diff options
author | Lorry Tar Creator <lorry-tar-importer@baserock.org> | 2015-03-18 13:33:26 +0000 |
---|---|---|
committer | <> | 2015-07-08 14:41:01 +0000 |
commit | bb0ef45f7c46b0ae221b26265ef98a768c33f820 (patch) | |
tree | 98bae10dde41c746c51ae97ec4f879e330415aa7 /subversion/mod_authz_svn | |
parent | 239dfafe71711b2f4c43d7b90a1228d7bdc5195e (diff) | |
download | subversion-tarball-bb0ef45f7c46b0ae221b26265ef98a768c33f820.tar.gz |
Imported from /home/lorry/working-area/delta_subversion-tarball/subversion-1.8.13.tar.gz.subversion-1.8.13
Diffstat (limited to 'subversion/mod_authz_svn')
-rw-r--r-- | subversion/mod_authz_svn/INSTALL | 105 | ||||
-rw-r--r-- | subversion/mod_authz_svn/mod_authz_svn.c | 428 |
2 files changed, 399 insertions, 134 deletions
diff --git a/subversion/mod_authz_svn/INSTALL b/subversion/mod_authz_svn/INSTALL index 88faabf..d2216ad 100644 --- a/subversion/mod_authz_svn/INSTALL +++ b/subversion/mod_authz_svn/INSTALL @@ -56,6 +56,12 @@ II. Configuration Satisfy Any Require valid-user </Location> + + NOTE: The access control is designed to never display entries that + the user does not have access to. Combining anonymous access on the + top levels while restricting read access lower in the directory + structure makes it difficult to browse because the server will not + request authentication. C. Example 3: Authenticated access only @@ -100,6 +106,105 @@ II. Configuration NOTE: AuthzSVNReposRelativeAccessFile filename causes the authz file to be read from <repo path>/conf/<filename> + E. Example 5: Authz file stored in a Subversion repository + + This configuration allows storing of the authz file in a repository. + + <Location /svn> + DAV svn + SVNParentPath /path/to/reposparent + + AuthType Basic + AuthName "Subversion repository" + AuthUserFile /path/to/htpasswd/file + + AuthzSVNAccessFile file:///path/to/repos/authz + + Require valid-user + </Location> + + NOTE: http:// and svn:// URLs are not supported, only local file:// + absolute URLs may be used. The URL does not have to point to the + same repository as the repository being accessed. If you wish to + restrict access to this authz file and it is in the same repository + you should include a rule for it. + + F. Example 6: Authz file stored inside the repository being accessed. + + This configuration allows providing a relative path within the + repository being accessed. + + <Location /svn> + DAV svn + SVNParentPath /path/to/reposparent + + AuthType Basic + AuthName "Subversion repository" + AuthUserFile /path/to/htpasswd/file + + AuthzSVNAccessFile ^/authz + + Require valid-user + </Location> + + NOTE: You should include rules in your authz file to restirct access + to the authz file as desired. + + G. Example 7: Authenticated access to "Collection of Repositories" + + The "Collection of Repositories" is filtered based on read access to + the root of each repository, i.e. consistent with the directory lists + within repositories. If read access is restricted in repository roots, + it is typically desirable to require authentication for "Collection of + Repositories" in order to ensure that repositories where the user has + access are displayed. + + This is accomplished by specifying "Satisfy All" (which is the default + setting): + + <Location /svn> + DAV svn + SVNParentPath /path/to/reposparent + + AuthType Basic + AuthName "Subversion repository" + AuthUserFile /path/to/htpasswd/file + + AuthzSVNAccessFile /path/to/access/file + # implicit Satisfy All + Require valid-user + </Location> + + If the same server must be able to serve paths with anonymous access, + it can be defined using an additional location. + + <LocationMatch "^/svn/.