Allow profile directory creation failures for Service Account scenarios (#3244)

SteveL-MSFT · lzybkr · commit a2687bfb59ea · 2017-03-05T22:05:10.000-08:00
XDG profile directory creation can fail for accounts that do not have home directories. The module analysis was trying to persist it's cache in an XDG profile directory. The cache is less critical than it once was, so it's reasonable to not cache if there is no good place to do so. Fixes #3011
diff --git a/src/System.Management.Automation/CoreCLR/CorePsPlatform.cs b/src/System.Management.Automation/CoreCLR/CorePsPlatform.cs
@@ -261,7 +261,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)
                         // create the xdg folder if needed
                         if (!Directory.Exists(xdgDataHomeDefault))
                         {
-                            Directory.CreateDirectory(xdgDataHomeDefault);
+                            try
+                            {
+                                Directory.CreateDirectory(xdgDataHomeDefault);
+                            }
+                            catch (UnauthorizedAccessException)
+                            {
+                                //service accounts won't have permission to create user folder
+                            }
                         }
                         return xdgDataHomeDefault;
                     }
@@ -277,7 +284,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)
                         //xdg values have not been set
                         if (!Directory.Exists(xdgModuleDefault)) //module folder not always guaranteed to exist
                         {
-                            Directory.CreateDirectory(xdgModuleDefault);
+                            try
+                            {
+                                Directory.CreateDirectory(xdgModuleDefault);
+                            }
+                            catch (UnauthorizedAccessException)
+                            {
+                                //service accounts won't have permission to create user folder
+                            }
                         }
                         return xdgModuleDefault;
                     }
@@ -296,7 +310,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)
                         //xdg values have not been set
                         if (!Directory.Exists(xdgCacheDefault)) //module folder not always guaranteed to exist
                         {
-                            Directory.CreateDirectory(xdgCacheDefault);
+                            try
+                            {
+                                Directory.CreateDirectory(xdgCacheDefault);
+                            }
+                            catch (UnauthorizedAccessException)
+                            {
+                                //service accounts won't have permission to create user folder
+                            }
                         }
 
                         return xdgCacheDefault;
@@ -306,7 +327,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)
                     {
                         if (!Directory.Exists(Path.Combine(xdgcachehome, "powershell")))
                         {
-                            Directory.CreateDirectory(Path.Combine(xdgcachehome, "powershell"));
+                            try
+                            {
+                                Directory.CreateDirectory(Path.Combine(xdgcachehome, "powershell"));
+                            }
+                            catch (UnauthorizedAccessException)
+                            {
+                                //service accounts won't have permission to create user folder
+                            }                                
                         }
 
                         return Path.Combine(xdgcachehome, "powershell");
diff --git a/src/System.Management.Automation/engine/Modules/AnalysisCache.cs b/src/System.Management.Automation/engine/Modules/AnalysisCache.cs
@@ -618,14 +618,16 @@ private static byte[] GetHeader()
 
         private int _saveCacheToDiskQueued;
 
