diff options
Diffstat (limited to 'subversion/tests/cmdline/authz_tests.py')
| -rwxr-xr-x | subversion/tests/cmdline/authz_tests.py | 402 |
1 files changed, 238 insertions, 164 deletions
diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py index 20c833d..5e1952e 100755 --- a/subversion/tests/cmdline/authz_tests.py +++ b/subversion/tests/cmdline/authz_tests.py @@ -45,6 +45,7 @@ XFail = svntest.testcase.XFail_deco Issues = svntest.testcase.Issues_deco Issue = svntest.testcase.Issue_deco Wimp = svntest.testcase.Wimp_deco +SkipDumpLoadCrossCheck = svntest.testcase.SkipDumpLoadCrossCheck_deco ###################################################################### # Tests @@ -82,7 +83,7 @@ def authz_open_root(sbox): svntest.actions.run_and_verify_commit(wc_dir, expected_output, None, - None, + [], mu_path) #---------------------------------------------------------------------- @@ -118,11 +119,10 @@ def authz_open_directory(sbox): # Commit the working copy. svntest.actions.run_and_verify_commit(wc_dir, expected_output, - None, - None, - wc_dir) + None) @Skip(svntest.main.is_ra_type_file) +@SkipDumpLoadCrossCheck() def broken_authz_file(sbox): "broken authz files cause errors" @@ -169,12 +169,12 @@ def authz_read_access(sbox): fws_empty_folder_url = fws_url + '/empty folder' if sbox.repo_url.startswith("http"): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E170001: Authorization failed.*" # create some folders with spaces in their names - svntest.actions.run_and_verify_svn(None, None, [], 'mkdir', '-m', 'logmsg', + svntest.actions.run_and_verify_svn(None, [], 'mkdir', '-m', 'logmsg', fws_url, fws_empty_folder_url) write_restrictive_svnserve_conf(sbox.repo_dir) @@ -191,73 +191,65 @@ def authz_read_access(sbox): (svntest.main.wc_author + " = r")}) # read a remote file - svntest.actions.run_and_verify_svn(None, ["This is the file 'iota'.\n"], + svntest.actions.run_and_verify_svn(["This is the file 'iota'.\n"], [], 'cat', iota_url) # read a remote file, readably by user specific exception - svntest.actions.run_and_verify_svn(None, ["This is the file 'chi'.\n"], + svntest.actions.run_and_verify_svn(["This is the file 'chi'.\n"], [], 'cat', chi_url) # read a remote file, unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cat', lambda_url) # read a remote file, unreadable through recursion: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cat', alpha_url) # read a remote file, user specific authorization is ignored because * = rw - svntest.actions.run_and_verify_svn(None, ["This is the file 'pi'.\n"], + svntest.actions.run_and_verify_svn(["This is the file 'pi'.\n"], [], 'cat', pi_url) # open a remote folder(ls) - svntest.actions.run_and_verify_svn("ls remote root folder", - ["A/\n", "iota\n"], + svntest.actions.run_and_verify_svn(["A/\n", "iota\n"], [], 'ls', root_url) # open a remote folder(ls), unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, svntest.verify.AnyOutput, 'ls', + svntest.actions.run_and_verify_svn(None, svntest.verify.AnyOutput, 'ls', B_url) # open a remote folder(ls) with spaces, should succeed - svntest.actions.run_and_verify_svn(None, - None, [], 'ls', + svntest.actions.run_and_verify_svn(None, [], 'ls', fws_empty_folder_url) # open a remote folder(ls), unreadable through recursion: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ls', E_url) # copy a remote file - svntest.actions.run_and_verify_svn(None, None, [], 'cp', + svntest.actions.run_and_verify_svn(None, [], 'cp', iota_url, D_url, '-m', 'logmsg') # copy a remote file, source is unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'logmsg', lambda_url, D_url) # copy a remote folder - svntest.actions.run_and_verify_svn(None, None, [], 'cp', + svntest.actions.run_and_verify_svn(None, [], 'cp', C_url, D_url, '-m', 'logmsg') # copy a remote folder, source is unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'logmsg', E_url, D_url) @@ -268,15 +260,13 @@ def authz_read_access(sbox): # into two operations, a committed copy followed by a committed # deletion. But the editor drive required to do these atomically # today is prohibitive. - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'mv', '-m', 'logmsg', alpha_url, F_alpha_url) ## copy a remote file, source/target ancestor is readonly ## we fail here due to issue #3242. - #svntest.actions.run_and_verify_svn(None, - # None, [], + #svntest.actions.run_and_verify_svn(# None, [], # 'cp', '-m', 'logmsg', # alpha_url, F_alpha_url) @@ -291,7 +281,7 @@ def authz_write_access(sbox): write_restrictive_svnserve_conf(sbox.repo_dir) if sbox.repo_url.startswith('http'): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E220004: Access denied.*" @@ -310,64 +300,55 @@ def authz_write_access(sbox): D_url = A_url + '/D' # copy a remote file, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'logmsg', lambda_url, D_url) # copy a remote folder, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'logmsg', E_url, D_url) # delete a file, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'rm', '-m', 'logmsg', iota_url) # delete a folder, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'rm', '-m', 'logmsg', D_url) # create a folder, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'mkdir', '-m', 'logmsg', A_url+'/newfolder') # move a remote file, source is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'mv', '-m', 'logmsg', mu_url, C_url) # move a remote folder, source is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'mv', '-m', 'logmsg', D_url, C_url) # move a remote file, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'mv', '-m', 'logmsg', lambda_url, D_url) # move a remote folder, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'mv', '-m', 'logmsg', B_url, D_url) @@ -387,14 +368,14 @@ def authz_checkout_test(sbox): # write an authz file with *= on / if sbox.repo_url.startswith('http'): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E170001: Authorization failed.*" write_authz_file(sbox, { "/": "* ="}) # checkout a working copy, should fail - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'co', sbox.repo_url, local_dir) # 2nd part: now enable read access @@ -409,9 +390,9 @@ def authz_checkout_test(sbox): expected_wc = svntest.main.greek_state svntest.actions.run_and_verify_checkout(sbox.repo_url, - local_dir, - expected_output, - expected_wc) + local_dir, + expected_output, + expected_wc) @Skip(svntest.main.is_ra_type_file) def authz_checkout_and_update_test(sbox): @@ -473,9 +454,7 @@ def authz_checkout_and_update_test(sbox): expected_output, expected_wc, expected_status, - None, - None, None, - None, None, 1) + [], True) @Skip(svntest.main.is_ra_type_file) def authz_partial_export_test(sbox): @@ -524,7 +503,7 @@ def authz_log_and_tracing_test(sbox): # write an authz file with *=rw on / if sbox.repo_url.startswith('http'): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E170001: Authorization failed.*" @@ -538,24 +517,24 @@ def authz_log_and_tracing_test(sbox): rho_path = os.path.join(wc_dir, 'A', 'D', 'G', 'rho') svntest.main.file_append(rho_path, 'new appended text for rho') - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'ci', '-m', 'add file rho', sbox.wc_dir) svntest.main.file_append(rho_path, 'extra change in rho') - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'ci', '-m', 'changed file rho', sbox.wc_dir) # copy a remote file - svntest.actions.run_and_verify_svn(None, None, [], 'cp', + svntest.actions.run_and_verify_svn(None, [], 'cp', rho_path, D_url, '-m', 'copy rho to readable area') # now disable read access on the first version of rho, keep the copy in # /A/D readable. if sbox.repo_url.startswith('http'): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E170001: Authorization failed.