You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2015/07/27 01:47:13 UTC
svn commit: r1692798 [2/2] - in /subversion/trunk: ./ build/ac-macros/
subversion/mod_authz_svn/ subversion/tests/cmdline/
subversion/tests/cmdline/svntest/
Added: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py?rev=1692798&view=auto
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py (added)
+++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Sun Jul 26 23:47:12 2015
@@ -0,0 +1,1073 @@
+#!/usr/bin/env python
+#
+# mod_authz_svn_tests.py: testing mod_authz_svn
+#
+# Subversion is a tool for revision control.
+# See http://subversion.apache.org for more information.
+#
+# ====================================================================
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+######################################################################
+
+# General modules
+import os, re, logging
+
+logger = logging.getLogger()
+
+# Our testing module
+import svntest
+
+# (abbreviation)
+Skip = svntest.testcase.Skip_deco
+SkipUnless = svntest.testcase.SkipUnless_deco
+XFail = svntest.testcase.XFail_deco
+Issues = svntest.testcase.Issues_deco
+Issue = svntest.testcase.Issue_deco
+Wimp = svntest.testcase.Wimp_deco
+
+ls_of_D_no_H = '''<html><head><title>repos - Revision 1: /A/D</title></head>
+<body>
+ <h2>repos - Revision 1: /A/D</h2>
+ <ul>
+ <li><a href="../">..</a></li>
+ <li><a href="G/">G/</a></li>
+ <li><a href="gamma">gamma</a></li>
+ </ul>
+</body></html>'''
+
+ls_of_D_H = '''<html><head><title>repos - Revision 1: /A/D</title></head>
+<body>
+ <h2>repos - Revision 1: /A/D</h2>
+ <ul>
+ <li><a href="../">..</a></li>
+ <li><a href="G/">G/</a></li>
+ <li><a href="H/">H/</a></li>
+ <li><a href="gamma">gamma</a></li>
+ </ul>
+</body></html>'''
+
+ls_of_H = '''<html><head><title>repos - Revision 1: /A/D/H</title></head>
+<body>
+ <h2>repos - Revision 1: /A/D/H</h2>
+ <ul>
+ <li><a href="../">..</a></li>
+ <li><a href="chi">chi</a></li>
+ <li><a href="omega">omega</a></li>
+ <li><a href="psi">psi</a></li>
+ </ul>
+</body></html>'''
+
+user1 = svntest.main.wc_author
+user1_upper = user1.upper()
+user1_pass = svntest.main.wc_passwd
+user1_badpass = 'XXX'
+assert user1_pass != user1_badpass, "Passwords can't match"
+user2 = svntest.main.wc_author2
+user2_upper = user2.upper()
+user2_pass = svntest.main.wc_passwd
+user2_badpass = 'XXX'
+assert user2_pass != user2_badpass, "Passwords can't match"
+
+def write_authz_file(sbox):
+ svntest.main.write_authz_file(sbox, {
+ '/': '$anonymous = r\n' +
+ 'jrandom = rw\n' +
+ 'jconstant = rw',
+ '/A/D/H': '$anonymous =\n' +
+ '$authenticated =\n' +
+ 'jrandom = rw'
+ })
+
+def write_authz_file_groups(sbox):
+ authz_name = sbox.authz_name()
+ svntest.main.write_authz_file(sbox,{
+ '/': '* =',
+ })
+
+def verify_get(test_area_url, path, user, pw,
+ expected_status, expected_body, headers):
+ import httplib
+ from urlparse import urlparse
+ import base64
+
+ req_url = test_area_url + path
+
+ loc = urlparse(req_url)
+
+ if loc.scheme == 'http':
+ h = httplib.HTTPConnection(loc.hostname, loc.port)
+ else:
+ h = httplib.HTTPSConnection(loc.hostname, loc.port)
+
+ if headers is None:
+ headers = {}
+
+ if user and pw:
+ auth_info = user + ':' + pw
+ headers['Authorization'] = 'Basic ' + base64.b64encode(auth_info)
+ else:
+ auth_info = "anonymous"
+
+ h.request('GET', req_url, None, headers)
+
+ r = h.getresponse()
+
+ actual_status = r.status
+ if expected_status and expected_status != actual_status:
+
+ logger.warn("Expected status '" + str(expected_status) +
+ "' but got '" + str(actual_status) +
+ "' on url '" + req_url + "' (" +
+ auth_info + ").")
