You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2012/12/19 00:02:15 UTC
svn commit: r1423708 - in /subversion/branches/in-repo-authz: BRANCH-README
subversion/libsvn_repos/repos.c subversion/mod_authz_svn/INSTALL
subversion/mod_authz_svn/mod_authz_svn.c subversion/svnserve/svnserve.conf.5
Author: breser
Date: Tue Dec 18 23:02:11 2012
New Revision: 1423708
URL: http://svn.apache.org/viewvc?rev=1423708&view=rev
Log:
On 'in-repo-authz' branch: Adjust documentation for changes made.
* BRANCH-README: Documentation done.
* subversion/libsvn_repos/repos.c
(create_conf): Adjust default svnserve.conf authz-db for in-repo-authz.
* subversion/mod_authz_svn/INSTALL: Add examples for in-repo-authz.
* subversion/mod_authz_svn/mod_authz_svn.c
(authz_svn_cmds): Adjust doc strings for AuthzSVNAccessFile and
AuthzSVNReposRelativeAccessFile for in-repo-authz.
* subversion/svnserve/svnserve.conf.5:
(authz-db): Adjust for in-repo-authz.
Modified:
subversion/branches/in-repo-authz/BRANCH-README
subversion/branches/in-repo-authz/subversion/libsvn_repos/repos.c
subversion/branches/in-repo-authz/subversion/mod_authz_svn/INSTALL
subversion/branches/in-repo-authz/subversion/mod_authz_svn/mod_authz_svn.c
subversion/branches/in-repo-authz/subversion/svnserve/svnserve.conf.5
Modified: subversion/branches/in-repo-authz/BRANCH-README
URL: http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/BRANCH-README?rev=1423708&r1=1423707&r2=1423708&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/BRANCH-README (original)
+++ subversion/branches/in-repo-authz/BRANCH-README Tue Dec 18 23:02:11 2012
@@ -8,4 +8,3 @@ TODO
* errors - DAV error messages kinda suck since it guesses what it thinks is
the best error message at current. When it should display the whole chain.
-* documentation - as in the user level docs.
Modified: subversion/branches/in-repo-authz/subversion/libsvn_repos/repos.c
URL: http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/libsvn_repos/repos.c?rev=1423708&r1=1423707&r2=1423708&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/libsvn_repos/repos.c (original)
+++ subversion/branches/in-repo-authz/subversion/libsvn_repos/repos.c Tue Dec 18 23:02:11 2012
@@ -1019,8 +1019,10 @@ create_conf(svn_repos_t *repos, apr_pool
"### The authz-db option controls the location of the authorization" NL
"### rules for path-based access control. Unless you specify a path" NL
"### starting with a /, the file's location is relative to the" NL
-"### directory containing this file. If you don't specify an" NL
-"### authz-db, no path-based access control is done." NL
+"### directory containing this file. The specified path may be a" NL
+"### repository relative URL (^/) or an absolute file:// URL to a text" NL
+"### file in a Subversion repository. If you don't specify an authz-db," NL
+"### no path-based access control is done." NL
"### Uncomment the line below to use the default authorization file." NL
"# authz-db = " SVN_REPOS__CONF_AUTHZ NL
"### This option specifies the authentication realm of the repository." NL
Modified: subversion/branches/in-repo-authz/subversion/mod_authz_svn/INSTALL
URL: http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/mod_authz_svn/INSTALL?rev=1423708&r1=1423707&r2=1423708&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/mod_authz_svn/INSTALL (original)
+++ subversion/branches/in-repo-authz/subversion/mod_authz_svn/INSTALL Tue Dec 18 23:02:11 2012
@@ -100,6 +100,50 @@ II. Configuration
NOTE: AuthzSVNReposRelativeAccessFile filename causes the authz file
to be read from <repo path>/conf/<filename>
+ E. Example 5: Authz file stored in a Subversion repository
+
+ This configuration allows storing of the authz file in a repository.