+        private bool _saveCacheToDisk = true;
+
         public void QueueSerialization()
         {
             // We expect many modules to rapidly call for serialization.
             // Instead of doing it right away, we'll queue a task that starts writing
             // after it seems like we've stopped adding stuff to write out.  This is
             // avoids blocking the pipeline thread waiting for the write to finish.
             // We want to make sure we only queue one task.
-            if (Interlocked.Increment(ref _saveCacheToDiskQueued) == 1)
+            if (_saveCacheToDisk && Interlocked.Increment(ref _saveCacheToDiskQueued) == 1)
             {
                 Task.Run(async delegate
                 {
@@ -694,6 +696,8 @@ private static void Write(string val, byte[] bytes, FileStream stream)
         private void Serialize(string filename)
         {
             AnalysisCacheData fromOtherProcess = null;
+            Diagnostics.Assert(_saveCacheToDisk != false, "Serialize should never be called without going through QueueSerialization which has a check");
+
             try
             {
                 if (Utils.NativeFileExists(filename))
@@ -710,7 +714,16 @@ private void Serialize(string filename)
                     var folder = Path.GetDirectoryName(filename);
                     if (!Directory.Exists(folder))
                     {
-                        Directory.CreateDirectory(folder);
+                        try
+                        {
+                            Directory.CreateDirectory(folder);
+                        }
+                        catch (UnauthorizedAccessException)
+                        {
+                            // service accounts won't be able to create directory
+                            _saveCacheToDisk = false;
+                            return;
+                        }
                     }
                 }
             }
diff --git a/test/powershell/Host/ConsoleHost.Tests.ps1 b/test/powershell/Host/ConsoleHost.Tests.ps1
@@ -381,6 +381,28 @@ foo
             }
         }
     }
+
+    Context "Data, Config, and Cache locations" {
+        BeforeEach {
+            $XDG_CACHE_HOME = $env:XDG_CACHE_HOME
+            $XDG_DATA_HOME = $env:XDG_DATA_HOME
+            $XDG_CONFIG_HOME = $env:XDG_CONFIG_HOME
+        }
+
+        AfterEach {
+            $env:XDG_CACHE_HOME = $XDG_CACHE_HOME
+            $env:XDG_DATA_HOME = $XDG_DATA_HOME
+            $env:XDG_CONFIG_HOME = $XDG_CONFIG_HOME            
+        }
+
+        It "Should start if Data, Config, and Cache location is not accessible" -skip:($IsWindows) {
+            $env:XDG_CACHE_HOME = "/dev/cpu"
+            $env:XDG_DATA_HOME = "/dev/cpu"
+            $env:XDG_CONFIG_HOME = "/dev/cpu"
+            $output = & powershell -noprofile -Command { (get-command).count }
+            [int]$output | Should BeGreaterThan 0
+        }
+    }
 }
 