+ raise svntest.Failure
+
+ if expected_body:
+ actual_body = r.read()
+ if expected_body != actual_body:
+ logger.warn("Expected body:")
+ logger.warn(expected_body)
+ logger.warn("But got:")
+ logger.warn(actual_body)
+ logger.warn("on url '" + req_url + "' (" + auth_info + ").")
+ raise svntest.Failure
+
+def verify_gets(test_area_url, tests):
+ for test in tests:
+ verify_get(test_area_url, test['path'], test.get('user'), test.get('pw'),
+ test['status'], test.get('body'), test.get('headers'))
+
+
+######################################################################
+# Tests
+#
+# Each test must return on success or raise on failure.
+
+
+#----------------------------------------------------------------------
+
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def anon(sbox):
+ "test anonymous access"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/anon')
+
+ write_authz_file(sbox)
+
+ anon_tests = (
+ { 'path': '', 'status': 301 },
+ { 'path': '/', 'status': 200 },
+ { 'path': '/repos', 'status': 301 },
+ { 'path': '/repos/', 'status': 200 },
+ { 'path': '/repos/A', 'status': 301 },
+ { 'path': '/repos/A/', 'status': 200 },
+ { 'path': '/repos/A/D', 'status': 301 },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H },
+ { 'path': '/repos/A/D/gamma', 'status': 200 },
+ { 'path': '/repos/A/D/H', 'status': 403 },
+ { 'path': '/repos/A/D/H/', 'status': 403 },
+ { 'path': '/repos/A/D/H/chi', 'status': 403 },
+ # auth isn't configured so nothing should change when passing
+ # authn details
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, anon_tests)
+
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def mixed(sbox):
+ "test mixed anonymous and authenticated access"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/mixed')
+
+ write_authz_file(sbox)
+
+ mixed_tests = (
+ { 'path': '', 'status': 301, },
+ { 'path': '/', 'status': 200, },
+ { 'path': '/repos', 'status': 301, },
+ { 'path': '/repos/', 'status': 200, },
+ { 'path': '/repos/A', 'status': 301, },
+ { 'path': '/repos/A/', 'status': 200, },
+ { 'path': '/repos/A/D', 'status': 301, },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ },
+ { 'path': '/repos/A/D/gamma', 'status': 200, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, mixed_tests)
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+@XFail(svntest.main.is_httpd_authz_provider_enabled)
+# uses the AuthzSVNNoAuthWhenAnonymousAllowed On directive
+# this is broken with httpd 2.3.x+ since it requires the auth system to accept
+# r->user == NULL and there is a test for this in server/request.c now. It
+# was intended as a workaround for the lack of Satisfy Any in 2.3.x+ which
+# was resolved by httpd with mod_access_compat in 2.3.x+.