+"> + Satisfy Any + Require valid-user + </LocationMatch> + + The "Require" statement in the previous example is not strictly + needed, but has been included for clarity. + + H. Example 8: Separate authz and groups files. + + This configuration allows storing the groups separately from the + main authz file with the authorization rules. + + <Location /svn> + DAV svn + SVNParentPath /path/to/reposparent + + AuthType Basic + AuthName "Subversion repository" + AuthUserFile /path/to/htpasswd/file + + AuthzSVNAccessFile /path/to/access/file + AuthzSVNGroupsFile /path/to/groups/file + + Require valid-user + </Location> + 2. Specifying permissions The file format of the access file looks like this: diff --git a/subversion/mod_authz_svn/mod_authz_svn.c b/subversion/mod_authz_svn/mod_authz_svn.c index a6da3fb..e9e43eb 100644 --- a/subversion/mod_authz_svn/mod_authz_svn.c +++ b/subversion/mod_authz_svn/mod_authz_svn.c @@ -44,14 +44,16 @@ #include "svn_config.h" #include "svn_string.h" #include "svn_repos.h" +#include "svn_pools.h" #include "svn_dirent_uri.h" #include "private/svn_fspath.h" -extern module AP_MODULE_DECLARE_DATA authz_svn_module; - #ifdef APLOG_USE_MODULE APLOG_USE_MODULE(authz_svn); +#else +/* This is part of the APLOG_USE_MODULE() macro in httpd-2.3 */ +extern module AP_MODULE_DECLARE_DATA authz_svn_module; #endif typedef struct authz_svn_config_rec { @@ -61,6 +63,7 @@ typedef struct authz_svn_config_rec { const char *base_path; const char *access_file; const char *repo_relative_access_file; + const char *groups_file; const char *force_username_case; } authz_svn_config_rec; @@ -85,6 +88,39 @@ create_authz_svn_dir_config(apr_pool_t *p, char *d) return conf; } +/* canonicalize ACCESS_FILE based on the type of argument. + * If SERVER_RELATIVE is true, ACCESS_FILE is a relative + * path then ACCESS_FILE is converted to an absolute + * path rooted at the server root. + * Returns NULL if path is not valid.*/ +static const char * +canonicalize_access_file(const char *access_file, + svn_boolean_t server_relative, + apr_pool_t *pool) +{ + if (svn_path_is_url(access_file)) + { + access_file = svn_uri_canonicalize(access_file, pool); + } + else if (!svn_path_is_repos_relative_url(access_file)) + { + if (server_relative) + { + access_file = ap_server_root_relative(pool, access_file); + if (access_file == NULL) + return NULL; + } + + access_file = svn_dirent_internal_style(access_file, pool); + } + + /* We don't canonicalize repos relative urls since they get + * canonicalized before calling svn_repos_authz_read2() when they + * are resolved. */ + + return access_file; +} + static const char * AuthzSVNAccessFile_cmd(cmd_parms *cmd, void *config, const char *arg1) { @@ -94,7 +130,9 @@ AuthzSVNAccessFile_cmd(cmd_parms *cmd, void *config, const char *arg1) return "AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile " "directives are mutually exclusive."; - conf->access_file = ap_server_root_relative(cmd->pool, arg1); + conf->access_file = canonicalize_access_file(arg1, TRUE, cmd->pool); + if (!conf->access_file) + return apr_pstrcat(cmd->pool, "Invalid file path ", arg1, NULL); return NULL; } @@ -111,7 +149,24 @@ AuthzSVNReposRelativeAccessFile_cmd(cmd_parms *cmd, return "AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile " "directives are mutually exclusive."; - conf->repo_relative_access_file = arg1; + conf->repo_relative_access_file = canonicalize_access_file(arg1, FALSE, + cmd->pool); + + if (!conf->repo_relative_access_file) + return apr_pstrcat(cmd->pool, "Invalid file path ", arg1, NULL); + + return NULL; +} + +static const char * +AuthzSVNGroupsFile_cmd(cmd_parms *cmd, void *config, const char *arg1) +{ + authz_svn_config_rec *conf = config; + + conf->groups_file = canonicalize_access_file(arg1, TRUE, cmd->pool); + + if (!conf->groups_file) + return apr_pstrcat(cmd->pool, "Invalid file path ", arg1, NULL); return NULL; } @@ -128,13 +183,25 @@ static const command_rec authz_svn_cmds[] = NULL, OR_AUTHCFG, "Path to text file containing