cfg, contents, subpool));
+ SVN_ERR(authz_get_handle(&authz_cfg, contents, FALSE, subpool));
/* Loop over the test array and test each case. */
SVN_ERR(authz_check_access(authz_cfg, test_set, subpool));
+ /* Repeat the previous test on disk */
+ SVN_ERR(authz_get_handle(&authz_cfg, contents, TRUE, subpool));
+ SVN_ERR(authz_check_access(authz_cfg, test_set, subpool));
+
/* The authz rules for the phase 2 tests, first case (cyclic
dependency). */
contents =
@@ -1304,7 +1328,7 @@ authz(apr_pool_t *pool)
/* Load the test authz rules and check that group cycles are
reported. */
- err = authz_get_handle(&authz_cfg, contents, subpool);
+ err = authz_get_handle(&authz_cfg, contents, FALSE, subpool);
if (!err || err->apr_err != SVN_ERR_AUTHZ_INVALID_CONFIG)
return svn_error_createf(SVN_ERR_TEST_FAILED, err,
"Got %s error instead of expected "
@@ -1319,7 +1343,7 @@ authz(apr_pool_t *pool)
"@senate = r" NL;
/* Check that references to undefined groups are reported. */
- err = authz_get_handle(&authz_cfg, contents, subpool);
+ err = authz_get_handle(&authz_cfg, contents, FALSE, subpool);
if (!err || err->apr_err != SVN_ERR_AUTHZ_INVALID_CONFIG)
return svn_error_createf(SVN_ERR_TEST_FAILED, err,
"Got %s error instead of expected "
@@ -1336,7 +1360,7 @@ authz(apr_pool_t *pool)
"* =" NL;
/* Load the test authz rules. */
- SVN_ERR(authz_get_handle(&authz_cfg, contents, subpool));
+ SVN_ERR(authz_get_handle(&authz_cfg, contents, FALSE, subpool));
/* Verify that the rule on /dir2/secret doesn't affect this
request */
@@ -1354,7 +1378,7 @@ authz(apr_pool_t *pool)
contents =
"[greek:/dir2//secret]" NL
"* =" NL;
- SVN_TEST_ASSERT_ERROR(authz_get_handle(&authz_cfg, contents, subpool),
+ SVN_TEST_ASSERT_ERROR(authz_get_handle(&authz_cfg, contents, FALSE, subpool),
SVN_ERR_AUTHZ_INVALID_CONFIG);
/* That's a wrap! */
@@ -1719,7 +1743,7 @@ commit_editor_authz(const svn_test_opts_
"[/A/D/G]" NL
"plato = r"; /* No newline at end of file. */
- SVN_ERR(authz_get_handle(&authz_file, authz_contents, pool));
+ SVN_ERR(authz_get_handle(&authz_file, authz_contents, FALSE, pool));
iterpool = svn_pool_create(pool);
for (i = 0; i < (sizeof(path_actions) / sizeof(struct authz_path_action_t));
@@ -2674,7 +2698,7 @@ issue_4060(const svn_test_opts_t *opts,
"ozymandias = r" NL
"" NL;
- SVN_ERR(authz_get_handle(&authz_cfg, authz_contents, subpool));
+ SVN_ERR(authz_get_handle(&authz_cfg, authz_contents, FALSE, subpool));
SVN_ERR(svn_repos_authz_check_access(authz_cfg, "babylon",
"/A/B/C", "ozymandias",