Before executing svnserve, change the CWD to a readable directory

Summary: Fixes T10941. This avoids a confusing dead end when configuring Subversion hosting, where `svnserve` will fail to execute hooks if the CWD isn't readable by the vcs-user. Test Plan: - Updated and committed in a hosted SVN repository. - Ran some git operations, too. - @dpotter confirmed this locally in T10941. Reviewers: chad Reviewed By: chad Subscribers: dpotter Maniphest Tasks: T10941 Differential Revision: https://secure.phabricator.com/D15879
2024-11-19 05:12:41 +01:00 · 2016-05-10 05:25:43 -07:00 · 2016-05-10 05:25:43 -07:00 · de4312bcde
commit de4312bcde
parent cd86bf0174
3 changed files with 28 additions and 2 deletions
--- a/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
+++ b/src/applications/diffusion/protocol/DiffusionGitCommandEngine.php
@ -24,8 +24,7 @@ final class DiffusionGitCommandEngine
    // really silly, but seems like the least damaging approach to
    // mitigating the issue.

-    $root = dirname(phutil_get_library_root('phabricator'));
-    $env['HOME'] = $root.'/support/empty/';
+    $env['HOME'] = PhabricatorEnv::getEmptyCWD();

    if ($this->isAnySSHProtocol()) {
      $env['GIT_SSH'] = $this->getSSHWrapper();
--- a/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
+++ b/src/applications/diffusion/ssh/DiffusionSubversionServeSSHWorkflow.php
@ -148,15 +148,25 @@ final class DiffusionSubversionServeSSHWorkflow
    if ($this->shouldProxy()) {
      $command = $this->getProxyCommand();
      $this->isProxying = true;
+      $cwd = null;
    } else {
      $command = csprintf(
        'svnserve -t --tunnel-user=%s',
        $this->getUser()->getUsername());
+      $cwd = PhabricatorEnv::getEmptyCWD();
    }

    $command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
    $future = new ExecFuture('%C', $command);

+    // If we're receiving a commit, svnserve will fail to execute the commit
+    // hook with an unhelpful error if the CWD isn't readable by the user we
+    // are sudoing to. Switch to a readable, empty CWD before running
+    // svnserve. See T10941.
+    if ($cwd !== null) {
+      $future->setCWD($cwd);
+    }
+
    $this->inProtocol = new DiffusionSubversionWireProtocol();
    $this->outProtocol = new DiffusionSubversionWireProtocol();

--- a/src/infrastructure/env/PhabricatorEnv.php
+++ b/src/infrastructure/env/PhabricatorEnv.php
@ -877,4 +877,21 @@ final class PhabricatorEnv extends Phobject {
    umask(022);
  }

+
+  /**
+   * Get the path to an empty directory which is readable by all of the system
+   * user accounts that Phabricator acts as.
+   *
+   * In some cases, a binary needs some valid HOME or CWD to continue, but not
+   * all user accounts have valid home directories and even if they do they
+   * may not be readable after a `sudo` operation.
+   *
+   * @return string Path to an empty directory suitable for use as a CWD.
+   */
+  public static function getEmptyCWD() {
+    $root = dirname(phutil_get_library_root('phabricator'));
+    return $root.'/support/empty/';
+  }
+
+
 }