*" @@ -568,8 +547,7 @@ def authz_log_and_tracing_test(sbox): # changed file in this rev. is not readable anymore, so author and date # should be hidden, like this: # r2 | (no author) | (no date) | 1 line - svntest.actions.run_and_verify_svn(None, - ".*(no author).*(no date).*|-+\n|\n", [], + svntest.actions.run_and_verify_svn(".*(no author).*(no date).*|-+\n|\n", [], 'log', '-r', '2', '--limit', '1', wc_dir) @@ -581,20 +559,19 @@ def authz_log_and_tracing_test(sbox): # if we do the same thing directly on the unreadable file, we get: # svn: Item is not readable - svntest.actions.run_and_verify_svn(None, None, expected_err2, + svntest.actions.run_and_verify_svn(None, expected_err2, 'log', rho_path) # while the HEAD rev of the copy is readable in /A/D, its parent in # /A/D/G is not, so don't spill any info there either. - svntest.actions.run_and_verify_svn(None, - ".*(no author).*(no date).*|-+\n|\n", [], + svntest.actions.run_and_verify_svn(".*(no author).*(no date).*|-+\n|\n", [], 'log', '-r', '2', '--limit', '1', D_url) # Test that only author/date are shown for partially visible revisions. svntest.actions.enable_revprop_changes(sbox.repo_dir) write_authz_file(sbox, { "/": "* = rw"}) svntest.actions.run_and_verify_svn( - None, None, [], # message, expected_stdout, expected_stderr + None, [], # expected_stdout, expected_stderr 'ps', '--revprop', '-r1', 'foobar', 'foo bar', sbox.repo_url) svntest.actions.run_and_verify_log_xml( expected_revprops=[{'svn:author': svntest.main.wc_author, 'svn:date': '', @@ -610,7 +587,10 @@ def authz_log_and_tracing_test(sbox): ## cat # now see if we can look at the older version of rho - svntest.actions.run_and_verify_svn(None, None, expected_err, + + expected_err2 = ".*svn: E195012: Unable to find repository location.*" + + svntest.actions.run_and_verify_svn(None, expected_err2, 'cat', '-r', '2', D_url+'/rho') if sbox.repo_url.startswith('http'): @@ -618,19 +598,20 @@ def authz_log_and_tracing_test(sbox): else: expected_err2 = ".*svn: E220001: Unreadable path encountered; access denied.*" - svntest.actions.run_and_verify_svn(None, None, expected_err2, + svntest.actions.run_and_verify_svn(None, expected_err2, 'cat', '-r', '2', G_url+'/rho') ## diff # we shouldn't see the diff of a file in an unreadable path - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'diff', '-r', 'HEAD', G_url+'/rho') - svntest.actions.run_and_verify_svn(None, None, expected_err, + # diff treats the unreadable path as indicating an add so no error + svntest.actions.run_and_verify_svn(None, [], 'diff', '-r', '2', D_url+'/rho') - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, [], 'diff', '-r', '2:4', D_url+'/rho') # test whether read access is correctly granted and denied @@ -644,7 +625,7 @@ def authz_aliases(sbox): write_restrictive_svnserve_conf(sbox.repo_dir) if sbox.repo_url.startswith("http"): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E170001: Authorization failed.*" @@ -658,16 +639,14 @@ def authz_aliases(sbox): iota_url = root_url + '/iota' # copy a remote file, target is readonly for jconstant: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '--username', svntest.main.wc_author2, '-m', 'logmsg', iota_url, B_url) # try the same action, but as user jray (alias of jrandom), should work. - svntest.actions.run_and_verify_svn(None, - None, [], + svntest.actions.run_and_verify_svn(None, [], 'cp', '-m', 'logmsg', iota_url, B_url) @@ -691,15 +670,14 @@ def authz_validate(sbox): "/A/B" : "@undefined_group = rw" }) if sbox.repo_url.startswith("http"): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" elif sbox.repo_url.startswith("svn"): expected_err = ".*Invalid authz configuration" else: expected_err = ".*@undefined_group.