Commit Diff


commit - b40156b396aae8abd087e32813a37ab1f8555b99
commit + 5667a3a5135f6c4afdbb2d5db39e786906f7e4b4
blob - 10ccfa7d4f15646fb9c20b0a78fa400ec58cddf2
blob + cd20ee9bf8631fcd757767edf78df5f410e56161
--- regress/gotd/Makefile
+++ regress/gotd/Makefile
@@ -1,5 +1,5 @@
 REGRESS_TARGETS=test_repo_read test_repo_read_group \
-	test_repo_read_denied_user \
+	test_repo_read_denied_user test_repo_read_denied_group \
 	test_repo_read_bad_user test_repo_read_bad_group \
 	test_repo_write test_repo_write_empty
 NOOBJ=Yes
@@ -73,6 +73,19 @@ start_gotd_ro_denied_user: ensure_root
 	@$(GOTD_TRAP); $(GOTD_START_CMD)
 	@$(GOTD_TRAP); sleep .5
 
+# try a permit rule followed by a deny rule; last matched rule wins
+start_gotd_ro_denied_group: ensure_root
+	@echo 'unix_socket "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
+	@echo "unix_group $(GOTD_GROUP)" >> $(PWD)/gotd.conf
+	@echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
+	@echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
+	@echo '    path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
+	@echo '    permit ro $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
+	@echo '    deny :$(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
+	@echo "}" >> $(PWD)/gotd.conf
+	@$(GOTD_TRAP); $(GOTD_START_CMD)
+	@$(GOTD_TRAP); sleep .5
+
 # $GOTD_DEVUSER should not equal $GOTD_USER
 start_gotd_ro_bad_user: ensure_root
 	@echo 'unix_socket "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
@@ -134,6 +147,12 @@ test_repo_read_denied_user: prepare_test_repo start_go
 	@$(GOTD_STOP_CMD) 2>/dev/null
 	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
 
+test_repo_read_denied_group: prepare_test_repo start_gotd_ro_denied_group
+	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
+		'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
+	@$(GOTD_STOP_CMD) 2>/dev/null
+	@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
+
 test_repo_read_bad_user: prepare_test_repo start_gotd_ro_bad_user
 	@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
 		'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'