subversion/libsvn_repos/authz_pool.c - subversion - Git at Google

 /*
  * authz_pool.c :  pool of authorization objects
  *
  * ====================================================================
  *    Licensed to the Apache Software Foundation (ASF) under one
  *    or more contributor license agreements.  See the NOTICE file
  *    distributed with this work for additional information
  *    regarding copyright ownership.  The ASF licenses this file
  *    to you under the Apache License, Version 2.0 (the
  *    "License"); you may not use this file except in compliance
  *    with the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *    Unless required by applicable law or agreed to in writing,
  *    software distributed under the License is distributed on an
  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *    KIND, either express or implied.  See the License for the
  *    specific language governing permissions and limitations
  *    under the License.
  * ====================================================================
  */


 #include "svn_checksum.h"
 #include "svn_config.h"
 #include "svn_error.h"
 #include "svn_pools.h"

 #include "private/svn_dep_compat.h"
 #include "private/svn_mutex.h"
 #include "private/svn_object_pool.h"
 #include "private/svn_subr_private.h"
 #include "private/svn_repos_private.h"
 #include "private/svn_string_private.h"
 #include "private/svn_subr_private.h"

 #include "repos.h"

 /* Currently this structure is just a wrapper around a svn_config_t.
  */
 struct svn_authz_t
 {
   svn_config_t *cfg;
 };

 /* The wrapper object structure that we store in the object pool.  It
  * combines the authz with the underlying config structures and their
  * identifying keys.
  */
 typedef struct authz_object_t
 {
   /* key = concatenation of AUTHZ_KEY and GROUPS_KEY */
   svn_membuf_t *key;

   /* keys used to identify AUTHZ_CFG and GROUPS_CFG */
   svn_membuf_t *authz_key;
   svn_membuf_t *groups_key;

   /* r/o references to configurations from the configuration pool.
      GROUPS_CFG may be NULL. */
   svn_config_t *authz_cfg;
   svn_config_t *groups_cfg;

   /* Case-sensitive config. */
   svn_authz_t *authz;
 } authz_object_t;

 /* Root data structure simply adding the config_pool to the basic object pool.
  */
 struct svn_repos__authz_pool_t
 {
   /* authz_object_t object storage */
   svn_object_pool__t *object_pool;

   /* factory and storage of (shared) configuration objects */
   svn_repos__config_pool_t *config_pool;
 };

 /* Return a combination of AUTHZ_KEY and GROUPS_KEY, allocated in POOL.
  * GROUPS_KEY may be NULL.
  */
 static svn_membuf_t *
 construct_key(svn_membuf_t *authz_key,
               svn_membuf_t *groups_key,
               apr_pool_t *pool)
 {
   svn_membuf_t *result = apr_pcalloc(pool, sizeof(*result));
   apr_size_t size;
   if (groups_key)
     {
       size = authz_key->size + groups_key->size;
       svn_membuf__create(result,size, pool);
       memcpy(result->data, authz_key->data, authz_key->size);
       memcpy((char *)result->data + authz_key->size,
              groups_key->data, groups_key->size);
     }
   else
     {
       size = authz_key->size;
       svn_membuf__create(result, size, pool);
       memcpy(result->data, authz_key->data, authz_key->size);
     }

   result->size = size;
   return result;
 }

 /* Implement svn_object_pool__getter_t on authz_object_t structures.
  */
 static void *
 getter(void *object,
        void *baton,
        apr_pool_t *pool)
 {
   return ((authz_object_t *)object)->authz;
 }

 /* API implementation */

 svn_error_t *
 svn_repos__authz_pool_create(svn_repos__authz_pool_t **authz_pool,
                              svn_repos__config_pool_t *config_pool,
                              svn_boolean_t thread_safe,
                              apr_pool_t *pool)
 {
   svn_repos__authz_pool_t *result;
   svn_object_pool__t *object_pool;

   /* there is no setter as we don't need to update existing authz */
   SVN_ERR(svn_object_pool__create(&object_pool, getter, NULL, thread_safe,
                                   pool));

   result = apr_pcalloc(pool, sizeof(*result));
   result->object_pool = object_pool;
   result->config_pool = config_pool;

   *authz_pool = result;
   return SVN_NO_ERROR;
 }

 svn_error_t *
 svn_repos__authz_pool_get(svn_authz_t **authz_p,
                           svn_repos__authz_pool_t *authz_pool,
                           const char *path,
                           const char *groups_path,
                           svn_boolean_t must_exist,
                           svn_repos_t *preferred_repos,
                           apr_pool_t *pool)
 {
   apr_pool_t *authz_ref_pool
     = svn_object_pool__new_wrapper_pool(authz_pool->object_pool);
   authz_object_t *authz_ref
     = apr_pcalloc(authz_ref_pool, sizeof(*authz_ref));
   svn_boolean_t have_all_keys;