permissions of repository " - "paths."), + "paths. Path may be an repository relative URL (^/) or " + "absolute file:// URL to a text file in a Subversion " + "repository."), AP_INIT_TAKE1("AuthzSVNReposRelativeAccessFile", AuthzSVNReposRelativeAccessFile_cmd, NULL, OR_AUTHCFG, "Path (relative to repository 'conf' directory) to text " - "file containing permissions of repository paths. "), + "file containing permissions of repository paths. Path may " + "be an repository relative URL (^/) or absolute file:// URL " + "to a text file in a Subversion repository."), + AP_INIT_TAKE1("AuthzSVNGroupsFile", + AuthzSVNGroupsFile_cmd, + NULL, + OR_AUTHCFG, + "Path to text file containing group definitions for all " + "repositories. Path may be an repository relative URL (^/) " + "or absolute file:// URL to a text file in a Subversion " + "repository."), AP_INIT_FLAG("AuthzSVNAnonymous", ap_set_flag_slot, (void *)APR_OFFSETOF(authz_svn_config_rec, anonymous), OR_AUTHCFG, @@ -159,61 +226,212 @@ static const command_rec authz_svn_cmds[] = { NULL } }; + +/* The macros LOG_ARGS_SIGNATURE and LOG_ARGS_CASCADE are expanded as formal + * and actual parameters to log_access_verdict with respect to HTTPD version. + */ +#if AP_MODULE_MAGIC_AT_LEAST(20100606,0) +#define LOG_ARGS_SIGNATURE const char *file, int line, int module_index +#define LOG_ARGS_CASCADE file, line, module_index +#else +#define LOG_ARGS_SIGNATURE const char *file, int line +#define LOG_ARGS_CASCADE file, line +#endif + +/* Log a message indicating the access control decision made about a + * request. The macro LOG_ARGS_SIGNATURE expands to FILE, LINE and + * MODULE_INDEX in HTTPD 2.3 as APLOG_MARK macro has been changed for + * per-module loglevel configuration. It expands to FILE and LINE + * in older server versions. ALLOWED is boolean. + * REPOS_PATH and DEST_REPOS_PATH are information + * about the request. DEST_REPOS_PATH may be NULL. */ +static void +log_access_verdict(LOG_ARGS_SIGNATURE, + const request_rec *r, int allowed, + const char *repos_path, const char *dest_repos_path) +{ + int level = allowed ? APLOG_INFO : APLOG_ERR; + const char *verdict = allowed ? "granted" : "denied"; + + if (r->user) + { + if (dest_repos_path) + ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, + "Access %s: '%s' %s %s %s", verdict, r->user, + r->method, repos_path, dest_repos_path); + else + ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, + "Access %s: '%s' %s %s", verdict, r->user, + r->method, repos_path); + } + else + { + if (dest_repos_path) + ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, + "Access %s: - %s %s %s", verdict, + r->method, repos_path, dest_repos_path); + else + ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, + "Access %s: - %s %s", verdict, + r->method, repos_path); + } +} + +/* Log a message indiciating the ERR encountered during the request R. + * LOG_ARGS_SIGNATURE expands as in log_access_verdict() above. + * PREFIX is inserted at the start of the message. The rest of the + * message is generated by combining the message for each error in the + * chain of ERR, excluding for trace errors. ERR will be cleared + * when finished. */ +static void +log_svn_error(LOG_ARGS_SIGNATURE, + request_rec *r, const char *prefix, + svn_error_t *err, apr_pool_t *scratch_pool) +{ + svn_error_t *err_pos = svn_error_purge_tracing(err); + svn_stringbuf_t *buff = svn_stringbuf_create(prefix, scratch_pool); + + /* Build the error chain into a space separated stringbuf. */ + while (err_pos) + { + svn_stringbuf_appendbyte(buff, ' '); + if (err_pos->message) + { + svn_stringbuf_appendcstr(buff, err_pos->message); + } + else + { + char strerr[256]; + + svn_stringbuf_appendcstr(buff, svn_strerror(err->apr_err, strerr, + sizeof(strerr))); + } + + err_pos = err_pos->child; + } + + ap_log_rerror(LOG_ARGS_CASCADE, APLOG_ERR, + /* If