Support serving SVN repositories over SSH · recaptime.dev/phorge@85f5054

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

Support serving SVN repositories over SSH

Summary:
Ref T2230. The SVN protocol has a sensible protocol format with a good spec here:

http://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_ra_svn/protocol

Particularly, compare this statement to the clown show that is the Mercurial wire protocol:

> It is possible to parse an item without knowing its type in advance.

WHAT A REASONABLE STATEMENT TO BE ABLE TO MAKE ABOUT A WIRE PROTOCOL

Although it makes substantially more sense than Mercurial, it's much heavier-weight than the Git or Mercurial protocols, since it isn't distributed.

It's also not possible to figure out if a request is a write request (or even which repository it is against) without proxying some of the protocol frames. Finally, several protocol commands embed repository URLs, and we need to reach into the protocol and translate them.

Test Plan: Ran various SVN commands over SSH (`svn log`, `svn up`, `svn commit`, etc).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2230

Differential Revision: https://secure.phabricator.com/D7556

epriestley 12 years ago 85f50546 8840f602

+582 -29

11 changed files

expand all collapse all

scripts

ssh

ssh-exec.php

src

__phutil_library_map__.php

applications

diffusion

protocol

DiffusionSubversionWireProtocol.php

__tests__

DiffusionSubversionWireProtocolTestCase.php

ssh

DiffusionSSHGitReceivePackWorkflow.php

DiffusionSSHGitUploadPackWorkflow.php

DiffusionSSHMercurialServeWorkflow.php

DiffusionSSHSubversionServeWorkflow.php

DiffusionSSHSubversionWorkflow.php

DiffusionSSHWorkflow.php

infrastructure

ssh

PhabricatorSSHPassthruCommand.php

scripts/ssh/ssh-exec.php

reviewed

··· 61 61 62 62 $workflows = array( 63 63 new ConduitSSHWorkflow(), 64 64 + new DiffusionSSHSubversionServeWorkflow(), 64 65 new DiffusionSSHMercurialServeWorkflow(), 65 66 new DiffusionSSHGitUploadPackWorkflow(), 66 67 new DiffusionSSHGitReceivePackWorkflow(),

