2018-07-11 08:50:42 -04:00
|
|
|
"""Test perms"""
|
|
|
|
|
|
|
|
import os
|
2023-07-10 10:14:33 -04:00
|
|
|
|
2018-07-11 08:50:42 -04:00
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
2023-07-10 15:43:17 -04:00
|
|
|
@pytest.mark.parametrize("autoperms", ["notest", "unset", "true", "false"])
|
|
|
|
@pytest.mark.usefixtures("ds1_copy")
|
2020-11-17 15:38:31 -05:00
|
|
|
def test_perms(runner, yadm_cmd, paths, ds1, autoperms):
|
2018-07-11 08:50:42 -04:00
|
|
|
"""Test perms"""
|
|
|
|
# set the value of auto-perms
|
2023-07-10 15:43:17 -04:00
|
|
|
if autoperms != "notest":
|
|
|
|
if autoperms != "unset":
|
|
|
|
os.system(" ".join(yadm_cmd("config", "yadm.auto-perms", autoperms)))
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
# privatepaths will hold all paths that should become secured
|
2023-07-10 15:43:17 -04:00
|
|
|
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
|
2018-07-11 08:50:42 -04:00
|
|
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
|
|
|
|
|
|
|
# create an archive file
|
|
|
|
os.system(f'touch "{str(paths.archive)}"')
|
|
|
|
privatepaths.append(paths.archive)
|
|
|
|
|
|
|
|
# create encrypted file test data
|
2023-07-10 15:43:17 -04:00
|
|
|
efile1 = paths.work.join("efile1")
|
|
|
|
efile1.write("efile1")
|
|
|
|
efile2 = paths.work.join("efile2")
|
|
|
|
efile2.write("efile2")
|
|
|
|
paths.encrypt.write("efile1\nefile2\n!efile1\n")
|
2018-07-11 08:50:42 -04:00
|
|
|
insecurepaths = [efile1]
|
|
|
|
privatepaths.append(efile2)
|
|
|
|
|
|
|
|
# assert these paths begin unsecured
|
|
|
|
for private in privatepaths + insecurepaths:
|
2023-07-10 15:43:17 -04:00
|
|
|
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
|
2018-07-11 08:50:42 -04:00
|
|
|
|
2023-07-10 15:43:17 -04:00
|
|
|
cmd = "perms"
|
|
|
|
if autoperms != "notest":
|
|
|
|
cmd = "status"
|
|
|
|
run = runner(yadm_cmd(cmd), env={"HOME": paths.work})
|
2018-07-11 08:50:42 -04:00
|
|
|
assert run.success
|
2023-07-10 15:43:17 -04:00
|
|
|
assert run.err == ""
|
|
|
|
if cmd == "perms":
|
|
|
|
assert run.out == ""
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
# these paths should be secured if processing perms
|
|
|
|
for private in privatepaths:
|
2023-07-10 15:43:17 -04:00
|
|
|
if autoperms == "false":
|
|
|
|
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
|
2018-07-11 08:50:42 -04:00
|
|
|
else:
|
2023-07-10 15:43:17 -04:00
|
|
|
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
# these paths should never be secured
|
|
|
|
for private in insecurepaths:
|
2023-07-10 15:43:17 -04:00
|
|
|
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
|
2023-07-10 15:43:17 -04:00
|
|
|
@pytest.mark.parametrize("sshperms", [None, "true", "false"])
|
|
|
|
@pytest.mark.parametrize("gpgperms", [None, "true", "false"])
|
|
|
|
@pytest.mark.usefixtures("ds1_copy")
|
2020-11-17 15:38:31 -05:00
|
|
|
def test_perms_control(runner, yadm_cmd, paths, ds1, sshperms, gpgperms):
|
2018-07-11 08:50:42 -04:00
|
|
|
"""Test fine control of perms"""
|
|
|
|
# set the value of ssh-perms
|
|
|
|
if sshperms:
|
2023-07-10 15:43:17 -04:00
|
|
|
os.system(" ".join(yadm_cmd("config", "yadm.ssh-perms", sshperms)))
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
# set the value of gpg-perms
|
|
|
|
if gpgperms:
|
2023-07-10 15:43:17 -04:00
|
|
|
os.system(" ".join(yadm_cmd("config", "yadm.gpg-perms", gpgperms)))
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
# privatepaths will hold all paths that should become secured
|
2023-07-10 15:43:17 -04:00
|
|
|
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
|
2018-07-11 08:50:42 -04:00
|
|
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
|
|
|
|
|
|
|
# assert these paths begin unsecured
|
|
|
|
for private in privatepaths:
|
2023-07-10 15:43:17 -04:00
|
|
|
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
|
2018-07-11 08:50:42 -04:00
|
|
|
|
2023-07-10 15:43:17 -04:00
|
|
|
run = runner(yadm_cmd("perms"), env={"HOME": paths.work})
|
2018-07-11 08:50:42 -04:00
|
|
|
assert run.success
|
2023-07-10 15:43:17 -04:00
|
|
|
assert run.err == ""
|
|
|
|
assert run.out == ""
|
2018-07-11 08:50:42 -04:00
|
|
|
|
|
|
|
# these paths should be secured if processing perms
|
|
|
|
for private in privatepaths:
|
2023-07-10 15:43:17 -04:00
|
|
|
if (sshperms == "false" and "ssh" in str(private)) or (gpgperms == "false" and "gnupg" in str(private)):
|
|
|
|
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
|
2018-07-11 08:50:42 -04:00
|
|
|
else:
|
2023-07-10 15:43:17 -04:00
|
|
|
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
|
2019-11-12 00:28:16 -05:00
|
|
|
|
|
|
|
# verify permissions aren't changed for the worktree
|
2023-07-10 15:43:17 -04:00
|
|
|
assert oct(paths.work.stat().mode).endswith("0755")
|