2018-07-11 12:50:42 +00:00
|
|
|
"""Test perms"""
|
|
|
|
|
|
|
|
import os
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize('autoperms', ['notest', 'unset', 'true', 'false'])
|
|
|
|
@pytest.mark.usefixtures('ds1_copy')
|
2020-11-17 20:38:31 +00:00
|
|
|
def test_perms(runner, yadm_cmd, paths, ds1, autoperms):
|
2018-07-11 12:50:42 +00:00
|
|
|
"""Test perms"""
|
|
|
|
# set the value of auto-perms
|
|
|
|
if autoperms != 'notest':
|
|
|
|
if autoperms != 'unset':
|
2020-11-17 20:38:31 +00:00
|
|
|
os.system(' '.join(
|
|
|
|
yadm_cmd('config', 'yadm.auto-perms', autoperms)))
|
2018-07-11 12:50:42 +00:00
|
|
|
|
|
|
|
# privatepaths will hold all paths that should become secured
|
|
|
|
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
|
|
|
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
|
|
|
|
|
|
|
# create an archive file
|
|
|
|
os.system(f'touch "{str(paths.archive)}"')
|
|
|
|
privatepaths.append(paths.archive)
|
|
|
|
|
|
|
|
# create encrypted file test data
|
|
|
|
efile1 = paths.work.join('efile1')
|
|
|
|
efile1.write('efile1')
|
|
|
|
efile2 = paths.work.join('efile2')
|
|
|
|
efile2.write('efile2')
|
|
|
|
paths.encrypt.write('efile1\nefile2\n!efile1\n')
|
|
|
|
insecurepaths = [efile1]
|
|
|
|
privatepaths.append(efile2)
|
|
|
|
|
|
|
|
# assert these paths begin unsecured
|
|
|
|
for private in privatepaths + insecurepaths:
|
|
|
|
assert not oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path started secured')
|
|
|
|
|
|
|
|
cmd = 'perms'
|
|
|
|
if autoperms != 'notest':
|
|
|
|
cmd = 'status'
|
2020-11-17 20:38:31 +00:00
|
|
|
run = runner(yadm_cmd(cmd), env={'HOME': paths.work})
|
2018-07-11 12:50:42 +00:00
|
|
|
assert run.success
|
|
|
|
assert run.err == ''
|
|
|
|
if cmd == 'perms':
|
|
|
|
assert run.out == ''
|
|
|
|
|
|
|
|
# these paths should be secured if processing perms
|
|
|
|
for private in privatepaths:
|
|
|
|
if autoperms == 'false':
|
|
|
|
assert not oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path should not be secured')
|
|
|
|
else:
|
|
|
|
assert oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path has not been secured')
|
|
|
|
|
|
|
|
# these paths should never be secured
|
|
|
|
for private in insecurepaths:
|
|
|
|
assert not oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path should not be secured')
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize('sshperms', [None, 'true', 'false'])
|
|
|
|
@pytest.mark.parametrize('gpgperms', [None, 'true', 'false'])
|
|
|
|
@pytest.mark.usefixtures('ds1_copy')
|
2020-11-17 20:38:31 +00:00
|
|
|
def test_perms_control(runner, yadm_cmd, paths, ds1, sshperms, gpgperms):
|
2018-07-11 12:50:42 +00:00
|
|
|
"""Test fine control of perms"""
|
|
|
|
# set the value of ssh-perms
|
|
|
|
if sshperms:
|
2020-11-17 20:38:31 +00:00
|
|
|
os.system(' '.join(yadm_cmd('config', 'yadm.ssh-perms', sshperms)))
|
2018-07-11 12:50:42 +00:00
|
|
|
|
|
|
|
# set the value of gpg-perms
|
|
|
|
if gpgperms:
|
2020-11-17 20:38:31 +00:00
|
|
|
os.system(' '.join(yadm_cmd('config', 'yadm.gpg-perms', gpgperms)))
|
2018-07-11 12:50:42 +00:00
|
|
|
|
|
|
|
# privatepaths will hold all paths that should become secured
|
|
|
|
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
|
|
|
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
|
|
|
|
|
|
|
# assert these paths begin unsecured
|
|
|
|
for private in privatepaths:
|
|
|
|
assert not oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path started secured')
|
|
|
|
|
2020-11-17 20:38:31 +00:00
|
|
|
run = runner(yadm_cmd('perms'), env={'HOME': paths.work})
|
2018-07-11 12:50:42 +00:00
|
|
|
assert run.success
|
|
|
|
assert run.err == ''
|
|
|
|
assert run.out == ''
|
|
|
|
|
|
|
|
# these paths should be secured if processing perms
|
|
|
|
for private in privatepaths:
|
|
|
|
if (
|
|
|
|
(sshperms == 'false' and 'ssh' in str(private))
|
|
|
|
or
|
|
|
|
(gpgperms == 'false' and 'gnupg' in str(private))
|
|
|
|
):
|
|
|
|
assert not oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path should not be secured')
|
|
|
|
else:
|
|
|
|
assert oct(private.stat().mode).endswith('00'), (
|
|
|
|
'Path has not been secured')
|
2019-11-12 05:28:16 +00:00
|
|
|
|
|
|
|
# verify permissions aren't changed for the worktree
|
|
|
|
assert oct(paths.work.stat().mode).endswith('0755')
|