You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2019/03/06 04:00:22 UTC

svn commit: r1854887 - in /subversion/branches/1.11.x: ./ STATUS subversion/libsvn_repos/authz_parse.c subversion/tests/cmdline/svnauthz_tests.py

Author: svn-role
Date: Wed Mar  6 04:00:22 2019
New Revision: 1854887

URL: http://svn.apache.org/viewvc?rev=1854887&view=rev
Log:
Merge the r1851676 group from trunk:

 * r1851676, r1851687, r1851791
   Allow the use of empty groups in authz rules.
   Justification:
     Fixes regression from 1.9.x. Does not affect authz file semantics.
   Notes:
     - r1851676 adds a regression test.
     - r1851687 fixes the bug and extends the test.
     - r1851791 refers to issue #4802.
   Votes:
     +1: brane, julianfoad, stsp

Modified:
    subversion/branches/1.11.x/   (props changed)
    subversion/branches/1.11.x/STATUS
    subversion/branches/1.11.x/subversion/libsvn_repos/authz_parse.c
    subversion/branches/1.11.x/subversion/tests/cmdline/svnauthz_tests.py

Propchange: subversion/branches/1.11.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar  6 04:00:22 2019
@@ -100,4 +100,4 @@
 /subversion/branches/verify-at-commit:1462039-1462408
 /subversion/branches/verify-keep-going:1439280-1546110
 /subversion/branches/wc-collate-path:1402685-1480384
-/subversion/trunk:1840990-1840991,1840995,1840997,1841059,1841079,1841091,1841098,1841136,1841180,1841272,1841481,1841524-1841525,1841567,1841600-1841602,1841606,1841719,1841725,1841731,1841736,1841742-1841743,1841753-1841754,1841822,1841850,1841867,1842090,1842222-1842223,1842334,1842814,1842827,1842829,1842877,1843888,1844882,1844987,1845204,1845261,1845408,1845555-1845556,1845559,1845577,1846299,1846403,1846406,1846704,1847181-1847182,1847188,1847264,1847377,1847572,1847596,1847598,1847697,1847922,1847924,1847946,1850348,1850621
+/subversion/trunk:1840990-1840991,1840995,1840997,1841059,1841079,1841091,1841098,1841136,1841180,1841272,1841481,1841524-1841525,1841567,1841600-1841602,1841606,1841719,1841725,1841731,1841736,1841742-1841743,1841753-1841754,1841822,1841850,1841867,1842090,1842222-1842223,1842334,1842814,1842827,1842829,1842877,1843888,1844882,1844987,1845204,1845261,1845408,1845555-1845556,1845559,1845577,1846299,1846403,1846406,1846704,1847181-1847182,1847188,1847264,1847377,1847572,1847596,1847598,1847697,1847922,1847924,1847946,1850348,1850621,1851676,1851687,1851791

Modified: subversion/branches/1.11.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.11.x/STATUS?rev=1854887&r1=1854886&r2=1854887&view=diff
==============================================================================
--- subversion/branches/1.11.x/STATUS (original)
+++ subversion/branches/1.11.x/STATUS Wed Mar  6 04:00:22 2019
@@ -93,17 +93,6 @@ Veto-blocked changes:
 Approved changes:
 =================
 
- * r1851676, r1851687, r1851791
-   Allow the use of empty groups in authz rules.
-   Justification:
-     Fixes regression from 1.9.x. Does not affect authz file semantics.
-   Notes:
-     - r1851676 adds a regression test.
-     - r1851687 fixes the bug and extends the test.
-     - r1851791 refers to issue #4802.
-   Votes:
-     +1: brane, julianfoad, stsp
-
  * r1853761
    Fix an "unused static function" warning in non-maintainer mode builds.
    Justification:

Modified: subversion/branches/1.11.x/subversion/libsvn_repos/authz_parse.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.11.x/subversion/libsvn_repos/authz_parse.c?rev=1854887&r1=1854886&r2=1854887&view=diff
==============================================================================
--- subversion/branches/1.11.x/subversion/libsvn_repos/authz_parse.c (original)
+++ subversion/branches/1.11.x/subversion/libsvn_repos/authz_parse.c Wed Mar  6 04:00:22 2019
@@ -1011,7 +1011,8 @@ close_section(void *baton, svn_stringbuf
 