*" # validation of this authz file should fail, so no repo access - svntest.actions.run_and_verify_svn("ls remote folder", - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ls', A_url) @@ -711,15 +689,14 @@ devs2 = @admins, dev2 devs = @devs1, dev3, dev4""" }) if sbox.repo_url.startswith("http"): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" elif sbox.repo_url.startswith("svn"): expected_err = ".*Invalid authz configuration" else: expected_err = ".*Circular dependency.*" # validation of this authz file should fail, so no repo access - svntest.actions.run_and_verify_svn("ls remote folder", - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ls', A_url) @@ -733,8 +710,7 @@ users = @devs1, @devs2, user1, user2""" }) # validation of this authz file should *not* fail (where formerly, # it complained about circular dependencies that do not, in fact, # exist), so this is business as usual. - svntest.actions.run_and_verify_svn("ls remote folder", - ['B/\n', 'C/\n', 'D/\n', 'mu\n'], + svntest.actions.run_and_verify_svn(['B/\n', 'C/\n', 'D/\n', 'mu\n'], [], 'ls', A_url) @@ -751,9 +727,9 @@ def authz_locking(sbox): write_restrictive_svnserve_conf(sbox.repo_dir) if sbox.repo_url.startswith('http'): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: - expected_err = ".*svn: E170001: Authorization failed.*" + expected_err = ".*svn: warning: W170001: Authorization failed.*" root_url = sbox.repo_url wc_dir = sbox.wc_dir @@ -763,15 +739,13 @@ def authz_locking(sbox): mu_path = os.path.join(wc_dir, 'A', 'mu') # lock a file url, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'lock', '-m', 'lock msg', iota_url) # lock a file path, target is readonly: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'lock', '-m', 'lock msg', iota_path) @@ -780,8 +754,7 @@ def authz_locking(sbox): # Get a lock on /A/mu and try to commit it. # lock a file path, target is writeable: should succeed - svntest.actions.run_and_verify_svn(None, - None, [], + svntest.actions.run_and_verify_svn(None, [], 'lock', '-m', 'lock msg', mu_path) @@ -795,9 +768,38 @@ def authz_locking(sbox): svntest.actions.run_and_verify_commit(wc_dir, expected_output, [], - None, + [], mu_path) + # Lock two paths one of which fails. First add read access to '/' so + # that OPTIONS on common ancestor works. + write_authz_file(sbox, {"/": "jrandom = r", "/A": "jrandom = rw"}) + + # Two unlocked paths + svntest.actions.run_and_verify_info([{'Lock Token' : None}], + sbox.ospath('iota')) + svntest.actions.run_and_verify_info([{'Lock Token' : None}], + sbox.ospath('A/mu')) + + if sbox.repo_url.startswith('http'): + expected_err = ".*svn: warning: W160039: Unlock.*[Ff]orbidden.*" + else: + expected_err = ".*svn: warning: W170001: Authorization failed.*" + + svntest.actions.run_and_verify_svn(None, expected_err, + 'lock', + '-m', 'lock msg', + mu_path, + iota_path) + + # One path locked, one still unlocked + svntest.actions.run_and_verify_info([{'Lock Token' : None}], + sbox.ospath('iota')) + svntest.actions.run_and_verify_info([{'Lock Token' : 'opaquelocktoken:.*'}], + sbox.ospath('A/mu')) + + + # test for issue #2712: if anon-access == read, svnserve should also check # authz to determine whether a checkout/update is actually allowed for # anonymous users, and, if not, attempt authentication. @@ -824,23 +826,23 @@ def authz_svnserve_anon_access_read(sbox): "/A/D" : "* = r" }) # Perform a checkout of /A/B, expecting to see no errors. - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'checkout', B_url, B_path) # Anonymous users should be able to check out /A/D. - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'checkout', D_url, D_path) # Now try a switch. svntest.main.safe_rmtree(D_path) - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'switch', D_url, B_path) # Check out /A/B with an unknown username, expect error. svntest.actions.run_and_verify_svn( - None, None, + None, ".