← Back to branch summary

~ubuntu-branches/debian/sid/subversion/sid

« back to all changes in this revision

Viewing changes to subversion/tests/cmdline/svnauthz_tests.py

  • Committer: Package Import Robot
  • Author(s): James McCoy
  • Date: 2015-08-07 21:32:47 UTC
  • mfrom: (0.2.15) (4.1.7 experimental)
  • Revision ID: package-import@ubuntu.com-20150807213247-ozyewtmgsr6tkewl
Tags: 1.9.0-1
http://bugs.debian.org/791844
* Upload to unstable
* New upstream release.
  + Security fixes
    - CVE-2015-3184: Mixed anonymous/authenticated path-based authz with
      httpd 2.4
    - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden
      by authz
* Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run
  tests.
* Remove Build-Conflicts against ruby-test-unit.  (Closes: #791844)
* Remove patches/apache_module_dependency in favor of expressing the
  dependencies in authz_svn.load/dav_svn.load.
* Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required()
  is available when building mod_authz_svn and Depend on apache2-bin (>=
  2.4.16) for runtime support.

Show diffs side-by-side

added added

removed removed

Lines of Context:
subversion/tests/cmdline/svnauthz_tests.py
92
92
  svntest.main.file_write(authz_path, authz_content)
93
93
 
94
94
  # Valid authz file
95
 
  svntest.actions.run_and_verify_svnauthz("Valid authz file", None, None,
 
95
  svntest.actions.run_and_verify_svnauthz(None, None,
96
96
                                          0, False, "validate", authz_path)
97
97
 
98
98
  # Invalid authz file, expect exit code 1, we found the file loaded it
99
99
  # but found an error
100
100
  svntest.main.file_write(authz_path, 'x\n')
101
 
  svntest.actions.run_and_verify_svnauthz("Invalid authz file", None, None,
 
101
  svntest.actions.run_and_verify_svnauthz(None, None,
102
102
                                          1, False, "validate", authz_path)
103
103
 
104
 
  # Non-existant authz file
 
104
  # Non-existent authz file
105
105
  # exit code 2, operational error since we can't test the file.
106
106
  os.close(authz_fd)
107
107
  os.remove(authz_path)
108
 
  svntest.actions.run_and_verify_svnauthz("Non-existant authz file", None,
 
108
  svntest.actions.run_and_verify_svnauthz(None,
109
109
                                          None, 2, False, "validate",
110
110
                                          authz_path)
111
111
 
128
128
  expected_status.add({
129
129
    'A/authz'            :  Item(status='  ', wc_rev=2),
130
130
  })
131
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
132
 
                                           expected_status, None, wc_dir):
133
 
    raise svntest.Failure
 
131
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
132
                                        expected_status)
134
133
 
135
134
  # Valid authz url (file stored in repo)
136
135
  authz_url = repo_url + '/A/authz'
137
 
  svntest.actions.run_and_verify_svnauthz("Valid authz url", None, None,
 
136
  svntest.actions.run_and_verify_svnauthz(None, None,
138
137
                                          0, False, "validate", authz_url)
139
138
 
140
139
  # Invalid authz url (again use the iota file in the repo)
141
140
  # expect exit code 1, we found the file loaded it but found an error
142
141
  iota_url = repo_url + '/iota'
143
 
  svntest.actions.run_and_verify_svnauthz("Invalid authz url", None, None,
 
142
  svntest.actions.run_and_verify_svnauthz(None, None,
144
143
                                          1, False, "validate", iota_url)
145
144
 
146
 
  # Non-existant authz url
 
145
  # Non-existent authz url
147
146
  # exit code 2, operational error since we can't test the file.
148
 
  svntest.actions.run_and_verify_svnauthz("Non-existant authz file", None,
 
147
  svntest.actions.run_and_verify_svnauthz(None,
149
148
                                          None, 2, False, "validate",
150
149
                                          repo_url + "/zilch")
151
150
 
174
173
  expected_status.add({
175
174
    'A/authz'            :  Item(status='  ', wc_rev=2),
176
175
  })
177
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
178
 
                                           expected_status, None, wc_dir):
179
 
    raise svntest.Failure
 
176
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
177
                                        expected_status)
180
178
  expected_data = ['Exit 0\n']
181
179
  verify_logfile(logfilepath, expected_data)
182
180
 
184
182
  svntest.main.file_append(authz_path, 'x')
185
183
  expected_output = wc.State(wc_dir, {'A/authz' : Item(verb='Sending')})
186
184
  expected_status.tweak('A/authz', status='  ', wc_rev=3)
187
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
188
 