+def mixed_noauthwhenanon(sbox):
+ "test mixed with noauthwhenanon directive"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/mixed-noauthwhenanon')
+
+ write_authz_file(sbox)
+
+ noauthwhenanon_tests = (
+ { 'path': '', 'status': 301, },
+ { 'path': '/', 'status': 200, },
+ { 'path': '/repos', 'status': 301, },
+ { 'path': '/repos/', 'status': 200, },
+ { 'path': '/repos/A', 'status': 301, },
+ { 'path': '/repos/A/', 'status': 200, },
+ { 'path': '/repos/A/D', 'status': 301, },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ },
+ { 'path': '/repos/A/D/gamma', 'status': 200, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ # note that unlike doing this with Satisfy Any this case
+ # actually provides anon access when provided with an invalid
+ # password
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, noauthwhenanon_tests)
+
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn(sbox):
+ "test authenticated only access"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn')
+
+ write_authz_file(sbox)
+
+ authn_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with upper case username for user1
+ { 'path': '', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with upper case username for user2
+ { 'path': '', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, authn_tests)
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn_anonoff(sbox):
+ "test authenticated only access with anonoff"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn-anonoff')
+
+ write_authz_file(sbox)
+
+ anonoff_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with upper case username for user1
+ { 'path': '', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with upper case username for user2
+ { 'path': '', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, anonoff_tests)
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn_lcuser(sbox):
+ "test authenticated only access with lcuser"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn-lcuser')
+
+ write_authz_file(sbox)
+
+ lcuser_tests = (
+ # try with upper case username for user1 (works due to lcuser option)
+ { 'path': '', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ # try with upper case username for user2 (works due to lcuser option)
+ { 'path': '', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ )
+
+ verify_gets(test_area_url, lcuser_tests)
+
+# authenticated access only by group - a excuse to use AuthzSVNAuthoritative Off
+# this is terribly messed up, Require group runs after mod_authz_svn.
+# so if mod_authz_svn grants the access then it doesn't matter what the group
+# requirement says. If we reject the access then you can use the AuthzSVNAuthoritative Off
+# directive to fall through to the group check. Overall the behavior of setups like this
+# is almost guaranteed to not be what users expect.
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn_group(sbox):
+ "test authenticated only access via groups"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn-group')
+
+ # Can't use write_authz_file() as most tests because we want to deny all
+ # access with mod_authz_svn so the tests fall through to the group handling
+ authz_name = sbox.authz_name()
+ svntest.main.write_authz_file(sbox, {
+ '/': '* =',
+ })
+
+ group_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ )
+
+ verify_gets(test_area_url, group_tests)
+
+# This test exists to validate our behavior when used with the new authz
+# provider system introduced in httpd 2.3.x. The Satisfy directive
+# determines how older authz hooks are combined and the RequireA(ll|ny)
+# blocks handles how new authz providers are combined. The overall results of
+# all the authz providers (combined per the Require* blocks) are then
+# combined with the other authz hooks via the Satisfy directive.
+# Meaning this test requires that mod_authz_svn says yes and there is
+# either a valid user or the ALLOW header is 1. The header may seem
+# like a silly test but it's easier to excercise than say a host directive
+# in a repeatable test.
+@SkipUnless(svntest.main.is_httpd_authz_provider_enabled)
+def authn_sallrany(sbox):
+ "test satisfy all require any config"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/sallrany')
+
+ write_authz_file(sbox)
+
+ allow_header = { 'ALLOW': '1' }
+
+ sallrany_tests = (
+ #anon access isn't allowed without ALLOW header
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ # anon is allowed with the ALLOW header
+ { 'path': '', 'status': 301, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'headers': allow_header },
+ # these 3 tests return 403 instead of 401 becasue the config allows
+ # the anon user with the ALLOW header without any auth and the old hook
+ # system has no way of knowing it should return 401 since authentication is
+ # configured and can change the behavior. It could decide to return 401 just on
+ # the basis of authentication being configured but then that leaks info in other
+ # cases so it's better for this case to be "broken".
+ { 'path': '/repos/A/D/H', 'status': 403, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 403, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'headers': allow_header },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+
+ )
+
+ verify_gets(test_area_url, sallrany_tests)
+
+# See comments on authn_sallrany test for some background on the interaction
+# of Satisfy Any and the newer Require blocks.