*Authentication error from server: Username not found.*", 'checkout', '--non-interactive', @@ -848,12 +850,12 @@ def authz_svnserve_anon_access_read(sbox): B_url, B_path + '_unsuccessful') # Check out a second copy of /A/B, make changes for later merge. - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'checkout', B_url, other_B_path) other_alpha_path = os.path.join(other_B_path, 'E', 'alpha') svntest.main.file_append(other_alpha_path, "fish\n") - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'commit', '-m', 'log msg', other_B_path) @@ -862,7 +864,7 @@ def authz_svnserve_anon_access_read(sbox): # authz here, not the semantics of the merge. (Merges had been # failing in authz, for the reasons summarized in # http://subversion.tigris.org/issues/show_bug.cgi?id=2712#desc13.) - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'merge', '-c', '2', B_url, B_path) @@ -980,13 +982,13 @@ def multiple_matches(sbox): root_url = sbox.repo_url write_restrictive_svnserve_conf(sbox.repo_dir) if sbox.repo_url.startswith("http"): - expected_err = ".*[Ff]orbidden.*" + expected_err = ".*svn: E175013: .*[Ff]orbidden.*" else: expected_err = ".*svn: E170001: Authorization failed.*" # Prohibit access and commit fails write_authz_file(sbox, {'/': 'jrandom ='}) - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'fail copy', root_url, root_url + '/fail') @@ -1033,7 +1035,7 @@ def wc_wc_copy_revert(sbox): expected_status.remove('A/B/E', 'A/B/E/alpha', 'A/B/E/beta') svntest.actions.run_and_verify_status(sbox.wc_dir, expected_status) - svntest.actions.run_and_verify_svn(None, None, + svntest.actions.run_and_verify_svn(None, 'svn: E155035: Cannot copy.*excluded by server', 'cp', sbox.ospath('A'), sbox.ospath('A2')) @@ -1046,17 +1048,17 @@ def wc_wc_copy_revert(sbox): '! - ? ? ' + sbox.ospath('A2/B/E') + '\n', ]) expected_output.match_all = False - svntest.actions.run_and_verify_svn(None, expected_output, [], + svntest.actions.run_and_verify_svn(expected_output, [], 'st', '--verbose', sbox.ospath('A2')) # Issue 4025, info SEGV on incomplete working node - svntest.actions.run_and_verify_svn(None, None, + svntest.actions.run_and_verify_svn(None, 'svn: E145000: .*unrecognized node kind', 'info', sbox.ospath('A2/B/E')) # Issue 4026, copy assertion on incomplete working node - svntest.actions.run_and_verify_svn(None, None, + svntest.actions.run_and_verify_svn(None, 'svn: E145001: cannot handle node kind', 'cp', sbox.ospath('A2/B'), sbox.ospath('B3')) @@ -1065,10 +1067,10 @@ def wc_wc_copy_revert(sbox): '! - ? ? ' + sbox.ospath('B3/E') + '\n', ]) expected_output.match_all = False - svntest.actions.run_and_verify_svn(None, expected_output, [], + svntest.actions.run_and_verify_svn(expected_output, [], 'st', '--verbose', sbox.ospath('B3')) - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'revert', '--recursive', sbox.ospath('A2'), sbox.ospath('B3')) @@ -1106,8 +1108,7 @@ def authz_recursive_ls(sbox): 'A/D/gamma', 'iota', ] - svntest.actions.run_and_verify_svn('recursive ls from /', - map(lambda x: x + '\n', expected_entries), + svntest.actions.run_and_verify_svn(map(lambda x: x + '\n', expected_entries), [], 'ls', '-R', sbox.repo_url) @@ -1132,7 +1133,7 @@ def case_sensitive_authz(sbox): }) # error messages - expected_error_for_commit = "Commit failed" + expected_error_for_commit = ".*Commit failed.*" if sbox.repo_url.startswith("http"): expected_error_for_cat = ".*[Ff]orbidden.