dav_svn_get_repos_path(request_rec *r,
const char *root_path,
const char **repos_path)
{
const char *fs_path;
const char *fs_parent_path;
const char *repos_name;
const char *ignored_path_in_repos;
const char *ignored_cleaned_uri;
const char *ignored_relative;
int ignored_had_slash;
dav_error *derr;
/* Handle the SVNPath case. */
fs_path = dav_svn__get_fs_path(r);
if (fs_path != NULL)
{
*repos_path = fs_path;
return NULL;
}
/* Handle the SVNParentPath case. If neither directive was used,
dav_svn_split_uri will throw a suitable error for us - we do
not need to check that here. */
fs_parent_path = dav_svn__get_fs_parent_path(r);
/* Split the svn URI to get the name of the repository below
the parent path. */
derr = dav_svn_split_uri(r, r->uri, root_path,
&ignored_cleaned_uri, &ignored_had_slash,
&repos_name,
&ignored_relative, &ignored_path_in_repos);
if (derr)
return derr;
/* Construct the full path from the parent path base directory
and the repository name. */
*repos_path = svn_dirent_join(fs_parent_path, repos_name, r->pool);
return NULL;
}
/* Fill the filename on the request with a bogus path since we aren't serving
* a file off the disk. This means that <Directory> blocks will not match and
* that %f in logging formats will show as "svn:/path/to/repo/path/in/repo". */
static int dav_svn__translate_name(request_rec *r)
{
const char *fs_path, *repos_basename, *repos_path, *slash;
const char *ignore_cleaned_uri, *ignore_relative_path;
int ignore_had_slash;
dir_conf_t *conf = ap_get_module_config(r->per_dir_config, &dav_svn_module);
/* module is not configured, bail out early */
if (!conf->fs_path && !conf->fs_parent_path)
return DECLINED;
if (dav_svn__is_parentpath_list(r))
{
/* SVNListParentPath is on and the request is for the conf->root_dir,
* so just set the repos_basename to an empty string and the repos_path
* to NULL so we end up just reporting our parent path as the bogus
* path. */
repos_basename = "";
repos_path = NULL;
}
else
{
/* Retrieve path to repo and within repo for the request */
dav_error *err = dav_svn_split_uri(r, r->uri, conf->root_dir,
&ignore_cleaned_uri,
&ignore_had_slash, &repos_basename,
&ignore_relative_path, &repos_path);
if (err)
{
dav_svn__log_err(r, err, APLOG_ERR);
return err->status;
}
}
if (conf->fs_parent_path)
{
fs_path = svn_dirent_join(conf->fs_parent_path, repos_basename,
r->pool);
}
else
{
fs_path = conf->fs_path;
}
/* Avoid a trailing slash on the bogus path when repos_path is just "/" and
* ensure that there is always a slash between fs_path and repos_path as
* long as the repos_path is not an empty path. */
slash = "";
if (repos_path)
{
if ('/' == repos_path[0] && '\0' == repos_path[1])
repos_path = NULL;
else if ('/' != repos_path[0] && '\0' != repos_path[0])
slash = "/";
}
/* Combine 'svn:', fs_path and repos_path to produce the bogus path we're
* placing in r->filename. We can't use our standard join helpers such
* as svn_dirent_join. fs_path is a dirent and repos_path is a fspath
* (that can be trivially converted to a relpath by skipping the leading
* slash). In general it is safe to join these, but when a path in a
* repository is 'trunk/c:hi' this results in a non canonical dirent on
* Windows. Instead we just cat them together. */
r->filename = apr_pstrcat(r->pool,
"svn:", fs_path, slash, repos_path, NULL);
/* Leave a note to ourselves so that we know not to decline in the
* map_to_storage hook. */
apr_table_setn(r->notes, NO_MAP_TO_STORAGE_NOTE, (const char*)1);
return OK;
}
static svn_boolean_t
is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
{
const char *relative_path;
const char *cleaned_uri;
const char *repos_name;
const char *uri_path;
int trailing_slash;
dav_error *derr;
/* uri can be an absolute uri or just a path, we only want the path to match
* against */
if (uri && svn_path_is_url(uri))
{
apr_uri_t parsed_uri;
apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
if (APR_SUCCESS != rv)
{
/* Error parsing the URI, log and reject request. */
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
"mod_dontdothat: blocked request after failing "
"to parse uri: '%s'", uri);
return FALSE;
}
uri_path = parsed_uri.path;
}
else
{
uri_path = uri;
}
if (uri_path)
{
const char *repos_path;
derr = dav_svn_split_uri(ctx->r,
uri_path,
ctx->cfg->base_path,
&cleaned_uri,
&trailing_slash,
&repos_name,
&relative_path,
&repos_path);
if (! derr)
{
int idx;
if (! repos_path)
repos_path = "";
repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
/* First check the special cases that are always legal... */
for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
{
const char *wc = APR_ARRAY_IDX(ctx->allow_recursive_ops,
idx,
const char *);
if (matches(wc, repos_path))
{
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, ctx->r,
"mod_dontdothat: rule %s allows %s",
wc, repos_path);
return TRUE;
}
}
/* Then look for stuff we explicitly don't allow. */
for (idx = 0; idx < ctx->no_recursive_ops->nelts; ++idx)
{
const char *wc = APR_ARRAY_IDX(ctx->no_recursive_ops,
idx,
const char *);
if (matches(wc, repos_path))
{
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, ctx->r,
"mod_dontdothat: rule %s forbids %s",
wc, repos_path);
return FALSE;
}
}
}
else
{
