Mercurial > hg
view tests/test-convert-baz.t @ 36754:e3c228b4510d stable
wireproto: declare operation type for most commands (BC) (SEC)
The permissions model of hgweb relies on a dictionary to declare
the operation associated with each command - either "pull" or
"push." This dictionary was established by d3147b4e3e8a in 2008.
Unfortunately, we neglected to update this dictionary as new
wire protocol commands were introduced.
This commit defines the operations of most wire protocol commands
in the permissions dictionary. The "batch" command is omitted because
it is special and requires a more complex solution.
Since permissions checking is skipped unless a command has an entry in
this dictionary (this security issue will be addressed in a subsequent
commit), the practical effect of this change is that various wire
protocol commands now HTTP 401 if web.deny_read or web.allow-pull,
etc are set to deny access. This is reflected by test changes. Note
how various `hg pull` and `hg push` operations now fail before
discovery. (They fail during the initial "capabilities" request.)
This change fixes a security issue where built-in wire protocol
commands would return repository data even if the web config were
configured to deny access to that data.
I'm on the fence as to whether we should HTTP 401 the capabilities
request. On one hand, it can expose repository metadata and can tell
callers things like what version of Mercurial the server is running.
On the other hand, a client may need to know the capabilities in order
to authenticate in a follow-up request. It appears that Mercurial
clients handle the HTTP 401 on *any* protocol request, so we should
be OK sending a 401 for "capabilities." But if this causes problems,
it should be possible to allow "capabilities" to always work.
.. bc::
Various read-only wire protocol commands now return HTTP 401
Unauthorized if the hgweb configuration denies read/pull access to
the repository.
Previously, various wire protocol commands would still work and
return data if read access was disabled.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 20 Feb 2018 18:54:27 -0800 |
| parents | 561a019c0268 |
| children |
line wrap: on
line source
#require baz symlink $ baz my-id "mercurial <mercurial@mercurial-scm.org>" $ echo "[extensions]" >> $HGRCPATH $ echo "convert=" >> $HGRCPATH create baz archive $ baz make-archive baz@mercurial--convert hg-test-convert-baz initialize baz repo $ mkdir baz-repo $ cd baz-repo/ $ baz init-tree baz@mercurial--convert/baz--test--0 $ baz import * creating version baz@mercurial--convert/baz--test--0 * imported baz@mercurial--convert/baz--test--0 create initial files $ echo 'this is a file' > a $ baz add a $ mkdir src $ baz add src $ cd src $ dd count=1 if=/dev/zero of=b > /dev/null 2> /dev/null $ baz add b HACK: hide GNU tar-1.22 "tar: The --preserve option is deprecated, use --preserve-permissions --preserve-order instead" $ baz commit -s "added a file, src and src/b (binary)" 2>&1 | grep -v '^tar' * build pristine tree for baz@mercurial--convert/baz--test--0--base-0 * Scanning for full-tree revision: . * from import revision: baz@mercurial--convert/baz--test--0--base-0 A/ .arch-ids A/ src A/ src/.arch-ids A .arch-ids/a.id A a A src/.arch-ids/=id A src/.arch-ids/b.id A src/b * update pristine tree (baz@mercurial--convert/baz--test--0--base-0 => baz--test--0--patch-1) * committed baz@mercurial--convert/baz--test--0--patch-1 create link file and modify a $ ln -s ../a a-link $ baz add a-link $ echo 'this a modification to a' >> ../a $ baz commit -s "added link to a and modify a" A src/.arch-ids/a-link.id A