*" @@ -1142,7 +1143,7 @@ def case_sensitive_authz(sbox): # test the case-sensitivity of the path inside the repo write_authz_file(sbox, {"/": "jrandom = r", "/A/mu": "jrandom =", "/a/Mu": "jrandom = rw"}) - svntest.actions.run_and_verify_svn2(None, None, + svntest.actions.run_and_verify_svn2(None, expected_error_for_cat, 1, 'cat', mu_url) @@ -1175,7 +1176,7 @@ def case_sensitive_authz(sbox): os.path.basename(sbox.repo_dir) + ":/A/mu": "jrandom =", mixed_case_repo_dir + ":/A/mu": "jrandom = rw"} write_authz_file(sbox, {}, sec_mixed_case) - svntest.actions.run_and_verify_svn2(None, None, + svntest.actions.run_and_verify_svn2(None, expected_error_for_cat, 1, 'cat', mu_url) @@ -1195,14 +1196,13 @@ def case_sensitive_authz(sbox): write_authz_file(sbox, {"/": "jrandom = r", "/A": "jrandom = r", "/A/mu": "jrandom = rw"}) - svntest.actions.run_and_verify_svn2('No error', - svntest.verify.AnyOutput, [], + svntest.actions.run_and_verify_svn2(svntest.verify.AnyOutput, [], 0, 'cat', mu_url) # Commit the file. svntest.actions.run_and_verify_commit(wc_dir, expected_output, None, - None, + [], mu_path) @Skip(svntest.main.is_ra_type_file) @@ -1221,17 +1221,17 @@ def authz_tree_conflict(sbox): # And now create an obstruction sbox.simple_mkdir('A/C') - expected_output = svntest.wc.State(wc_dir, {}) - expected_status = svntest.actions.get_virginal_state(wc_dir, 2) - expected_status.tweak('A/C', status='A ', wc_rev='0') - expected_status.tweak('A', '', status='! ', wc_rev='1') + expected_output = svntest.wc.State(wc_dir, { + 'A/C' : Item(status=' ', treeconflict='C'), + }) + expected_status = svntest.actions.get_virginal_state(wc_dir, 1) + expected_status.tweak('A/C', status='R ', treeconflict='C') svntest.actions.run_and_verify_update(wc_dir, expected_output, None, expected_status, - "Failed to mark '.*C' (server|absent):", - None, None, None, None, 0, + [], False, '-r', '1', wc_dir) @Issue(3900) @@ -1260,9 +1260,9 @@ def wc_delete(sbox): expected_status = svntest.actions.get_virginal_state(sbox.wc_dir, 1) expected_err = ".*svn: E155035: .*excluded by server*" - svntest.actions.run_and_verify_svn(None, None, expected_err, - 'rm', sbox.ospath('A/B/E')) - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, + 'rm', sbox.ospath('A/B/E'), '--force') + svntest.actions.run_and_verify_svn(None, expected_err, 'rm', sbox.ospath('A')) expected_status = svntest.actions.get_virginal_state(sbox.wc_dir, 1) @@ -1281,9 +1281,9 @@ def wc_commit_error_handling(sbox): write_authz_file(sbox, {'/' : '* = r', }) # Creating editor fail: unfriendly error - expected_err = "(svn: E175013: .*orbidden.*)|" + \ + expected_err = "(svn: E175013: .*[Ff]orbidden.*)|" + \ "(svn: E170001: Authorization failed)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') write_authz_file(sbox, {'/' : '* = rw', @@ -1294,7 +1294,7 @@ def wc_commit_error_handling(sbox): expected_err = "(svn: E195023: Changing directory '.*Z' is forbidden)|" + \ "(svn: E220004: Access denied)|" + \ "(svn: E175013: Access to '.*Z' forbidden)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') sbox.simple_revert('A/Z') @@ -1307,7 +1307,7 @@ def wc_commit_error_handling(sbox): expected_err = "(svn: E195023: Changing file '.*zeta' is forbidden)|" + \ "(svn: E220004: Access denied)|" + \ "(svn: E175013: Access to '.*zeta' forbidden)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') sbox.simple_revert('A/zeta') @@ -1315,9 +1315,9 @@ def wc_commit_error_handling(sbox): # Allow a generic dav error and the ra_svn specific one that is returned # on editor->edit_close(). - expected_err = "(svn: E175013: .*orbidden.*)|" + \ + expected_err = "(svn: E175013: .*[Ff]orbidden.*)|" + \ "(svn: E220004: Access denied)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') sbox.simple_revert('A/D') @@ -1329,7 +1329,7 @@ def wc_commit_error_handling(sbox): expected_err = "(svn: E195023: Changing file '.*lambda' is forbidden.*)|" + \ "(svn: E220004: Access denied)|" + \ "(svn: E175013: Access to '.*lambda' forbidden)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') sbox.simple_revert('A/B/lambda') @@ -1340,7 +1340,7 @@ def wc_commit_error_handling(sbox): expected_err = "(svn: E195023: Changing file '.