                                           expected_status, None, wc_dir):
189
 
    raise svntest.Failure
 
185
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
186
                                        expected_status)
190
187
  expected_data = svntest.verify.RegexOutput(".*?Error parsing authz file: '.*?'",
191
188
                                             match_all=False)
192
189
  verify_logfile(logfilepath, expected_data, delete_log=False)
201
198
  svntest.main.file_append(authz_path, 'x')
202
199
  expected_status.tweak('A/authz', status='  ', wc_rev=4)
203
200
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
204
 
                                           expected_status, None, wc_dir):
 
201
                                           expected_status):
205
202
    raise svntest.Failure
206
203
  expected_data = svntest.verify.ExpectedOutput("Exit 2\n", match_all=False)
207
204
  verify_logfile(logfilepath, expected_data)
220
217
  # Anonymous access with no path, and no repository should be rw
221
218
  # since it returns the highest level of access granted anywhere.
222
219
  # So /bios being rw for everyone means this will be rw.
223
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access", ["rw\n"], None,
 
220
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None,
224
221
                                          0, False, "accessof", authz_path)
225
222
 
226
223
  # Anonymous access on /jokes should be r, no repo so won't match
227
224
  # the slapstick:/jokes section.
228
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path",
229
 
                                          ["r\n"], None, 0, False, "accessof",
 
225
  svntest.actions.run_and_verify_svnauthz(["r\n"], None, 0, False, "accessof",
230
226
                                          authz_path, "--path", "/jokes")
231
227
 
232
228
  # Anonymous access on /jokes on slapstick repo should be no
233
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path with repo",
234
 
                                          ["no\n"], None, 0, False, "accessof",
 
229
  svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False, "accessof",
235
230
                                          authz_path, "--path", "/jokes",
236
231
                                          "--repository", "slapstick")
237
232
 
238
233
  # User access with no path, and no repository should be rw
239
234
  # since it returns the h ighest level of access anywhere.
240
235
  # So /bios being rw for everyone means this will be rw.
241
 
  svntest.actions.run_and_verify_svnauthz("User access", ["rw\n"], None,
 
236
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None,
242
237
                                          0, False, "accessof", authz_path,
243
238
                                          "--username", "groucho")
244
239
 
245
240
  # User groucho specified on /jokes with no repo, will not match any of the
246
241
  # repo specific sections, so is r since everyone has read access.
247
 
  svntest.actions.run_and_verify_svnauthz("User access on path", ["r\n"], None,
 
242
  svntest.actions.run_and_verify_svnauthz(["r\n"], None,
248
243
                                          0, False, "accessof", authz_path,
249
244
                                          "--path", "/jokes", "--username",
250
245
                                          "groucho")
251
246
 
252
247
  # User groucho specified on /jokes with the repo comedy will be rw
253
 
  svntest.actions.run_and_verify_svnauthz("User access on path with repo",
254
 
                                          ["rw\n"], None, 0, False, "accessof",
 
248
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None, 0, False, "accessof",
255
249
                                          authz_path, "--path", "/jokes",
256
250
                                          "--username", "groucho",
257
251
                                          "--repository", "comedy")
282
276
    'A/authz'            :  Item(status='  ', wc_rev=2),
283
277
  })
284
278
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
285
 
                                           expected_status, None, wc_dir):
 
279
                                           expected_status):
286
280
    raise svntest.Failure
287
281
 
288
282
  # Anonymous access with no path, and no repository should be rw
289
283
  # since it returns the highest level of access granted anywhere.
290
284
  # So /bios being rw for everyone means this will be rw.
291
285
  authz_url = repo_url + "/A/authz"
292
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access", ["rw\n"], None,
 
286
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None,
293
287
                                          0, False, "accessof", authz_url)
294
288
 
295
289
  # Anonymous access on /jokes should be r, no repo so won't match
296
290
  # the slapstick:/jokes section.
297
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path",
298
 
                                          ["r\n"], None, 0, False, "accessof",
 
291
  svntest.actions.run_and_verify_svnauthz(["r\n"], None, 0, False, "accessof",
299
292
                                          authz_url, "--path", "/jokes")
300
293
 
301
294
  # Anonymous access on /jokes on slapstick repo should be no
302
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path with repo",
303
 
                                          ["no\n"], None, 0, False, "accessof",
 
295
  svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False, "accessof",
304
296
                                          authz_url, "--path", "/jokes",
305
297
                                          "--repository", "slapstick")
306
298
 
307
299
  # User access with no path, and no repository should be rw
308
300
  # since it returns the h ighest level of access anywhere.
309
301
  # So /bios being rw for everyone means this will be rw.
310
 
  svntest.actions.run_and_verify_svnauthz("User access", ["rw\n"], None,
 
302
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None,
311
303
                                          0, False, "accessof", authz_url,
312
304
                                          "--username", "groucho")
313
305
 
