You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Thomas Quinot <qu...@adacore.com> on 2007/10/08 17:24:59 UTC

snvsync fails when no read permissions on trunk

We have come across an issue trying to use svnsync to synchronize
a repository where the user doing the syncrhonization has read
permissions on some selected subtrees of the repository, but not on the
repository root or top-level trunk.

To reproduce:

1. set up master repo

2. load attached dump

3. configure access control

[/]
*=
[/trunk/module]
*=r

4. check that the access control is properly enforced

svn ls svn+ssh://localhost/path/to/master
--> svn: Authorization failed

svn ls svn+ssh://localhost/path/to/master/trunk/module
--> README

5. set up slave repo

$ svnsync init file:///path/to/slave svn+ssh://localhost/path/to/master
--> Copied properties for revision 0.

6. launch sync
$ svnsync sync file:///path/to/slave svn+ssh://localhost/path/to/master
--> svnsync hangs because it fails to execute the open-dir operation
    on non-existent directory 'trunk' (because it never saw the
    directory creating operation, having no visibility on it)

Proposed fix is for svnsync to create any directory that does not exist
at the time it tries to open it. Diff attached, which seems to work
correctly on my setup.

Thomas.

-- 
Thomas Quinot, Ph.D. ** quinot@adacore.com ** Senior Software Engineer
               AdaCore -- Paris, France -- New York, USA

Re: snvsync fails when no read permissions on trunk

Posted by Thomas Quinot <qu...@adacore.com>.

* Thomas Quinot, 2007-10-09 :

> > Thomas, mind filing an issue describing the problem, and referencing this
> > discussion for thoughts on possible solutions?
> Sure, will do.

http://subversion.tigris.org/issues/show_bug.cgi?id=2960

-- 
Thomas Quinot, Ph.D. ** quinot@adacore.com ** Senior Software Engineer
               AdaCore -- Paris, France -- New York, USA

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: snvsync fails when no read permissions on trunk

Posted by Thomas Quinot <qu...@adacore.com>.

* Daniel L. Rall, 2007-10-08 :

> Thomas, mind filing an issue describing the problem, and referencing this
> discussion for thoughts on possible solutions?

Sure, will do.
 
> > However, I'm not sure --- should this be fixed at the tool level in
> > svnsync or at the repos level in svn_repos_replay?
> Between those two, replay.

I have no strong preference for either, I worked around the issue at the
tool level because that looked like the easier approach for someone not
that familiar with Subversion code, but on the other hand I noted that
there was some circuitry already in place in replay to deal with such
issues (add_subdir). However that code path does not seem to be used in
the case I described.

Thomas.

-- 
Thomas Quinot, Ph.D. ** quinot@adacore.com ** Senior Software Engineer
               AdaCore -- Paris, France -- New York, USA

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: snvsync fails when no read permissions on trunk

Posted by "Daniel L. Rall" <dl...@finemaltcoding.com>.

On Mon, 08 Oct 2007, David Glasser wrote:

> On 10/8/07, Thomas Quinot <qu...@adacore.com> wrote:
> > We have come across an issue trying to use svnsync to synchronize
> > a repository where the user doing the syncrhonization has read
> > permissions on some selected subtrees of the repository, but not on the
> > repository root or top-level trunk.
> >
> > To reproduce:
> >
> > 1. set up master repo
> >
> > 2. load attached dump
> >
> > 3. configure access control
> >
> > [/]
> > *=
> > [/trunk/module]
> > *=r
> >
> > 4. check that the access control is properly enforced
> >
> > svn ls svn+ssh://localhost/path/to/master
> > --> svn: Authorization failed
> >
> > svn ls svn+ssh://localhost/path/to/master/trunk/module
> > --> README
> >
> > 5. set up slave repo
> >
> > $ svnsync init file:///path/to/slave svn+ssh://localhost/path/to/master
> > --> Copied properties for revision 0.
> >
> > 6. launch sync
> > $ svnsync sync file:///path/to/slave svn+ssh://localhost/path/to/master
> > --> svnsync hangs because it fails to execute the open-dir operation
> >     on non-existent directory 'trunk' (because it never saw the
> >     directory creating operation, having no visibility on it)
> >
> > Proposed fix is for svnsync to create any directory that does not exist
> > at the time it tries to open it. Diff attached, which seems to work
> > correctly on my setup.
> 
> This does seem like a bug.
 
Yeah.  Almost seems like we need depth-level access controls, though...

The authz code is working as intended, but not how users are going to
want it to.

Thomas, mind filing an issue describing the problem, and referencing this
discussion for thoughts on possible solutions?

> However, I'm not sure --- should this be fixed at the tool level in
> svnsync or at the repos level in svn_repos_replay?

Between those two, replay.

Re: snvsync fails when no read permissions on trunk

Posted by David Glasser <gl...@davidglasser.net>.

On 10/8/07, Thomas Quinot <qu...@adacore.com> wrote:
> We have come across an issue trying to use svnsync to synchronize
> a repository where the user doing the syncrhonization has read
> permissions on some selected subtrees of the repository, but not on the
> repository root or top-level trunk.
>
> To reproduce:
>
> 1. set up master repo
>
> 2. load attached dump
>
> 3. configure access control
>
> [/]
> *=
> [/trunk/module]
> *=r
>
> 4. check that the access control is properly enforced
>
> svn ls svn+ssh://localhost/path/to/master
> --> svn: Authorization failed
>
> svn ls svn+ssh://localhost/path/to/master/trunk/module
> --> README
>
> 5. set up slave repo
>
> $ svnsync init file:///path/to/slave svn+ssh://localhost/path/to/master
> --> Copied properties for revision 0.
>
> 6. launch sync
> $ svnsync sync file:///path/to/slave svn+ssh://localhost/path/to/master
> --> svnsync hangs because it fails to execute the open-dir operation
>     on non-existent directory 'trunk' (because it never saw the
>     directory creating operation, having no visibility on it)
>
> Proposed fix is for svnsync to create any directory that does not exist
> at the time it tries to open it. Diff attached, which seems to work
> correctly on my setup.

This does seem like a bug.

However, I'm not sure --- should this be fixed at the tool level in
svnsync or at the repos level in svn_repos_replay?

--dave

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org