   /* read the configurations */
   SVN_ERR(svn_repos__config_pool_get(&authz_ref->authz_cfg,
                                      &authz_ref->authz_key,
                                      authz_pool->config_pool,
                                      path, must_exist, TRUE,
                                      preferred_repos, authz_ref_pool));
   have_all_keys = authz_ref->authz_key != NULL;

   if (groups_path)
     {
       SVN_ERR(svn_repos__config_pool_get(&authz_ref->groups_cfg,
                                          &authz_ref->groups_key,
                                          authz_pool->config_pool,
                                          groups_path, must_exist, TRUE,
                                          preferred_repos, authz_ref_pool));
       have_all_keys &= authz_ref->groups_key != NULL;
     }

   /* fall back to standard implementation in case we don't have all the
    * facts (i.e. keys). */
   if (!have_all_keys)
     return svn_error_trace(svn_repos_authz_read2(authz_p, path, groups_path,
                                                  must_exist, pool));

   /* all keys are known and lookup is unambigious. */
   authz_ref->key = construct_key(authz_ref->authz_key,
                                  authz_ref->groups_key,
                                  authz_ref_pool);

   SVN_ERR(svn_object_pool__lookup((void **)authz_p, authz_pool->object_pool,
                                   authz_ref->key, NULL, pool));
   if (*authz_p)
     {
       svn_pool_destroy(authz_ref_pool);
       return SVN_NO_ERROR;
     }

   authz_ref->authz = apr_palloc(authz_ref_pool, sizeof(*authz_ref->authz));
   authz_ref->authz->cfg = authz_ref->authz_cfg;

   if (groups_path)
     {
       /* Easy out: we prohibit local groups in the authz file when global
          groups are being used. */
       if (svn_config_has_section(authz_ref->authz->cfg,
                                  SVN_CONFIG_SECTION_GROUPS))
         return svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
                                  "Error reading authz file '%s' with "
                                  "groups file '%s':"
                                  "Authz file cannot contain any groups "
                                  "when global groups are being used.",
                                  path, groups_path);

       /* We simply need to add the [Groups] section to the authz config.
        */
       svn_config__shallow_replace_section(authz_ref->authz->cfg,
                                           authz_ref->groups_cfg,
                                           SVN_CONFIG_SECTION_GROUPS);
     }

   /* Make sure there are no errors in the configuration. */
   SVN_ERR(svn_repos__authz_validate(authz_ref->authz, authz_ref_pool));

   SVN_ERR(svn_object_pool__insert((void **)authz_p, authz_pool->object_pool,
                                   authz_ref->key, authz_ref, NULL,
                                   authz_ref_pool, pool));

   return SVN_NO_ERROR;
 }
	/*
	* authz_pool.c : pool of authorization objects
	*
	* ====================================================================
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	* ====================================================================
	*/



	#include "svn_checksum.h"
	#include "svn_config.h"
	#include "svn_error.h"
	#include "svn_pools.h"

	#include "private/svn_dep_compat.h"
	#include "private/svn_mutex.h"
	#include "private/svn_object_pool.h"
	#include "private/svn_subr_private.h"
	#include "private/svn_repos_private.h"
	#include "private/svn_string_private.h"
	#include "private/svn_subr_private.h"

	#include "repos.h"

	/* Currently this structure is just a wrapper around a svn_config_t.
	*/
	struct svn_authz_t
	{
	svn_config_t *cfg;
	};

	/* The wrapper object structure that we store in the object pool. It
	* combines the authz with the underlying config structures and their
	* identifying keys.
	*/
	typedef struct authz_object_t
	{
	/* key = concatenation of AUTHZ_KEY and GROUPS_KEY */
	svn_membuf_t *key;

	/* keys used to identify AUTHZ_CFG and GROUPS_CFG */
	svn_membuf_t *authz_key;
	svn_membuf_t *groups_key;

	/* r/o references to configurations from the configuration pool.
	GROUPS_CFG may be NULL. */
	svn_config_t *authz_cfg;
	svn_config_t *groups_cfg;

	/* Case-sensitive config. */
	svn_authz_t *authz;
	} authz_object_t;

	/* Root data structure simply adding the config_pool to the basic object pool.
	*/
	struct svn_repos__authz_pool_t
	{
	/* authz_object_t object storage */
	svn_object_pool__t *object_pool;

	/* factory and storage of (shared) configuration objects */
	svn_repos__config_pool_t *config_pool;
	};