314
306
  # User groucho specified on /jokes with no repo, will not match any of the
315
307
  # repo specific sections, so is r since everyone has read access.
316
 
  svntest.actions.run_and_verify_svnauthz("User access on path", ["r\n"], None,
 
308
  svntest.actions.run_and_verify_svnauthz(["r\n"], None,
317
309
                                          0, False, "accessof", authz_url,
318
310
                                          "--path", "/jokes", "--username",
319
311
                                          "groucho")
320
312
 
321
313
  # User groucho specified on /jokes with the repo comedy will be rw
322
 
  svntest.actions.run_and_verify_svnauthz("User access on path with repo",
323
 
                                          ["rw\n"], None, 0, False, "accessof",
 
314
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None, 0, False, "accessof",
324
315
                                          authz_url, "--path", "/jokes",
325
316
                                          "--username", "groucho",
326
317
                                          "--repository", "comedy")
341
332
 
342
333
  # Anonymous access with no path, and no repository should be no
343
334
  # since it returns the highest level of access granted anywhere.
344
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access", ["no\n"], None,
 
335
  svntest.actions.run_and_verify_svnauthz(["no\n"], None,
345
336
                                          0, False, "accessof", authz_path,
346
337
                                          "--groups-file", groups_path)
347
338
 
348
339
  # User stafford (@musicians) access with no path, and no repository should
349
340
  # be no since it returns the highest level of access granted anywhere.
350
 
  svntest.actions.run_and_verify_svnauthz("Group 1 access",
351
 
                                          ["rw\n"], None,
 
341
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None,
352
342
                                          0, False, "accessof", authz_path,
353
343
                                          "--groups-file", groups_path,
354
344
                                          "--username", "stafford")
355
345
 
356
346
  # User groucho (@comedians) access with no path, and no repository should
357
347
  # be no since it returns the highest level of access granted anywhere.
358
 
  svntest.actions.run_and_verify_svnauthz("Group 2 access",
359
 
                                          ["no\n"], None,
 
348
  svntest.actions.run_and_verify_svnauthz(["no\n"], None,
360
349
                                          0, False, "accessof", authz_path,
361
350
                                          "--groups-file", groups_path,
362
351
                                          "--username", "groucho")
363
352
 
364
353
  # Anonymous access specified on /jokes with the repo comedy will be no.
365
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path with repo",
366
 
                                          ["no\n"], None, 0, False,
 
354
  svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False,
367
355
                                          "accessof", authz_path,
368
356
                                          "--groups-file", groups_path,
369
357
                                          "--path", "jokes",
371
359
 
372
360
  # User stafford (@musicians) specified on /jokes with the repo comedy
373
361
  # will be no.
374
 
  svntest.actions.run_and_verify_svnauthz("Group 1 access on path with repo",
375
 
                                          ["no\n"], None,
 
362
  svntest.actions.run_and_verify_svnauthz(["no\n"], None,
376
363
                                          0, False, "accessof", authz_path,
377
364
                                          "--groups-file", groups_path,
378
365
                                          "--path", "jokes",
381
368
 
382
369
  # User groucho (@comedians) specified on /jokes with the repo
383
370
  # comedy will be r.
384
 
  svntest.actions.run_and_verify_svnauthz("Group 2 access on path with repo",
385
 
                                          ["r\n"], None,
 
371
  svntest.actions.run_and_verify_svnauthz(["r\n"], None,
386
372
                                          0, False, "accessof", authz_path,
387
373
                                          "--groups-file", groups_path,
388
374
                                          "--path", "jokes",
423
409
    'A/groups'           :  Item(status='  ', wc_rev=2),
424
410
  })
425
411
 
426
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
427
 
                                           expected_status, None, wc_dir):
428
 
    raise svntest.Failure
 
412
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
413
                                        expected_status)
429
414
 
430
415
  # Anonymous access with no path, and no repository should be no
431
416
  # since it returns the highest level of access granted anywhere.
432
417
  authz_url = repo_url + "/A/authz"
433
418
  groups_url = repo_url + "/A/groups"
434
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access", ["no\n"], None,
 
419
  svntest.actions.run_and_verify_svnauthz(["no\n"], None,
435
420
                                          0, False, "accessof", authz_url,
436
421
                                          "--groups-file", groups_url)
437
422
 
438
423
  # User stafford (@musicians) access with no path, and no repository should
439
424
  # be no since it returns the highest level of access granted anywhere.
440
 
  svntest.actions.run_and_verify_svnauthz("Group 1 access",
441
 
                                          ["rw\n"], None,
 
425
  svntest.actions.run_and_verify_svnauthz(["rw\n"], None,
442
426
                                          0, False, "accessof", authz_url,
443
427
                                          "--groups-file", groups_url,
444
428
                                          "--username", "stafford")
445
429
 
