Google Git
Sign in
apache / subversion / 1ec204733379f634e2704e1a08fe9833b78e0249 / . / subversion / libsvn_repos / authz.c
blob: 20f9231dc22a9e1aa64409b404ff82bfb02b9be6 [file] [log] [blame]
/* authz.c : path-based access control
*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*/
/*** Includes. ***/
#include <apr_pools.h>
#include <apr_file_io.h>
#include "svn_hash.h"
#include "svn_pools.h"
#include "svn_error.h"
#include "svn_dirent_uri.h"
#include "svn_path.h"
#include "svn_repos.h"
#include "svn_config.h"
#include "svn_ctype.h"
#include "private/svn_fspath.h"
#include "private/svn_repos_private.h"
#include "repos.h"
/*** Structures. ***/
/* Information for the config enumerators called during authz
lookup. */
struct authz_lookup_baton {
/* The authz configuration. */
svn_config_t *config;
/* The user to authorize. */
const char *user;
/* Explicitly granted rights. */
svn_repos_authz_access_t allow;
/* Explicitly denied rights. */
svn_repos_authz_access_t deny;
/* The rights required by the caller of the lookup. */
svn_repos_authz_access_t required_access;
/* The following are used exclusively in recursive lookups. */
/* The path in the repository (an fspath) to authorize. */
const char *repos_path;
/* repos_path prefixed by the repository name and a colon. */
const char *qualified_repos_path;
/* Whether, at the end of a recursive lookup, access is granted. */
svn_boolean_t access;
};
/* Information for the config enumeration functions called during the
validation process. */
struct authz_validate_baton {
svn_config_t *config; /* The configuration file being validated. */
svn_error_t *err; /* The error being thrown out of the
enumerator, if any. */
};
/* Currently this structure is just a wrapper around a svn_config_t.
Please update authz_pool if you modify this structure. */
struct svn_authz_t
{
svn_config_t *cfg;
};
/*** Checking access. ***/
/* Determine whether the REQUIRED access is granted given what authz
* to ALLOW or DENY. Return TRUE if the REQUIRED access is
* granted.
*
* Access is granted either when no required access is explicitly
* denied (implicit grant), or when the required access is explicitly
* granted, overriding any denials.
*/
static svn_boolean_t
authz_access_is_granted(svn_repos_authz_access_t allow,
svn_repos_authz_access_t deny,
svn_repos_authz_access_t required)
{
svn_repos_authz_access_t stripped_req =
required & (svn_authz_read | svn_authz_write);
if ((deny & required) == svn_authz_none)
return TRUE;
else if ((allow & required) == stripped_req)
return TRUE;
else
return FALSE;
}
/* Decide whether the REQUIRED access has been conclusively
* determined. Return TRUE if the given ALLOW/DENY authz are
* conclusive regarding the REQUIRED authz.
*
* Conclusive determination occurs when any of the REQUIRED authz are
* granted or denied by ALLOW/DENY.
*/
static svn_boolean_t
authz_access_is_determined(svn_repos_authz_access_t allow,
svn_repos_authz_access_t deny,
svn_repos_authz_access_t required)
{
if ((deny & required) || (allow & required))
return TRUE;
else
return FALSE;
}
/* Return TRUE is USER equals ALIAS. The alias definitions are in the
"aliases" sections of CFG. Use POOL for temporary allocations during
the lookup. */
static svn_boolean_t
authz_alias_is_user(svn_config_t *cfg,
const char *alias,
const char *user,
apr_pool_t *pool)
{
const char *value;
svn_config_get(cfg, &value, "aliases", alias, NULL);
if (!value)
return FALSE;
if (strcmp(value, user) == 0)
return TRUE;
return FALSE;
}
/* Return TRUE if USER is in GROUP. The group definitions are in the
"groups" section of CFG. Use POOL for temporary allocations during
the lookup. */
static svn_boolean_t
authz_group_contains_user(svn_config_t *cfg,
const char *group,
const char *user,
apr_pool_t *pool)
{
const char *value;
apr_array_header_t *list;
int i;
svn_config_get(cfg, &value, "groups", group, NULL);
list = svn_cstring_split(value, ",", TRUE, pool);
for (i = 0; i < list->nelts; i++)
{
const char *group_user = APR_ARRAY_IDX(list, i, char *);
/* If the 'user' is a subgroup, recurse into it. */
if (*group_user == '@')
{
if (authz_group_contains_user(cfg, &group_user[1],
user, pool))
return TRUE;
}
/* If the 'user' is an alias, verify it. */
else if (*group_user == '&')
{
if (authz_alias_is_user(cfg, &group_user[1],
user, pool))
return TRUE;
}
/* If the user matches, stop. */
else if (strcmp(user, group_user) == 0)
return TRUE;
}
return FALSE;
}
/* Determines whether an authz rule applies to the current
* user, given the name part of the rule's name-value pair
* in RULE_MATCH_STRING and the authz_lookup_baton object
* B with the username in question.