src/__phutil_library_map__.php

reviewed

··· 547 547 'DiffusionSSHMercurialWireClientProtocolChannel' => 'applications/diffusion/ssh/DiffusionSSHMercurialWireClientProtocolChannel.php', 548 548 'DiffusionSSHMercurialWireTestCase' => 'applications/diffusion/ssh/__tests__/DiffusionSSHMercurialWireTestCase.php', 549 549 'DiffusionSSHMercurialWorkflow' => 'applications/diffusion/ssh/DiffusionSSHMercurialWorkflow.php', 550 550 + 'DiffusionSSHSubversionServeWorkflow' => 'applications/diffusion/ssh/DiffusionSSHSubversionServeWorkflow.php', 551 551 + 'DiffusionSSHSubversionWorkflow' => 'applications/diffusion/ssh/DiffusionSSHSubversionWorkflow.php', 550 552 'DiffusionSSHWorkflow' => 'applications/diffusion/ssh/DiffusionSSHWorkflow.php', 551 553 'DiffusionServeController' => 'applications/diffusion/controller/DiffusionServeController.php', 552 554 'DiffusionSetPasswordPanel' => 'applications/diffusion/panel/DiffusionSetPasswordPanel.php', 553 555 'DiffusionSetupException' => 'applications/diffusion/exception/DiffusionSetupException.php', 556 556 + 'DiffusionSubversionWireProtocol' => 'applications/diffusion/protocol/DiffusionSubversionWireProtocol.php', 557 557 + 'DiffusionSubversionWireProtocolTestCase' => 'applications/diffusion/protocol/__tests__/DiffusionSubversionWireProtocolTestCase.php', 554 558 'DiffusionSvnCommitParentsQuery' => 'applications/diffusion/query/parents/DiffusionSvnCommitParentsQuery.php', 555 559 'DiffusionSvnFileContentQuery' => 'applications/diffusion/query/filecontent/DiffusionSvnFileContentQuery.php', 556 560 'DiffusionSvnRawDiffQuery' => 'applications/diffusion/query/rawdiff/DiffusionSvnRawDiffQuery.php', ··· 2816 2820 'DiffusionSSHMercurialWireClientProtocolChannel' => 'PhutilProtocolChannel', 2817 2821 'DiffusionSSHMercurialWireTestCase' => 'PhabricatorTestCase', 2818 2822 'DiffusionSSHMercurialWorkflow' => 'DiffusionSSHWorkflow', 2823 2823 + 'DiffusionSSHSubversionServeWorkflow' => 'DiffusionSSHSubversionWorkflow', 2824 2824 + 'DiffusionSSHSubversionWorkflow' => 'DiffusionSSHWorkflow', 2819 2825 'DiffusionSSHWorkflow' => 'PhabricatorSSHWorkflow', 2820 2826 'DiffusionServeController' => 'DiffusionController', 2821 2827 'DiffusionSetPasswordPanel' => 'PhabricatorSettingsPanel', 2822 2828 'DiffusionSetupException' => 'AphrontUsageException', 2829 2829 + 'DiffusionSubversionWireProtocol' => 'Phobject', 2830 2830 + 'DiffusionSubversionWireProtocolTestCase' => 'PhabricatorTestCase', 2823 2831 'DiffusionSvnCommitParentsQuery' => 'DiffusionCommitParentsQuery', 2824 2832 'DiffusionSvnFileContentQuery' => 'DiffusionFileContentQuery', 2825 2833 'DiffusionSvnRawDiffQuery' => 'DiffusionRawDiffQuery',