 Describe "Console host api tests" -Tag CI {

Original file line number	Diff line number	Diff line change
`@@ -261,7 +261,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)`
`261`	`261`	`// create the xdg folder if needed`
`262`	`262`	`if (!Directory.Exists(xdgDataHomeDefault))`
`263`	`263`	`{`
`264`		`- Directory.CreateDirectory(xdgDataHomeDefault);`
	`264`	`+ try`
	`265`	`+ {`
	`266`	`+ Directory.CreateDirectory(xdgDataHomeDefault);`
	`267`	`+ }`
	`268`	`+ catch (UnauthorizedAccessException)`
	`269`	`+ {`
	`270`	`+ //service accounts won't have permission to create user folder`
	`271`	`+ }`
`265`	`272`	`}`
`266`	`273`	`return xdgDataHomeDefault;`
`267`	`274`	`}`
`@@ -277,7 +284,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)`
`277`	`284`	`//xdg values have not been set`
`278`	`285`	`if (!Directory.Exists(xdgModuleDefault)) //module folder not always guaranteed to exist`
`279`	`286`	`{`
`280`		`- Directory.CreateDirectory(xdgModuleDefault);`
	`287`	`+ try`
	`288`	`+ {`
	`289`	`+ Directory.CreateDirectory(xdgModuleDefault);`
	`290`	`+ }`
	`291`	`+ catch (UnauthorizedAccessException)`
	`292`	`+ {`
	`293`	`+ //service accounts won't have permission to create user folder`
	`294`	`+ }`
`281`	`295`	`}`
`282`	`296`	`return xdgModuleDefault;`
`283`	`297`	`}`
`@@ -296,7 +310,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)`
`296`	`310`	`//xdg values have not been set`
`297`	`311`	`if (!Directory.Exists(xdgCacheDefault)) //module folder not always guaranteed to exist`
`298`	`312`	`{`
`299`		`- Directory.CreateDirectory(xdgCacheDefault);`
	`313`	`+ try`
	`314`	`+ {`
	`315`	`+ Directory.CreateDirectory(xdgCacheDefault);`
	`316`	`+ }`
	`317`	`+ catch (UnauthorizedAccessException)`
	`318`	`+ {`
	`319`	`+ //service accounts won't have permission to create user folder`
	`320`	`+ }`
`300`	`321`	`}`
`301`	`322`
`302`	`323`	`return xdgCacheDefault;`
`@@ -306,7 +327,14 @@ public static string SelectProductNameForDirectory(Platform.XDG_Type dirpath)`
`306`	`327`	`{`
`307`	`328`	`if (!Directory.Exists(Path.Combine(xdgcachehome, "powershell")))`
`308`	`329`	`{`
`309`		`- Directory.CreateDirectory(Path.Combine(xdgcachehome, "powershell"));`
	`330`	`+ try`
	`331`	`+ {`
	`332`	`+ Directory.CreateDirectory(Path.Combine(xdgcachehome, "powershell"));`
	`333`	`+ }`
	`334`	`+ catch (UnauthorizedAccessException)`
	`335`	`+ {`
	`336`	`+ //service accounts won't have permission to create user folder`
	`337`	`+ }`
`310`	`338`	`}`
`311`	`339`
`312`	`340`	`return Path.Combine(xdgcachehome, "powershell");`
Original file line number	Diff line number	Diff line change
`@@ -618,14 +618,16 @@ private static byte[] GetHeader()`
`618`	`618`
`619`	`619`	`private int _saveCacheToDiskQueued;`
`620`	`620`
	`621`	`+ private bool _saveCacheToDisk = true;`
	`622`	`+`
`621`	`623`	`public void QueueSerialization()`
`622`	`624`	`{`
`623`	`625`	`// We expect many modules to rapidly call for serialization.`
`624`	`626`	`// Instead of doing it right away, we'll queue a task that starts writing`
`625`	`627`	`// after it seems like we've stopped adding stuff to write out. This is`
`626`	`628`	`// avoids blocking the pipeline thread waiting for the write to finish.`
`627`	`629`	`// We want to make sure we only queue one task.`
`628`		`- if (Interlocked.Increment(ref _saveCacheToDiskQueued) == 1)`
	`630`	`+ if (_saveCacheToDisk && Interlocked.Increment(ref _saveCacheToDiskQueued) == 1)`
`629`	`631`	`{`
`630`	`632`	`Task.Run(async delegate`
`631`	`633`	`{`
`@@ -694,6 +696,8 @@ private static void Write(string val, byte[] bytes, FileStream stream)`
`694`	`696`	`private void Serialize(string filename)`
`695`	`697`	`{`
`696`	`698`	`AnalysisCacheData fromOtherProcess = null;`
	`699`	`+ Diagnostics.Assert(_saveCacheToDisk != false, "Serialize should never be called without going through QueueSerialization which has a check");`
	`700`	`+`
`697`	`701`	`try`
`698`	`702`	`{`
`699`	`703`	`if (Utils.NativeFileExists(filename))`
`@@ -710,7 +714,16 @@ private void Serialize(string filename)`
`710`	`714`	`var folder = Path.GetDirectoryName(filename);`
`711`	`715`	`if (!Directory.Exists(folder))`
`712`	`716`	`{`
`713`		`- Directory.CreateDirectory(folder);`
	`717`	`+ try`
	`718`	`+ {`
	`719`	`+ Directory.CreateDirectory(folder);`
	`720`	`+ }`
	`721`	`+ catch (UnauthorizedAccessException)`
	`722`	`+ {`
	`723`	`+ // service accounts won't be able to create directory`
	`724`	`+ _saveCacheToDisk = false;`
	`725`	`+ return;`
	`726`	`+ }`
`714`	`727`	`}`
`715`	`728`	`}`
`716`	`729`	`}`