Support serving SVN repositories over SSH

Summary:
Ref T2230. The SVN protocol has a sensible protocol format with a good spec here:

http://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_ra_svn/protocol

Particularly, compare this statement to the clown show that is the Mercurial wire protocol:

> It is possible to parse an item without knowing its type in advance.

WHAT A REASONABLE STATEMENT TO BE ABLE TO MAKE ABOUT A WIRE PROTOCOL

Although it makes substantially more sense than Mercurial, it's much heavier-weight than the Git or Mercurial protocols, since it isn't distributed.

It's also not possible to figure out if a request is a write request (or even which repository it is against) without proxying some of the protocol frames. Finally, several protocol commands embed repository URLs, and we need to reach into the protocol and translate them.

Test Plan: Ran various SVN commands over SSH (`svn log`, `svn up`, `svn commit`, etc).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2230

Differential Revision: https://secure.phabricator.com/D7556

Author: epriestley

scripts/ssh/ssh-exec.php

@@ -61,6 +61,7 @@
 
   $workflows = array(
     new ConduitSSHWorkflow(),
+    new DiffusionSSHSubversionServeWorkflow(),
     new DiffusionSSHMercurialServeWorkflow(),
     new DiffusionSSHGitUploadPackWorkflow(),
     new DiffusionSSHGitReceivePackWorkflow(),

src/__phutil_library_map__.php

@@ -547,10 +547,14 @@
     'DiffusionSSHMercurialWireClientProtocolChannel' => 'applications/diffusion/ssh/DiffusionSSHMercurialWireClientProtocolChannel.php',
     'DiffusionSSHMercurialWireTestCase' => 'applications/diffusion/ssh/__tests__/DiffusionSSHMercurialWireTestCase.php',
     'DiffusionSSHMercurialWorkflow' => 'applications/diffusion/ssh/DiffusionSSHMercurialWorkflow.php',
+    'DiffusionSSHSubversionServeWorkflow' => 'applications/diffusion/ssh/DiffusionSSHSubversionServeWorkflow.php',
+    'DiffusionSSHSubversionWorkflow' => 'applications/diffusion/ssh/DiffusionSSHSubversionWorkflow.php',
     'DiffusionSSHWorkflow' => 'applications/diffusion/ssh/DiffusionSSHWorkflow.php',
     'DiffusionServeController' => 'applications/diffusion/controller/DiffusionServeController.php',
     'DiffusionSetPasswordPanel' => 'applications/diffusion/panel/DiffusionSetPasswordPanel.php',
     'DiffusionSetupException' => 'applications/diffusion/exception/DiffusionSetupException.php',
+    'DiffusionSubversionWireProtocol' => 'applications/diffusion/protocol/DiffusionSubversionWireProtocol.php',
+    'DiffusionSubversionWireProtocolTestCase' => 'applications/diffusion/protocol/__tests__/DiffusionSubversionWireProtocolTestCase.php',
     'DiffusionSvnCommitParentsQuery' => 'applications/diffusion/query/parents/DiffusionSvnCommitParentsQuery.php',
     'DiffusionSvnFileContentQuery' => 'applications/diffusion/query/filecontent/DiffusionSvnFileContentQuery.php',
     'DiffusionSvnRawDiffQuery' => 'applications/diffusion/query/rawdiff/DiffusionSvnRawDiffQuery.php',
@@ -2816,10 +2820,14 @@
     'DiffusionSSHMercurialWireClientProtocolChannel' => 'PhutilProtocolChannel',
     'DiffusionSSHMercurialWireTestCase' => 'PhabricatorTestCase',
     'DiffusionSSHMercurialWorkflow' => 'DiffusionSSHWorkflow',
+    'DiffusionSSHSubversionServeWorkflow' => 'DiffusionSSHSubversionWorkflow',
+    'DiffusionSSHSubversionWorkflow' => 'DiffusionSSHWorkflow',
     'DiffusionSSHWorkflow' => 'PhabricatorSSHWorkflow',
     'DiffusionServeController' => 'DiffusionController',
     'DiffusionSetPasswordPanel' => 'PhabricatorSettingsPanel',
     'DiffusionSetupException' => 'AphrontUsageException',
+    'DiffusionSubversionWireProtocol' => 'Phobject',
+    'DiffusionSubversionWireProtocolTestCase' => 'PhabricatorTestCase',
     'DiffusionSvnCommitParentsQuery' => 'DiffusionCommitParentsQuery',
     'DiffusionSvnFileContentQuery' => 'DiffusionFileContentQuery',
     'DiffusionSvnRawDiffQuery' => 'DiffusionRawDiffQuery',

