•  
      request #31541 svn 1.10+ no longer supports duplicate sections
    Infos
    #31541
    Manuel Vacelet (vaceletm)
    2024-09-27 10:24
    2023-04-03 12:00
    33144
    Details
    svn 1.10+ no longer supports duplicate sections

    Given following SVNRoot content:

    # BEGIN CODENDI DEFAULT SETTINGS - DO NOT REMOVE
    [groups]
    members = vaceletm
    
    
    [/]
    * = r
    @members = rw
    # END CODENDI DEFAULT SETTINGS
    [/]
    * =
    @members = r
    # @Integrators = rw
    
    [/trunk]
    # @Contributors = rw
    

    This gives the following error:

    2023-04-03T11:57:31+02:00 [322] [error] ViewVC error in #/svnplugin/e2e-svn-01/sample at #/:
    Traceback (most recent call last):
      File "/usr/lib/python3.9/site-packages/viewvc/lib/vcauth/svnauthz/__init__.py", line 66, in _get_paths_for_root
        cp.read(self._get_authz_file(rootname))
      File "/usr/lib64/python3.9/configparser.py", line 697, in read
        self._read(fp, filename)
      File "/usr/lib64/python3.9/configparser.py", line 1070, in _read
        raise DuplicateSectionError(sectname, fpname,
    configparser.DuplicateSectionError: While reading from '/var/lib/tuleap/svn_plugin/232/sample/.SVNAccessFile' [line  9]: section '/' already exists
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/share/tuleap/plugins/svn/include/SVN/ViewVC/../../../bin/viewvc-master.cgi", line 49, in <module>
        if tuleap_user_is_super_user != '1' and not svnaccess.check_read_access(username, repo_path, requested_path):
      File "/usr/share/tuleap/src/utils/svn/svnaccess.py", line 28, in check_read_access
        return __check_read_access_with_epel_viewvc(username, svnrepo, svnpath)
      File "/usr/share/tuleap/src/utils/svn/svnaccess.py", line 35, in __check_read_access_with_epel_viewvc
        return authorizer.check_path_access(svnrepo, requested_path_parts, None)
      File "/usr/lib/python3.9/site-packages/viewvc/lib/vcauth/svnauthz/__init__.py", line 277, in check_path_access
        paths = self._get_paths_for_root(rootname)
      File "/usr/lib/python3.9/site-packages/viewvc/lib/vcauth/svnauthz/__init__.py", line 68, in _get_paths_for_root
        raise ViewVCException("Unable to parse configured authzfile file")
    common.ViewVCException: ViewVC Unrecoverable Error: Unable to parse configured authzfile file
    

    This corresponds to the following change in svn 1.10: https://subversion.apache.org/docs/release-notes/1.10.html#authz-compatibility

    In addition to the problem of duplication of the path definition, there is also a problem with the group/user definition for any given path. As stated in the release note:

    The 1.9 and earlier implementations allowed multiple entries matching the same name, alias or group and the last match applied:

     [/some/path]
     user = rw
     user = r
     &alias = rw
     &alias = r
     @group = rw
     @group = r
    

    In 1.9 the final, read-only, match for user, &alias and @group would be selected while 1.10 combines all the lines to give read-write access

    So it means that projects could exposes private content at upgrade without prior notice.

    This is a particularly tricky situation but, fortunately it only really exposes platforms that migrates from el7 to el9, no new platforms.

