Mercurial Mercurial > hg / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/test-trusted.py.out
author Gregory Szorc <gregory.szorc@gmail.com>
Sat, 14 Apr 2018 11:50:19 -0700
changeset 37719 a656cba08a04
parent 31472 75e4bae56068
child 41352 73ccba60aaa1
permissions -rw-r--r--
wireprotov2: move response handling out of httppeer And fix some bugs while we're here. The code for processing response data from the unified framing protocol is mostly peer agnostic. The peer-specific bits are the configuration of the client reactor and how I/O is performed. I initially implemented things in httppeer for expediency. This commit establishes a module for holding the peer API level code for the framing based protocol. Inside this module we have a class to help coordinate higher-level activities, such as managing response object. The client handler bits could be rolled into clientreactor. However, I want clientreactor to be sans I/O and I want it to only be concerned with protocol-level details, not higher-level concepts like how protocol events are converted into peer API concepts. I want clientreactor to receive a frame and then tell the caller what should probably be done about it. If we start putting things like future resolution into clientreactor, we'll constrain how the protocol can be used (e.g. by requiring futures). The new code is loosely based on what was in httppeer before. I changed things a bit around response handling. We now buffer the entire response "body" and then handle it as one atomic unit. This fixed a bug around decoding CBOR data that spanned multiple frames. I also fixed an off-by-one bug where we failed to read a single byte CBOR value at the end of the stream. That's why tests have changed. The new state of httppeer is much cleaner. It is largely agnostic about framing protocol implementation details. That's how it should be: the framing protocol is designed to be largely transport agnostic. We want peers merely putting bytes on the wire and telling the framing protocol where to read response data from. There's still a bit of work to be done here, especially for representing responses. But at least we're a step closer to having a higher-level peer interface that can be plugged into the SSH peer someday. I initially added this class to wireprotoframing. However, we'll eventually need version 2 specific functions to convert CBOR responses into data structures expected by the code calling commands. This needs to live somewhere. Since that code would be shared across peers, we need a common module. We have wireprotov1peer for the equivalent version 1 code. So I decided to establish wireprotov2peer. Differential Revision: https://phab.mercurial-scm.org/D3379

# same user, same group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# same user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, same group
not trusting file .hg/hgrc from untrusted user abc, group bar
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, same group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the user
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# different user, different group, but we trust the user and the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all users
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all groups
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we trust all users and groups
# different user, different group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# we don't get confused by users and groups with the same name
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# list of user names
# different user, different group, but we trust the user
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# list of group names
# different user, different group, but we trust the group
trusted
    global = /some/path
    local = /another/path
untrusted
. . global = /some/path
. . local = /another/path

# Can't figure out the name of the user running this process
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# prints debug warnings
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
ignoring untrusted configuration option paths.local = /another/path
    global = /some/path
untrusted
. . global = /some/path
. ignoring untrusted configuration option paths.local = /another/path
. local = /another/path

# report_untrusted enabled without debug hides warnings
# different user, different group
trusted
    global = /some/path
untrusted
. . global = /some/path
. . local = /another/path

# report_untrusted enabled with debug shows warnings
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
trusted
ignoring untrusted configuration option paths.local = /another/path
    global = /some/path
untrusted
. . global = /some/path
. ignoring untrusted configuration option paths.local = /another/path
. local = /another/path

# ui.readconfig sections
quux

# read trusted, untrusted, new ui, trusted
not trusting file foobar from untrusted user abc, group def
trusted:
ignoring untrusted configuration option foobar.baz = quux
None
untrusted:
quux

# error handling
# file doesn't exist
# same user, same group
# different user, different group

# parse error
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
('foo', '.hg/hgrc:1')
# same user, same group
('foo', '.hg/hgrc:1')

# access typed information
# different user, different group
not trusting file .hg/hgrc from untrusted user abc, group def
# suboptions, trusted and untrusted
(None, []) ('main', [('one', 'one'), ('two', 'two')])
# path, trusted and untrusted
None .hg/monty/python
# bool, trusted and untrusted
False True
# int, trusted and untrusted
0 42
# bytes, trusted and untrusted
0 84934656
# list, trusted and untrusted
[] ['spam', 'ham', 'eggs']
Mercurial