src/applications/diffusion/protocol/DiffusionSubversionWireProtocol.php

@@ -0,0 +1,188 @@
+<?php
+
+final class DiffusionSubversionWireProtocol extends Phobject {
+
+  private $buffer = '';
+  private $state = 'item';
+  private $expectBytes = 0;
+  private $byteBuffer = '';
+  private $stack = array();
+  private $list = array();
+  private $raw = '';
+
+  private function pushList() {
+    $this->stack[] = $this->list;
+    $this->list = array();
+  }
+
+  private function popList() {
+    $list = $this->list;
+    $this->list = array_pop($this->stack);
+    return $list;
+  }
+
+  private function pushItem($item, $type) {
+    $this->list[] = array(
+      'type' => $type,
+      'value' => $item,
+    );
+  }
+
+  public function writeData($data) {
+    $this->buffer .= $data;
+
+    $messages = array();
+    while (true) {
+      if ($this->state == 'item') {
+        $match = null;
+        $result = null;
+        $buf = $this->buffer;
+        if (preg_match('/^([a-z][a-z0-9-]*)\s/i', $buf, $match)) {
+          $this->pushItem($match[1], 'word');
+        } else if (preg_match('/^(\d+)\s/', $buf, $match)) {
+          $this->pushItem((int)$match[1], 'number');
+        } else if (preg_match('/^(\d+):/', $buf, $match)) {
+          // NOTE: The "+ 1" includes the space after the string.
+          $this->expectBytes = (int)$match[1] + 1;
+          $this->state = 'bytes';
+        } else if (preg_match('/^(\\()\s/', $buf, $match)) {
+          $this->pushList();
+        } else if (preg_match('/^(\\))\s/', $buf, $match)) {
+          $list = $this->popList();
+          if ($this->stack) {
+            $this->pushItem($list, 'list');
+          } else {
+            $result = $list;
+          }
+        } else {
+          $match = false;
+        }
+
+        if ($match !== false) {
+          $this->raw .= substr($this->buffer, 0, strlen($match[0]));
+          $this->buffer = substr($this->buffer, strlen($match[0]));
+
+          if ($result !== null) {
+            $messages[] = array(
+              'structure' => $list,
+              'raw' => $this->raw,
+            );
+            $this->raw = '';
+          }
+        } else {
+          // No matches yet, wait for more data.
+          break;
+        }
+      } else if ($this->state == 'bytes') {
+        $new_data = substr($this->buffer, 0, $this->expectBytes);
+        $this->buffer = substr($this->buffer, strlen($new_data));
+
+        $this->expectBytes -= strlen($new_data);
+        $this->raw .= $new_data;
+        $this->byteBuffer .= $new_data;
+
+        if (!$this->expectBytes) {
+          $this->state = 'byte-space';
+          // Strip off the terminal space.
+          $this->pushItem(substr($this->byteBuffer, 0, -1), 'string');
+          $this->byteBuffer = '';
+          $this->state = 'item';
+        }
+      } else {
+        throw new Exception("Invalid state '{$this->state}'!");
+      }
+    }
+
+    return $messages;
+  }
+
+  /**
+   * Convert a parsed command struct into a wire protocol string.
+   */
+  public function serializeStruct(array $struct) {
+    $out = array();
+
+    $out[] = '( ';
+    foreach ($struct as $item) {
+      $value = $item['value'];
+      $type = $item['type'];
+      switch ($type) {
+        case 'word':
+          $out[] = $value;
+          break;
+        case 'number':
+          $out[] = $value;
+          break;
+        case 'string':
+          $out[] = strlen($value).':'.$value;
+          break;
+        case 'list':
+          $out[] = self::serializeStruct($value);
+          break;
+        default:
+          throw new Exception("Unknown SVN wire protocol structure '{$type}'!");
+      }
+      if ($type != 'list') {
+        $out[] = ' ';
+      }
+    }
+    $out[] = ') ';
+
+    return implode('', $out);
+  }
+
+  public function isReadOnlyCommand(array $struct) {
+    if (empty($struct[0]['type']) || ($struct[0]['type'] != 'word')) {
+      // This isn't what we expect; fail defensively.
+      throw new Exception(
+        pht("Unexpected command structure, expected '( word ... )'."));
+    }
+
+    switch ($struct[0]['value']) {
+      // Authentication command set.
+      case 'EXTERNAL':
+
+      // The "Main" command set. Some of the commands in this command set are
+      // mutation commands, and are omitted from this list.
+      case 'reparent':
+      case 'get-latest-rev':
+      case 'get-dated-rev':
+      case 'rev-proplist':
+      case 'rev-prop':
+      case 'get-file':
+      case 'get-dir':
+      case 'check-path':
+      case 'stat':
+      case 'update':
+      case 'get-mergeinfo':
+      case 'switch':
+      case 'status':
+      case 'diff':
+      case 'log':
+      case 'get-file-revs':
+      case 'get-locations':
+
+      // The "Report" command set. These are not actually mutation
+      // operations, they just define a request for information.
+      case 'set-path':
+      case 'delete-path':
+      case 'link-path':
+      case 'finish-report':
+      case 'abort-report':
+
+      // These are used to report command results.
+      case 'success':
+      case 'failure':
+
+        // If we get here, we've matched some known read-only command.
+        return true;
+      default:
+        // Anything else isn't a known read-only command, so require write
+        // access to use it.
+        break;
+    }
+
+    return false;
+  }
+
+}

src/applications/diffusion/protocol/__tests__/DiffusionSubversionWireProtocolTestCase.php