	/* Return a combination of AUTHZ_KEY and GROUPS_KEY, allocated in POOL.
	* GROUPS_KEY may be NULL.
	*/
	static svn_membuf_t *
	construct_key(svn_membuf_t *authz_key,
	svn_membuf_t *groups_key,
	apr_pool_t *pool)
	{
	svn_membuf_t result = apr_pcalloc(pool, sizeof(result));
	apr_size_t size;
	if (groups_key)
	{
	size = authz_key->size + groups_key->size;
	svn_membuf__create(result,size, pool);
	memcpy(result->data, authz_key->data, authz_key->size);
	memcpy((char *)result->data + authz_key->size,
	groups_key->data, groups_key->size);
	}
	else
	{
	size = authz_key->size;
	svn_membuf__create(result, size, pool);
	memcpy(result->data, authz_key->data, authz_key->size);
	}

	result->size = size;
	return result;
	}

	/* Implement svn_object_pool__getter_t on authz_object_t structures.
	*/
	static void *
	getter(void *object,
	void *baton,
	apr_pool_t *pool)
	{
	return ((authz_object_t *)object)->authz;
	}

	/* API implementation */

	svn_error_t *
	svn_repos__authz_pool_create(svn_repos__authz_pool_t **authz_pool,
	svn_repos__config_pool_t *config_pool,
	svn_boolean_t thread_safe,
	apr_pool_t *pool)
	{
	svn_repos__authz_pool_t *result;
	svn_object_pool__t *object_pool;

	/* there is no setter as we don't need to update existing authz */
	SVN_ERR(svn_object_pool__create(&object_pool, getter, NULL, thread_safe,
	pool));

	result = apr_pcalloc(pool, sizeof(*result));
	result->object_pool = object_pool;
	result->config_pool = config_pool;

	*authz_pool = result;
	return SVN_NO_ERROR;
	}

	svn_error_t *
	svn_repos__authz_pool_get(svn_authz_t **authz_p,
	svn_repos__authz_pool_t *authz_pool,
	const char *path,
	const char *groups_path,
	svn_boolean_t must_exist,
	svn_repos_t *preferred_repos,
	apr_pool_t *pool)
	{
	apr_pool_t *authz_ref_pool
	= svn_object_pool__new_wrapper_pool(authz_pool->object_pool);
	authz_object_t *authz_ref
	= apr_pcalloc(authz_ref_pool, sizeof(*authz_ref));
	svn_boolean_t have_all_keys;

	/* read the configurations */
	SVN_ERR(svn_repos__config_pool_get(&authz_ref->authz_cfg,
	&authz_ref->authz_key,
	authz_pool->config_pool,
	path, must_exist, TRUE,
	preferred_repos, authz_ref_pool));
	have_all_keys = authz_ref->authz_key != NULL;

	if (groups_path)
	{
	SVN_ERR(svn_repos__config_pool_get(&authz_ref->groups_cfg,
	&authz_ref->groups_key,
	authz_pool->config_pool,
	groups_path, must_exist, TRUE,
	preferred_repos, authz_ref_pool));
	have_all_keys &= authz_ref->groups_key != NULL;
	}

	/* fall back to standard implementation in case we don't have all the
	* facts (i.e. keys). */
	if (!have_all_keys)
	return svn_error_trace(svn_repos_authz_read2(authz_p, path, groups_path,
	must_exist, pool));

	/* all keys are known and lookup is unambigious. */
	authz_ref->key = construct_key(authz_ref->authz_key,
	authz_ref->groups_key,
	authz_ref_pool);

	SVN_ERR(svn_object_pool__lookup((void **)authz_p, authz_pool->object_pool,
	authz_ref->key, NULL, pool));
	if (*authz_p)
	{
	svn_pool_destroy(authz_ref_pool);
	return SVN_NO_ERROR;
	}

	authz_ref->authz = apr_palloc(authz_ref_pool, sizeof(*authz_ref->authz));
	authz_ref->authz->cfg = authz_ref->authz_cfg;

	if (groups_path)
	{
	/* Easy out: we prohibit local groups in the authz file when global
	groups are being used. */
	if (svn_config_has_section(authz_ref->authz->cfg,
	SVN_CONFIG_SECTION_GROUPS))
	return svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
	"Error reading authz file '%s' with "
	"groups file '%s':"
	"Authz file cannot contain any groups "
	"when global groups are being used.",
	path, groups_path);

	/* We simply need to add the [Groups] section to the authz config.
	*/
	svn_config__shallow_replace_section(authz_ref->authz->cfg,
	authz_ref->groups_cfg,
	SVN_CONFIG_SECTION_GROUPS);
	}

	/* Make sure there are no errors in the configuration. */
	SVN_ERR(svn_repos__authz_validate(authz_ref->authz, authz_ref_pool));

	SVN_ERR(svn_object_pool__insert((void **)authz_p, authz_pool->object_pool,
	authz_ref->key, authz_ref, NULL,
	authz_ref_pool, pool));

	return SVN_NO_ERROR;
	}