Mercurial > hg > mercurial-crew-with-dirclash
comparison tests/test-trusted.py @ 3010:494521a3f142
Only read .hg/hgrc files from trusted users/groups
The list of trusted users and groups is specified in the [trusted]
section of a hgrc; the current user is always trusted; "*" can be
used to trust all users/groups.
Global hgrc files are always read.
On Windows (and other systems that don't have the pwd and grp modules),
all .hg/hgrc files are read.
| author | Alexis S. L. Carvalho <alexis@cecm.usp.br> |
|---|---|
| date | Tue, 22 Aug 2006 20:45:03 -0300 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 3009:abcd6ae3cf5a | 3010:494521a3f142 |
|---|---|
| 1 #!/usr/bin/env python | |
| 2 # Since it's not easy to write a test that portably deals | |
| 3 # with files from different users/groups, we cheat a bit by | |
| 4 # monkey-patching some functions in the util module | |
| 5 | |
| 6 import os | |
| 7 from mercurial import ui, util | |
| 8 | |
| 9 hgrc = os.environ['HGRCPATH'] | |
| 10 | |
| 11 def testui(user='foo', group='bar', tusers=(), tgroups=(), | |
| 12 cuser='foo', cgroup='bar'): | |
| 13 # user, group => owners of the file | |
| 14 # tusers, tgroups => trusted users/groups | |
| 15 # cuser, cgroup => user/group of the current process | |
| 16 | |
| 17 # write a global hgrc with the list of trusted users/groups and | |
| 18 # some setting so that we can be sure it was read | |
| 19 f = open(hgrc, 'w') | |
| 20 f.write('[paths]\n') | |
| 21 f.write('global = /some/path\n\n') | |
| 22 | |
| 23 if tusers or tgroups: | |
| 24 f.write('[trusted]\n') | |
| 25 if tusers: | |
| 26 f.write('users = %s\n' % ', '.join(tusers)) | |
| 27 if tgroups: | |
| 28 f.write('groups = %s\n' % ', '.join(tgroups)) | |
| 29 f.close() | |
| 30 | |
| 31 # override the functions that give names to uids and gids | |
| 32 def username(uid=None): | |
| 33 if uid is None: | |
| 34 return cuser | |
| 35 return user | |
| 36 util.username = username | |
| 37 | |
| 38 def groupname(gid=None): | |
| 39 if gid is None: | |
| 40 return 'bar' | |
| 41 return group | |
| 42 util.groupname = groupname | |
| 43 | |
| 44 # try to read everything | |
| 45 #print '# File belongs to user %s, group %s' % (user, group) | |
| 46 #print '# trusted users = %s; trusted groups = %s' % (tusers, tgroups) | |
| 47 kind = ('different', 'same') | |
| 48 who = ('', 'user', 'group', 'user and the group') | |
| 49 trusted = who[(user in tusers) + 2*(group in tgroups)] | |
| 50 if trusted: | |
| 51 trusted = ', but we trust the ' + trusted | |
| 52 print '# %s user, %s group%s' % (kind[user == cuser], kind[group == cgroup], | |
| 53 trusted) | |
| 54 | |
| 55 parentui = ui.ui() | |
| 56 u = ui.ui(parentui=parentui) | |
| 57 u.readconfig('.hg/hgrc') | |
| 58 for name, path in u.configitems('paths'): | |
| 59 print name, '=', path | |
| 60 print | |
| 61 | |
| 62 return u | |
| 63 | |
| 64 os.mkdir('repo') | |
| 65 os.chdir('repo') | |
| 66 os.mkdir('.hg') | |
| 67 f = open('.hg/hgrc', 'w') | |
| 68 f.write('[paths]\n') | |
| 69 f.write('local = /another/path\n\n') | |
| 70 f.close() | |
| 71 | |
| 72 #print '# Everything is run by user foo, group bar\n' | |
| 73 | |
| 74 # same user, same group | |
| 75 testui() | |
| 76 # same user, different group | |
| 77 testui(group='def') | |
| 78 # different user, same group | |
| 79 testui(user='abc') | |
| 80 # ... but we trust the group | |
| 81 testui(user='abc', tgroups=['bar']) | |
| 82 # different user, different group | |
| 83 testui(user='abc', group='def') | |
| 84 # ... but we trust the user | |
| 85 testui(user='abc', group='def', tusers=['abc']) | |
| 86 # ... but we trust the group | |
| 87 testui(user='abc', group='def', tgroups=['def']) | |
| 88 # ... but we trust the user and the group | |
| 89 testui(user='abc', group='def', tusers=['abc'], tgroups=['def']) | |
| 90 # ... but we trust all users | |
| 91 print '# we trust all users' | |
| 92 testui(user='abc', group='def', tusers=['*']) | |
| 93 # ... but we trust all groups | |
| 94 print '# we trust all groups' | |
| 95 testui(user='abc', group='def', tgroups=['*']) | |
| 96 # ... but we trust the whole universe | |
| 97 print '# we trust all users and groups' | |
| 98 testui(user='abc', group='def', tusers=['*'], tgroups=['*']) | |
| 99 # ... check that users and groups are in different namespaces | |
| 100 print "# we don't get confused by users and groups with the same name" | |
| 101 testui(user='abc', group='def', tusers=['def'], tgroups=['abc']) | |
| 102 # ... lists of user names work | |
| 103 print "# list of user names" | |
| 104 testui(user='abc', group='def', tusers=['foo', 'xyz', 'abc', 'bleh'], | |
| 105 tgroups=['bar', 'baz', 'qux']) | |
| 106 # ... lists of group names work | |
| 107 print "# list of group names" | |
| 108 testui(user='abc', group='def', tusers=['foo', 'xyz', 'bleh'], | |
| 109 tgroups=['bar', 'def', 'baz', 'qux']) | |
| 110 | |
| 111 print "# Can't figure out the name of the user running this process" | |
| 112 testui(user='abc', group='def', cuser=None) |