it is an error code that APR can make sense of, then + show it, otherwise, pass zero to avoid putting "APR does + not understand this error code" in the error log. */ + ((err->apr_err >= APR_OS_START_USERERR && + err->apr_err < APR_OS_START_CANONERR) ? + 0 : err->apr_err), + r, "%s", buff->data); + + svn_error_clear(err); +} + +/* Resolve *PATH into an absolute canonical URL iff *PATH is a repos-relative + * URL. If *REPOS_URL is NULL convert REPOS_PATH into a file URL stored + * in *REPOS_URL, if *REPOS_URL is not null REPOS_PATH is ignored. The + * resulting *REPOS_URL will be used as the root of the repos-relative URL. + * The result will be stored in *PATH. */ +static svn_error_t * +resolve_repos_relative_url(const char **path, const char **repos_url, + const char *repos_path, apr_pool_t *pool) +{ + if (svn_path_is_repos_relative_url(*path)) + { + if (!*repos_url) + SVN_ERR(svn_uri_get_file_url_from_dirent(repos_url, repos_path, pool)); + + SVN_ERR(svn_path_resolve_repos_relative_url(path, *path, + *repos_url, pool)); + *path = svn_uri_canonicalize(*path, pool); + } + + return SVN_NO_ERROR; +} + /* * Get the, possibly cached, svn_authz_t for this request. */ static svn_authz_t * -get_access_conf(request_rec *r, authz_svn_config_rec *conf) +get_access_conf(request_rec *r, authz_svn_config_rec *conf, + apr_pool_t *scratch_pool) { const char *cache_key = NULL; const char *access_file; + const char *groups_file; const char *repos_path; + const char *repos_url = NULL; void *user_data = NULL; svn_authz_t *access_conf = NULL; - svn_error_t *svn_err; + svn_error_t *svn_err = SVN_NO_ERROR; dav_error *dav_err; - char errbuf[256]; + + dav_err = dav_svn_get_repos_path(r, conf->base_path, &repos_path); + if (dav_err) + { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", dav_err->desc); + return NULL; + } if (conf->repo_relative_access_file) { - dav_err = dav_svn_get_repos_path(r, conf->base_path, &repos_path); - if (dav_err) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", dav_err->desc); - return NULL; - } - access_file = svn_dirent_join_many(r->pool, repos_path, "conf", - conf->repo_relative_access_file, - NULL); + access_file = conf->repo_relative_access_file; + if (!svn_path_is_repos_relative_url(access_file) && + !svn_path_is_url(access_file)) + { + access_file = svn_dirent_join_many(scratch_pool, repos_path, "conf", + conf->repo_relative_access_file, + NULL); + } } else { access_file = conf->access_file; } + groups_file = conf->groups_file; + + svn_err = resolve_repos_relative_url(&access_file, &repos_url, repos_path, + scratch_pool); + if (svn_err) + { + log_svn_error(APLOG_MARK, r, + conf->repo_relative_access_file ? + "Failed to load the AuthzSVNReposRelativeAccessFile:" : + "Failed to load the AuthzSVNAccessFile:", + svn_err, scratch_pool); + return NULL; + } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Path to authz file is %s", access_file); - cache_key = apr_pstrcat(r->pool, "mod_authz_svn:", - access_file, (char *)NULL); + if (groups_file) + { + svn_err = resolve_repos_relative_url(&groups_file, &repos_url, repos_path, + scratch_pool); + if (svn_err) + { + log_svn_error(APLOG_MARK, r, + "Failed to load the AuthzSVNGroupsFile:", + svn_err, scratch_pool); + return NULL; + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "Path to groups file is %s", groups_file); + } + + cache_key = apr_pstrcat(scratch_pool, "mod_authz_svn:", + access_file, groups_file, (char *)NULL); apr_pool_userdata_get(&user_data, cache_key, r->connection->pool); access_conf = user_data; if (access_conf == NULL) { - svn_err = svn_repos_authz_read(&access_conf, access_file, - TRUE, r->connection->pool); + + svn_err = svn_repos_authz_read2(&access_conf, access_file, + groups_file, TRUE, + r->connection->pool); + if (svn_err) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, - /* If