*/
static svn_boolean_t
authz_line_applies_to_user(const char *rule_match_string,
struct authz_lookup_baton *b,
apr_pool_t *pool)
{
/* If the rule has an inversion, recurse and invert the result. */
if (rule_match_string[0] == '~')
return !authz_line_applies_to_user(&rule_match_string[1], b, pool);
/* Check for special tokens. */
if (strcmp(rule_match_string, "$anonymous") == 0)
return (b->user == NULL);
if (strcmp(rule_match_string, "$authenticated") == 0)
return (b->user != NULL);
/* Check for a wildcard rule. */
if (strcmp(rule_match_string, "*") == 0)
return TRUE;
/* If we get here, then the rule is:
* - Not an inversion rule.
* - Not an authz token rule.
* - Not a wildcard rule.
*
* All that's left over is regular user or group specifications.
*/
/* If the session is anonymous, then a user/group
* rule definitely won't match.
*/
if (b->user == NULL)
return FALSE;
/* Process the rule depending on whether it is
* a user, alias or group rule.
*/
if (rule_match_string[0] == '@')
return authz_group_contains_user(
b->config, &rule_match_string[1], b->user, pool);
else if (rule_match_string[0] == '&')
return authz_alias_is_user(
b->config, &rule_match_string[1], b->user, pool);
else
return (strcmp(b->user, rule_match_string) == 0);
}
/* Callback to parse one line of an authz file and update the
* authz_baton accordingly.
*/
static svn_boolean_t
authz_parse_line(const char *name, const char *value,
void *baton, apr_pool_t *pool)
{
struct authz_lookup_baton *b = baton;
/* Stop if the rule doesn't apply to this user. */
if (!authz_line_applies_to_user(name, b, pool))
return TRUE;
/* Set the access grants for the rule. */
if (strchr(value, 'r'))
b->allow |= svn_authz_read;
else
b->deny |= svn_authz_read;
if (strchr(value, 'w'))
b->allow |= svn_authz_write;
else
b->deny |= svn_authz_write;
return TRUE;
}
/* Return TRUE iff the access rules in SECTION_NAME apply to PATH_SPEC
* (which is a repository name, colon, and repository fspath, such as
* "myrepos:/trunk/foo").
*/
static svn_boolean_t
is_applicable_section(const char *path_spec,
const char *section_name)
{
apr_size_t path_spec_len = strlen(path_spec);
return ((strncmp(path_spec, section_name, path_spec_len) == 0)
&& (path_spec[path_spec_len - 1] == '/'
|| section_name[path_spec_len] == '/'
|| section_name[path_spec_len] == '\0'));
}
/* Callback to parse a section and update the authz_baton if the
* section denies access to the subtree the baton describes.
*/
static svn_boolean_t
authz_parse_section(const char *section_name, void *baton, apr_pool_t *pool)
{
struct authz_lookup_baton *b = baton;
svn_boolean_t conclusive;
/* Does the section apply to us? */
if (!is_applicable_section(b->qualified_repos_path, section_name)
&& !is_applicable_section(b->repos_path, section_name))
return TRUE;
/* Work out what this section grants. */
b->allow = b->deny = 0;
svn_config_enumerate2(b->config, section_name,
authz_parse_line, b, pool);
/* Has the section explicitly determined an access? */
conclusive = authz_access_is_determined(b->allow, b->deny,
b->required_access);
/* Is access granted OR inconclusive? */
b->access = authz_access_is_granted(b->allow, b->deny,
b->required_access)
|| !conclusive;
/* As long as access isn't conclusively denied, carry on. */
return b->access;
}
/* Validate access to the given user for the given path. This
* function checks rules for exactly the given path, and first tries
* to access a section specific to the given repository before falling
* back to pan-repository rules.