446
430
  # User groucho (@comedians) access with no path, and no repository should
447
431
  # be no since it returns the highest level of access granted anywhere.
448
 
  svntest.actions.run_and_verify_svnauthz("Group 2 access",
449
 
                                          ["no\n"], None,
 
432
  svntest.actions.run_and_verify_svnauthz(["no\n"], None,
450
433
                                          0, False, "accessof", authz_url,
451
434
                                          "--groups-file", groups_url,
452
435
                                          "--username", "groucho")
453
436
 
454
437
  # Anonymous access specified on /jokes with the repo comedy will be no.
455
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path with repo",
456
 
                                          ["no\n"], None, 0, False,
 
438
  svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False,
457
439
                                          "accessof", authz_url,
458
440
                                          "--groups-file", groups_url,
459
441
                                          "--path", "jokes",
461
443
 
462
444
  # User stafford (@musicians) specified on /jokes with the repo comedy
463
445
  # will be no.
464
 
  svntest.actions.run_and_verify_svnauthz("Group 1 access on path with repo",
465
 
                                          ["no\n"], None,
 
446
  svntest.actions.run_and_verify_svnauthz(["no\n"], None,
466
447
                                          0, False, "accessof", authz_url,
467
448
                                          "--groups-file", groups_url,
468
449
                                          "--path", "jokes",
471
452
 
472
453
  # User groucho (@comedians) specified on /jokes with the repo
473
454
  # comedy will be r.
474
 
  svntest.actions.run_and_verify_svnauthz("Group 2 access on path with repo",
475
 
                                          ["r\n"], None,
 
455
  svntest.actions.run_and_verify_svnauthz(["r\n"], None,
476
456
                                          0, False, "accessof", authz_url,
477
457
                                          "--groups-file", groups_url,
478
458
                                          "--path", "jokes",
495
475
  expected_output = svntest.verify.RegexOutput(
496
476
      ".*'x' is not a valid argument for --is", match_all=False
497
477
  )
498
 
  svntest.actions.run_and_verify_svnauthz("--is x fails", None,
 
478
  svntest.actions.run_and_verify_svnauthz(None,
499
479
                                          expected_output, 2, False,
500
480
                                          "accessof", authz_path, "--is", "x")
501
481
 
503
483
  # since it returns the highest level of access granted anywhere.
504
484
  # So /bios being rw for everyone means this will be rw.
505
485
  # Test --is rw returns 0.
506
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access --is rw", None,
 
486
  svntest.actions.run_and_verify_svnauthz(None,
507
487
                                          None, 0, False, "accessof",
508
488
                                          authz_path, "--is", "rw")
509
489
  # Test --is r returns 3.
510
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access --is r", None,
 
490
  svntest.actions.run_and_verify_svnauthz(None,
511
491
                                          None, 3, False, "accessof",
512
492
                                          authz_path, "--is", "r")
513
493
  # Test --is no returns 3.
514
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access --is no", None,
 
494
  svntest.actions.run_and_verify_svnauthz(None,
515
495
                                          None, 3, False, "accessof",
516
496
                                          authz_path, "--is", "no")
517
497
 
518
498
  # Anonymous access on /jokes should be r, no repo so won't match
519
499
  # the slapstick:/jokes section.
520
500
  # Test --is r returns 0.
521
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path --is r",
522
 
                                          None, None, 0, False, "accessof",
 
501
  svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof",
523
502
                                          authz_path, "--path", "/jokes",
524
503
                                          "--is", "r")
525
504
  # Test --is rw returns 3.
526
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path --is r",
527
 
                                          None, None, 3, False, "accessof",
 
505
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
528
506
                                          authz_path, "--path", "/jokes",
529
507
                                          "--is", "rw")
530
508
  # Test --is no returns 3.
531
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path --is r",
532
 
                                          None, None, 3, False, "accessof",
 
509
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
533
510
                                          authz_path, "--path", "/jokes",
534
511
                                          "--is", "no")
535
512
 
536
513
  # Anonymous access on /jokes on slapstick repo should be no
537
514
  # Test --is no returns 0.
538
 
  svntest.actions.run_and_verify_svnauthz("Anon access on path w/ repo --is no",
539
 
                                          None, None, 0, False, "accessof",
 
515
  svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof",
540
516
                                          authz_path, "--path", "/jokes",
541
517
                                          "--repository", "slapstick",
542
518
                                          "--is", "no")
543
519
  # Test --is rw returns 3.
544
 
  svntest.actions.run_and_verify_svnauthz("Anon access on path w/ repo --is no",
545
 
                                          None, None, 3, False, "accessof",
 
520
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
546
521
                                          authz_path, "--path", "/jokes",
547
522
                                          "--repository", "slapstick",
548
523
                                          "--is", "rw")
549
524
  # Test --is r returns 3.
550
 
  svntest.actions.run_and_verify_svnauthz("Anon access on path w/ repo --is no",
551
 