src/a-link M a * update pristine tree (baz@mercurial--convert/baz--test--0--patch-1 => baz--test--0--patch-2) * committed baz@mercurial--convert/baz--test--0--patch-2 create second link and modify b $ ln -s ../a a-link-2 $ baz add a-link-2 $ dd count=1 seek=1 if=/dev/zero of=b > /dev/null 2> /dev/null $ baz commit -s "added second link and modify b" A src/.arch-ids/a-link-2.id A src/a-link-2 Mb src/b * update pristine tree (baz@mercurial--convert/baz--test--0--patch-2 => baz--test--0--patch-3) * committed baz@mercurial--convert/baz--test--0--patch-3 b file to link and a-link-2 to regular file $ rm -f a-link-2 $ echo 'this is now a regular file' > a-link-2 $ ln -sf ../a b $ baz commit -s "file to link and link to file test" fl src/b lf src/a-link-2 * update pristine tree (baz@mercurial--convert/baz--test--0--patch-3 => baz--test--0--patch-4) * committed baz@mercurial--convert/baz--test--0--patch-4 move a-link-2 file and src directory $ cd .. $ baz mv src/a-link-2 c $ baz mv src test $ baz commit -s "move and rename a-link-2 file and src directory" D/ src/.arch-ids A/ test/.arch-ids /> src test => src/.arch-ids/a-link-2.id .arch-ids/c.id => src/a-link-2 c => src/.arch-ids/=id test/.arch-ids/=id => src/.arch-ids/a-link.id test/.arch-ids/a-link.id => src/.arch-ids/b.id test/.arch-ids/b.id * update pristine tree (baz@mercurial--convert/baz--test--0--patch-4 => baz--test--0--patch-5) * committed baz@mercurial--convert/baz--test--0--patch-5 move and add the moved file again $ echo e > e $ baz add e $ baz commit -s "add e" A .arch-ids/e.id A e * update pristine tree (baz@mercurial--convert/baz--test--0--patch-5 => baz--test--0--patch-6) * committed baz@mercurial--convert/baz--test--0--patch-6 $ baz mv e f $ echo ee > e $ baz add e $ baz commit -s "move e and recreate it again" A .arch-ids/e.id A e => .arch-ids/e.id .arch-ids/f.id => e f * update pristine tree (baz@mercurial--convert/baz--test--0--patch-6 => baz--test--0--patch-7) * committed baz@mercurial--convert/baz--test--0--patch-7 $ cd .. converting baz repo to Mercurial $ hg convert baz-repo baz-repo-hg initializing destination baz-repo-hg repository analyzing tree version baz@mercurial--convert/baz--test--0... scanning source... sorting... converting... 7 initial import 6 added a file, src and src/b (binary) 5 added link to a and modify a 4 added second link and modify b 3 file to link and link to file test 2 move and rename a-link-2 file and src directory 1 add e 0 move e and recreate it again $ baz register-archive -d baz@mercurial--convert $ glog() > { > hg log -G --template '{rev} "{desc|firstline}" files: {files}\n' "$@" > } show graph log $ glog -R baz-repo-hg o 7 "move e and recreate it again" files: e f | o 6 "add e" files: e | o 5 "move and rename a-link-2 file and src directory" files: c src/a-link src/a-link-2 src/b test/a-link test/b | o 4 "file to link and link to file test" files: src/a-link-2 src/b | o 3 "added second link and modify b" files: src/a-link-2 src/b | o 2 "added link to a and modify a" files: a src/a-link | o 1 "added a file, src and src/b (binary)" files: a src/b | o 0 "initial import" files: $ hg up -q -R baz-repo-hg $ hg -R baz-repo-hg manifest --debug c4072c4b72e1cabace081888efa148ee80ca3cbb 644 a 0201ac32a3a8e86e303dff60366382a54b48a72e 644 c 1a4a864db0073705a11b1439f563bfa4b46d9246 644 e 09e0222742fc3f75777fa9d68a5d8af7294cb5e7 644 f c0067ba5ff0b7c9a3eb17270839d04614c435623 644 @ test/a-link 375f4263d86feacdea7e3c27100abd1560f2a973 644 @ test/b $ hg -R baz-repo-hg log -r 5 -r 7 -C --debug | grep copies copies: c (src/a-link-2) test/a-link (src/a-link) test/b (src/b) copies: f (e)