Mercurial > hg
view tests/test-mq-subrepo.t @ 36754:e3c228b4510d stable
wireproto: declare operation type for most commands (BC) (SEC)
The permissions model of hgweb relies on a dictionary to declare
the operation associated with each command - either "pull" or
"push." This dictionary was established by d3147b4e3e8a in 2008.
Unfortunately, we neglected to update this dictionary as new
wire protocol commands were introduced.
This commit defines the operations of most wire protocol commands
in the permissions dictionary. The "batch" command is omitted because
it is special and requires a more complex solution.
Since permissions checking is skipped unless a command has an entry in
this dictionary (this security issue will be addressed in a subsequent
commit), the practical effect of this change is that various wire
protocol commands now HTTP 401 if web.deny_read or web.allow-pull,
etc are set to deny access. This is reflected by test changes. Note
how various `hg pull` and `hg push` operations now fail before
discovery. (They fail during the initial "capabilities" request.)
This change fixes a security issue where built-in wire protocol
commands would return repository data even if the web config were
configured to deny access to that data.
I'm on the fence as to whether we should HTTP 401 the capabilities
request. On one hand, it can expose repository metadata and can tell
callers things like what version of Mercurial the server is running.
On the other hand, a client may need to know the capabilities in order
to authenticate in a follow-up request. It appears that Mercurial
clients handle the HTTP 401 on *any* protocol request, so we should
be OK sending a 401 for "capabilities." But if this causes problems,
it should be possible to allow "capabilities" to always work.
.. bc::
Various read-only wire protocol commands now return HTTP 401
Unauthorized if the hgweb configuration denies read/pull access to
the repository.
Previously, various wire protocol commands would still work and
return data if read access was disabled.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 20 Feb 2018 18:54:27 -0800 |
| parents | 4441705b7111 |
| children | 4ea21df312ec |
line wrap: on
line source
$ cat <<EOF >> $HGRCPATH > [ui] > commitsubrepos = Yes > [extensions] > mq = > record = > [diff] > nodates = 1 > EOF $ stdin=`pwd`/stdin.tmp fn to create new repository w/dirty subrepo, and cd into it $ mkrepo() { > hg init $1 > cd $1 > hg qinit > } fn to create dirty subrepo $ mksubrepo() { > hg init $1 > cd $1 > echo a > a > hg add > cd .. > } $ testadd() { > cat - > "$stdin" > mksubrepo sub > echo sub = sub >> .hgsub > hg add .hgsub > echo % abort when adding .hgsub w/dirty subrepo > hg status -S > echo '%' $* > cat "$stdin" | hg $* > echo [$?] > hg -R sub ci -m0sub > echo % update substate when adding .hgsub w/clean updated subrepo > hg status -S > echo '%' $* > cat "$stdin" | hg $* > hg debugsub > } $ testmod() { > cat - > "$stdin" > mksubrepo sub2 > echo sub2 = sub2 >> .hgsub > echo % abort when modifying .hgsub w/dirty subrepo > hg status -S > echo '%' $* > cat "$stdin" | hg $* > echo [$?] > hg -R sub2 ci -m0sub2 > echo % update substate when modifying .hgsub w/clean updated subrepo > hg status -S > echo '%' $* > cat "$stdin" | hg $* > hg debugsub > } $ testrm1() { > cat - > "$stdin" > mksubrepo sub3 > echo sub3 = sub3 >> .hgsub > hg ci -Aqmsub3 > $EXTRA > echo b >> sub3/a > hg rm .hgsub > echo % update substate when removing .hgsub w/dirty subrepo > hg status -S > echo '%' $* > cat "$stdin" | hg $* > echo % debugsub should be empty > hg debugsub > } $ testrm2() { > cat - > "$stdin" > mksubrepo sub4 > echo sub4 = sub4 >> .hgsub > hg ci -Aqmsub4 > $EXTRA > hg rm .hgsub > echo % update substate when removing .hgsub w/clean updated subrepo > hg status -S > echo '%' $* > cat "$stdin" | hg $* > echo % debugsub should be empty > hg debugsub > } handle subrepos safely on qnew $ mkrepo repo-2499-qnew $ testadd qnew -X path:no-effect -m0 0.diff adding a % abort when adding .hgsub w/dirty subrepo A .hgsub A sub/a % qnew -X path:no-effect -m0 0.diff abort: uncommitted changes in subrepository "sub" [255] % update substate when adding .hgsub w/clean updated subrepo A .hgsub A sub/a % qnew -X path:no-effect -m0 0.diff path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 $ testmod qnew --cwd .. -R repo-2499-qnew -X path:no-effect -m1 1.diff adding a % abort when modifying .hgsub w/dirty subrepo M .hgsub A sub2/a % qnew --cwd .. -R repo-2499-qnew -X path:no-effect -m1 1.diff abort: uncommitted changes in subrepository "sub2" [255] % update substate when modifying .hgsub w/clean updated subrepo M .hgsub A sub2/a % qnew --cwd .. -R repo-2499-qnew -X path:no-effect -m1 1.diff path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 path sub2 source sub2 revision 1f94c7611cc6b74f5a17b16121a1170d44776845 $ hg qpop -qa patch queue now empty $ testrm1 qnew -m2 2.diff adding a % update substate when removing .hgsub w/dirty subrepo M sub3/a R .hgsub % qnew -m2 2.diff % debugsub should be empty $ hg qpop -qa patch queue now empty $ testrm2 qnew -m3 3.diff adding a % update substate when removing .hgsub w/clean updated subrepo R .hgsub % qnew -m3 3.diff % debugsub should be empty $ cd .. handle subrepos safely on qrefresh $ mkrepo repo-2499-qrefresh $ hg qnew -m0 0.diff $ testadd qrefresh adding a % abort when adding .hgsub w/dirty subrepo A .hgsub A sub/a % qrefresh abort: uncommitted changes in subrepository "sub" [255] % update substate when adding .hgsub w/clean updated subrepo A .hgsub A sub/a % qrefresh path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 $ hg qnew -m1 1.diff $ testmod qrefresh adding a % abort when modifying .hgsub w/dirty subrepo M .hgsub A sub2/a % qrefresh abort: uncommitted changes in subrepository "sub2" [255] % update substate when modifying .hgsub w/clean updated subrepo M .hgsub A sub2/a % qrefresh path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 path sub2 source sub2 revision 1f94c7611cc6b74f5a17b16121a1170d44776845 $ hg qpop -qa patch queue now empty $ EXTRA='hg qnew -m2 2.diff' $ testrm1 qrefresh adding a % update substate when removing .hgsub w/dirty subrepo M sub3/a R .hgsub % qrefresh % debugsub should be empty $ hg qpop -qa patch queue now empty $ EXTRA='hg qnew -m3 3.diff' $ testrm2 qrefresh adding a % update substate when removing .hgsub w/clean updated subrepo R .hgsub % qrefresh % debugsub should be empty $ EXTRA= $ cd .. handle subrepos safely on qpush/qpop (and we cannot qpop / qpush with a modified subrepo) $ mkrepo repo-2499-qpush $ mksubrepo sub adding a $ hg -R sub ci -m0sub $ echo sub = sub > .hgsub $ hg add .hgsub $ hg commit -m0 $ hg debugsub path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 $ echo foo > ./sub/a $ hg -R sub commit -m foo $ hg commit -m1 $ hg qimport -r "0:tip" $ hg -R sub id --id aa037b301eba qpop $ hg -R sub update 0000 0 files updated, 0 files merged, 1 files removed, 0 files unresolved $ hg qpop abort: local changed subrepos found, qrefresh first [255] $ hg revert sub reverting subrepo sub adding sub/a $ hg qpop popping 1 now at: 0 $ hg status -AS C .hgsub C .hgsubstate C sub/a $ hg -R sub id --id b2fdb12cd82b qpush $ hg -R sub update 0000 0 files updated, 0 files merged, 1 files removed, 0 files unresolved $ hg qpush abort: local changed subrepos found, qrefresh first [255] $ hg revert sub reverting subrepo sub adding sub/a $ hg qpush applying 1 subrepository sub diverged (local revision: b2fdb12cd82b, remote revision: aa037b301eba) (M)erge, keep (l)ocal or keep (r)emote? m 1 files updated, 0 files merged, 0 files removed, 0 files unresolved now at: 1 $ hg status -AS C .hgsub C .hgsubstate C sub/a $ hg -R sub id --id aa037b301eba $ cd .. handle subrepos safely on qrecord $ mkrepo repo-2499-qrecord $ testadd qrecord --config ui.interactive=1 -m0 0.diff <<EOF > y > y > EOF adding a % abort when adding .hgsub w/dirty subrepo A .hgsub A sub/a % qrecord --config ui.interactive=1 -m0 0.diff diff --git a/.hgsub b/.hgsub new file mode 100644 examine changes to '.hgsub'? [Ynesfdaq?] y @@ -0,0 +1,1 @@ +sub = sub record this change to '.hgsub'? [Ynesfdaq?] y warning: subrepo spec file '.hgsub' not found warning: subrepo spec file '.hgsub' not found abort: uncommitted changes in subrepository "sub" [255] % update substate when adding .hgsub w/clean updated subrepo A .hgsub A sub/a % qrecord --config ui.interactive=1 -m0 0.diff diff --git a/.hgsub b/.hgsub new file mode 100644 examine changes to '.hgsub'? [Ynesfdaq?] y @@ -0,0 +1,1 @@ +sub = sub record this change to '.hgsub'? [Ynesfdaq?] y warning: subrepo spec file '.hgsub' not found warning: subrepo spec file '.hgsub' not found path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 $ testmod qrecord --config ui.interactive=1 -m1 1.diff <<EOF > y > y > EOF adding a % abort when modifying .hgsub w/dirty subrepo M .hgsub A sub2/a % qrecord --config ui.interactive=1 -m1 1.diff diff --git a/.hgsub b/.hgsub 1 hunks, 1 lines changed examine changes to '.hgsub'? [Ynesfdaq?] y @@ -1,1 +1,2 @@ sub = sub +sub2 = sub2 record this change to '.hgsub'? [Ynesfdaq?] y abort: uncommitted changes in subrepository "sub2" [255] % update substate when modifying .hgsub w/clean updated subrepo M .hgsub A sub2/a % qrecord --config ui.interactive=1 -m1 1.diff diff --git a/.hgsub b/.hgsub 1 hunks, 1 lines changed examine changes to '.hgsub'? [Ynesfdaq?] y @@ -1,1 +1,2 @@ sub = sub +sub2 = sub2 record this change to '.hgsub'? [Ynesfdaq?] y path sub source sub revision b2fdb12cd82b021c3b7053d67802e77b6eeaee31 path sub2 source sub2 revision 1f94c7611cc6b74f5a17b16121a1170d44776845 $ hg qpop -qa patch queue now empty $ testrm1 qrecord --config ui.interactive=1 -m2 2.diff <<EOF > y > y > EOF adding a % update substate when removing .hgsub w/dirty subrepo M sub3/a R .hgsub % qrecord --config ui.interactive=1 -m2 2.diff diff --git a/.hgsub b/.hgsub deleted file mode 100644 examine changes to '.hgsub'? [Ynesfdaq?] y % debugsub should be empty $ hg qpop -qa patch queue now empty $ testrm2 qrecord --config ui.interactive=1 -m3 3.diff <<EOF > y > y > EOF adding a % update substate when removing .hgsub w/clean updated subrepo R .hgsub % qrecord --config ui.interactive=1 -m3 3.diff diff --git a/.hgsub b/.hgsub deleted file mode 100644 examine changes to '.hgsub'? [Ynesfdaq?] y % debugsub should be empty $ cd .. correctly handle subrepos with patch queues $ mkrepo repo-subrepo-with-queue $ mksubrepo sub adding a $ hg -R sub qnew sub0.diff $ echo sub = sub >> .hgsub $ hg add .hgsub $ hg qnew 0.diff $ cd .. check whether MQ operations can import updated .hgsubstate correctly both into 'revision' and 'patch file under .hg/patches': $ hg init importing-hgsubstate $ cd importing-hgsubstate $ echo a > a $ hg commit -u test -d '0 0' -Am '#0 in parent' adding a $ hg init sub $ echo sa > sub/sa $ hg -R sub commit -u test -d '0 0' -Am '#0 in sub' adding sa $ echo 'sub = sub' > .hgsub $ touch .hgsubstate $ hg add .hgsub .hgsubstate $ hg qnew -u test -d '0 0' import-at-qnew $ hg -R sub parents --template '{node} sub\n' b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub $ cat .hgsubstate b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub $ hg diff -c tip diff -r f499373e340c -r f69e96d86e75 .hgsub --- /dev/null +++ b/.hgsub @@ -0,0 +1,1 @@ +sub = sub diff -r f499373e340c -r f69e96d86e75 .hgsubstate --- /dev/null +++ b/.hgsubstate @@ -0,0 +1,1 @@ +b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub $ cat .hg/patches/import-at-qnew # HG changeset patch # User test # Date 0 0 # Parent f499373e340cdca5d01dee904aeb42dd2a325e71 diff -r f499373e340c -r f69e96d86e75 .hgsub --- /dev/null +++ b/.hgsub @@ -0,0 +1,1 @@ +sub = sub diff -r f499373e340c -r f69e96d86e75 .hgsubstate --- /dev/null +++ b/.hgsubstate @@ -0,0 +1,1 @@ +b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub $ hg parents --template '{node}\n' f69e96d86e75a6d4fd88285dc9697acb23951041 $ hg parents --template '{files}\n' .hgsub .hgsubstate check also whether qnew not including ".hgsubstate" explicitly causes as same result (in node hash) as one including it. $ hg qpop -a -q patch queue now empty $ hg qdelete import-at-qnew $ echo 'sub = sub' > .hgsub $ hg add .hgsub $ rm -f .hgsubstate $ hg qnew -u test -d '0 0' import-at-qnew $ hg parents --template '{node}\n' f69e96d86e75a6d4fd88285dc9697acb23951041 $ hg parents --template '{files}\n' .hgsub .hgsubstate check whether qrefresh imports updated .hgsubstate correctly $ hg qpop popping import-at-qnew patch queue now empty $ hg qpush applying import-at-qnew now at: import-at-qnew $ hg parents --template '{files}\n' .hgsub .hgsubstate $ hg qnew import-at-qrefresh $ echo sb > sub/sb $ hg -R sub commit -u test -d '0 0' -Am '#1 in sub' adding sb $ hg qrefresh -u test -d '0 0' $ hg -R sub parents --template '{node} sub\n' 88ac1bef5ed43b689d1d200b59886b675dec474b sub $ cat .hgsubstate 88ac1bef5ed43b689d1d200b59886b675dec474b sub $ hg diff -c tip diff -r 05b056bb9c8c -r d987bec230f4 .hgsubstate --- a/.hgsubstate +++ b/.hgsubstate @@ -1,1 +1,1 @@ -b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub +88ac1bef5ed43b689d1d200b59886b675dec474b