Re: using system groups in svnaccess.conf

Thu, 24 Apr 2014 06:00:56 -0700 

new version of authz_posixgroup_contains_user.patch.

+treadsafe (getgrnam_r)
+AC_CHECK_FUNCS
-windows code still missing

--- ./configure.ac.orig	2014-02-10 08:04:51.000000000 +0400
+++ ./configure.ac	2014-04-24 16:19:07.946419736 +0400
@@ -875,6 +875,9 @@
 dnl check for functions needed in special file handling
 AC_CHECK_FUNCS(symlink readlink)
 
+dnl check for getgrnam_r
+AC_CHECK_FUNCS(getgrnam_r)
+
 dnl check for uname
 AC_CHECK_HEADERS(sys/utsname.h, [AC_CHECK_FUNCS(uname)], [])
 
--- ./subversion/libsvn_repos/authz.c.orig	2013-05-04 01:21:54.000000000 +0400
+++ ./subversion/libsvn_repos/authz.c	2014-04-24 16:17:46.990598094 +0400
@@ -36,6 +36,12 @@
 #include "svn_ctype.h"
 #include "private/svn_fspath.h"
 #include "repos.h"
+#include "svn_private_config.h"
+
+#ifdef HAVE_GETGRNAM_R
+#include <grp.h>
+#include <unistd.h>
+#endif
 
 
 /*** Structures. ***/
@@ -197,6 +203,49 @@
   return FALSE;
 }
 
+static svn_boolean_t
+authz_systemgroup_contains_user(svn_config_t *cfg,
+                          const char *group,
+                          const char *user,
+                          apr_pool_t *pool)
+{
+
+#ifdef HAVE_GETGRNAM_R
+  int max;
+  int ret;
+  char *buf;
+  struct group grpdata, *grp;
+  char **gmem;
+
+  max = sysconf(_SC_GETGR_R_SIZE_MAX);
+  buf = apr_palloc(pool, max);
+
+  while (1) {
+    ret = getgrnam_r(group, &grpdata, buf, max, &grp);
+    if (ret == ERANGE) {
+      /* apr_pool_clear(pool); ??? */
+      max *= 2;
+      buf = apr_palloc(pool, max);
+      continue;
+    }
+    if (ret != 0 || grp == NULL) {
+      return FALSE;
+    } else {
+      for (gmem = grp->gr_mem; *gmem != NULL; gmem++)
+        if (strcmp(*gmem, user) == 0)
+          return TRUE;
+      return FALSE;
+    }
+  }
+#endif
+
+#ifdef WIN32
+/* TODO */
+#endif
+
+  return FALSE;
+}
+
 
 /* Determines whether an authz rule applies to the current
  * user, given the name part of the rule's name-value pair
@@ -242,6 +291,9 @@
   if (rule_match_string[0] == '@')
     return authz_group_contains_user(
       b->config, &rule_match_string[1], b->user, pool);
+  else if (rule_match_string[0] == '%')
+    return authz_systemgroup_contains_user(
+      b->config, &rule_match_string[1], b->user, pool);
   else if (rule_match_string[0] == '&')
     return authz_alias_is_user(
       b->config, &rule_match_string[1], b->user, pool);

Reply via email to