On Wed, Sep 19, 2012 at 6:06 PM, Philip Martin
<philip.mar...@wandisco.com> wrote:
> Ivan Zhakov <i...@visualsvn.com> writes:
>
>> -get_access_conf(request_rec *r, authz_svn_config_rec *conf)
>> +get_access_conf(request_rec *r, authz_svn_config_rec *conf, apr_pool_t
>> *scratch_pool)
>
> That line is longer than 80 characters.
>
>> +subreq_bypass2(request_rec *r,
>> + const char *repos_path,
>> + const char *repos_name,
>> + apr_pool_t *scratch_pool)
>> {
>> svn_error_t *svn_err = NULL;
>> svn_authz_t *access_conf = NULL;
>> @@ -595,7 +597,7 @@
>>
>> conf = ap_get_module_config(r->per_dir_config,
>> &authz_svn_module);
>> - username_to_authorize = get_username_to_authorize(r, conf);
>> + username_to_authorize = get_username_to_authorize(r, conf, scratch_pool);
>>
>> /* If configured properly, this should never be true, but just in case. */
>> if (!conf->anonymous
>> @@ -606,7 +608,7 @@
>> }
>>
>> /* Retrieve authorization file */
>> - access_conf = get_access_conf(r, conf);
>> + access_conf = get_access_conf(r, conf, scratch_pool);
>> if (access_conf == NULL)
>> return HTTP_FORBIDDEN;
>>
>
> The call svn_repos_authz_check_access needs to be changed to pass
> scratch_pool.
>
Oops, I need commit more often :) See updated patch.
--
Ivan Zhakov
Index: subversion/mod_authz_svn/mod_authz_svn.c
===================================================================
--- subversion/mod_authz_svn/mod_authz_svn.c (revision 1383873)
+++ subversion/mod_authz_svn/mod_authz_svn.c (working copy)
@@ -44,6 +44,7 @@
#include "svn_config.h"
#include "svn_string.h"
#include "svn_repos.h"
+#include "svn_pools.h"
#include "svn_dirent_uri.h"
#include "private/svn_fspath.h"
@@ -164,7 +165,8 @@
* Get the, possibly cached, svn_authz_t for this request.
*/
static svn_authz_t *
-get_access_conf(request_rec *r, authz_svn_config_rec *conf)
+get_access_conf(request_rec *r, authz_svn_config_rec *conf,
+ apr_pool_t *scratch_pool)
{
const char *cache_key = NULL;
const char *access_file;
@@ -182,7 +184,7 @@
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", dav_err->desc);
return NULL;
}
- access_file = svn_dirent_join_many(r->pool, repos_path, "conf",
+ access_file = svn_dirent_join_many(scratch_pool, repos_path, "conf",
conf->repo_relative_access_file,
NULL);
}
@@ -194,7 +196,7 @@
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"Path to authz file is %s", access_file);
- cache_key = apr_pstrcat(r->pool, "mod_authz_svn:",
+ cache_key = apr_pstrcat(scratch_pool, "mod_authz_svn:",
access_file, (char *)NULL);
apr_pool_userdata_get(&user_data, cache_key, r->connection->pool);
access_conf = user_data;
@@ -243,12 +245,13 @@
/* Return the username to authorize, with case-conversion performed if
CONF->force_username_case is set. */
static char *
-get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf)
+get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf,
+ apr_pool_t *pool)
{
char *username_to_authorize = r->user;
if (username_to_authorize && conf->force_username_case)
{
- username_to_authorize = apr_pstrdup(r->pool, r->user);
+ username_to_authorize = apr_pstrdup(pool, r->user);
convert_case(username_to_authorize,
strcasecmp(conf->force_username_case, "upper") == 0);
}
@@ -283,7 +286,8 @@
svn_authz_t *access_conf = NULL;
svn_error_t *svn_err;
char errbuf[256];
- const char *username_to_authorize = get_username_to_authorize(r, conf);
+ const char *username_to_authorize = get_username_to_authorize(r, conf,
+ r->pool);
switch (r->method_number)
{
@@ -419,7 +423,7 @@
}
/* Retrieve/cache authorization file */
- access_conf = get_access_conf(r,conf);
+ access_conf = get_access_conf(r,conf, r->pool);
if (access_conf == NULL)
return DECLINED;
@@ -577,14 +581,13 @@
}
/*
- * This function is used as a provider to allow mod_dav_svn to bypass the
- * generation of an apache request when checking GET access from
- * "mod_dav_svn/authz.c" .
+ * Implementation of subreq_bypass with scratch_pool parameter.
*/
static int
-subreq_bypass(request_rec *r,
- const char *repos_path,
- const char *repos_name)
+subreq_bypass2(request_rec *r,
+ const char *repos_path,
+ const char *repos_name,
+ apr_pool_t *scratch_pool)
{
svn_error_t *svn_err = NULL;
svn_authz_t *access_conf = NULL;
@@ -595,18 +598,18 @@
conf = ap_get_module_config(r->per_dir_config,
&authz_svn_module);
- username_to_authorize = get_username_to_authorize(r, conf);
+ username_to_authorize = get_username_to_authorize(r, conf, scratch_pool);
/* If configured properly, this should never be true, but just in case. */
if (!conf->anonymous
|| (! (conf->access_file || conf->repo_relative_access_file)))
{
log_access_verdict(APLOG_MARK, r, 0, repos_path, NULL);
- return HTTP_FORBIDDEN;
+ return HTTP_FORBIDDEN;
}
/* Retrieve authorization file */
- access_conf = get_access_conf(r, conf);
+ access_conf = get_access_conf(r, conf, scratch_pool);
if (access_conf == NULL)
return HTTP_FORBIDDEN;
@@ -620,7 +623,7 @@
username_to_authorize,
svn_authz_none|svn_authz_read,
&authz_access_granted,
- r->pool);
+ scratch_pool);
if (svn_err)
{
ap_log_rerror(APLOG_MARK, APLOG_ERR,
@@ -650,6 +653,25 @@
}
/*
+ * This function is used as a provider to allow mod_dav_svn to bypass the
+ * generation of an apache request when checking GET access from
+ * "mod_dav_svn/authz.c" .
+ */
+static int
+subreq_bypass(request_rec *r,
+ const char *repos_path,
+ const char *repos_name)
+{
+ int status;
+ apr_pool_t *scratch_pool;
+
+ scratch_pool = svn_pool_create(r->pool);
+ status = subreq_bypass2(r, repos_path, repos_name, scratch_pool);
+ svn_pool_destroy(scratch_pool);
+
+ return status;
+}
+/*
* Hooks
*/
