view tests/test-trusted.py.out @ 29258:6315c1e14f75

sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.
author Gregory Szorc <gregory.szorc@gmail.com>
date Sat, 28 May 2016 11:12:02 -0700
parents c4040a35b5d9
children 75e4bae56068
line wrap: on
line source

# same user, same group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# same user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, same group
not trusting file .hg/hgrc from untrusted user abc, group bar
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, same group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the user
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the user and the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all users
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all groups
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all users and groups
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we don't get confused by users and groups with the same name
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# list of user names
# different user, different group, but we trust the user
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# list of group names
# different user, different group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# Can't figure out the name of the user running this process
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# prints debug warnings
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
ignoring untrusted configuration option paths.local = /another/path
    global = /some/path
untrusted
. . global = /some/path
. ignoring untrusted configuration option paths.local = /another/path
. local = /another/path

# report_untrusted enabled without debug hides warnings
# different user, different group
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# report_untrusted enabled with debug shows warnings
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
ignoring untrusted configuration option paths.local = /another/path
    global = /some/path
untrusted
. . global = /some/path
. ignoring untrusted configuration option paths.local = /another/path
. local = /another/path

# ui.readconfig sections
quux

# read trusted, untrusted, new ui, trusted
not trusting file foobar from untrusted user abc, group def
trusted:
ignoring untrusted configuration option foobar.baz = quux
None
untrusted:
quux

# error handling
# file doesn't exist
# same user, same group
# different user, different group

# parse error
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
('foo', '.hg/hgrc:1')
# same user, same group
('foo', '.hg/hgrc:1')