                                          None, None, 3, False, "accessof",
 
525
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
552
526
                                          authz_path, "--path", "/jokes",
553
527
                                          "--repository", "slapstick",
554
528
                                          "--is", "r")
557
531
  # since it returns the h ighest level of access anywhere.
558
532
  # So /bios being rw for everyone means this will be rw.
559
533
  # Test --is rw returns 0.
560
 
  svntest.actions.run_and_verify_svnauthz("User access --is rw", None, None,
 
534
  svntest.actions.run_and_verify_svnauthz(None, None,
561
535
                                          0, False, "accessof", authz_path,
562
536
                                          "--username", "groucho", "--is",
563
537
                                          "rw")
564
538
  # Test --is r returns 3.
565
 
  svntest.actions.run_and_verify_svnauthz("User access --is r", None, None,
 
539
  svntest.actions.run_and_verify_svnauthz(None, None,
566
540
                                          3, False, "accessof", authz_path,
567
541
                                          "--username", "groucho", "--is",
568
542
                                          "r")
569
543
  # Test --is no returns 3.
570
 
  svntest.actions.run_and_verify_svnauthz("User access --is no", None, None,
 
544
  svntest.actions.run_and_verify_svnauthz(None, None,
571
545
                                          3, False, "accessof", authz_path,
572
546
                                          "--username", "groucho", "--is",
573
547
                                          "no")
575
549
  # User groucho specified on /jokes with no repo, will not match any of the
576
550
  # repo specific sections, so is r since everyone has read access.
577
551
  # Test --is r returns 0.
578
 
  svntest.actions.run_and_verify_svnauthz("User access on path --is r", None,
 
552
  svntest.actions.run_and_verify_svnauthz(None,
579
553
                                          None, 0, False, "accessof",
580
554
                                          authz_path, "--path", "/jokes",
581
555
                                          "--username", "groucho", "--is", "r")
582
556
  # Test --is rw returns 3.
583
 
  svntest.actions.run_and_verify_svnauthz("User access on path --is rw", None,
 
557
  svntest.actions.run_and_verify_svnauthz(None,
584
558
                                          None, 3, False, "accessof",
585
559
                                          authz_path, "--path", "/jokes",
586
560
                                          "--username", "groucho",
587
561
                                          "--is", "rw")
588
562
  # Test --is no returns 3.
589
 
  svntest.actions.run_and_verify_svnauthz("User access on path --is no", None,
 
563
  svntest.actions.run_and_verify_svnauthz(None,
590
564
                                          None, 3, False, "accessof",
591
565
                                          authz_path, "--path", "/jokes",
592
566
                                          "--username", "groucho",
594
568
 
595
569
  # User groucho specified on /jokes with the repo comedy will be rw
596
570
  # Test --is rw returns 0.
597
 
  svntest.actions.run_and_verify_svnauthz("User access on path w/ repo --is rw",
598
 
                                          None, None, 0, False, "accessof",
 
571
  svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof",
599
572
                                          authz_path, "--path", "/jokes",
600
573
                                          "--username", "groucho",
601
574
                                          "--repository", "comedy", "--is",
602
575
                                          "rw")
603
576
  # Test --is r returns 3.
604
 
  svntest.actions.run_and_verify_svnauthz("User access on path w/ repo --is r",
605
 
                                          None, None, 3, False, "accessof",
 
577
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
606
578
                                          authz_path, "--path", "/jokes",
607
579
                                          "--username", "groucho",
608
580
                                          "--repository", "comedy", "--is",
609
581
                                          "r")
610
582
  # Test --is no returns 3.
611
 
  svntest.actions.run_and_verify_svnauthz("User access on path w/ repo --is no",
612
 
                                          None, None, 3, False, "accessof",
 
583
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
613
584
                                          authz_path, "--path", "/jokes",
614
585
                                          "--username", "groucho",
615
586
                                          "--repository", "comedy", "--is",
622
593
      ".*Error while parsing config file:",
623
594
      match_all=False
624
595
  )
625
 
  svntest.actions.run_and_verify_svnauthz("--is with invalid authz file",
626
 
                                          None, expected_out, 1, False,
 
596
  svntest.actions.run_and_verify_svnauthz(None, expected_out, 1, False,
627
597
                                          "accessof", authz_path, "--path",
628
598
                                          "/jokes", "--username", "groucho",
629
599
                                          "--repository", "comedy", "--is",
654
624
  expected_status.add({
655
625
    'A/authz'            :  Item(status='  ', wc_rev=2),
656
626
  })
657
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
658
 