*
* Update *access_granted to inform the caller of the outcome of the
* lookup. Return a boolean indicating whether the access rights were
* successfully determined.
*/
static svn_boolean_t
authz_get_path_access(svn_config_t *cfg, const char *repos_name,
const char *path, const char *user,
svn_repos_authz_access_t required_access,
svn_boolean_t *access_granted,
apr_pool_t *pool)
{
const char *qualified_path;
struct authz_lookup_baton baton = { 0 };
baton.config = cfg;
baton.user = user;
/* Try to locate a repository-specific block first. */
qualified_path = apr_pstrcat(pool, repos_name, ":", path, SVN_VA_NULL);
svn_config_enumerate2(cfg, qualified_path,
authz_parse_line, &baton, pool);
*access_granted = authz_access_is_granted(baton.allow, baton.deny,
required_access);
/* If the first test has determined access, stop now. */
if (authz_access_is_determined(baton.allow, baton.deny,
required_access))
return TRUE;
/* No repository specific rule, try pan-repository rules. */
svn_config_enumerate2(cfg, path, authz_parse_line, &baton, pool);
*access_granted = authz_access_is_granted(baton.allow, baton.deny,
required_access);
return authz_access_is_determined(baton.allow, baton.deny,
required_access);
}
/* Validate access to the given user for the subtree starting at the
* given path. This function walks the whole authz file in search of
* rules applying to paths in the requested subtree which deny the
* requested access.
*
* As soon as one is found, or else when the whole ACL file has been
* searched, return the updated authorization status.
*/
static svn_boolean_t
authz_get_tree_access(svn_config_t *cfg, const char *repos_name,
const char *path, const char *user,
svn_repos_authz_access_t required_access,
apr_pool_t *pool)
{
struct authz_lookup_baton baton = { 0 };
baton.config = cfg;
baton.user = user;
baton.required_access = required_access;
baton.repos_path = path;
baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
":", path, SVN_VA_NULL);
/* Default to access granted if no rules say otherwise. */
baton.access = TRUE;
svn_config_enumerate_sections2(cfg, authz_parse_section,
&baton, pool);
return baton.access;
}
/* Callback to parse sections of the configuration file, looking for
any kind of granted access. Implements the
svn_config_section_enumerator2_t interface. */
static svn_boolean_t
authz_get_any_access_parser_cb(const char *section_name, void *baton,
apr_pool_t *pool)
{
struct authz_lookup_baton *b = baton;
/* Does the section apply to the query? */
if (section_name[0] == '/'
|| strncmp(section_name, b->qualified_repos_path,
strlen(b->qualified_repos_path)) == 0)
{
b->allow = b->deny = svn_authz_none;
svn_config_enumerate2(b->config, section_name,
authz_parse_line, baton, pool);
b->access = authz_access_is_granted(b->allow, b->deny,
b->required_access);
/* Continue as long as we don't find a determined, granted access. */
return !(b->access
&& authz_access_is_determined(b->allow, b->deny,
b->required_access));
}
return TRUE;
}
/* Walk through the authz CFG to check if USER has the REQUIRED_ACCESS
* to any path within the REPOSITORY. Return TRUE if so. Use POOL
* for temporary allocations. */
static svn_boolean_t
authz_get_any_access(svn_config_t *cfg, const char *repos_name,
const char *user,
svn_repos_authz_access_t required_access,
apr_pool_t *pool)
{
struct authz_lookup_baton baton = { 0 };
baton.config = cfg;
baton.user = user;
baton.required_access = required_access;
baton.access = FALSE; /* Deny access by default. */
baton.repos_path = "/";
baton.qualified_repos_path = apr_pstrcat(pool, repos_name,
":/", SVN_VA_NULL);
/* We could have used svn_config_enumerate2 for "repos_name:/".
* However, this requires access for root explicitly (which the user
* may not always have). So we end up enumerating the sections in
* the authz CFG and stop on the first match with some access for
* this user. */
svn_config_enumerate_sections2(cfg, authz_get_any_access_parser_cb,
&baton, pool);
/* If walking the configuration was inconclusive, deny access. */
if (!authz_access_is_determined(baton.allow,
baton.deny, baton.required_access))
return FALSE;
return baton.access;
}
/*** Validating the authz file. ***/
/* Check for errors in GROUP's definition of CFG. The errors
* detected are references to non-existent groups and circular
* dependencies between groups. If an error is found, return
* SVN_ERR_AUTHZ_INVALID_CONFIG. Use POOL for temporary
* allocations only.
