h
ttp://websvn.tigris.org/issues/show_bug.cgi?id=114
Issue #|114
Summary|Authorization bugs extremely
frustrating...here's the
|fix
Component|websvn
Version|2.0
Platform|PC
OS/Version|All
URL|
Status|NEW
Status whiteboard|
Keywords|
Resolution|
Issue type|DEFECT
Priority|P3
Subcomponent|Subversion
Assigned to|issues websvn
Reported by|derrick
------- Additional comments from derricktigris.org Thu Nov 9 23:20:26 -0800 2006 -------
There are numerous bugs in auth.inc, which manifest
themselves in an inability
of an admin to understand why the settings in a perfectly
valid SVN
authorization file don't seem to "take".
- A repository or path named with any upper-case characters
is never matched
- If a user is a member of a group which is also a member of
another group, and
the parent group is used to specify access to a path or
repository, it is never
matched
- If the repository+path or the path specification match the
searched path
exactly, it is never matched
The first issue is due to the .ini parser converting all
groups and keys to
lower-case. The input repository names, paths and user names
are left as found
and if they contain upper-case letters they never match
exactly. My approach
was to convert them to lower-case and leave the logic
relatively alone, though
there was at least one place where the length to match was
taken from the wrong
parameter.
The second issue is either an oversight, or failure to track
the current
specification of the authorization file. Groups may contain
other groups, but
there was no mechanism to search for a user's groups' group
memberships,
probably because it is so hard just to say it. I added the
function to check
for that recursively. It can be optimized to avoid
duplications, and could be
limited for recursion depth, but works for my application as
presented.
The third issue is just a plain bug - < instead of <=
to short-circuit a string
comparison test ended up short-circuiting the good stuff all
the time.
The attached file shows my approach to fixing these bugs.
Enjoy!
|