                                           expected_status, None, wc_dir):
659
 
    raise svntest.Failure
 
627
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
628
                                        expected_status)
660
629
 
661
630
  # Test an invalid --is option, should get an error message and exit code
662
631
  # of 2.
664
633
  expected_output = svntest.verify.RegexOutput(
665
634
      ".*'x' is not a valid argument for --is", match_all=False
666
635
  )
667
 
  svntest.actions.run_and_verify_svnauthz("--is x fails", None,
 
636
  svntest.actions.run_and_verify_svnauthz(None,
668
637
                                          expected_output, 2, False,
669
638
                                          "accessof", authz_url, "--is", "x")
670
639
 
672
641
  # since it returns the highest level of access granted anywhere.
673
642
  # So /bios being rw for everyone means this will be rw.
674
643
  # Test --is rw returns 0.
675
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access --is rw", None,
 
644
  svntest.actions.run_and_verify_svnauthz(None,
676
645
                                          None, 0, False, "accessof",
677
646
                                          authz_url, "--is", "rw")
678
647
  # Test --is r returns 3.
679
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access --is r", None,
 
648
  svntest.actions.run_and_verify_svnauthz(None,
680
649
                                          None, 3, False, "accessof",
681
650
                                          authz_url, "--is", "r")
682
651
  # Test --is no returns 3.
683
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access --is no", None,
 
652
  svntest.actions.run_and_verify_svnauthz(None,
684
653
                                          None, 3, False, "accessof",
685
654
                                          authz_url, "--is", "no")
686
655
 
687
656
  # Anonymous access on /jokes should be r, no repo so won't match
688
657
  # the slapstick:/jokes section.
689
658
  # Test --is r returns 0.
690
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path --is r",
691
 
                                          None, None, 0, False, "accessof",
 
659
  svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof",
692
660
                                          authz_url, "--path", "/jokes",
693
661
                                          "--is", "r")
694
662
  # Test --is rw returns 3.
695
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path --is r",
696
 
                                          None, None, 3, False, "accessof",
 
663
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
697
664
                                          authz_url, "--path", "/jokes",
698
665
                                          "--is", "rw")
699
666
  # Test --is no returns 3.
700
 
  svntest.actions.run_and_verify_svnauthz("Anonymous access on path --is r",
701
 
                                          None, None, 3, False, "accessof",
 
667
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
702
668
                                          authz_url, "--path", "/jokes",
703
669
                                          "--is", "no")
704
670
 
705
671
  # Anonymous access on /jokes on slapstick repo should be no
706
672
  # Test --is no returns 0.
707
 
  svntest.actions.run_and_verify_svnauthz("Anon access on path w/ repo --is no",
708
 
                                          None, None, 0, False, "accessof",
 
673
  svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof",
709
674
                                          authz_url, "--path", "/jokes",
710
675
                                          "--repository", "slapstick",
711
676
                                          "--is", "no")
712
677
  # Test --is rw returns 3.
713
 
  svntest.actions.run_and_verify_svnauthz("Anon access on path w/ repo --is no",
714
 
                                          None, None, 3, False, "accessof",
 
678
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
715
679
                                          authz_url, "--path", "/jokes",
716
680
                                          "--repository", "slapstick",
717
681
                                          "--is", "rw")
718
682
  # Test --is r returns 3.
719
 
  svntest.actions.run_and_verify_svnauthz("Anon access on path w/ repo --is no",
720
 
                                          None, None, 3, False, "accessof",
 
683
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
721
684
                                          authz_url, "--path", "/jokes",
722
685
                                          "--repository", "slapstick",
723
686
                                          "--is", "r")
726
689
  # since it returns the h ighest level of access anywhere.
727
690
  # So /bios being rw for everyone means this will be rw.
728
691
  # Test --is rw returns 0.
729
 
  svntest.actions.run_and_verify_svnauthz("User access --is rw", None, None,
 
692
  svntest.actions.run_and_verify_svnauthz(None, None,
730
693
                                          0, False, "accessof", authz_url,
731
694
                                          "--username", "groucho", "--is",
732
695
                                          "rw")
733
696
  # Test --is r returns 3.
734
 
  svntest.actions.run_and_verify_svnauthz("User access --is r", None, None,
 
697
  svntest.actions.run_and_verify_svnauthz(None, None,
735
698
                                          3, False, "accessof", authz_url,
736
699
                                          "--username", "groucho", "--is",
737
700
                                          "r")
738
701
  # Test --is no returns 3.
739
 
  svntest.actions.run_and_verify_svnauthz("User access --is no", None, None,
 
702
  svntest.actions.run_and_verify_svnauthz(None, None,
740
703
                                          3, False, "accessof", authz_url,
741
704
                                          "--username", "groucho", "--is",
742
705
                                          "no")
744
707
  # User groucho specified on /jokes with no repo, will not match any of the
745
708
  # repo specific sections, so is r since everyone has read access.
746
709
  # Test --is r returns 0.
747
 