*
* CHECKED_GROUPS should be an empty (it is used for recursive calls).
*/
static svn_error_t *
authz_group_walk(svn_config_t *cfg,
const char *group,
apr_hash_t *checked_groups,
apr_pool_t *pool)
{
const char *value;
apr_array_header_t *list;
int i;
svn_config_get(cfg, &value, "groups", group, NULL);
/* Having a non-existent group in the ACL configuration might be the
sign of a typo. Refuse to perform authz on uncertain rules. */
if (!value)
return svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"An authz rule refers to group '%s', "
"which is undefined",
group);
list = svn_cstring_split(value, ",", TRUE, pool);
for (i = 0; i < list->nelts; i++)
{
const char *group_user = APR_ARRAY_IDX(list, i, char *);
/* If the 'user' is a subgroup, recurse into it. */
if (*group_user == '@')
{
/* A circular dependency between groups is a Bad Thing. We
don't do authz with invalid ACL files. */
if (svn_hash_gets(checked_groups, &group_user[1]))
return svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG,
NULL,
"Circular dependency between "
"groups '%s' and '%s'",
&group_user[1], group);
/* Add group to hash of checked groups. */
svn_hash_sets(checked_groups, &group_user[1], "");
/* Recurse on that group. */
SVN_ERR(authz_group_walk(cfg, &group_user[1],
checked_groups, pool));
/* Remove group from hash of checked groups, so that we don't
incorrectly report an error if we see it again as part of
another group. */
svn_hash_sets(checked_groups, &group_user[1], NULL);
}
else if (*group_user == '&')
{
const char *alias;
svn_config_get(cfg, &alias, "aliases", &group_user[1], NULL);
/* Having a non-existent alias in the ACL configuration might be the
sign of a typo. Refuse to perform authz on uncertain rules. */
if (!alias)
return svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"An authz rule refers to alias '%s', "
"which is undefined",
&group_user[1]);
}
}
return SVN_NO_ERROR;
}
/* Callback to perform some simple sanity checks on an authz rule.
*
* - If RULE_MATCH_STRING references a group or an alias, verify that
* the group or alias definition exists.
* - If RULE_MATCH_STRING specifies a token (starts with $), verify
* that the token name is valid.
* - If RULE_MATCH_STRING is using inversion, verify that it isn't
* doing it more than once within the one rule, and that it isn't
* "~*", as that would never match.
* - Check that VALUE part of the rule specifies only allowed rule
* flag characters ('r' and 'w').
*
* Return TRUE if the rule has no errors. Use BATON for context and
* error reporting.
*/
static svn_boolean_t authz_validate_rule(const char *rule_match_string,
const char *value,
void *baton,
apr_pool_t *pool)
{
const char *val;
const char *match = rule_match_string;
struct authz_validate_baton *b = baton;
/* Make sure the user isn't using double-negatives. */
if (match[0] == '~')
{
/* Bump the pointer past the inversion for the other checks. */
match++;
/* Another inversion is a double negative; we can't not stop. */
if (match[0] == '~')
{
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"Rule '%s' has more than one "
"inversion; double negatives are "
"not permitted.",
rule_match_string);
return FALSE;
}
/* Make sure that the rule isn't "~*", which won't ever match. */
if (strcmp(match, "*") == 0)
{
b->err = svn_error_create(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"Authz rules with match string '~*' "
"are not allowed, because they never "
"match anyone.");
return FALSE;
}
}
/* If the rule applies to a group, check its existence. */
if (match[0] == '@')
{
const char *group = &match[1];
svn_config_get(b->config, &val, "groups", group, NULL);
/* Having a non-existent group in the ACL configuration might be