+188

src/applications/diffusion/protocol/DiffusionSubversionWireProtocol.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + final class DiffusionSubversionWireProtocol extends Phobject { 4 4 + 5 5 + private $buffer = ''; 6 6 + private $state = 'item'; 7 7 + private $expectBytes = 0; 8 8 + private $byteBuffer = ''; 9 9 + private $stack = array(); 10 10 + private $list = array(); 11 11 + private $raw = ''; 12 12 + 13 13 + private function pushList() { 14 14 + $this->stack[] = $this->list; 15 15 + $this->list = array(); 16 16 + } 17 17 + 18 18 + private function popList() { 19 19 + $list = $this->list; 20 20 + $this->list = array_pop($this->stack); 21 21 + return $list; 22 22 + } 23 23 + 24 24 + private function pushItem($item, $type) { 25 25 + $this->list[] = array( 26 26 + 'type' => $type, 27 27 + 'value' => $item, 28 28 + ); 29 29 + } 30 30 + 31 31 + public function writeData($data) { 32 32 + $this->buffer .= $data; 33 33 + 34 34 + $messages = array(); 35 35 + while (true) { 36 36 + if ($this->state == 'item') { 37 37 + $match = null; 38 38 + $result = null; 39 39 + $buf = $this->buffer; 40 40 + if (preg_match('/^([a-z][a-z0-9-]*)\s/i', $buf, $match)) { 41 41 + $this->pushItem($match[1], 'word'); 42 42 + } else if (preg_match('/^(\d+)\s/', $buf, $match)) { 43 43 + $this->pushItem((int)$match[1], 'number'); 44 44 + } else if (preg_match('/^(\d+):/', $buf, $match)) { 45 45 + // NOTE: The "+ 1" includes the space after the string. 46 46 + $this->expectBytes = (int)$match[1] + 1; 47 47 + $this->state = 'bytes'; 48 48 + } else if (preg_match('/^(\$)\s/', $buf, $match)) { 49 49 + $this->pushList(); 50 50 + } else if (preg_match('/^(\$)\s/', $buf, $match)) { 51 51 + $list = $this->popList(); 52 52 + if ($this->stack) { 53 53 + $this->pushItem($list, 'list'); 54 54 + } else { 55 55 + $result = $list; 56 56 + } 57 57 + } else { 58 58 + $match = false; 59 59 + } 60 60 + 61 61 + if ($match !== false) { 62 62 + $this->raw .= substr($this->buffer, 0, strlen($match[0])); 63 63 + $this->buffer = substr($this->buffer, strlen($match[0])); 64 64 + 65 65 + if ($result !== null) { 66 66 + $messages[] = array( 67 67 + 'structure' => $list, 68 68 + 'raw' => $this->raw, 69 69 + ); 70 70 + $this->raw = ''; 71 71 + } 72 72 + } else { 73 73 + // No matches yet, wait for more data. 74 74 + break; 75 75 + } 76 76 + } else if ($this->state == 'bytes') { 77 77 + $new_data = substr($this->buffer, 0, $this->expectBytes); 78 78 + $this->buffer = substr($this->buffer, strlen($new_data)); 79 79 + 80 80 + $this->expectBytes -= strlen($new_data); 81 81 + $this->raw .= $new_data; 82 82 + $this->byteBuffer .= $new_data; 83 83 + 84 84 + if (!$this->expectBytes) { 85 85 + $this->state = 'byte-space'; 86 86 + // Strip off the terminal space. 87 87 + $this->pushItem(substr($this->byteBuffer, 0, -1), 'string'); 88 88 + $this->byteBuffer = ''; 89 89 + $this->state = 'item'; 90 90 + } 91 91 + } else { 92 92 + throw new Exception("Invalid state '{$this->state}'!"); 93 93 + } 94 94 + } 95 95 + 96 96 + return $messages; 97 97 + } 98 98 + 99 99 + /** 100 100 + * Convert a parsed command struct into a wire protocol string. 101 101 + */ 102 102 + public function serializeStruct(array $struct) { 103 103 + $out = array(); 104 104 + 105 105 + $out[] = '( '; 106 106 + foreach ($struct as $item) { 107 107 + $value = $item['value']; 108 108 + $type = $item['type']; 109 109 + switch ($type) { 110 110 + case 'word': 111 111 + $out[] = $value; 112 112 + break; 113 113 + case 'number': 114 114 + $out[] = $value; 115 115 + break; 116 116 + case 'string': 117 117 + $out[] = strlen($value).':'.$value; 118 118 + break; 119 119 + case 'list': 120 120 + $out[] = self::serializeStruct($value); 121 121 + break; 122 122 + default: 123 123 + throw new Exception("Unknown SVN wire protocol structure '{$type}'!"); 124 124 + } 125 125 + if ($type != 'list') { 126 126 + $out[] = ' '; 127 127 + } 128 128 + } 129 129 + $out[] = ') '; 130 130 + 131 131 + return implode('', $out); 132 132 + } 133 133 + 134 134 + public function isReadOnlyCommand(array $struct) { 135 135 + if (empty($struct[0]['type']) || ($struct[0]['type'] != 'word')) { 136 136 + // This isn't what we expect; fail defensively. 137 137 + throw new Exception( 138 138 + pht("Unexpected command structure, expected '( word ... )'.")); 139 139 + } 140 140 + 141 141 + switch ($struct[0]['value']) { 142 142 + // Authentication command set. 143 143 + case 'EXTERNAL': 144 144 + 145 145 + // The "Main" command set. Some of the commands in this command set are 146 146 + // mutation commands, and are omitted from this list. 147 147 + case 'reparent': 148 148 + case 'get-latest-rev': 149 149 + case 'get-dated-rev': 150 150 + case 'rev-proplist': 151 151 + case 'rev-prop': 152 152 + case 'get-file': 153 153 + case 'get-dir': 154 154 + case 'check-path': 155 155 + case 'stat': 156 156 + case 'update': 157 157 + case 'get-mergeinfo': 158 158 + case 'switch': 159 159 + case 'status': 160 160 + case 'diff': 161 161 + case 'log': 162 162 + case 'get-file-revs': 163 163 + case 'get-locations': 164 164 + 165 165 + // The "Report" command set. These are not actually mutation 166 166 + // operations, they just define a request for information. 167 167 + case 'set-path': 168 168 + case 'delete-path': 169 169 + case 'link-path': 170 170 + case 'finish-report': 171 171 + case 'abort-report': 172 172 + 173 173 + // These are used to report command results. 174 174 + case 'success': 175 175 + case 'failure': 176 176 + 177 177 + // If we get here, we've matched some known read-only command. 178 178 + return true; 179 179 + default: 180 180 + // Anything else isn't a known read-only command, so require write 181 181 + // access to use it. 182 182 + break; 183 183 + } 184 184 + 185 185 + return false; 186 186 + } 187 187 + 188 188 + }