+@SkipUnless(svntest.main.is_httpd_authz_provider_enabled)
+def authn_sallrall(sbox):
+ "test satisfy all require all config"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/sallrall')
+
+ write_authz_file(sbox)
+
+ allow_header = { 'ALLOW': '1' }
+
+ sallrall_tests = (
+ #anon access isn't allowed without ALLOW header
+ { 'path': '', 'status': 403, },
+ { 'path': '/', 'status': 403, },
+ { 'path': '/repos', 'status': 403, },
+ { 'path': '/repos/', 'status': 403, },
+ { 'path': '/repos/A', 'status': 403, },
+ { 'path': '/repos/A/', 'status': 403, },
+ { 'path': '/repos/A/D', 'status': 403, },
+ { 'path': '/repos/A/D/', 'status': 403, },
+ { 'path': '/repos/A/D/gamma', 'status': 403, },
+ { 'path': '/repos/A/D/H', 'status': 403, },
+ { 'path': '/repos/A/D/H/', 'status': 403, },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, },
+ # auth is configured but no access is allowed without the ALLOW header
+ { 'path': '', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ # auth is configured but no access is allowed without the ALLOW header
+ { 'path': '', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ # anon is not allowed even with ALLOW header
+ { 'path': '', 'status': 401, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'headers': allow_header },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+
+ )
+
+ verify_gets(test_area_url, sallrall_tests)
+
+
+########################################################################
+# Run the tests
+
+
+# list all tests here, starting with None:
+test_list = [ None,
+ anon,
+ mixed,
+ mixed_noauthwhenanon,
+ authn,
+ authn_anonoff,
+ authn_lcuser,
+ authn_group,
+ authn_sallrany,
+ authn_sallrall,
+ ]
+serial_only = True
+
+if __name__ == '__main__':
+ svntest.main.run_tests(test_list)
+ # NOTREACHED
+
+
+### End of file.
Propchange: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
------------------------------------------------------------------------------
svn:eol-style = native
Modified: subversion/trunk/subversion/tests/cmdline/svntest/main.py
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/svntest/main.py?rev=1692798&r1=1692797&r2=1692798&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/svntest/main.py (original)
+++ subversion/trunk/subversion/tests/cmdline/svntest/main.py Sun Jul 26 23:47:12 2015
@@ -1545,6 +1545,12 @@ def is_mod_dav_url_quoting_broken():
return (options.httpd_version in __mod_dav_url_quoting_broken_versions)
return None
+def is_httpd_authz_provider_enabled():
+ if is_ra_type_dav():
+ v = options.httpd_version.split('.')
+ return (v[0] == '2' and int(v[1]) >= 3) or int(v[0]) > 2
+ return None
+
######################################################################
Modified: subversion/trunk/win-tests.py
URL: http://svn.apache.org/viewvc/subversion/trunk/win-tests.py?rev=1692798&r1=1692797&r2=1692798&view=diff
==============================================================================
--- subversion/trunk/win-tests.py (original)
+++ subversion/trunk/win-tests.py Sun Jul 26 23:47:12 2015
@@ -490,6 +490,7 @@ class Httpd:
self.httpd_config = os.path.join(self.root, 'httpd.conf')
self.httpd_users = os.path.join(self.root, 'users')
self.httpd_mime_types = os.path.join(self.root, 'mime.types')
+ self.httpd_groups = os.path.join(self.root, 'groups')
self.abs_builddir = abs_builddir
self.abs_objdir = abs_objdir
self.service_name = 'svn-test-httpd-' + str(httpd_port)
@@ -503,6 +504,7 @@ class Httpd:
create_target_dir(self.root_dir)
self._create_users_file()
+ self._create_groups_file()
self._create_mime_types_file()
self._create_dontdothat_file()
@@ -543,6 +545,8 @@ class Httpd:
if self.httpd_ver >= 2.2:
