You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Sander Striker <st...@apache.org> on 2003/06/10 21:25:22 UTC

mod_authz_svn config, WAS: RE: Speeding up mod_dav_svn

> From: Greg Stein [mailto:gstein@lyra.org]
> Sent: Tuesday, June 10, 2003 11:15 PM

> On Tue, Jun 10, 2003 at 02:00:28PM -0500, kfogel@collab.net wrote:
>> "Sander Striker" <st...@apache.org> writes:
>>> While thinking about caching the parsed access file for mod_authz_svn,
> 
> Isn't there a way to get that stuff integrated more tightly with httpd's
> configuration? It has all the support needed for specifying locations,
> merging config options, inheritance of config, etc. It kind of sucks to have
> Yet Another Config Format.

I know.  But I'm not entirely sure how you'd call back to httpd's authz hooks
for some arbitrary location.
 
> If you don't want to integrate with Apache's config, then how about using
> svn_config instead? You're binding against mod_dav_svn, which means that
> you've got libsvn_subr in your process space anyways. This approach would
> probably work for svnserve, too.

I'm using those routines already.  I'm not sure what you are implying.
 
> +1 on integrating with httpd.conf
> +0 on a separate .conf

Integration isn't going to be a fun enterprise.  For me the most important
part was to get the code running that makes the calls to check access
against a repos path.  I'll be working on perfecting that.  If someone wants
to change the actual is_allowed code I won't stop 'm ;).


Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: mod_authz_svn config, WAS: RE: Speeding up mod_dav_svn

Posted by Greg Hudson <gh...@MIT.EDU>.

On Tue, 2003-06-10 at 17:25, Sander Striker wrote:
> Integration isn't going to be a fun enterprise.  For me the most important
> part was to get the code running that makes the calls to check access
> against a repos path.  I'll be working on perfecting that.  If someone wants
> to change the actual is_allowed code I won't stop 'm ;).

Another conceivable axis of integration is: put the acl configuration in
the repository directory (using the svn_config syntax, probably). 
Define semantics for the file which make sense for all ra layers.  Make
all ra layers implement the acls.

(I know Ben S. has discussed some of this with me and with you, but I
don't think the idea has hit the list, and I don't know how much of that
idea is reflected in your current code.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: mod_authz_svn config, WAS: RE: Speeding up mod_dav_svn

Posted by Greg Stein <gs...@lyra.org>.

On Tue, Jun 10, 2003 at 11:25:22PM +0200, Sander Striker wrote:
> > From: Greg Stein [mailto:gstein@lyra.org]
> > Sent: Tuesday, June 10, 2003 11:15 PM
> 
> > On Tue, Jun 10, 2003 at 02:00:28PM -0500, kfogel@collab.net wrote:
> >> "Sander Striker" <st...@apache.org> writes:
> >>> While thinking about caching the parsed access file for mod_authz_svn,
> > 
> > Isn't there a way to get that stuff integrated more tightly with httpd's
> > configuration? It has all the support needed for specifying locations,
> > merging config options, inheritance of config, etc. It kind of sucks to have
> > Yet Another Config Format.
> 
> I know.  But I'm not entirely sure how you'd call back to httpd's authz hooks
> for some arbitrary location.

Ah. Right.  hmm... I won't mention 'subrequest' because then I'd have to
break my own legs (no sense waiting for you to do it).

[ boy, I wish my location tree concept was implemented... ]

> > If you don't want to integrate with Apache's config, then how about using
> > svn_config instead? You're binding against mod_dav_svn, which means that
> > you've got libsvn_subr in your process space anyways. This approach would
> > probably work for svnserve, too.
> 
> I'm using those routines already.  I'm not sure what you are implying.

Brain fart on my part. I saw 'parse_authz_line' and some strchr's and
whatnot, but I didn't read the whole module.  Heh :-)

> > +1 on integrating with httpd.conf
> > +0 on a separate .conf
> 
> Integration isn't going to be a fun enterprise.  For me the most important
> part was to get the code running that makes the calls to check access
> against a repos path.  I'll be working on perfecting that.  If someone wants
> to change the actual is_allowed code I won't stop 'm ;).

Heh. I was just stating opinions :-) ... +0 still means "sure" :-)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org