the sign of a typo. Refuse to perform authz on uncertain
rules. */
if (!val)
{
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"An authz rule refers to group "
"'%s', which is undefined",
rule_match_string);
return FALSE;
}
}
/* If the rule applies to an alias, check its existence. */
if (match[0] == '&')
{
const char *alias = &match[1];
svn_config_get(b->config, &val, "aliases", alias, NULL);
if (!val)
{
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"An authz rule refers to alias "
"'%s', which is undefined",
rule_match_string);
return FALSE;
}
}
/* If the rule specifies a token, check its validity. */
if (match[0] == '$')
{
const char *token_name = &match[1];
if ((strcmp(token_name, "anonymous") != 0)
&& (strcmp(token_name, "authenticated") != 0))
{
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"Unrecognized authz token '%s'.",
rule_match_string);
return FALSE;
}
}
val = value;
while (*val)
{
if (*val != 'r' && *val != 'w' && ! svn_ctype_isspace(*val))
{
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"The character '%c' in rule '%s' is not "
"allowed in authz rules", *val,
rule_match_string);
return FALSE;
}
++val;
}
return TRUE;
}
/* Callback to check ALIAS's definition for validity. Use
BATON for context and error reporting. */
static svn_boolean_t authz_validate_alias(const char *alias,
const char *value,
void *baton,
apr_pool_t *pool)
{
/* No checking at the moment, every alias is valid */
return TRUE;
}
/* Callback to check GROUP's definition for cyclic dependancies. Use
BATON for context and error reporting. */
static svn_boolean_t authz_validate_group(const char *group,
const char *value,
void *baton,
apr_pool_t *pool)
{
struct authz_validate_baton *b = baton;
b->err = authz_group_walk(b->config, group, apr_hash_make(pool), pool);
if (b->err)
return FALSE;
return TRUE;
}
/* Callback to check the contents of the configuration section given
by NAME. Use BATON for context and error reporting. */
static svn_boolean_t authz_validate_section(const char *name,
void *baton,
apr_pool_t *pool)
{
struct authz_validate_baton *b = baton;
/* Use the group checking callback for the "groups" section... */
if (strcmp(name, "groups") == 0)
svn_config_enumerate2(b->config, name, authz_validate_group,
baton, pool);
/* ...and the alias checking callback for "aliases"... */
else if (strcmp(name, "aliases") == 0)
svn_config_enumerate2(b->config, name, authz_validate_alias,
baton, pool);
/* ...but for everything else use the rule checking callback. */
else
{
/* Validate the section's name. Skip the optional REPOS_NAME. */
const char *fspath = strchr(name, ':');
if (fspath)
fspath++;
else
fspath = name;
if (! svn_fspath__is_canonical(fspath))
{
b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"Section name '%s' contains non-canonical "
"fspath '%s'",
name, fspath);
return FALSE;
}
svn_config_enumerate2(b->config, name, authz_validate_rule,
baton, pool);
}
if (b->err)
return FALSE;
return TRUE;
}
svn_error_t *
svn_repos__authz_validate(svn_authz_t *authz, apr_pool_t *pool)
{
struct authz_validate_baton baton = { 0 };
baton.err = SVN_NO_ERROR;
baton.config = authz->cfg;
/* Step through the entire rule file stopping on error. */
svn_config_enumerate_sections2(authz->cfg, authz_validate_section,
&baton, pool);
SVN_ERR(baton.err);
return SVN_NO_ERROR;
}
/* Retrieve the file at DIRENT (contained in a repo) then parse it as a config
* file placing the result into CFG_P allocated in POOL.
*
* If DIRENT cannot be parsed as a config file then an error is returned. The
* contents of CFG_P is then undefined. If MUST_EXIST is TRUE, a missing
* authz file is also an error. The CASE_SENSITIVE controls the lookup
* behavior for section and option names alike.