*lambda' is forbidden.*)|" + \ "(svn: E220004: Access denied)|" + \ "(svn: E175013: Access to '.*lambda' forbidden)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') sbox.simple_revert('A/B/lambda') @@ -1351,7 +1351,7 @@ def wc_commit_error_handling(sbox): expected_err = "(svn: E195023: Changing directory '.*F' is forbidden.*)|" + \ "(svn: E220004: Access denied)|" + \ "(svn: E175013: Access to '.*F' forbidden)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') sbox.simple_revert('A/B/F') @@ -1361,7 +1361,7 @@ def wc_commit_error_handling(sbox): expected_err = "(svn: E195023: Changing file '.*mu' is forbidden.*)|" + \ "(svn: E220004: Access denied)|" + \ "(svn: E175013: Access to '.*mu' forbidden)" - svntest.actions.run_and_verify_svn(None, None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'ci', wc_dir, '-m', '') @@ -1381,15 +1381,15 @@ def upgrade_absent(sbox): # Attempt to use the working copy, this should give an error expected_stderr = wc_is_too_old_regex - svntest.actions.run_and_verify_svn(None, None, expected_stderr, + svntest.actions.run_and_verify_svn(None, expected_stderr, 'info', sbox.wc_dir) # Now upgrade the working copy - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'upgrade', sbox.wc_dir) # Relocate to allow finding the repository - svntest.actions.run_and_verify_svn(None, None, [], 'relocate', + svntest.actions.run_and_verify_svn(None, [], 'relocate', 'svn://127.0.0.1/authz_tests-2', sbox.repo_url, sbox.wc_dir) @@ -1430,9 +1430,7 @@ def remove_subdir_with_authz_and_tc(sbox): expected_output, None, expected_status, - None, - None, None, - None, None, False, + [], False, wc_dir, '-r', '1') # Perform some edit operation to introduce a tree conflict @@ -1447,11 +1445,7 @@ def remove_subdir_with_authz_and_tc(sbox): svntest.actions.run_and_verify_update(wc_dir, expected_output, None, - None, - None, - None, None, - None, None, False, - wc_dir) + None) @SkipUnless(svntest.main.is_ra_type_svn) def authz_svnserve_groups(sbox): @@ -1481,37 +1475,34 @@ def authz_svnserve_groups(sbox): expected_err = ".*svn: E170001: Authorization failed.*" # read a remote file - svntest.actions.run_and_verify_svn(None, ["This is the file 'lambda'.\n"], + svntest.actions.run_and_verify_svn(["This is the file 'lambda'.\n"], [], 'cat', lambda_url) # read a remote file - svntest.actions.run_and_verify_svn(None, ["This is the file 'pi'.\n"], + svntest.actions.run_and_verify_svn(["This is the file 'pi'.\n"], [], 'cat', pi_url) # read a remote file, unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cat', alpha_url) # copy a remote file, source is unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'logmsg', alpha_url, B_url) # copy a remote folder - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'cp', '-m', 'logmsg', F_url, D_url) # copy a remote folder, source is unreadable: should fail - svntest.actions.run_and_verify_svn(None, - None, expected_err, + svntest.actions.run_and_verify_svn(None, expected_err, 'cp', '-m', 'logmsg', E_url, D_url) @@ -1527,27 +1518,26 @@ def authz_del_from_subdir(sbox): write_restrictive_svnserve_conf(sbox.repo_dir) - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'rm', sbox.repo_url + '/A/mu', '-m', '') -@XFail() @SkipUnless(svntest.main.is_ra_type_dav) # dontdothat is dav only -@SkipUnless(svntest.main.is_os_windows) # until the buildbots are configured def log_diff_dontdothat(sbox): "log --diff on dontdothat" sbox.build(create_wc = False) ddt_url = sbox.repo_url.replace('/svn-test-work/', '/ddt-test-work/') - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'log', sbox.repo_url, '-c', 1, '--diff') # We should expect a PASS or a proper error message instead of # svn: E175009: XML parsing failed: (403 Forbidden) - svntest.actions.run_and_verify_svn(None, None, [], + expected_err = ".