+80

src/applications/diffusion/protocol/__tests__/DiffusionSubversionWireProtocolTestCase.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + final class DiffusionSubversionWireProtocolTestCase 4 4 + extends PhabricatorTestCase { 5 5 + 6 6 + public function testSubversionWireProtocolParser() { 7 7 + $this->assertSameSubversionMessages( 8 8 + '( ) ', 9 9 + array( 10 10 + array( 11 11 + ), 12 12 + )); 13 13 + 14 14 + $this->assertSameSubversionMessages( 15 15 + '( duck 5:quack 42 ( item1 item2 ) ) ', 16 16 + array( 17 17 + array( 18 18 + array( 19 19 + 'type' => 'word', 20 20 + 'value' => 'duck', 21 21 + ), 22 22 + array( 23 23 + 'type' => 'string', 24 24 + 'value' => 'quack', 25 25 + ), 26 26 + array( 27 27 + 'type' => 'number', 28 28 + 'value' => 42, 29 29 + ), 30 30 + array( 31 31 + 'type' => 'list', 32 32 + 'value' => array( 33 33 + array( 34 34 + 'type' => 'word', 35 35 + 'value' => 'item1', 36 36 + ), 37 37 + array( 38 38 + 'type' => 'word', 39 39 + 'value' => 'item2', 40 40 + ), 41 41 + ), 42 42 + ), 43 43 + ), 44 44 + )); 45 45 + 46 46 + $this->assertSameSubversionMessages( 47 47 + '( msg1 ) ( msg2 ) ', 48 48 + array( 49 49 + array( 50 50 + array( 51 51 + 'type' => 'word', 52 52 + 'value' => 'msg1', 53 53 + ), 54 54 + ), 55 55 + array( 56 56 + array( 57 57 + 'type' => 'word', 58 58 + 'value' => 'msg2', 59 59 + ), 60 60 + ), 61 61 + )); 62 62 + } 63 63 + 64 64 + private function assertSameSubversionMessages($string, array $structs) { 65 65 + $proto = new DiffusionSubversionWireProtocol(); 66 66 + 67 67 + // Verify that the wire message parses into the structs. 68 68 + $messages = $proto->writeData($string); 69 69 + $messages = ipull($messages, 'structure'); 70 70 + $this->assertEqual($structs, $messages, 'parse<'.$string.'>'); 71 71 + 72 72 + // Verify that the structs serialize into the wire message. 73 73 + $serial = array(); 74 74 + foreach ($structs as $struct) { 75 75 + $serial[] = $proto->serializeStruct($struct); 76 76 + } 77 77 + $serial = implode('', $serial); 78 78 + $this->assertEqual($string, $serial, 'serialize<'.$string.'>'); 79 79 + } 80 80 + }

