Alien-SVN

 view release on metacpan or  search on metacpan

src/subversion/subversion/libsvn_repos/authz.c  view on Meta::CPAN

static svn_boolean_t
authz_get_tree_access(svn_config_t *cfg, const char *repos_name,
                      const char *path, const char *user,
                      svn_repos_authz_access_t required_access,
                      apr_pool_t *pool)
{
  struct authz_lookup_baton baton = { 0 };

  baton.config = cfg;
  baton.user = user;
  baton.required_access = required_access;
  baton.repos_path = path;
  baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
                                           ":", path, (char *)NULL);
  /* Default to access granted if no rules say otherwise. */
  baton.access = TRUE;

  svn_config_enumerate_sections2(cfg, authz_parse_section,
                                 &baton, pool);

  return baton.access;

src/subversion/subversion/libsvn_repos/authz.c  view on Meta::CPAN

static svn_boolean_t
authz_get_any_access(svn_config_t *cfg, const char *repos_name,
                     const char *user,
                     svn_repos_authz_access_t required_access,
                     apr_pool_t *pool)
{
  struct authz_lookup_baton baton = { 0 };

  baton.config = cfg;
  baton.user = user;
  baton.required_access = required_access;
  baton.access = FALSE; /* Deny access by default. */
  baton.repos_path = "/";
  baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
                                           ":/", (char *)NULL);

  /* We could have used svn_config_enumerate2 for "repos_name:/".
   * However, this requires access for root explicitly (which the user
   * may not always have). So we end up enumerating the sections in
   * the authz CFG and stop on the first match with some access for
   * this user. */

src/subversion/subversion/libsvn_wc/lock.c  view on Meta::CPAN

      /* It's possible for the required lock path to be an ancestor
         of, a descendent of, or equal to, the obtained lock path. If
         it's an ancestor we have to try again, otherwise the obtained
         lock will do. */
      child = svn_dirent_skip_ancestor(required_abspath, obtained_abspath);
      if (child && child[0])
        {
          SVN_ERR(svn_wc__release_write_lock(wc_ctx, obtained_abspath,
                                             scratch_pool));
          locked = FALSE;
          requested_abspath = required_abspath;
        }
      else
        {
          /* required should be a descendent of, or equal to, obtained */
          SVN_ERR_ASSERT(!strcmp(required_abspath, obtained_abspath)
                         || svn_dirent_skip_ancestor(obtained_abspath,
                                                     required_abspath));
        }
    }

src/subversion/subversion/svnserve/serve.c  view on Meta::CPAN

  return get_access(b, (b->user) ? AUTHENTICATED : UNAUTHENTICATED);
}

/* Send authentication mechs for ACCESS_TYPE to the client.  If NEEDS_USERNAME
   is true, don't send anonymous mech even if that would give the desired
   access. */
static svn_error_t *send_mechs(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
                               server_baton_t *b, enum access_type required,
                               svn_boolean_t needs_username)
{
  if (!needs_username && get_access(b, UNAUTHENTICATED) >= required)
    SVN_ERR(svn_ra_svn__write_word(conn, pool, "ANONYMOUS"));
  if (b->tunnel_user && get_access(b, AUTHENTICATED) >= required)
    SVN_ERR(svn_ra_svn__write_word(conn, pool, "EXTERNAL"));
  if (b->pwdb && get_access(b, AUTHENTICATED) >= required)
    SVN_ERR(svn_ra_svn__write_word(conn, pool, "CRAM-MD5"));
  return SVN_NO_ERROR;
}

/* Context for cleanup handler. */
struct cleanup_fs_access_baton
{
  svn_fs_t *fs;
  apr_pool_t *pool;
};

src/subversion/subversion/svnserve/serve.c  view on Meta::CPAN

 * If NEEDS_USERNAME is TRUE, don't allow anonymous authentication. */
static svn_error_t *auth(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
                         const char *mech, const char *mecharg,
                         server_baton_t *b, enum access_type required,
                         svn_boolean_t needs_username,
                         svn_boolean_t *success)
{
  const char *user;
  *success = FALSE;

  if (get_access(b, AUTHENTICATED) >= required
      && b->tunnel_user && strcmp(mech, "EXTERNAL") == 0)
    {
      if (*mecharg && strcmp(mecharg, b->tunnel_user) != 0)
        return svn_ra_svn__write_tuple(conn, pool, "w(c)", "failure",
                                       "Requested username does not match");
      b->user = b->tunnel_user;
      SVN_ERR(svn_ra_svn__write_tuple(conn, pool, "w()", "success"));
      *success = TRUE;
      return SVN_NO_ERROR;
    }

  if (get_access(b, UNAUTHENTICATED) >= required
      && strcmp(mech, "ANONYMOUS") == 0 && ! needs_username)
    {
      SVN_ERR(svn_ra_svn__write_tuple(conn, pool, "w()", "success"));
      *success = TRUE;
      return SVN_NO_ERROR;
    }

  if (get_access(b, AUTHENTICATED) >= required
      && b->pwdb && strcmp(mech, "CRAM-MD5") == 0)
    {
      SVN_ERR(svn_ra_svn_cram_server(conn, pool, b->pwdb, &user, success));
      b->user = apr_pstrdup(b->pool, user);
      return SVN_NO_ERROR;
    }

  return svn_ra_svn__write_tuple(conn, pool, "w(c)", "failure",
                                "Must authenticate with listed mechanism");
}