Mercurial > hg
annotate tests/test-pull-permission.t @ 36754:e3c228b4510d stable
wireproto: declare operation type for most commands (BC) (SEC)
The permissions model of hgweb relies on a dictionary to declare
the operation associated with each command - either "pull" or
"push." This dictionary was established by d3147b4e3e8a in 2008.
Unfortunately, we neglected to update this dictionary as new
wire protocol commands were introduced.
This commit defines the operations of most wire protocol commands
in the permissions dictionary. The "batch" command is omitted because
it is special and requires a more complex solution.
Since permissions checking is skipped unless a command has an entry in
this dictionary (this security issue will be addressed in a subsequent
commit), the practical effect of this change is that various wire
protocol commands now HTTP 401 if web.deny_read or web.allow-pull,
etc are set to deny access. This is reflected by test changes. Note
how various `hg pull` and `hg push` operations now fail before
discovery. (They fail during the initial "capabilities" request.)
This change fixes a security issue where built-in wire protocol
commands would return repository data even if the web config were
configured to deny access to that data.
I'm on the fence as to whether we should HTTP 401 the capabilities
request. On one hand, it can expose repository metadata and can tell
callers things like what version of Mercurial the server is running.
On the other hand, a client may need to know the capabilities in order
to authenticate in a follow-up request. It appears that Mercurial
clients handle the HTTP 401 on *any* protocol request, so we should
be OK sending a 401 for "capabilities." But if this causes problems,
it should be possible to allow "capabilities" to always work.
.. bc::
Various read-only wire protocol commands now return HTTP 401
Unauthorized if the hgweb configuration denies read/pull access to
the repository.
Previously, various wire protocol commands would still work and
return data if read access was disabled.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 20 Feb 2018 18:54:27 -0800 |
parents | eb586ed5d8ce |
children | f1186c292d03 |
rev | line source |
---|---|
22047
8fb6844a4ff1
tests: change some #ifs to #requires
Matt Mackall <mpm@selenic.com>
parents:
20008
diff
changeset
|
1 #require unix-permissions no-root |
15516
10f302f5e9f6
tests: add missing 'hghave unix-permissions'
Mads Kiilerich <mads@kiilerich.com>
parents:
13956
diff
changeset
|
2 |
13956
ffb5c09ba822
tests: remove redundant mkdir
Martin Geisler <mg@lazybytes.net>
parents:
12279
diff
changeset
|
3 $ hg init a |
12279 | 4 $ cd a |
5 $ echo foo > b | |
6 $ hg add b | |
7 $ hg ci -m "b" | |
1244
937ee88da3ef
clone: fall back to pull if we can't lock the source repo
mpm@selenic.com
parents:
diff
changeset
|
8 |
12279 | 9 $ chmod -w .hg/store |
10 | |
11 $ cd .. | |
1244
937ee88da3ef
clone: fall back to pull if we can't lock the source repo
mpm@selenic.com
parents:
diff
changeset
|
12 |
12279 | 13 $ hg clone a b |
14 requesting all changes | |
15 adding changesets | |
16 adding manifests | |
17 adding file changes | |
18 added 1 changesets with 1 changes to 1 files | |
34661
eb586ed5d8ce
transaction-summary: show the range of new revisions upon pull/unbundle (BC)
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
22047
diff
changeset
|
19 new changesets 97310831fa1a |
12279 | 20 updating to branch default |
21 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | |
1244
937ee88da3ef
clone: fall back to pull if we can't lock the source repo
mpm@selenic.com
parents:
diff
changeset
|
22 |
12279 | 23 $ chmod +w a/.hg/store # let test clean up |
1750
955a7caf005c
make test-pull-permission cleanup correctly in case of errors
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1244
diff
changeset
|
24 |
12279 | 25 $ cd b |
26 $ hg verify | |
27 checking changesets | |
28 checking manifests | |
29 crosschecking files in changesets and manifests | |
30 checking files | |
31 1 files, 1 changesets, 1 total revisions | |
1750
955a7caf005c
make test-pull-permission cleanup correctly in case of errors
Benoit Boissinot <benoit.boissinot@ens-lyon.org>
parents:
1244
diff
changeset
|
32 |
16913
f2719b387380
tests: add missing trailing 'cd ..'
Mads Kiilerich <mads@kiilerich.com>
parents:
15516
diff
changeset
|
33 $ cd .. |