+4 -6

src/applications/diffusion/ssh/DiffusionSSHGitReceivePackWorkflow.php

reviewed

··· 14 14 )); 15 15 } 16 16 17 17 - public function getRequestPath() { 17 17 + protected function executeRepositoryOperations() { 18 18 $args = $this->getArgs(); 19 19 - return head($args->getArg('dir')); 20 20 - } 21 21 - 22 22 - protected function executeRepositoryOperations( 23 23 - PhabricatorRepository $repository) { 19 19 + $path = head($args->getArg('dir')); 20 20 + $repository = $this->loadRepository($path); 24 21 25 22 // This is a write, and must have write access. 26 23 $this->requireWriteAccess(); ··· 28 25 $future = new ExecFuture( 29 26 'git-receive-pack %s', 30 27 $repository->getLocalPath()); 28 28 + 31 29 $err = $this->newPassthruCommand() 32 30 ->setIOChannel($this->getIOChannel()) 33 31 ->setCommandChannelFromExecFuture($future)

+3 -6

src/applications/diffusion/ssh/DiffusionSSHGitUploadPackWorkflow.php

reviewed

+4 -6

src/applications/diffusion/ssh/DiffusionSSHMercurialServeWorkflow.php

reviewed

··· 24 24 )); 25 25 } 26 26 27 27 - public function getRequestPath() { 28 28 - return $this->getArgs()->getArg('repository'); 29 29 - } 30 30 - 31 31 - protected function executeRepositoryOperations( 32 32 - PhabricatorRepository $repository) { 27 27 + protected function executeRepositoryOperations() { 28 28 + $args = $this->getArgs(); 29 29 + $path = $args->getArg('repository'); 30 30 + $repository = $this->loadRepository($path); 33 31 34 32 $args = $this->getArgs(); 35 33

