[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Queries about SVN (Security related)

From: Jerryleen S <jerryleen.s_at_prdcinfotech.com>
Date: Wed, 30 Nov 2011 10:11:05 +0530

Dear Johan,

Now we sure that we can differentiate between different forms of commit, is it possible by any SVN enthusiasts to help me write pre-commit script to deny delete/add transactions for certain users.

Thanks & Regards,

Jerryleen S

Project Coordinator, PRDC

-----Original Message-----
From: Johan Corveleyn [mailto:jcorvel_at_gmail.com]
Sent: Tuesday, November 29, 2011 7:16 PM
To: Jerryleen S
Cc: Nico Kadel-Garcia; Cooke, Mark; users_at_subversion.apache.org; channaveeraswamy; Daniel Shahaf
Subject: Re: Queries about SVN (Security related)

On Tue, Nov 29, 2011 at 7:44 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Jerryleen S wrote on Tue, Nov 29, 2011 at 10:50:06 +0530:
>> but as per discussion in the thread it isn't possible to differentiate
>> deleting or adding or modifying transaction during pre-commit script.
>>
>
> I don't understand what you're claiming.  The situation is:
>
> - The pre-commit hook knows the EXACT contents of the transaction
>  (which will become a revision if the hook does exit(0)).  That in
>  particular includes the equivalent of 'svn log -qv' of the txn.
>
>  (five minutes on a file:///tmp/r repository with 'svnlook -t' will
>  confirm or refute this)
>
> - The pre-commit hook can modify the txn before it becomes a revision.
>  Such modifications cannot be communicated to the client performing the
>  commit.
>
>  (for the former assertion, see svn_fs_open_txn() and similar FS APIs.
>  for the latter, the client code (libsvn_ra and libsvn_wc) assumes that
>  the changes sent to the server are those committed, and updates the wc
>  state based on the changes sent.)

To reiterate what Daniel said: you can perfectly well see the
difference between an Add (A), a Delete (D) or a Modification (M) in a
pre-commit hook. The command 'svnlook changed -t <transaction>' will
give you a list of everything that's about to be changed by the
transaction in question. Lines beginning with A indicate Additions, D
for Deletes and M for Modifications.

Of course this is only speaking at file/directory granularity (which
files/directories are added, deleted, modified). If you want to know
if a Modified file has additions, deletions or modifications, you'll
have to examine/parse the output of 'svnlook diff' to see the concrete
content changes ...

-- 
Johan
******************************************************************************************************************
Please consider the environment before printing this email. Do it only if it is absolutely necessary.
DISCLAIMER:
The contents of this email including attachment(s), if any, are intended for the exclusive use of the addressee(s) and 
may contain proprietary, confidential or privileged information. If you have received this mail in error, please notify the 
sender immediately and destroy all copies of this message and any attachment(s).Computer viruses or other malware 
can be transmitted by email. Therefore, please check this email and any attachment(s) for the presence of viruses, malware, 
etc. The PRDC accepts no liability whatsoever for any damage - whether direct or consequential - caused by any virus, malware,
 etc. transmitted by this email.
******************************************************************************************************************
******************************************************************************************************************
Please consider the environment before printing this email. Do it only if it is absolutely necessary.
DISCLAIMER:
The contents of this email including attachment(s), if any, are intended for the exclusive use of the addressee(s) and 
may contain proprietary, confidential or privileged information. If you have received this mail in error, please notify the 
sender immediately and destroy all copies of this message and any attachment(s).Computer viruses or other malware 
can be transmitted by email. Therefore, please check this email and any attachment(s) for the presence of viruses, malware, 
etc. The PRDC accepts no liability whatsoever for any damage - whether direct or consequential - caused by any virus, malware,
 etc. transmitted by this email.
******************************************************************************************************************
Received on 2011-11-30 05:38:54 CET

This is an archived mail posted to the Subversion Users mailing list.