*
* SCRATCH_POOL will be used for temporary allocations. */
static svn_error_t *
authz_retrieve_config_repo(svn_config_t **cfg_p,
const char *dirent,
svn_boolean_t must_exist,
svn_boolean_t case_sensitive,
apr_pool_t *result_pool,
apr_pool_t *scratch_pool)
{
svn_error_t *err;
svn_repos_t *repos;
const char *repos_root_dirent;
const char *fs_path;
svn_fs_t *fs;
svn_fs_root_t *root;
svn_revnum_t youngest_rev;
svn_node_kind_t node_kind;
svn_stream_t *contents;
/* Search for a repository in the full path. */
repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
if (!repos_root_dirent)
return svn_error_createf(SVN_ERR_RA_LOCAL_REPOS_NOT_FOUND, NULL,
"Unable to find repository at '%s'", dirent);
/* Attempt to open a repository at repos_root_dirent. */
SVN_ERR(svn_repos_open3(&repos, repos_root_dirent, NULL, scratch_pool,
scratch_pool));
fs_path = &dirent[strlen(repos_root_dirent)];
/* Root path is always a directory so no reason to go any further */
if (*fs_path == '\0')
return svn_error_createf(SVN_ERR_ILLEGAL_TARGET, NULL,
"'/' is not a file in repo '%s'",
repos_root_dirent);
/* We skip some things that are non-important for how we're going to use
* this repo connection. We do not set any capabilities since none of
* the current ones are important for what we're doing. We also do not
* setup the environment that repos hooks would run under since we won't
* be triggering any. */
/* Get the filesystem. */
fs = svn_repos_fs(repos);
/* Find HEAD and the revision root */
SVN_ERR(svn_fs_youngest_rev(&youngest_rev, fs, scratch_pool));
SVN_ERR(svn_fs_revision_root(&root, fs, youngest_rev, scratch_pool));
SVN_ERR(svn_fs_check_path(&node_kind, root, fs_path, scratch_pool));
if (node_kind == svn_node_none)
{
if (!must_exist)
{
SVN_ERR(svn_config_create2(cfg_p, case_sensitive, case_sensitive,
result_pool));
return SVN_NO_ERROR;
}
else
{
return svn_error_createf(SVN_ERR_ILLEGAL_TARGET, NULL,
"'%s' path not found in repo '%s'", fs_path,
repos_root_dirent);
}
}
else if (node_kind != svn_node_file)
{
return svn_error_createf(SVN_ERR_ILLEGAL_TARGET, NULL,
"'%s' is not a file in repo '%s'", fs_path,
repos_root_dirent);
}
SVN_ERR(svn_fs_file_contents(&contents, root, fs_path, scratch_pool));
err = svn_config_parse(cfg_p, contents, case_sensitive, case_sensitive,
result_pool);
/* Add the URL to the error stack since the parser doesn't have it. */
if (err != SVN_NO_ERROR)
return svn_error_createf(err->apr_err, err,
"Error while parsing config file: '%s' in repo '%s':",
fs_path, repos_root_dirent);
return SVN_NO_ERROR;
}
svn_error_t *
svn_repos__retrieve_config(svn_config_t **cfg_p,
const char *path,
svn_boolean_t must_exist,
svn_boolean_t case_sensitive,
apr_pool_t *pool)
{
if (svn_path_is_url(path))
{
const char *dirent;
svn_error_t *err;
apr_pool_t *scratch_pool = svn_pool_create(pool);
err = svn_uri_get_dirent_from_file_url(&dirent, path, scratch_pool);
if (err == SVN_NO_ERROR)
err = authz_retrieve_config_repo(cfg_p, dirent, must_exist,
case_sensitive, pool, scratch_pool);
/* Close the repos and streams we opened. */
svn_pool_destroy(scratch_pool);
return err;
}
else
{
/* Outside of repo file or Windows registry*/
SVN_ERR(svn_config_read3(cfg_p, path, must_exist, case_sensitive,
case_sensitive, pool));
}
return SVN_NO_ERROR;
}
/* Callback to copy (name, value) group into the "groups" section
of another configuration. */
static svn_boolean_t
authz_copy_group(const char *name, const char *value,
void *baton, apr_pool_t *pool)
{
svn_config_t *authz_cfg = baton;
svn_config_set(authz_cfg, SVN_CONFIG_SECTION_GROUPS, name, value);
return TRUE;
}
/* Copy group definitions from GROUPS_CFG to the resulting AUTHZ.
* If AUTHZ already contains any group definition, report an error.