+259

src/applications/diffusion/ssh/DiffusionSSHSubversionServeWorkflow.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + /** 4 4 + * This protocol has a good spec here: 5 5 + * 6 6 + * http://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_ra_svn/protocol 7 7 + * 8 8 + */ 9 9 + final class DiffusionSSHSubversionServeWorkflow 10 10 + extends DiffusionSSHSubversionWorkflow { 11 11 + 12 12 + private $didSeeWrite; 13 13 + 14 14 + private $inProtocol; 15 15 + private $outProtocol; 16 16 + 17 17 + private $inSeenGreeting; 18 18 + 19 19 + private $outPhaseCount = 0; 20 20 + 21 21 + private $internalBaseURI; 22 22 + private $externalBaseURI; 23 23 + 24 24 + public function didConstruct() { 25 25 + $this->setName('svnserve'); 26 26 + $this->setArguments( 27 27 + array( 28 28 + array( 29 29 + 'name' => 'tunnel', 30 30 + 'short' => 't', 31 31 + ), 32 32 + )); 33 33 + } 34 34 + 35 35 + protected function executeRepositoryOperations() { 36 36 + $args = $this->getArgs(); 37 37 + if (!$args->getArg('tunnel')) { 38 38 + throw new Exception("Expected `svnserve -t`!"); 39 39 + } 40 40 + 41 41 + $future = new ExecFuture('svnserve -t'); 42 42 + 43 43 + $this->inProtocol = new DiffusionSubversionWireProtocol(); 44 44 + $this->outProtocol = new DiffusionSubversionWireProtocol(); 45 45 + 46 46 + $err = id($this->newPassthruCommand()) 47 47 + ->setIOChannel($this->getIOChannel()) 48 48 + ->setCommandChannelFromExecFuture($future) 49 49 + ->setWillWriteCallback(array($this, 'willWriteMessageCallback')) 50 50 + ->setWillReadCallback(array($this, 'willReadMessageCallback')) 51 51 + ->execute(); 52 52 + 53 53 + if (!$err && $this->didSeeWrite) { 54 54 + $this->getRepository()->writeStatusMessage( 55 55 + PhabricatorRepositoryStatusMessage::TYPE_NEEDS_UPDATE, 56 56 + PhabricatorRepositoryStatusMessage::CODE_OKAY); 57 57 + } 58 58 + 59 59 + return $err; 60 60 + } 61 61 + 62 62 + public function willWriteMessageCallback( 63 63 + PhabricatorSSHPassthruCommand $command, 64 64 + $message) { 65 65 + 66 66 + $proto = $this->inProtocol; 67 67 + $messages = $proto->writeData($message); 68 68 + 69 69 + $result = array(); 70 70 + foreach ($messages as $message) { 71 71 + $message_raw = $message['raw']; 72 72 + $struct = $message['structure']; 73 73 + 74 74 + if (!$this->inSeenGreeting) { 75 75 + $this->inSeenGreeting = true; 76 76 + 77 77 + // The first message the client sends looks like: 78 78 + // 79 79 + // ( version ( cap1 ... ) url ... ) 80 80 + // 81 81 + // We want to grab the URL, load the repository, make sure it exists and 82 82 + // is accessible, and then replace it with the location of the 83 83 + // repository on disk. 84 84 + 85 85 + $uri = $struct[2]['value']; 86 86 + $struct[2]['value'] = $this->makeInternalURI($uri); 87 87 + 88 88 + $message_raw = $proto->serializeStruct($struct); 89 89 + } else if (isset($struct[0]) && $struct[0]['type'] == 'word') { 90 90 + 91 91 + if (!$proto->isReadOnlyCommand($struct)) { 92 92 + $this->didSeeWrite = true; 93 93 + $this->requireWriteAccess($struct[0]['value']); 94 94 + } 95 95 + 96 96 + // Several other commands also pass in URLs. We need to translate 97 97 + // all of these into the internal representation; this also makes sure 98 98 + // they're valid and accessible. 99 99 + 100 100 + switch ($struct[0]['value']) { 101 101 + case 'reparent': 102 102 + // ( reparent ( url ) ) 103 103 + $struct[1]['value'][0]['value'] = $this->makeInternalURI( 104 104 + $struct[1]['value'][0]['value']); 105 105 + $message_raw = $proto->serializeStruct($struct); 106 106 + break; 107 107 + case 'switch': 108 108 + // ( switch ( ( rev ) target recurse url ... ) ) 109 109 + $struct[1]['value'][3]['value'] = $this->makeInternalURI( 110 110 + $struct[1]['value'][3]['value']); 111 111 + $message_raw = $proto->serializeStruct($struct); 112 112 + break; 113 113 + case 'diff': 114 114 + // ( diff ( ( rev ) target recurse ignore-ancestry url ... ) ) 115 115 + $struct[1]['value'][4]['value'] = $this->makeInternalURI( 116 116 + $struct[1]['value'][4]['value']); 117 117 + $message_raw = $proto->serializeStruct($struct); 118 118 + break; 119 119 + } 120 120 + } 121 121 + 122 122 + $result[] = $message_raw; 123 123 + } 124 124 + 125 125 + if (!