  svntest.actions.run_and_verify_svnauthz("User access on path --is r", None,
 
710
  svntest.actions.run_and_verify_svnauthz(None,
748
711
                                          None, 0, False, "accessof",
749
712
                                          authz_url, "--path", "/jokes",
750
713
                                          "--username", "groucho", "--is", "r")
751
714
  # Test --is rw returns 3.
752
 
  svntest.actions.run_and_verify_svnauthz("User access on path --is rw", None,
 
715
  svntest.actions.run_and_verify_svnauthz(None,
753
716
                                          None, 3, False, "accessof",
754
717
                                          authz_url, "--path", "/jokes",
755
718
                                          "--username", "groucho",
756
719
                                          "--is", "rw")
757
720
  # Test --is no returns 3.
758
 
  svntest.actions.run_and_verify_svnauthz("User access on path --is no", None,
 
721
  svntest.actions.run_and_verify_svnauthz(None,
759
722
                                          None, 3, False, "accessof",
760
723
                                          authz_url, "--path", "/jokes",
761
724
                                          "--username", "groucho",
763
726
 
764
727
  # User groucho specified on /jokes with the repo comedy will be rw
765
728
  # Test --is rw returns 0.
766
 
  svntest.actions.run_and_verify_svnauthz("User access on path w/ repo --is rw",
767
 
                                          None, None, 0, False, "accessof",
 
729
  svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof",
768
730
                                          authz_url, "--path", "/jokes",
769
731
                                          "--username", "groucho",
770
732
                                          "--repository", "comedy", "--is",
771
733
                                          "rw")
772
734
  # Test --is r returns 3.
773
 
  svntest.actions.run_and_verify_svnauthz("User access on path w/ repo --is r",
774
 
                                          None, None, 3, False, "accessof",
 
735
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
775
736
                                          authz_url, "--path", "/jokes",
776
737
                                          "--username", "groucho",
777
738
                                          "--repository", "comedy", "--is",
778
739
                                          "r")
779
740
  # Test --is no returns 3.
780
 
  svntest.actions.run_and_verify_svnauthz("User access on path w/ repo --is no",
781
 
                                          None, None, 3, False, "accessof",
 
741
  svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof",
782
742
                                          authz_url, "--path", "/jokes",
783
743
                                          "--username", "groucho",
784
744
                                          "--repository", "comedy", "--is",
788
748
  svntest.main.file_append(authz_path, "x\n")
789
749
  expected_output = wc.State(wc_dir, {'A/authz' : Item(verb='Sending')})
790
750
  expected_status.tweak('A/authz', wc_rev=3)
791
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
792
 
                                           expected_status, None, wc_dir):
793
 
    raise svntest.Failure
 
751
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
752
                                        expected_status)
794
753
 
795
754
  # Check that --is returns 1 when the syntax is invalid with a url.
796
755
  expected_out = svntest.verify.RegexOutput(
797
756
      ".*Error while parsing config file:",
798
757
      match_all=False
799
758
  )
800
 
  svntest.actions.run_and_verify_svnauthz("--is with invalid authz url",
801
 
                                          None, expected_out, 1, False,
 
759
  svntest.actions.run_and_verify_svnauthz(None, expected_out, 1, False,
802
760
                                          "accessof", authz_url, "--path",
803
761
                                          "/jokes", "--username", "groucho",
804
762
                                          "--repository", "comedy", "--is",
833
791
  expected_status.add({
834
792
    'A/authz'            :  Item(status='  ', wc_rev=2),
835
793
  })
836
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
837
 
                                           expected_status, None, wc_dir):
838
 
    raise svntest.Failure
 
794
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
795
                                        expected_status)
839
796
  expected_data = ['Exit 0\n']
840
797
  verify_logfile(logfilepath, expected_data)
841
798
 
848
805
  expected_output = wc.State(wc_dir, {'A/authz' : Item(verb='Sending')})
849
806
  expected_status.tweak('A/authz', status='  ', wc_rev=3)
850
807
  svntest.main.file_append(authz_path, "groucho = r\n")
851
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
852
 
                                           expected_status, None, wc_dir):
853
 
    raise svntest.Failure
 
808
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
809
                                        expected_status)
854
810
  expected_data = svntest.verify.ExpectedOutput('Exit 3\n', match_all=False)
855
811
  verify_logfile(logfilepath, expected_data)
856
812
 
857
 
  # break the authz file with a non-existant group and check for an exit 1.
 
813
  # break the authz file with a non-existent group and check for an exit 1.
858
814
  expected_status.tweak('A/authz', status='  ', wc_rev=4)
859
815
  svntest.main.file_append(authz_path, "@friends = rw\n")
860
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
861
 