    The proposed solution is the following:

    1. [x] Add an option (off by default) to disable the default permission set by Tuleap on /
    2. [x] Check SVNAccessFile for duplicate path definitions (so admins can preventively adujst the permission schemes)
    3. [x] Check SVNAccessFile for duplicate user/group permissions (idem)
    4. [] Give a tool to identify projects/repo that have issues with 2 & 3 with a way for site administrator to track them before upgrade (+ warn & notify affected people)
    5. [] On el9, there should be a validation of the SVNAccessFile to ensure that the result will be valid
    SCM/Subversion
    Empty
    EL9 (RockyLinux|AlmaLinux|RHEL)
    • [ ] enhancement
    • [ ] internal improvement
    Florian KOZMIK (fkozmik)
    Stage
    Manuel Vacelet (vaceletm)
    Closed
    2024-09-27
    Attachments
    Empty
    References
    Referencing request #31541

    Git commit

    tuleap/tuleap/stable

    fix(svn-el9): disable e2e svn tests d16e0cfa42
    chore(svn/el9): PSR4 SVNAccessFile dbf4373bf3
    chore(svn/el9): improve SVNAccessFile errors management 880006e92f
    chore(svn/el9): rewrite SVNAccessFile tests 8ef4f26f25
    feat(svn/el9): warn admins about duplicate sections a0b1f84b79
    chore(el9): refactor generation of SVN default block 1182b1ef81
    chore(svn/el9): Move classes to SVNCore d5e1ee9cfe
    chore(svn/el9): Add tests for SVN default block generation a264a8a2e9
    chore(svn/el9): Replace reading of .SVNAccessFile by regeneration b8a1e446be
    refactor: Boolean should not be nullable, require at least one user d60d89f01d
    chore(svn/el9): refactoring of SVNAccessFileWriter 66d15aa0ca
    chore(svn/el9): Reactivate SVN e2e test suite e2f16b833e
    chore(svn): Remove SVN Core usage of updateSVNAccess b4682e619f
    chore(svn/el9): Extract write of .SVNAccessFile from BackendSVN 6beb725156
    chore(svn/el9): Make naming consistent 981a6485f9
    feat(svn/el9): introduce ability to disable default permissions 29d4467905
    feat(svn/el9): allow to disable default permissions 6c20df5a59
    feat(tuleap-cli): Add command to identify SVN repositories with duplicated sections cd132d1a7a
    feat: progress bar and JSON output for `tuleap svn:repositories-with-duplicated-sections-access-file` cf4e9b56b5

    Follow-ups

    User avatar

    Closing this one. The remaining work seems un-needed as most people already went el9 and we didn't heard complains. If we ever need to do something to prevent bad configurations, it should be in a dedicated request rather than having this one forever.


    • Status changed from Under implementation to Closed
    • Assigned to changed from None to Manuel Vacelet (vaceletm)
    • Connected artifacts
    • Close date set to 2024-09-27
    User avatar
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar

    FTR, it's too complex to move forward on refactoring here due to the tangled code between core & plugin. I'll pause this one to focus on art #29976.

    User avatar

    If we let svn admin manage [/] permissions, when a project admin will restrict project access level, there will be no automatic update of svn permissions and the permission system will no longer be consistent.

    In order to address the problem raised in the previous comment, we are going to raise a warning (or an error, level to be decided) when:

    • a project is switched to Private/Private without Restricted
    • the project uses SVN
    • at least one repository has opt-in for [/] management
    User avatar

    While working on the refactoring of default svn access block generation ([groups] and [/] part) I realized that we are going to have another issue if we let svn administrator manage themselves the / permissions: we might poke holes in the permission system when projects switch there level of access.

    As of today when a project is public, the default permissions is

    [/]
    * = r
    @members = rw
    

    and when the project becomes private, the default permission is automatically switched to:

    [/]
    * =
    @members = rw
    

    (the management of restricted users is under the authentication responsibility)

    If we let svn admin manage [/] permissions, when a project admin will restrict project access level, there will be no automatic update of svn permissions and the permission system will no longer be consistent.


    • Status changed from New to Under implementation
    User avatar
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    • Summary
      -viewvc master (el9) no longer supports duplicate sections 
      +svn 1.10+ no longer supports duplicate sections 
    • Category set to SCM/Subversion
    • Platform set to EL9 (RockyLinux|AlmaLinux|RHEL)