$result) { 126 126 + return null; 127 127 + } 128 128 + 129 129 + return implode('', $result); 130 130 + } 131 131 + 132 132 + public function willReadMessageCallback( 133 133 + PhabricatorSSHPassthruCommand $command, 134 134 + $message) { 135 135 + 136 136 + $proto = $this->outProtocol; 137 137 + $messages = $proto->writeData($message); 138 138 + 139 139 + $result = array(); 140 140 + foreach ($messages as $message) { 141 141 + $message_raw = $message['raw']; 142 142 + $struct = $message['structure']; 143 143 + 144 144 + if (isset($struct[0]) && ($struct[0]['type'] == 'word')) { 145 145 + 146 146 + if ($struct[0]['value'] == 'success') { 147 147 + switch ($this->outPhaseCount) { 148 148 + case 0: 149 149 + // This is the "greeting", which announces capabilities. 150 150 + break; 151 151 + case 1: 152 152 + // This responds to the client greeting, and announces auth. 153 153 + break; 154 154 + case 2: 155 155 + // This responds to auth, which should be trivial over SSH. 156 156 + break; 157 157 + case 3: 158 158 + // This contains the URI of the repository. We need to edit it; 159 159 + // if it does not match what the client requested it will reject 160 160 + // the response. 161 161 + $struct[1]['value'][1]['value'] = $this->makeExternalURI( 162 162 + $struct[1]['value'][1]['value']); 163 163 + $message_raw = $proto->serializeStruct($struct); 164 164 + break; 165 165 + default: 166 166 + // We don't care about other protocol frames. 167 167 + break; 168 168 + } 169 169 + 170 170 + $this->outPhaseCount++; 171 171 + } else if ($struct[0]['value'] == 'failure') { 172 172 + // Find any error messages which include the internal URI, and 173 173 + // replace the text with the external URI. 174 174 + foreach ($struct[1]['value'] as $key => $error) { 175 175 + $code = $error['value'][0]['value']; 176 176 + $message = $error['value'][1]['value']; 177 177 + 178 178 + $message = str_replace( 179 179 + $this->internalBaseURI, 180 180 + $this->externalBaseURI, 181 181 + $message); 182 182 + 183 183 + // Derp derp derp derp derp. The structure looks like this: 184 184 + // ( failure ( ( code message ... ) ... ) ) 185 185 + $struct[1]['value'][$key]['value'][1]['value'] = $message; 186 186 + } 187 187 + $message_raw = $proto->serializeStruct($struct); 188 188 + } 189 189 + 190 190 + } 191 191 + 192 192 + $result[] = $message_raw; 193 193 + } 194 194 + 195 195 + if (!$result) { 196 196 + return null; 197 197 + } 198 198 + 199 199 + return implode('', $result); 200 200 + } 201 201 + 202 202 + private function makeInternalURI($uri_string) { 203 203 + $uri = new PhutilURI($uri_string); 204 204 + 205 205 + $proto = $uri->getProtocol(); 206 206 + if ($proto !== 'svn+ssh') { 207 207 + throw new Exception( 208 208 + pht( 209 209 + 'Protocol for URI "%s" MUST be "svn+ssh".', 210 210 + $uri_string)); 211 211 + } 212 212 + 213 213 + $path = $uri->getPath(); 214 214 + 215 215 + // Subversion presumably deals with this, but make sure there's nothing 216 216 + // skethcy going on with the URI. 217 217 + if (preg_match('(/\\.\\./)', $path)) { 218 218 + throw new Exception( 219 219 + pht( 220 220 + 'String "/../" is invalid in path specification "%s".', 221 221 + $uri_string)); 222 222 + } 223 223 + 224 224 + $repository = $this->loadRepository($path); 225 225 + 226 226 + $path = preg_replace( 227 227 + '(^/diffusion/[A-Z]+)', 228 228 + rtrim($repository->getLocalPath(), '/'), 229 229 + $path); 230 230 + 231 231 + if (preg_match('(^/diffusion/[A-Z]+/$)', $path)) { 232 232 + $path = rtrim($path, '/'); 233 233 + } 234 234 + 235 235 + $uri->setPath($path); 236 236 + 237 237 + // If this is happening during the handshake, these are the base URIs for 238 238 + // the request. 239 239 + if ($this->externalBaseURI === null) { 240 240 + $pre = (string)id(clone $uri)->setPath(''); 241 241 + $this->externalBaseURI = $pre.'/diffusion/'.$repository->getCallsign(); 242 242 + $this->internalBaseURI = $pre.rtrim($repository->getLocalPath(), '/'); 243 243 + } 244 244 + 245 245 + return (string)$uri; 246 246 + } 247 247 + 248 248 + private function makeExternalURI($uri) { 249 249 + $internal = $this->internalBaseURI; 250 250 + $external = $this->externalBaseURI; 251 251 + 252 252 + if (strncmp($uri, $internal, strlen($internal)) === 0) { 253 253 + $uri = $external.substr($uri, strlen($internal)); 254 254 + } 255 255 + 256 256 + return $uri; 257 257 + } 258 258 + 259 259 + }

