commit 5667a3a5135f6c4afdbb2d5db39e786906f7e4b4 from: Stefan Sperling via: Thomas Adam date: Thu Nov 17 21:39:27 2022 UTC add a gotd auth test case for an explicitly denied group ok op@ commit - b40156b396aae8abd087e32813a37ab1f8555b99 commit + 5667a3a5135f6c4afdbb2d5db39e786906f7e4b4 blob - 10ccfa7d4f15646fb9c20b0a78fa400ec58cddf2 blob + cd20ee9bf8631fcd757767edf78df5f410e56161 --- regress/gotd/Makefile +++ regress/gotd/Makefile @@ -1,5 +1,5 @@ REGRESS_TARGETS=test_repo_read test_repo_read_group \ - test_repo_read_denied_user \ + test_repo_read_denied_user test_repo_read_denied_group \ test_repo_read_bad_user test_repo_read_bad_group \ test_repo_write test_repo_write_empty NOOBJ=Yes @@ -73,6 +73,19 @@ start_gotd_ro_denied_user: ensure_root @$(GOTD_TRAP); $(GOTD_START_CMD) @$(GOTD_TRAP); sleep .5 +# try a permit rule followed by a deny rule; last matched rule wins +start_gotd_ro_denied_group: ensure_root + @echo 'unix_socket "$(GOTD_SOCK)"' > $(PWD)/gotd.conf + @echo "unix_group $(GOTD_GROUP)" >> $(PWD)/gotd.conf + @echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf + @echo 'repository "test-repo" {' >> $(PWD)/gotd.conf + @echo ' path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf + @echo ' permit ro $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf + @echo ' deny :$(GOTD_DEVUSER)' >> $(PWD)/gotd.conf + @echo "}" >> $(PWD)/gotd.conf + @$(GOTD_TRAP); $(GOTD_START_CMD) + @$(GOTD_TRAP); sleep .5 + # $GOTD_DEVUSER should not equal $GOTD_USER start_gotd_ro_bad_user: ensure_root @echo 'unix_socket "$(GOTD_SOCK)"' > $(PWD)/gotd.conf @@ -134,6 +147,12 @@ test_repo_read_denied_user: prepare_test_repo start_go @$(GOTD_STOP_CMD) 2>/dev/null @su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh' +test_repo_read_denied_group: prepare_test_repo start_gotd_ro_denied_group + @-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \ + 'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh' + @$(GOTD_STOP_CMD) 2>/dev/null + @su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh' + test_repo_read_bad_user: prepare_test_repo start_gotd_ro_bad_user @-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \ 'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'