Alien-SVN
view release on metacpan or search on metacpan
src/subversion/subversion/libsvn_repos/authz.c view on Meta::CPAN
* successfully determined.
*/
static svn_boolean_t
authz_get_path_access(svn_config_t *cfg, const char *repos_name,
const char *path, const char *user,
svn_repos_authz_access_t required_access,
svn_boolean_t *access_granted,
apr_pool_t *pool)
{
const char *qualified_path;
struct authz_lookup_baton baton = { 0 };
baton.config = cfg;
baton.user = user;
/* Try to locate a repository-specific block first. */
qualified_path = apr_pstrcat(pool, repos_name, ":", path, (char *)NULL);
svn_config_enumerate2(cfg, qualified_path,
authz_parse_line, &baton, pool);
*access_granted = authz_access_is_granted(baton.allow, baton.deny,
required_access);
/* If the first test has determined access, stop now. */
if (authz_access_is_determined(baton.allow, baton.deny,
required_access))
return TRUE;
/* No repository specific rule, try pan-repository rules. */
svn_config_enumerate2(cfg, path, authz_parse_line, &baton, pool);
*access_granted = authz_access_is_granted(baton.allow, baton.deny,
required_access);
return authz_access_is_determined(baton.allow, baton.deny,
required_access);
}
/* Validate access to the given user for the subtree starting at the
* given path. This function walks the whole authz file in search of
* rules applying to paths in the requested subtree which deny the
* requested access.
*
* As soon as one is found, or else when the whole ACL file has been
* searched, return the updated authorization status.
*/
static svn_boolean_t
authz_get_tree_access(svn_config_t *cfg, const char *repos_name,
const char *path, const char *user,
svn_repos_authz_access_t required_access,
apr_pool_t *pool)
{
struct authz_lookup_baton baton = { 0 };
baton.config = cfg;
baton.user = user;
baton.required_access = required_access;
baton.repos_path = path;
baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
":", path, (char *)NULL);
/* Default to access granted if no rules say otherwise. */
baton.access = TRUE;
svn_config_enumerate_sections2(cfg, authz_parse_section,
&baton, pool);
return baton.access;
}
/* Callback to parse sections of the configuration file, looking for
any kind of granted access. Implements the
svn_config_section_enumerator2_t interface. */
static svn_boolean_t
authz_get_any_access_parser_cb(const char *section_name, void *baton,
apr_pool_t *pool)
{
struct authz_lookup_baton *b = baton;
/* Does the section apply to the query? */
if (section_name[0] == '/'
|| strncmp(section_name, b->qualified_repos_path,
strlen(b->qualified_repos_path)) == 0)
{
b->allow = b->deny = svn_authz_none;
svn_config_enumerate2(b->config, section_name,
authz_parse_line, baton, pool);
b->access = authz_access_is_granted(b->allow, b->deny,
b->required_access);
/* Continue as long as we don't find a determined, granted access. */
return !(b->access
&& authz_access_is_determined(b->allow, b->deny,
b->required_access));
}
return TRUE;
}
/* Walk through the authz CFG to check if USER has the REQUIRED_ACCESS
* to any path within the REPOSITORY. Return TRUE if so. Use POOL
* for temporary allocations. */
static svn_boolean_t
authz_get_any_access(svn_config_t *cfg, const char *repos_name,
const char *user,
svn_repos_authz_access_t required_access,
apr_pool_t *pool)
{
struct authz_lookup_baton baton = { 0 };
baton.config = cfg;
baton.user = user;
baton.required_access = required_access;
baton.access = FALSE; /* Deny access by default. */
baton.repos_path = "/";
baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
":/", (char *)NULL);
/* We could have used svn_config_enumerate2 for "repos_name:/".
( run in 0.316 second using v1.01-cache-2.11-cpan-483215c6ad5 )