+10

src/applications/diffusion/ssh/DiffusionSSHSubversionWorkflow.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + abstract class DiffusionSSHSubversionWorkflow extends DiffusionSSHWorkflow { 4 4 + 5 5 + protected function writeError($message) { 6 6 + // Subversion assumes we'll add our own newlines. 7 7 + return parent::writeError($message."\n"); 8 8 + } 9 9 + 10 10 + }

+19 -11

src/applications/diffusion/ssh/DiffusionSSHWorkflow.php

reviewed

··· 7 7 private $hasWriteAccess; 8 8 9 9 public function getRepository() { 10 10 + if (!$this->repository) { 11 11 + throw new Exception("Call loadRepository() before getRepository()!"); 12 12 + } 10 13 return $this->repository; 11 14 } 12 15 ··· 14 17 return $this->args; 15 18 } 16 19 17 17 - abstract protected function getRequestPath(); 18 18 - abstract protected function executeRepositoryOperations( 19 19 - PhabricatorRepository $repository); 20 20 + abstract protected function executeRepositoryOperations(); 20 21 21 22 protected function writeError($message) { 22 23 $this->getErrorChannel()->write($message); ··· 27 28 $this->args = $args; 28 29 29 30 try { 30 30 - $repository = $this->loadRepository(); 31 31 - $this->repository = $repository; 32 32 - return $this->executeRepositoryOperations($repository); 31 31 + return $this->executeRepositoryOperations(); 33 32 } catch (Exception $ex) { 34 33 $this->writeError(get_class($ex).': '.$ex->getMessage()); 35 34 return 1; 36 35 } 37 36 } 38 37 39 39 - private function loadRepository() { 38 38 + protected function loadRepository($path) { 40 39 $viewer = $this->getUser(); 41 41 - $path = $this->getRequestPath(); 42 40 43 41 $regex = '@^/?diffusion/(?P<callsign>[A-Z]+)(?:/|$)@'; 44 42 $matches = null; ··· 74 72 pht('This repository is not available over SSH.')); 75 73 } 76 74 75 75 + $this->repository = $repository; 76 76 + 77 77 return $repository; 78 78 } 79 79 80 80 - protected function requireWriteAccess() { 80 80 + protected function requireWriteAccess($protocol_command = null) { 81 81 if ($this->hasWriteAccess === true) { 82 82 return; 83 83 } ··· 87 87 88 88 switch ($repository->getServeOverSSH()) { 89 89 case PhabricatorRepository::SERVE_READONLY: 90 90 - throw new Exception( 91 91 - pht('This repository is read-only over SSH.')); 90 90 + if ($protocol_command !== null) { 91 91 + throw new Exception( 92 92 + pht( 93 93 + 'This repository is read-only over SSH (tried to execute '. 94 94 + 'protocol command "%s").', 95 95 + $protocol_command)); 96 96 + } else { 97 97 + throw new Exception( 98 98 + pht('This repository is read-only over SSH.')); 99 99 + } 92 100 break; 93 101 case PhabricatorRepository::SERVE_READWRITE: 94 102 $can_push = PhabricatorPolicyFilter::hasCapability(

src/infrastructure/ssh/PhabricatorSSHPassthruCommand.php

reviewed

··· 139 139 if ($done) { 140 140 break; 141 141 } 142 142 + 143 143 + // If the client has disconnected, kill the subprocess and bail. 144 144 + if (!$io_channel->isOpenForWriting()) { 145 145 + $this->execFuture->resolveKill(); 146 146 + break; 147 147 + } 142 148 } 143 149 144 150 list($err) = $this->execFuture->resolve();