*E175013: Access to '.*authz_tests-28.*' forbidden" + svntest.actions.run_and_verify_svn(None, expected_err, 'log', ddt_url, '-c', 1, '--diff') @@ -1573,7 +1563,7 @@ def authz_file_external_to_authz(sbox): svntest.actions.run_and_verify_update(wc_dir, None, None, expected_status) - svntest.actions.run_and_verify_svn(None, None, [], + svntest.actions.run_and_verify_svn(None, [], 'cp', repo_url + '/A', repo_url + '/Z', '-m', 'Add Z') @@ -1589,6 +1579,88 @@ def authz_file_external_to_authz(sbox): svntest.actions.run_and_verify_update(wc_dir, None, None, expected_status) +@Skip(svntest.main.is_ra_type_file) +def authz_log_censor_revprops(sbox): + "log censors revprops for partially visible revs" + + sbox.build(create_wc = False) + + svntest.actions.enable_revprop_changes(sbox.repo_dir) + write_restrictive_svnserve_conf(sbox.repo_dir) + write_authz_file(sbox, {"/" : "* = rw"}) + + # Add the revision property 's'. + svntest.actions.run_and_verify_svn(None, [], 'ps', '--revprop', + '-r1', 's', 'secret', sbox.repo_url) + + # With blanket access, both 'svn:author' and 's' are a part of the output. + svntest.actions.run_and_verify_log_xml( + expected_revprops=[{'svn:author': svntest.main.wc_author, 's': 'secret'}], + args=['--with-revprop', 'svn:author', '--with-revprop', 's', + '-r1', sbox.repo_url]) + + # Make the revision partially visible, but ask for both 'svn:author' and + # 's'. The second revision property should be censored out, as we only + # allow 'svn:author' and 'svn:date' for partially visible revisions. + # This used to fail around trunk@1658379. + write_authz_file(sbox, {"/" : "* = rw", "/A/B" : "* = "}) + + svntest.actions.run_and_verify_log_xml( + expected_revprops=[{'svn:author': svntest.main.wc_author}], + args=['--with-revprop', 'svn:author', '--with-revprop', 's', + '-r1', sbox.repo_url]) + +@Skip(svntest.main.is_ra_type_file) +def remove_access_after_commit(sbox): + "remove a subdir with authz file" + + sbox.build() + wc_dir = sbox.wc_dir + + svntest.main.write_restrictive_svnserve_conf(sbox.repo_dir) + svntest.main.write_authz_file(sbox, { "/" : "*=rw"}) + + # Modification in subtree + sbox.simple_append('A/B/E/alpha', 'appended\n') + sbox.simple_append('A/D/G/rho', 'appended\n') + sbox.simple_commit() + + svntest.main.write_authz_file(sbox, { "/" : "*=rw", + "/A/B" : "*=", + "/A/D" : "*="}) + + # Local modification + sbox.simple_append('A/D/G/pi', 'appended\n') + + expected_output = svntest.wc.State(wc_dir, { + 'A/B' : Item(status='D '), + 'A/D' : Item(status=' ', treeconflict='C'), + }) + expected_disk = svntest.main.greek_state.copy() + expected_disk.tweak('A/D/G/rho', + contents="This is the file 'rho'.\nappended\n") + expected_disk.tweak('A/D/G/pi', + contents="This is the file 'pi'.\nappended\n") + expected_disk.remove('A/B', 'A/B/E', 'A/B/E/alpha', 'A/B/E/beta', + 'A/B/F', 'A/B/lambda') + expected_status = svntest.actions.get_virginal_state(wc_dir, 2) + + expected_status.tweak('A/D', status='R ',treeconflict='C', ) + expected_status.tweak('A/D', 'A/D/G', 'A/D/G/pi', 'A/D/G/rho', 'A/D/G/tau', + 'A/D/H', 'A/D/H/omega', 'A/D/H/chi', 'A/D/H/psi', + 'A/D/gamma', copied='+', wc_rev='-') + expected_status.tweak('A/D/G/pi', status='M ') + expected_status.remove('A/B', 'A/B/E', 'A/B/E/alpha', 'A/B/E/beta', 'A/B/F', + 'A/B/lambda') + + # And expect a mixed rev copy + expected_status.tweak('A/D/G/rho', status='A ', entry_status=' ') + svntest.actions.run_and_verify_update(wc_dir, + expected_output, + expected_disk, + expected_status, + [], True) + ######################################################################## # Run the tests @@ -1624,6 +1696,8 @@ test_list = [ None, authz_del_from_subdir, log_diff_dontdothat, authz_file_external_to_authz, + authz_log_censor_revprops, + remove_access_after_commit, ] serial_only = True |