Group contain problem in authz

Philip Martin

2018-05-07 17:05:04 UTC

Post by é»ç£
We meet a problem while upgrade the SVN server from 1.9 to 1.10. In
the file 'authz', it seems not support for group to contain other
group.
I can give a simple example.
[groups]
GuserA = userA
GuserB = userB
[/]
@GroupA = rw
*=
In this way, the 'userA' can access the repository while ‘userB’
[groups]
GuserA = userA
GuserB = userB
[/]
@GroupA = rw
*=
Only the 'userB' can access. It seems a group can only contain one
group when it first appears. Even i change the group to 'GroupA =
@GuserB, userA, @GuserA', the 'userA' still can’t access. It only gets
error '170001’.
I hope this problem can be fixed, so we can do this upgrade. Thanks.

Yes, that is a bug. I've raised

https://issues.apache.org/jira/projects/SVN/issues/SVN-4741

It is fixed on trunk, r1831110, by the following patch:

Index: subversion/libsvn_repos/authz_parse.c
===================================================================
--- subversion/libsvn_repos/authz_parse.c (revision 1830833)
+++ subversion/libsvn_repos/authz_parse.c (working copy)
@@ -1058,14 +1058,15 @@ expand_group_callback(void *baton,
else
{
/* Recursively expand the group membership */
- members = svn_hash_gets(cb->parsed_groups, member);
- if (!members)
+ apr_array_header_t *member_members
+ = svn_hash_gets(cb->parsed_groups, member);
+ if (!member_members)
return svn_error_createf(
SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
_("Undefined group '%s'"),
member);
SVN_ERR(expand_group_callback(cb, key, klen,
- members, scratch_pool));
+ member_members, scratch_pool));
}
}
return SVN_NO_ERROR;

--
Philip