it is an error code that APR can make sense - of, then show it, otherwise, pass zero to avoid - putting "APR does not understand this error code" - in the error log. */ - ((svn_err->apr_err >= APR_OS_START_USERERR && - svn_err->apr_err < APR_OS_START_CANONERR) ? - 0 : svn_err->apr_err), - r, "Failed to load the AuthzSVNAccessFile: %s", - svn_err_best_message(svn_err, errbuf, sizeof(errbuf))); - svn_error_clear(svn_err); + log_svn_error(APLOG_MARK, r, + "Failed to load the mod_authz_svn config:", + svn_err, scratch_pool); access_conf = NULL; } else @@ -234,7 +452,7 @@ convert_case(char *text, svn_boolean_t to_uppercase) char *c = text; while (*c) { - *c = (to_uppercase ? apr_toupper(*c) : apr_tolower(*c)); + *c = (char)(to_uppercase ? apr_toupper(*c) : apr_tolower(*c)); ++c; } } @@ -242,12 +460,13 @@ convert_case(char *text, svn_boolean_t to_uppercase) /* Return the username to authorize, with case-conversion performed if CONF->force_username_case is set. */ static char * -get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf) +get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf, + apr_pool_t *pool) { char *username_to_authorize = r->user; if (username_to_authorize && conf->force_username_case) { - username_to_authorize = apr_pstrdup(r->pool, r->user); + username_to_authorize = apr_pstrdup(pool, r->user); convert_case(username_to_authorize, strcasecmp(conf->force_username_case, "upper") == 0); } @@ -281,8 +500,8 @@ req_check_access(request_rec *r, svn_boolean_t authz_access_granted = FALSE; svn_authz_t *access_conf = NULL; svn_error_t *svn_err; - char errbuf[256]; - const char *username_to_authorize = get_username_to_authorize(r, conf); + const char *username_to_authorize = get_username_to_authorize(r, conf, + r->pool); switch (r->method_number) { @@ -418,7 +637,7 @@ req_check_access(request_rec *r, } /* Retrieve/cache authorization file */ - access_conf = get_access_conf(r,conf); + access_conf = get_access_conf(r,conf, r->pool); if (access_conf == NULL) return DECLINED; @@ -453,19 +672,9 @@ req_check_access(request_rec *r, r->pool); if (svn_err) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, - /* If it is an error code that APR can make - sense of, then show it, otherwise, pass - zero to avoid putting "APR does not - understand this error code" in the error - log. */ - ((svn_err->apr_err >= APR_OS_START_USERERR && - svn_err->apr_err < APR_OS_START_CANONERR) ? - 0 : svn_err->apr_err), - r, "Failed to perform access control: %s", - svn_err_best_message(svn_err, errbuf, - sizeof(errbuf))); - svn_error_clear(svn_err); + log_svn_error(APLOG_MARK, r, + "Failed to perform access control:", + svn_err, r->pool); return DECLINED; } @@ -500,17 +709,9 @@ req_check_access(request_rec *r, r->pool); if (svn_err) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, - /* If it is an error code that APR can make sense - of, then show it, otherwise, pass zero to avoid - putting "APR does not understand this error code" - in the error log. */ - ((svn_err->apr_err >= APR_OS_START_USERERR && - svn_err->apr_err < APR_OS_START_CANONERR) ? - 0 : svn_err->apr_err), - r, "Failed to perform access control: %s", - svn_err_best_message(svn_err, errbuf, sizeof(errbuf))); - svn_error_clear(svn_err); + log_svn_error(APLOG_MARK, r, + "Failed to perform access control:", + svn_err, r->pool); return DECLINED; } @@ -525,76 +726,24 @@ req_check_access(request_rec *r, return OK; } -/* The macros LOG_ARGS_SIGNATURE and LOG_ARGS_CASCADE are expanded as formal - * and actual parameters to log_access_verdict with respect to HTTPD version. - */ -#if AP_MODULE_MAGIC_AT_LEAST(20100606,0) -#define LOG_ARGS_SIGNATURE const char *file, int line, int module_index -#define LOG_ARGS_CASCADE file, line, module_index -#else -#define LOG_ARGS_SIGNATURE const char *file, int line -#define LOG_ARGS_CASCADE file, line -#endif - -/* Log a message indicating the access control decision made about a - * request. The macro LOG_ARGS_SIGNATURE expands to FILE, LINE and - * MODULE_INDEX in HTTPD 2.3 as APLOG_MARK macro has been changed for - * per-module loglevel configuration. It expands to FILE and LINE - * in older server versions. ALLOWED is boolean. - * REPOS_PATH and DEST_REPOS_PATH are information - * about the request. DEST_REPOS_PATH may be NULL. */ -static void -log_access_verdict(LOG_ARGS_SIGNATURE, - const request_rec *r, int allowed, - const char *repos_path, const char *dest_repos_path) -{ - int level = allowed ? APLOG_INFO : APLOG_ERR; - const char *verdict = allowed ? "granted" : "denied"; - - if (r->user) - { - if (dest_repos_path) - ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, - "Access %s: '%s' %s %s %s", verdict, r->user, - r->method, repos_path, dest_repos_path); - else - ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, - "Access %s: '%s' %s %s", verdict, r->user, - r->method, repos_path); - } - else - { - if (dest_repos_path) - ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, - "Access %s: - %s %s %s", verdict, - r->method, repos_path, dest_repos_path); - else - ap_log_rerror(LOG_ARGS_CASCADE, level, 0, r, - "Access %s: - %s %s", verdict, - r->method, repos_path); - } -} - /* - * This function is used as a provider to allow mod_dav_svn to bypass the - * generation of an apache request when checking GET access from - * "mod_dav_svn/authz.c" . + * Implementation of subreq_bypass with scratch_pool parameter. */ static int -subreq_bypass(request_rec *r, - const char *repos_path, - const char *repos_name) +subreq_bypass2(request_rec *r, + const char *repos_path, + const char *repos_name, + apr_pool_t *scratch_pool) { svn_error_t *svn_err = NULL; svn_authz_t *access_conf = NULL; authz_svn_config_rec *conf = NULL; svn_boolean_t authz_access_granted = FALSE; - char errbuf[256]; const char *username_to_authorize; conf = ap_get_module_config(r->per_dir_config, &authz_svn_module); - username_to_authorize = get_username_to_authorize(r, conf); + username_to_authorize = get_username_to_authorize(r, conf, scratch_pool); /* If configured properly, this should never be true, but just in case. */ if (!conf->anonymous @@ -605,7 +754,7 @@ subreq_bypass(request_rec *r, } /* Retrieve authorization file */ - access_conf = get_access_conf(r, conf); + access_conf = get_access_conf(r, conf, scratch_pool); if (access_conf == NULL) return HTTP_FORBIDDEN; @@ -619,21 +768,12 @@ subreq_bypass(request_rec *r, username_to_authorize, svn_authz_none|svn_authz_read, &authz_access_granted, - r->pool); + scratch_pool); if (svn_err) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, - /* If it is an error code that APR can make - sense of, then show it, otherwise, pass - zero to avoid putting "APR does not - understand this error code" in the error - log. */ - ((svn_err->apr_err >= APR_OS_START_USERERR && - svn_err->apr_err < APR_OS_START_CANONERR) ? - 0 : svn_err->apr_err), - r, "Failed to perform access control: %s", - svn_err_best_message(svn_err, errbuf, sizeof(errbuf))); - svn_error_clear(svn_err); + log_svn_error(APLOG_MARK, r, + "Failed to perform access control:", + svn_err, scratch_pool); return HTTP_FORBIDDEN; } if (!authz_access_granted) @@ -649,6 +789,26 @@ subreq_bypass(request_rec *r, } /* + * This function is used as a provider to allow mod_dav_svn to bypass the + * generation of an apache request when checking GET access from + * "mod_dav_svn/authz.c" . + */ +static int +subreq_bypass(request_rec *r, + const char *repos_path, + const char *repos_name) +{ + int status; + apr_pool_t *scratch_pool; + + scratch_pool = svn_pool_create(r->pool); + status = subreq_bypass2(r, repos_path, repos_name, scratch_pool); + svn_pool_destroy(scratch_pool); + + return status; +} + +/* * Hooks */ |