@@ -0,0 +1,80 @@
+<?php
+
+final class DiffusionSubversionWireProtocolTestCase
+  extends PhabricatorTestCase {
+
+  public function testSubversionWireProtocolParser() {
+    $this->assertSameSubversionMessages(
+      '( ) ',
+      array(
+        array(
+        ),
+      ));
+
+    $this->assertSameSubversionMessages(
+      '( duck 5:quack 42 ( item1 item2 ) ) ',
+      array(
+        array(
+          array(
+            'type' => 'word',
+            'value' => 'duck',
+          ),
+          array(
+            'type' => 'string',
+            'value' => 'quack',
+          ),
+          array(
+            'type' => 'number',
+            'value' => 42,
+          ),
+          array(
+            'type' => 'list',
+            'value' => array(
+              array(
+                'type' => 'word',
+                'value' => 'item1',
+              ),
+              array(
+                'type' => 'word',
+                'value' => 'item2',
+              ),
+            ),
+          ),
+        ),
+      ));
+
+    $this->assertSameSubversionMessages(
+      '( msg1 ) ( msg2 ) ',
+      array(
+        array(
+          array(
+            'type' => 'word',
+            'value' => 'msg1',
+          ),
+        ),
+        array(
+          array(
+            'type' => 'word',
+            'value' => 'msg2',
+          ),
+        ),
+      ));
+  }
+
+  private function assertSameSubversionMessages($string, array $structs) {
+    $proto = new DiffusionSubversionWireProtocol();
+
+    // Verify that the wire message parses into the structs.
+    $messages = $proto->writeData($string);
+    $messages = ipull($messages, 'structure');
+    $this->assertEqual($structs, $messages, 'parse<'.$string.'>');
+
+    // Verify that the structs serialize into the wire message.
+    $serial = array();
+    foreach ($structs as $struct) {
+      $serial[] = $proto->serializeStruct($struct);
+    }
+    $serial = implode('', $serial);
+    $this->assertEqual($string, $serial, 'serialize<'.$string.'>');
+  }
+}

src/applications/diffusion/ssh/DiffusionSSHGitReceivePackWorkflow.php

@@ -14,20 +14,18 @@ public function didConstruct() {
       ));
   }
 
-  public function getRequestPath() {
+  protected function executeRepositoryOperations() {
     $args = $this->getArgs();
-    return head($args->getArg('dir'));
-  }
-
-  protected function executeRepositoryOperations(
-    PhabricatorRepository $repository) {
+    $path = head($args->getArg('dir'));
+    $repository = $this->loadRepository($path);
 
     // This is a write, and must have write access.
     $this->requireWriteAccess();
 
     $future = new ExecFuture(
       'git-receive-pack %s',
       $repository->getLocalPath());
+
     $err = $this->newPassthruCommand()
       ->setIOChannel($this->getIOChannel())
       ->setCommandChannelFromExecFuture($future)

src/applications/diffusion/ssh/DiffusionSSHGitUploadPackWorkflow.php

@@ -14,13 +14,10 @@ public function didConstruct() {
       ));
   }
 
-  public function getRequestPath() {
+  protected function executeRepositoryOperations() {
     $args = $this->getArgs();
-    return head($args->getArg('dir'));
-  }
-
-  protected function executeRepositoryOperations(
-    PhabricatorRepository $repository) {
+    $path = head($args->getArg('dir'));
+    $repository = $this->loadRepository($path);
 
     $future = new ExecFuture('git-upload-pack %s', $repository->getLocalPath());
 

src/applications/diffusion/ssh/DiffusionSSHMercurialServeWorkflow.php

@@ -24,12 +24,10 @@ public function didConstruct() {
       ));
   }
 
-  public function getRequestPath() {
-    return $this->getArgs()->getArg('repository');
-  }
-
-  protected function executeRepositoryOperations(
-    PhabricatorRepository $repository) {
+  protected function executeRepositoryOperations() {
+    $args = $this->getArgs();
+    $path = $args->getArg('repository');
+    $repository = $this->loadRepository($path);
 
     $args = $this->getArgs();