* Use POOL for temporary allocations. */
static svn_error_t *
authz_copy_groups(svn_authz_t *authz, svn_config_t *groups_cfg,
apr_pool_t *pool)
{
/* Easy out: we prohibit local groups in the authz file when global
groups are being used. */
if (svn_config_has_section(authz->cfg, SVN_CONFIG_SECTION_GROUPS))
{
return svn_error_create(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
"Authz file cannot contain any groups "
"when global groups are being used.");
}
svn_config_enumerate2(groups_cfg, SVN_CONFIG_SECTION_GROUPS,
authz_copy_group, authz->cfg, pool);
return SVN_NO_ERROR;
}
svn_error_t *
svn_repos__authz_read(svn_authz_t **authz_p, const char *path,
const char *groups_path, svn_boolean_t must_exist,
svn_boolean_t accept_urls, apr_pool_t *pool)
{
svn_authz_t *authz = apr_palloc(pool, sizeof(*authz));
/* Load the authz file */
if (accept_urls)
SVN_ERR(svn_repos__retrieve_config(&authz->cfg, path, must_exist, TRUE,
pool));
else
SVN_ERR(svn_config_read3(&authz->cfg, path, must_exist, TRUE, TRUE,
pool));
if (groups_path)
{
svn_config_t *groups_cfg;
svn_error_t *err;
/* Load the groups file */
if (accept_urls)
SVN_ERR(svn_repos__retrieve_config(&groups_cfg, groups_path,
must_exist, TRUE, pool));
else
SVN_ERR(svn_config_read3(&groups_cfg, groups_path, must_exist,
TRUE, TRUE, pool));
/* Copy the groups from groups_cfg into authz. */
err = authz_copy_groups(authz, groups_cfg, pool);
/* Add the paths to the error stack since the authz_copy_groups
routine knows nothing about them. */
if (err != SVN_NO_ERROR)
return svn_error_createf(err->apr_err, err,
"Error reading authz file '%s' with "
"groups file '%s':", path, groups_path);
}
/* Make sure there are no errors in the configuration. */
SVN_ERR(svn_repos__authz_validate(authz, pool));
*authz_p = authz;
return SVN_NO_ERROR;
}
/*** Public functions. ***/
svn_error_t *
svn_repos_authz_read2(svn_authz_t **authz_p, const char *path,
const char *groups_path, svn_boolean_t must_exist,
apr_pool_t *pool)
{
return svn_repos__authz_read(authz_p, path, groups_path, must_exist,
TRUE, pool);
}
svn_error_t *
svn_repos_authz_parse(svn_authz_t **authz_p, svn_stream_t *stream,
svn_stream_t *groups_stream, apr_pool_t *pool)
{
svn_authz_t *authz = apr_palloc(pool, sizeof(*authz));
/* Parse the authz stream */
SVN_ERR(svn_config_parse(&authz->cfg, stream, TRUE, TRUE, pool));
if (groups_stream)
{
svn_config_t *groups_cfg;
/* Parse the groups stream */
SVN_ERR(svn_config_parse(&groups_cfg, groups_stream, TRUE, TRUE, pool));
SVN_ERR(authz_copy_groups(authz, groups_cfg, pool));
}
/* Make sure there are no errors in the configuration. */
SVN_ERR(svn_repos__authz_validate(authz, pool));
*authz_p = authz;
return SVN_NO_ERROR;
}
svn_error_t *
svn_repos_authz_check_access(svn_authz_t *authz, const char *repos_name,
const char *path, const char *user,
svn_repos_authz_access_t required_access,
svn_boolean_t *access_granted,
apr_pool_t *pool)
{
const char *current_path;
if (!repos_name)
repos_name = "";
/* If PATH is NULL, check if the user has *any* access. */
if (!path)
{
*access_granted = authz_get_any_access(authz->cfg, repos_name,
user, required_access, pool);
return SVN_NO_ERROR;
}
/* Sanity check. */
SVN_ERR_ASSERT(path[0] == '/');
/* Determine the granted access for the requested path. */
path = svn_fspath__canonicalize(path, pool);
current_path = path;
while (!authz_get_path_access(authz->cfg, repos_name,
current_path, user,
required_access,
access_granted,
pool))
{
/* Stop if the loop hits the repository root with no
results. */
if (current_path[0] == '/' && current_path[1] == '\0')
{
/* Deny access by default. */
*access_granted = FALSE;
return SVN_NO_ERROR;
}
/* Work back to the parent path. */
current_path = svn_fspath__dirname(current_path, pool);
}
/* If the caller requested recursive access, we need to walk through
the entire authz config to see whether any child paths are denied
to the requested user. */
if (*access_granted && (required_access & svn_authz_recursive))
*access_granted = authz_get_tree_access(authz->cfg, repos_name, path,
user, required_access, pool);
return SVN_NO_ERROR;
}