 
 /* Add a user to GROUP.
-   GROUP is never internalized, but USER always is. */
+   GROUP is never internalized, but USER always is.
+   Adding a NULL user will create an empty group, if it doesn't exist. */
 static void
 add_to_group(ctor_baton_t *cb, const char *group, const char *user)
 {
@@ -1022,7 +1023,8 @@ add_to_group(ctor_baton_t *cb, const cha
       members = svn_hash__make(cb->authz->pool);
       svn_hash_sets(cb->expanded_groups, group, members);
     }
-  svn_hash_sets(members, user, interned_empty_string);
+  if (user)
+    svn_hash_sets(members, user, interned_empty_string);
 }
 
 
@@ -1038,8 +1040,15 @@ expand_group_callback(void *baton,
   ctor_baton_t *const cb = baton;
   const char *const group = key;
   apr_array_header_t *members = value;
-
   int i;
+
+  if (0 == members->nelts)
+    {
+      /* Create the group with no members. */
+      add_to_group(cb, group, NULL);
+      return SVN_NO_ERROR;
+    }
+
   for (i = 0; i < members->nelts; ++i)
     {
       const char *member = APR_ARRAY_IDX(members, i, const char*);
@@ -1169,10 +1178,18 @@ array_insert_ace(void *baton,
       SVN_ERR_ASSERT(ace->members == NULL);
       ace->members = svn_hash_gets(iab->cb->expanded_groups, ace->name);
       if (!ace->members)
-        return svn_error_createf(
-            SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
-            _("Access entry refers to undefined group '%s'"),
-            ace->name);
+        {
+          return svn_error_createf(
+              SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
+              _("Access entry refers to undefined group '%s'"),
+              ace->name);
+        }
+      else if (0 == apr_hash_count(ace->members))
+        {
+          /* TODO: Somehow emit a warning about the use of an empty group. */
+          /* An ACE for an empty group has no effect, so ignore it. */
+          return SVN_NO_ERROR;
+        }
     }
 
   APR_ARRAY_PUSH(iab->ace_array, authz_ace_t) = *ace;

Modified: subversion/branches/1.11.x/subversion/tests/cmdline/svnauthz_tests.py
URL: http://svn.apache.org/viewvc/subversion/branches/1.11.x/subversion/tests/cmdline/svnauthz_tests.py?rev=1854887&r1=1854886&r2=1854887&view=diff
==============================================================================
--- subversion/branches/1.11.x/subversion/tests/cmdline/svnauthz_tests.py (original)
+++ subversion/branches/1.11.x/subversion/tests/cmdline/svnauthz_tests.py Wed Mar  6 04:00:22 2019
@@ -965,6 +965,33 @@ def svnauthz_inverted_selector_test(sbox
   os.remove(authz_path)
 
 
+@Issue(4802)
+def svnauthz_empty_group_test(sbox):
+  "test empty group definition"
+
+  # build an authz file
+  authz_content = ("[groups]\n"
+                   "group1 =\n"
+                   "group2 = @group1\n"
+                   "group3 = @group2, user\n"
+
+
+                   "[A:/]\n"
+                   "@group1 = rw\n"
+                   "@group2 = rw\n"
+                   "@group3 = r\n")
+
+  (authz_fd, authz_path) = tempfile.mkstemp()
+  svntest.main.file_write(authz_path, authz_content)
+
+  svntest.actions.run_and_verify_svnauthz(
+    [], None, 0, False, 'validate', authz_path)
+
+  svntest.actions.run_and_verify_svnauthz(
+      'r', None, 0, False, 'accessof',
+      '--repository', 'A', '--username', 'user', authz_path)
+
+
 ########################################################################
 # Run the tests
 
@@ -984,6 +1011,7 @@ test_list = [ None,
               svnauthz_compat_mode_file_test,
               svnauthz_compat_mode_repo_test,
               svnauthz_inverted_selector_test,
+              svnauthz_empty_group_test,
              ]
 
 if __name__ == '__main__':