+
+ <Location /svn>
+ DAV svn
+ SVNParentPath /path/to/reposparent
+
+ AuthType Basic
+ AuthName "Subversion repository"
+ AuthUserFile /path/to/htpasswd/file
+
+ AuthzSVNAccessFile file:///path/to/repos/authz
+
+ Require valid-user
+ </Location>
+
+ NOTE: http:// and svn:// URLs are not supported, only local file://
+ absolute URLs may be used. The URL does not have to point to the
+ same repository as the repository being accessed. If you wish to
+ restrict access to this authz file and it is in the same repository
+ you should include a rule for it.
+
+ F. Example 5: Authz file stored inside the repository being accessed.
+
+ This configuration allows providing a relative path within the
+ repository being accessed.
+
+ <Location /svn>
+ DAV svn
+ SVNParentPath /path/to/reposparent
+
+ AuthType Basic
+ AuthName "Subversion repository"
+ AuthUserFile /path/to/htpasswd/file
+
+ AuthzSVNAccessFile ^/authz
+
+ Require valid-user
+ </Location>
+
+ NOTE: You should include rules in your authz file to restirct access
+ to the authz file as desired.
+
2. Specifying permissions
The file format of the access file looks like this:
Modified: subversion/branches/in-repo-authz/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/mod_authz_svn/mod_authz_svn.c?rev=1423708&r1=1423707&r2=1423708&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/branches/in-repo-authz/subversion/mod_authz_svn/mod_authz_svn.c Tue Dec 18 23:02:11 2012
@@ -133,13 +133,17 @@ static const command_rec authz_svn_cmds[
NULL,
OR_AUTHCFG,
"Path to text file containing permissions of repository "
- "paths."),
+ "paths. Path may be an repository relative URL (^/) or "
+ "absolute file:// URL to a text file in a Subversion "
+ "repository."),
AP_INIT_TAKE1("AuthzSVNReposRelativeAccessFile",
AuthzSVNReposRelativeAccessFile_cmd,
NULL,
OR_AUTHCFG,
"Path (relative to repository 'conf' directory) to text "
- "file containing permissions of repository paths. "),
+ "file containing permissions of repository paths. Path may "
+ "be an repository relative URL (^/) or absolute file:// URL "
+ "to a text file in a Subversion repository."),
AP_INIT_FLAG("AuthzSVNAnonymous", ap_set_flag_slot,
(void *)APR_OFFSETOF(authz_svn_config_rec, anonymous),
OR_AUTHCFG,
Modified: subversion/branches/in-repo-authz/subversion/svnserve/svnserve.conf.5
URL: http://svn.apache.org/viewvc/subversion/branches/in-repo-authz/subversion/svnserve/svnserve.conf.5?rev=1423708&r1=1423707&r2=1423708&view=diff
==============================================================================
--- subversion/branches/in-repo-authz/subversion/svnserve/svnserve.conf.5 (original)
+++ subversion/branches/in-repo-authz/subversion/svnserve/svnserve.conf.5 Tue Dec 18 23:02:11 2012
@@ -61,11 +61,13 @@ uses only one section "users"; each vari
username, and each value is a password.
.PP
.TP 5
-\fBauthz-db\fP = \fIfilename\fP
+\fBauthz-db\fP = \fIpath\fP
The authz-db option controls the location of the authorization
-rules for path-based access control. \fIfilename\fP may be
-relative to the repository conf directory. There is no default value.
-If you don't specify an authz-db, no path-based access control is done.
+rules for path-based access control. \fIpath\fP may be
+relative to the repository conf directory. \fIpath\fP may be a repository
+relative URL (^/) or absolute file:// URL to a text file in a Subversion
+repository. There is no default value. If you don't specify an authz-db,
+no path-based access control is done.
.PP
.TP 5
\fBrealm\fP = \fIrealm\-name\fP