sub $ cat .hg/patches/import-at-qrefresh # HG changeset patch # User test # Date 0 0 # Parent 05b056bb9c8c05ff15258b84fd42ab3527271033 diff -r 05b056bb9c8c .hgsubstate --- a/.hgsubstate +++ b/.hgsubstate @@ -1,1 +1,1 @@ -b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub +88ac1bef5ed43b689d1d200b59886b675dec474b sub $ hg parents --template '{files}\n' .hgsubstate $ hg qrefresh -u test -d '0 0' $ cat .hgsubstate 88ac1bef5ed43b689d1d200b59886b675dec474b sub $ hg diff -c tip diff -r 05b056bb9c8c -r d987bec230f4 .hgsubstate --- a/.hgsubstate +++ b/.hgsubstate @@ -1,1 +1,1 @@ -b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub +88ac1bef5ed43b689d1d200b59886b675dec474b sub $ cat .hg/patches/import-at-qrefresh # HG changeset patch # User test # Date 0 0 # Parent 05b056bb9c8c05ff15258b84fd42ab3527271033 diff -r 05b056bb9c8c .hgsubstate --- a/.hgsubstate +++ b/.hgsubstate @@ -1,1 +1,1 @@ -b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub +88ac1bef5ed43b689d1d200b59886b675dec474b sub $ hg parents --template '{files}\n' .hgsubstate $ hg update -C tip 0 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg qpop -a popping import-at-qrefresh popping import-at-qnew patch queue now empty $ hg -R sub update -C 0 0 files updated, 0 files merged, 1 files removed, 0 files unresolved $ echo 'sub = sub' > .hgsub $ hg commit -Am '#1 in parent' adding .hgsub $ hg -R sub update -C 1 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg commit -Am '#2 in parent (but will be rolled back soon)' $ hg rollback repository tip rolled back to revision 1 (undo commit) working directory now based on revision 1 $ hg status M .hgsubstate $ hg qnew -u test -d '0 0' checkstate-at-qnew $ hg -R sub parents --template '{node} sub\n' 88ac1bef5ed43b689d1d200b59886b675dec474b sub $ cat .hgsubstate 88ac1bef5ed43b689d1d200b59886b675dec474b sub $ hg diff -c tip diff -r 4d91eb2fa1d1 -r 1259c112d884 .hgsubstate --- a/.hgsubstate +++ b/.hgsubstate @@ -1,1 +1,1 @@ -b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub +88ac1bef5ed43b689d1d200b59886b675dec474b sub $ cat .hg/patches/checkstate-at-qnew # HG changeset patch # User test # Date 0 0 # Parent 4d91eb2fa1d1b22ec513347b9cd06f6b49d470fa diff -r 4d91eb2fa1d1 -r 1259c112d884 .hgsubstate --- a/.hgsubstate +++ b/.hgsubstate @@ -1,1 +1,1 @@ -b6f6e9c41f3dfd374a6d2ed4535c87951cf979cf sub +88ac1bef5ed43b689d1d200b59886b675dec474b sub $ hg parents --template '{files}\n' .hgsubstate check whether qrefresh not including ".hgsubstate" explicitly causes as same result (in node hash) as one including it. $ hg update -C -q 0 $ hg qpop -a -q patch queue now empty $ hg qnew -u test -d '0 0' add-hgsub-at-qrefresh $ echo 'sub = sub' > .hgsub $ echo > .hgsubstate $ hg add .hgsub .hgsubstate $ hg qrefresh -u test -d '0 0' $ hg parents --template '{node}\n' 7c48c35501aae6770ed9c2517014628615821a8e $ hg parents --template '{files}\n' .hgsub .hgsubstate $ hg qpop -a -q patch queue now empty $ hg qdelete add-hgsub-at-qrefresh $ hg qnew -u test -d '0 0' add-hgsub-at-qrefresh $ echo 'sub = sub' > .hgsub $ hg add .hgsub $ rm -f .hgsubstate $ hg qrefresh -u test -d '0 0' $ hg parents --template '{node}\n' 7c48c35501aae6770ed9c2517014628615821a8e $ hg parents --template '{files}\n' .hgsub .hgsubstate $ cd .. $ cd ..