Given following SVNRoot content:
# BEGIN CODENDI DEFAULT SETTINGS - DO NOT REMOVE
[groups]
members = vaceletm
[/]
* = r
@members = rw
# END CODENDI DEFAULT SETTINGS
[/]
* =
@members = r
# @Integrators = rw
[/trunk]
# @Contributors = rw
This gives the following error:
2023-04-03T11:57:31+02:00 [322] [error] ViewVC error in #/svnplugin/e2e-svn-01/sample at #/:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/viewvc/lib/vcauth/svnauthz/__init__.py", line 66, in _get_paths_for_root
cp.read(self._get_authz_file(rootname))
File "/usr/lib64/python3.9/configparser.py", line 697, in read
self._read(fp, filename)
File "/usr/lib64/python3.9/configparser.py", line 1070, in _read
raise DuplicateSectionError(sectname, fpname,
configparser.DuplicateSectionError: While reading from '/var/lib/tuleap/svn_plugin/232/sample/.SVNAccessFile' [line 9]: section '/' already exists
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/share/tuleap/plugins/svn/include/SVN/ViewVC/../../../bin/viewvc-master.cgi", line 49, in <module>
if tuleap_user_is_super_user != '1' and not svnaccess.check_read_access(username, repo_path, requested_path):
File "/usr/share/tuleap/src/utils/svn/svnaccess.py", line 28, in check_read_access
return __check_read_access_with_epel_viewvc(username, svnrepo, svnpath)
File "/usr/share/tuleap/src/utils/svn/svnaccess.py", line 35, in __check_read_access_with_epel_viewvc
return authorizer.check_path_access(svnrepo, requested_path_parts, None)
File "/usr/lib/python3.9/site-packages/viewvc/lib/vcauth/svnauthz/__init__.py", line 277, in check_path_access
paths = self._get_paths_for_root(rootname)
File "/usr/lib/python3.9/site-packages/viewvc/lib/vcauth/svnauthz/__init__.py", line 68, in _get_paths_for_root
raise ViewVCException("Unable to parse configured authzfile file")
common.ViewVCException: ViewVC Unrecoverable Error: Unable to parse configured authzfile file
This corresponds to the following change in svn 1.10: https://subversion.apache.org/docs/release-notes/1.10.html#authz-compatibility
In addition to the problem of duplication of the path definition, there is also a problem with the group/user definition for any given path. As stated in the release note:
The 1.9 and earlier implementations allowed multiple entries matching the same name, alias or group and the last match applied:
[/some/path]
user = rw
user = r
&alias = rw
&alias = r
@group = rw
@group = r
In 1.9 the final, read-only, match for user, &alias and @group would be selected while 1.10 combines all the lines to give read-write access
So it means that projects could exposes private content at upgrade without prior notice.
This is a particularly tricky situation but, fortunately it only really exposes platforms that migrates from el7 to el9, no new platforms.
The proposed solution is the following:
- [x] Add an option (off by default) to disable the default permission set by Tuleap on
/
- [x] Check SVNAccessFile for duplicate path definitions (so admins can preventively adujst the permission schemes)
- [x] Check SVNAccessFile for duplicate user/group permissions (idem)
- [] Give a tool to identify projects/repo that have issues with 2 & 3 with a way for site administrator to track them before upgrade (+ warn & notify affected people)
- [] On el9, there should be a validation of the SVNAccessFile to ensure that the result will be valid