Index: Makefile.in =================================================================== --- Makefile.in (revision 1500748) +++ Makefile.in (working copy) @@ -42,6 +42,7 @@ SVN_APR_LIBS = @SVN_APR_LIBS@ SVN_APRUTIL_LIBS = @SVN_APRUTIL_LIBS@ +SVN_LDAP_LIBS = @SVN_LDAP_LIBS@ SVN_APR_MEMCACHE_LIBS = @SVN_APR_MEMCACHE_LIBS@ SVN_DB_LIBS = @SVN_DB_LIBS@ SVN_GPG_AGENT_LIBS = @SVN_GPG_AGENT_LIBS@ Index: build.conf =================================================================== --- build.conf (revision 1500748) +++ build.conf (working copy) @@ -338,7 +338,7 @@ type = lib install = fsmod-lib path = subversion/libsvn_subr -libs = aprutil apriconv apr xml zlib apr_memcache sqlite magic +libs = aprutil ldap apriconv apr xml zlib apr_memcache sqlite magic msvc-libs = kernel32.lib advapi32.lib shfolder.lib ole32.lib crypt32.lib version.lib psapi.lib msvc-export = @@ -1173,6 +1173,10 @@ type = lib external-lib = $(SVN_APRUTIL_LIBS) +[ldap] +type = lib +external-lib = $(SVN_LDAP_LIBS) + [apriconv] type = lib external-lib = $(SVN_APRUTIL_LIBS) Index: configure.ac =================================================================== --- configure.ac (revision 1500748) +++ configure.ac (working copy) @@ -351,6 +351,21 @@ AC_SUBST(TRANG) fi +dnl Check for ldap. +ldap=yes +AC_ARG_WITH(ldap, +AS_HELP_STRING([--with-ldap=PATH], + [Specify the openldap path for ldap group support.]), +[ + ldap="$withval" +]) +if test "$ldap" = "yes"; then + AC_PATH_PROG(LDAP, ldap, none) +else + SVN_LDAP_LIBS="-L$ldap/lib -lldap" + AC_SUBST(SVN_LDAP_LIBS) +fi + dnl Check for doxygen doxygen=yes AC_ARG_WITH(doxygen, Index: subversion/include/svn_config.h =================================================================== --- subversion/include/svn_config.h (revision 1500748) +++ subversion/include/svn_config.h (working copy) @@ -33,6 +33,7 @@ #include /* for apr_pool_t */ #include /* for apr_hash_t */ +#include "svn_string.h" #include "svn_types.h" #include "svn_io.h" @@ -51,8 +52,48 @@ /** Opaque structure describing a set of configuration options. */ -typedef struct svn_config_t svn_config_t; +/* copy from config_impl.h */ +typedef struct svn_config_t +{ + /* Table of cfg_section_t's. */ + apr_hash_t *sections; + /* Pool for hash tables, table entries and unexpanded values */ + apr_pool_t *pool; + + /* Pool for expanded values -- this is separate, so that we can + clear it when modifying the config data. */ + apr_pool_t *x_pool; + + /* Indicates that some values in the configuration have been expanded. */ + svn_boolean_t x_values; + + /* Temporary string used for lookups. (Using a stringbuf so that + frequent resetting is efficient.) */ + svn_stringbuf_t *tmp_key; + + /* Temporary value used for expanded default values in svn_config_get. + (Using a stringbuf so that frequent resetting is efficient.) */ + svn_stringbuf_t *tmp_value; + + /* Specifies whether section names are populated case sensitively. */ + svn_boolean_t section_names_case_sensitive; + + /* Specifies whether option names are populated case sensitively. */ + svn_boolean_t option_names_case_sensitive; + + /*ldap group support*/ + int ldap_group_enable; + apr_hash_t * ldap_groups; +}svn_config_t; + +/* Currently this structure is just a wrapper around a + svn_config_t. */ +struct svn_authz_t +{ + svn_config_t *cfg; +}; + /*** Configuration Defines ***/ Index: subversion/include/svn_ldap.h =================================================================== --- subversion/include/svn_ldap.h (revision 0) +++ subversion/include/svn_ldap.h (working copy) @@ -0,0 +1,48 @@ +#ifndef _SVN_LDAP_H +#define _SVN_LDAP_H + + +#include "apr.h" +#include "apr_pools.h" +#include "apr_hash.h" +#include "apr_tables.h" +#include "apr_strings.h" +#include "apr_ldap.h" +#include "apr_ldap_url.h" + +#define LDAP_DEPRECATED 1 +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +typedef struct group_search_desc_t{ + apr_pool_t * pool; + LDAP * ld; + char * base; + char * query; +}group_search_desc_t; + + +group_search_desc_t * +group_search_desc_make(apr_pool_t * pool); + +apr_status_t +svn_ldap_group_init(group_search_desc_t * desc, + const char* ldapurl, + const char * user, + const char* passwd); + +apr_status_t +svn_ldap_group_get(group_search_desc_t * desc , + const char * user, + apr_hash_t ** groups); + + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* _SVN_LDAP_H */ + Index: subversion/include/svn_repos.h =================================================================== --- subversion/include/svn_repos.h (revision 1500748) +++ subversion/include/svn_repos.h (working copy) @@ -3278,6 +3278,7 @@ const char *path, const char *groups_path, svn_boolean_t must_exist, + svn_boolean_t ldap_group_enable, apr_pool_t *pool); Index: subversion/libsvn_repos/authz.c =================================================================== --- subversion/libsvn_repos/authz.c (revision 1500748) +++ subversion/libsvn_repos/authz.c (working copy) @@ -76,14 +76,6 @@ enumerator, if any. */ }; -/* Currently this structure is just a wrapper around a - svn_config_t. */ -struct svn_authz_t -{ - svn_config_t *cfg; -}; - - /*** Checking access. ***/ @@ -151,7 +143,6 @@ return FALSE; } - /* Return TRUE if USER is in GROUP. The group definitions are in the "groups" section of CFG. Use POOL for temporary allocations during the lookup. */ @@ -164,6 +155,14 @@ const char *value; apr_array_header_t *list; int i; + + /*ldap support */ + if( cfg->ldap_group_enable ){ + if( cfg->ldap_groups && + apr_hash_get(cfg->ldap_groups, group, APR_HASH_KEY_STRING) ) + return TRUE; + else return FALSE; + } svn_config_get(cfg, &value, "groups", group, NULL); @@ -197,7 +196,6 @@ return FALSE; } - /* Determines whether an authz rule applies to the current * user, given the name part of the rule's name-value pair * in RULE_MATCH_STRING and the authz_lookup_baton object @@ -603,8 +601,9 @@ } } - /* If the rule applies to a group, check its existence. */ - if (match[0] == '@') + /* If the rule applies to a group, check its existence. + we don't do that when ldap group is supported*/ + if (match[0] == '@' && (!b->config->ldap_group_enable)) { const char *group = &match[1]; @@ -712,11 +711,13 @@ struct authz_validate_baton *b = baton; /* Use the group checking callback for the "groups" section... */ - if (strcmp(name, "groups") == 0) - svn_config_enumerate2(b->config, name, authz_validate_group, + if (strcmp(name, "groups") == 0){ + /*no needs to validate groups if we support ldap groups*/ + if( !b->config->ldap_group_enable ) + svn_config_enumerate2(b->config, name, authz_validate_group, baton, pool); /* ...and the alias checking callback for "aliases"... */ - else if (strcmp(name, "aliases") == 0) + }else if (strcmp(name, "aliases") == 0) svn_config_enumerate2(b->config, name, authz_validate_alias, baton, pool); /* ...but for everything else use the rule checking callback. */ @@ -936,17 +937,18 @@ svn_error_t * svn_repos__authz_read(svn_authz_t **authz_p, const char *path, const char *groups_path, svn_boolean_t must_exist, - svn_boolean_t accept_urls, apr_pool_t *pool) + svn_boolean_t accept_urls, + svn_boolean_t ldap_group_enable, apr_pool_t *pool) { svn_authz_t *authz = apr_palloc(pool, sizeof(*authz)); - /* Load the authz file */ if (accept_urls) SVN_ERR(authz_retrieve_config(&authz->cfg, path, must_exist, pool)); else SVN_ERR(svn_config_read3(&authz->cfg, path, must_exist, TRUE, TRUE, pool)); - if (groups_path) + authz->cfg->ldap_group_enable = ldap_group_enable; + if ( (!ldap_group_enable) && groups_path) { svn_config_t *groups_cfg; svn_error_t *err; @@ -984,10 +986,10 @@ svn_error_t * svn_repos_authz_read2(svn_authz_t **authz_p, const char *path, const char *groups_path, svn_boolean_t must_exist, - apr_pool_t *pool) + svn_boolean_t ldap_group_enable, apr_pool_t *pool) { return svn_repos__authz_read(authz_p, path, groups_path, must_exist, - TRUE, pool); + TRUE, ldap_group_enable, pool); } Index: subversion/libsvn_repos/deprecated.c =================================================================== --- subversion/libsvn_repos/deprecated.c (revision 1500748) +++ subversion/libsvn_repos/deprecated.c (working copy) @@ -1034,5 +1034,5 @@ svn_boolean_t must_exist, apr_pool_t *pool) { return svn_repos__authz_read(authz_p, file, NULL, must_exist, - FALSE, pool); + FALSE, FALSE, pool); } Index: subversion/libsvn_repos/repos.h =================================================================== --- subversion/libsvn_repos/repos.h (revision 1500748) +++ subversion/libsvn_repos/repos.h (working copy) @@ -380,6 +380,7 @@ const char *groups_path, svn_boolean_t must_exist, svn_boolean_t accept_urls, + svn_boolean_t ldap_group_enable, apr_pool_t *pool); Index: subversion/libsvn_subr/config_impl.h =================================================================== --- subversion/libsvn_subr/config_impl.h (revision 1500748) +++ subversion/libsvn_subr/config_impl.h (working copy) @@ -40,39 +40,6 @@ extern "C" { #endif /* __cplusplus */ - -/* The configuration data. This is a superhash of sections and options. */ -struct svn_config_t -{ - /* Table of cfg_section_t's. */ - apr_hash_t *sections; - - /* Pool for hash tables, table entries and unexpanded values */ - apr_pool_t *pool; - - /* Pool for expanded values -- this is separate, so that we can - clear it when modifying the config data. */ - apr_pool_t *x_pool; - - /* Indicates that some values in the configuration have been expanded. */ - svn_boolean_t x_values; - - /* Temporary string used for lookups. (Using a stringbuf so that - frequent resetting is efficient.) */ - svn_stringbuf_t *tmp_key; - - /* Temporary value used for expanded default values in svn_config_get. - (Using a stringbuf so that frequent resetting is efficient.) */ - svn_stringbuf_t *tmp_value; - - /* Specifies whether section names are populated case sensitively. */ - svn_boolean_t section_names_case_sensitive; - - /* Specifies whether option names are populated case sensitively. */ - svn_boolean_t option_names_case_sensitive; -}; - - /* Read sections and options from a file. */ svn_error_t *svn_config__parse_file(svn_config_t *cfg, const char *file, Index: subversion/libsvn_subr/ldap.c =================================================================== --- subversion/libsvn_subr/ldap.c (revision 0) +++ subversion/libsvn_subr/ldap.c (working copy) @@ -0,0 +1,143 @@ +#include "svn_ldap.h" + +#define MAX_GROUP_COUNT 5000 + +static char* attr[] = {"memberOf", NULL}; + +group_search_desc_t * +group_search_desc_make(apr_pool_t * pool) +{ + group_search_desc_t * desc = apr_palloc(pool, + sizeof(group_search_desc_t)); + desc->pool = pool; + return desc; +} + +static char * +svn_ldap_group_parse(apr_pool_t* pool, const char* dn) +{ + char * group = NULL; + + int i = 3; + while(dn[i] && dn[i] != ',') i++; + + if(dn[i]){ + group = apr_pstrndup(pool, dn + 3, i-3); + } + + return group; +} + +apr_status_t +svn_ldap_group_init(group_search_desc_t * desc, + const char* ldapurl,const char * user, const char* passwd) +{ + int err = 0; + char * ldapuri = NULL; + LDAPURLDesc url; + + apr_ldap_url_desc_t * ldap_url_desc = NULL; + apr_ldap_err_t * ldap_err = NULL; + + err = apr_ldap_url_parse(desc->pool, + ldapurl, &ldap_url_desc, &ldap_err); + if( err != APR_SUCCESS ){ + return err; + } + + memset( &url, 0, sizeof(url)); + url.lud_scheme = ldap_url_desc->lud_scheme; + url.lud_host = ldap_url_desc->lud_host; + url.lud_port = ldap_url_desc->lud_port; + url.lud_scope = ldap_url_desc->lud_scope; + ldapuri = ldap_url_desc2str( &url ); + + desc->base = ldap_url_desc->lud_dn; + + err = ldap_initialize( &desc->ld, ldapuri ); + if( err != APR_SUCCESS ) { + return err; + } + + err = ldap_simple_bind_s( desc->ld, user, passwd); + if ( err != LDAP_SUCCESS) { + return err; + } + + return APR_SUCCESS; +} + +static apr_status_t +svn_ldap_dosearch(group_search_desc_t * desc, + apr_array_header_t * iter_groups, apr_hash_t * groups) +{ + int i=0; + int err = APR_SUCCESS; + + void * ptr =NULL; + LDAPMessage * res = NULL, * e = NULL; + + char ** array_item = NULL; + const char *attribute = NULL; + char **values ; + + err = ldap_search_s(desc->ld, desc->base, LDAP_SCOPE_SUBTREE, + desc->query, attr, 0, &res); + if ( err != LDAP_SUCCESS) return err; + + e = ldap_first_entry(desc->ld, res); + if(e == NULL) return err; + + attribute = ldap_first_attribute(desc->ld, e, &ptr); + if(attribute == NULL) return err; + + values = ldap_get_values(desc->ld, e, attribute); + for(i = 0; values[i] != NULL; i++) + { + char * group = svn_ldap_group_parse( + desc->pool, values[i]); + if(group) { + if(! apr_hash_get(groups, group, APR_HASH_KEY_STRING)){ + apr_hash_set(groups, group, APR_HASH_KEY_STRING, ""); + array_item = apr_array_push(iter_groups); + (*array_item) = group; + } + } + } + + ldap_value_free(values); + ldap_msgfree(res); + + return err; +} + +apr_status_t +svn_ldap_group_get(group_search_desc_t * desc , + const char * user, apr_hash_t ** groups) +{ + int i; + apr_status_t err=APR_SUCCESS ; + const char * group; + apr_hash_t * tmp_groups; + apr_array_header_t * iter_groups; + + tmp_groups = apr_hash_make(desc->pool); + iter_groups = apr_array_make(desc->pool, + MAX_GROUP_COUNT, sizeof(char*)); + + desc->query = apr_pstrcat(desc->pool, + "(sAMAccountName=", user, ")", NULL); + err = svn_ldap_dosearch(desc, iter_groups, tmp_groups); + if(err) return err; + + for(i=0;inelts;i++) + { + group = APR_ARRAY_IDX(iter_groups, i, char*); + desc->query = apr_pstrcat(desc->pool, "(cn=", group, ")", NULL); + err = svn_ldap_dosearch(desc, iter_groups, tmp_groups); + if(err) return err; + } + + *groups = tmp_groups; + return err; +} Index: subversion/mod_authz_svn/mod_authz_svn.c =================================================================== --- subversion/mod_authz_svn/mod_authz_svn.c (revision 1500748) +++ subversion/mod_authz_svn/mod_authz_svn.c (working copy) @@ -48,6 +48,8 @@ #include "svn_dirent_uri.h" #include "private/svn_fspath.h" +#include "svn_ldap.h" +#define MAX_LDAP_URI_COUNT 10 #ifdef APLOG_USE_MODULE APLOG_USE_MODULE(authz_svn); @@ -65,8 +67,17 @@ const char *repo_relative_access_file; const char *groups_file; const char *force_username_case; + + /*additional config item for ldap support*/ + int ldap_group_enable; + const char *ldap_user; + const char *ldap_passwd; + const char **ldap_uri_list; } authz_svn_config_rec; +static char * +get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf, + apr_pool_t *pool); /* * Configuration */ @@ -85,6 +96,10 @@ conf->authoritative = 1; conf->anonymous = 1; + conf->ldap_group_enable = 0; + conf->ldap_uri_list = apr_pcalloc(p, (MAX_LDAP_URI_COUNT+1) * sizeof(char *) ); + *conf->ldap_uri_list = NULL; + return conf; } @@ -116,6 +131,7 @@ return access_file; } + static const char * AuthzSVNAccessFile_cmd(cmd_parms *cmd, void *config, const char *arg1) { @@ -130,7 +146,6 @@ return NULL; } - static const char * AuthzSVNReposRelativeAccessFile_cmd(cmd_parms *cmd, void *config, @@ -158,6 +173,24 @@ return NULL; } +static const char * +LdapUri__cmd(cmd_parms *cmd, void *config, const char *arg1, const char *arg2) +{ + authz_svn_config_rec * authz_config = config; + int i = 0; + while(i < MAX_LDAP_URI_COUNT ) + { + if(authz_config->ldap_uri_list[i]) i++; + else break; + } + if( i != MAX_LDAP_URI_COUNT ) + { + authz_config->ldap_uri_list[i] = arg1; + authz_config->ldap_uri_list[i+1] = NULL; + } + return NULL; +} + /* Implements the #cmds member of Apache's #module vtable. */ static const command_rec authz_svn_cmds[] = { @@ -210,6 +243,23 @@ OR_AUTHCFG, "Set to 'Upper' or 'Lower' to convert the username before " "checking for authorization."), + AP_INIT_FLAG("LdapGroupEnable", ap_set_flag_slot, + (void *)APR_OFFSETOF(authz_svn_config_rec, + ldap_group_enable), + OR_AUTHCFG, + "Set to 'On' to enable ldap group. (default is Off.)"), + AP_INIT_TAKE1("AuthLDAPBindDN", ap_set_string_slot, + (void *)APR_OFFSETOF(authz_svn_config_rec, + ldap_user), + OR_AUTHCFG, + "ldap user name for ldap connection."), + AP_INIT_TAKE1("AuthLDAPBindPassword", ap_set_string_slot, + (void *)APR_OFFSETOF(authz_svn_config_rec, + ldap_passwd), + OR_AUTHCFG, + "ldap user password for ldap connection."), + AP_INIT_TAKE2("AuthLDAPURL", LdapUri__cmd, NULL, ACCESS_CONF, + "ldap uri for ldap connection."), { NULL } }; @@ -331,6 +381,27 @@ return SVN_NO_ERROR; } +static apr_hash_t * +get_ldap_groups(authz_svn_config_rec *conf, + const char * username_to_authorize, apr_pool_t* pool) +{ + int rc; + apr_hash_t * groups = NULL; + + group_search_desc_t * desc = group_search_desc_make(pool); + + rc = svn_ldap_group_init(desc, conf->ldap_uri_list[0], + conf->ldap_user, conf->ldap_passwd); + if( rc ) return NULL; + + rc = svn_ldap_group_get(desc, username_to_authorize, &groups); + if( rc ) groups = NULL; + + ldap_unbind(desc->ld); + + return groups; +} + /* * Get the, possibly cached, svn_authz_t for this request. */ @@ -343,6 +414,7 @@ const char *groups_file; const char *repos_path; const char *repos_url = NULL; + const char * username_to_authorize = NULL; void *user_data = NULL; svn_authz_t *access_conf = NULL; svn_error_t *svn_err = SVN_NO_ERROR; @@ -409,9 +481,10 @@ access_conf = user_data; if (access_conf == NULL) { - + svn_err = svn_repos_authz_read2(&access_conf, access_file, groups_file, TRUE, + conf->ldap_group_enable, r->connection->pool); if (svn_err) @@ -421,8 +494,21 @@ svn_err, scratch_pool); access_conf = NULL; } - else + else if(access_conf) { + svn_config_t * config = access_conf->cfg; + username_to_authorize = get_username_to_authorize(r, conf, r->pool); + if(config && config->ldap_group_enable) + { + config->ldap_groups = get_ldap_groups(conf,username_to_authorize, + r->connection->pool); + if( config->ldap_groups == NULL ) + { + ap_log_rerror(APLOG_MARK, APLOG_ERR,0,r, + "Failed to get ldap groups from server."); + access_conf = NULL; + } + } /* Cache the open repos for the next request on this connection */ apr_pool_userdata_set(access_conf, cache_key, NULL, r->connection->pool); Index: subversion/svnserve/serve.c =================================================================== --- subversion/svnserve/serve.c (revision 1500748) +++ subversion/svnserve/serve.c (working copy) @@ -371,7 +371,7 @@ if (!err) err = svn_repos_authz_read2(&server->authzdb, authzdb_path, - groupsdb_path, TRUE, pool); + groupsdb_path, TRUE, FALSE, pool); if (err) { Index: subversion/tests/libsvn_repos/repos-test.c =================================================================== --- subversion/tests/libsvn_repos/repos-test.c (revision 1500748) +++ subversion/tests/libsvn_repos/repos-test.c (working copy) @@ -1458,15 +1458,15 @@ noent_authz_url = apr_pstrcat(pool, repos_url, "/A/authz", (char *)NULL); /* absolute file URL. */ - SVN_ERR(svn_repos_authz_read2(&authz_cfg, authz_url, NULL, TRUE, pool)); + SVN_ERR(svn_repos_authz_read2(&authz_cfg, authz_url, NULL, TRUE, FALSE, pool)); SVN_ERR(authz_check_access(authz_cfg, test_set, pool)); /* Non-existant path in the repo with must_exist set to FALSE */ SVN_ERR(svn_repos_authz_read2(&authz_cfg, noent_authz_url, NULL, - FALSE, pool)); + FALSE, FALSE, pool)); /* Non-existant path in the repo with must_exist set to TRUE */ - err = svn_repos_authz_read2(&authz_cfg, noent_authz_url, NULL, TRUE, pool); + err = svn_repos_authz_read2(&authz_cfg, noent_authz_url, NULL, TRUE, FALSE, pool); if (!err || err->apr_err != SVN_ERR_ILLEGAL_TARGET) return svn_error_createf(SVN_ERR_TEST_FAILED, err, "Got %s error instead of expected " @@ -1476,7 +1476,7 @@ /* http:// URL which is unsupported */ err = svn_repos_authz_read2(&authz_cfg, "http://example.com/repo/authz", - NULL, TRUE, pool); + NULL, TRUE, FALSE, pool); if (!err || err->apr_err != SVN_ERR_RA_ILLEGAL_URL) return svn_error_createf(SVN_ERR_TEST_FAILED, err, "Got %s error instead of expected " @@ -1486,7 +1486,7 @@ /* svn:// URL which is unsupported */ err = svn_repos_authz_read2(&authz_cfg, "svn://example.com/repo/authz", - NULL, TRUE, pool); + NULL, TRUE, FALSE, pool); if (!err || err->apr_err != SVN_ERR_RA_ILLEGAL_URL) return svn_error_createf(SVN_ERR_TEST_FAILED, err, "Got %s error instead of expected " @@ -1601,23 +1601,23 @@ /* absolute file URLs. */ - SVN_ERR(svn_repos_authz_read2(&authz_cfg, authz_url, groups_url, TRUE, pool)); + SVN_ERR(svn_repos_authz_read2(&authz_cfg, authz_url, groups_url, TRUE, FALSE, pool)); SVN_ERR(authz_check_access(authz_cfg, test_set, pool)); /* Non-existent path for the groups file with must_exist * set to TRUE */ SVN_ERR(svn_repos_authz_read2(&authz_cfg, empty_authz_url, noent_groups_url, - FALSE, pool)); + FALSE, FALSE, pool)); /* Non-existent paths for both the authz and the groups files * with must_exist set to TRUE */ SVN_ERR(svn_repos_authz_read2(&authz_cfg, noent_authz_url, noent_groups_url, - FALSE, pool)); + FALSE, FALSE, pool)); /* Non-existent path for the groups file with must_exist * set to TRUE */ err = svn_repos_authz_read2(&authz_cfg, empty_authz_url, noent_groups_url, - TRUE, pool); + TRUE, FALSE, pool); if (!err || err->apr_err != SVN_ERR_ILLEGAL_TARGET) return svn_error_createf(SVN_ERR_TEST_FAILED, err, "Got %s error instead of expected " @@ -1628,7 +1628,7 @@ /* http:// URL which is unsupported */ err = svn_repos_authz_read2(&authz_cfg, empty_authz_url, "http://example.com/repo/groups", - TRUE, pool); + TRUE, FALSE, pool); if (!err || err->apr_err != SVN_ERR_RA_ILLEGAL_URL) return svn_error_createf(SVN_ERR_TEST_FAILED, err, "Got %s error instead of expected " @@ -1639,7 +1639,7 @@ /* svn:// URL which is unsupported */ err = svn_repos_authz_read2(&authz_cfg, empty_authz_url, "http://example.com/repo/groups", - TRUE, pool); + TRUE, FALSE, pool); if (!err || err->apr_err != SVN_ERR_RA_ILLEGAL_URL) return svn_error_createf(SVN_ERR_TEST_FAILED, err, "Got %s error instead of expected " @@ -1683,7 +1683,7 @@ /* Read the authz configuration back and start testing. */ SVN_ERR_W(svn_repos_authz_read2(authz_p, authz_file_path, - groups_file_path, TRUE, pool), + groups_file_path, TRUE, FALSE, pool), "Opening test authz and groups files"); /* Done with the files. */ Index: tools/server-side/svnauthz.c =================================================================== --- tools/server-side/svnauthz.c (revision 1500748) +++ tools/server-side/svnauthz.c (working copy) @@ -268,7 +268,7 @@ /* Else */ return svn_repos_authz_read2(authz, opt_state->authz_file, opt_state->groups_file, - TRUE, pool); + TRUE, FALSE, pool); } static svn_error_t *