                                           expected_status, None, wc_dir):
862
 
    raise svntest.Failure
 
816
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
817
                                        expected_status)
863
818
  expected_data = svntest.verify.ExpectedOutput('Exit 1\n', match_all=False)
864
819
  verify_logfile(logfilepath, expected_data)
865
820
 
866
 
  # break the authz file with a non-existant gropu and check for an exit 2.
 
821
  # break the authz file with a non-existent gropu and check for an exit 2.
867
822
  expected_output = wc.State(wc_dir, {'A/authz' : Item(verb='Deleting')})
868
823
  expected_status.remove('A/authz')
869
824
  svntest.main.run_svn(None, 'rm', authz_path)
870
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
871
 
                                           expected_status, None, wc_dir):
872
 
    raise svntest.Failure
 
825
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
826
                                        expected_status)
873
827
  expected_data = svntest.verify.ExpectedOutput('Exit 2\n', match_all=False)
874
828
  verify_logfile(logfilepath, expected_data)
875
829
 
876
830
def svnauthz_compat_mode_file_test(sbox):
877
 
  "test 'svnauthz-validate' compatability mode file"
 
831
  "test 'svnauthz-validate' compatibility mode file"
878
832
 
879
833
 
880
834
  # Create an authz file
883
837
  svntest.main.file_write(authz_path, authz_content)
884
838
 
885
839
  # Check a valid file.
886
 
  svntest.actions.run_and_verify_svnauthz("svnauthz-validate on file",
887
 
                                          None, None, 0, True,
 
840
  svntest.actions.run_and_verify_svnauthz(None, None, 0, True,
888
841
                                          authz_path)
889
842
 
890
843
  # Check an invalid file.
891
844
  svntest.main.file_append(authz_path, "x\n")
892
 
  svntest.actions.run_and_verify_svnauthz("svnauthz-validate on invalid file",
893
 
                                          None, None, 1, True,
 
845
  svntest.actions.run_and_verify_svnauthz(None, None, 1, True,
894
846
                                          authz_path)
895
847
 
896
848
  # Remove the file.
897
849
  os.close(authz_fd)
898
850
  os.remove(authz_path)
899
851
 
900
 
  # Check a non-existant file.
 
852
  # Check a non-existent file.
901
853
  svntest.actions.run_and_verify_svnauthz(
902
 
      "svnauthz-validate on non-existant file", None, None, 2, True,
 
854
      None, None, 2, True,
903
855
      authz_path
904
856
  )
905
857
 
906
858
 
907
859
@SkipUnless(svntest.main.is_ra_type_file)
908
860
def svnauthz_compat_mode_repo_test(sbox):
909
 
  "test 'svnauthz-validate' compatability mode url"
 
861
  "test 'svnauthz-validate' compatibility mode url"
910
862
 
911
863
  sbox.build()
912
864
  wc_dir = sbox.wc_dir
925
877
  expected_status.add({
926
878
    'A/authz'            :  Item(status='  ', wc_rev=2),
927
879
  })
928
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
929
 
                                           expected_status, None, wc_dir):
930
 
    raise svntest.Failure
931
 
  svntest.actions.run_and_verify_svnauthz("svnauthz-validate on url",
932
 
                                          None, None, 0, True,
 
880
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
881
                                        expected_status)
 
882
  svntest.actions.run_and_verify_svnauthz(None, None, 0, True,
933
883
                                          authz_url)
934
884
 
935
885
  # Check an invalid url.
936
886
  svntest.main.file_append(authz_path, "x\n")
937
887
  expected_output = wc.State(wc_dir, {'A/authz' : Item(verb='Sending')})
938
888
  expected_status.tweak('A/authz', status='  ', wc_rev=3)
939
 
  if svntest.actions.run_and_verify_commit(wc_dir, expected_output,
940
 
                                           expected_status, None, wc_dir):
941
 
    raise svntest.Failure
942
 
  svntest.actions.run_and_verify_svnauthz("svnauthz-validate on invalid file",
943
 
                                          None, None, 1, True,
 
889
  svntest.actions.run_and_verify_commit(wc_dir, expected_output,
 
890
                                        expected_status)
 
891
  svntest.actions.run_and_verify_svnauthz(None, None, 1, True,
944
892
                                          authz_path)
945
893
 
946
 
  # Check a non-existant url.
 
894
  # Check a non-existent url.
947
895
  # Exit code really should be 2 since this is an operational error.
948
896
  svntest.actions.run_and_verify_svnauthz(
949
 
      "svnauthz-validate on non-existant file", None, None, 2, True,
 
897
      None, None, 2, True,
950
898
      repo_url + "/zilch"
951
899
  )
952
900