fp.write(self._sys_module('auth_basic_module', 'mod_auth_basic.so'))
fp.write(self._sys_module('authn_file_module', 'mod_authn_file.so'))
+ fp.write(self._sys_module('authz_groupfile_module', 'mod_authz_groupfile.so'))
+ fp.write(self._sys_module('authz_host_module', 'mod_authz_host.so'))
else:
fp.write(self._sys_module('auth_module', 'mod_auth.so'))
fp.write(self._sys_module('alias_module', 'mod_alias.so'))
@@ -565,6 +569,7 @@ class Httpd:
# Define two locations for repositories
fp.write(self._svn_repo('repositories'))
fp.write(self._svn_repo('local_tmp'))
+ fp.write(self._svn_authz_repo())
# And two redirects for the redirect tests
fp.write('RedirectMatch permanent ^/svn-test-work/repositories/'
@@ -597,6 +602,17 @@ class Httpd:
'jconstant', 'rayjandom'])
os.spawnv(os.P_WAIT, htpasswd, ['htpasswd.exe', '-bp', self.httpd_users,
'__dumpster__', '__loadster__'])
+ os.spawnv(os.P_WAIT, htpasswd, ['htpasswd.exe', '-bp', self.httpd_users,
+ 'JRANDOM', 'rayjandom'])
+ os.spawnv(os.P_WAIT, htpasswd, ['htpasswd.exe', '-bp', self.httpd_users,
+ 'JCONSTANT', 'rayjandom'])
+
+ def _create_groups_file(self):
+ "Create groups for mod_authz_svn tests"
+ fp = open(self.httpd_groups, 'w')
+ fp.write('random: jrandom\n')
+ fp.write('constant: jconstant\n')
+ fp.close()
def _create_mime_types_file(self):
"Create empty mime.types file"
@@ -657,6 +673,153 @@ class Httpd:
' DontDoThatConfigFile ' + self._quote(self.dontdothat_file) + '\n' \
'</Location>\n'
+ def _svn_authz_repo(self):
+ local_tmp = os.path.join(self.abs_builddir,
+ CMDLINE_TEST_SCRIPT_NATIVE_PATH,
+ 'svn-test-work', 'local_tmp')
+ return \
+ '<Location /authz-test-work/anon>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' <IfModule mod_authz_core.c>' + '\n' \
+ ' Require all granted' + '\n' \
+ ' </IfModule>' + '\n' \
+ ' <IfModule !mod_authz_core.c>' + '\n' \
+ ' Allow from all' + '\n' \
+ ' </IfModule>' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/mixed>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' Require valid-user' + '\n' \
+ ' Satisfy Any' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/mixed-noauthwhenanon>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' Require valid-user' + '\n' \
+ ' AuthzSVNNoAuthWhenAnonymousAllowed On' + '\n' \
+ ' SVNPathAuthz On' + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/authn>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' Require valid-user' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/authn-anonoff>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' Require valid-user' + '\n' \
+ ' AuthzSVNAnonymous Off' + '\n' \
+ ' SVNPathAuthz On' + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/authn-lcuser>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' Require valid-user' + '\n' \
+ ' AuthzForceUsernameCase Lower' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/authn-lcuser>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' Require valid-user' + '\n' \
+ ' AuthzForceUsernameCase Lower' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/authn-group>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' AuthGroupFile ' + self._quote(self.httpd_groups) + '\n' \
+ ' Require group random' + '\n' \
+ ' AuthzSVNAuthoritative Off' + '\n' \
+ ' SVNPathAuthz On' + '\n' \
+ '</Location>' + '\n' \
+ '<IfModule mod_authz_core.c>' + '\n' \
+ '<Location /authz-test-work/sallrany>' + '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' AuthzSendForbiddenOnFailure On' + '\n' \
+ ' Satisfy All' + '\n' \
+ ' <RequireAny>' + '\n' \
+ ' Require valid-user' + '\n' \
+ ' Require expr req(\'ALLOW\') == \'1\'' + '\n' \
+ ' </RequireAny>' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '<Location /authz-test-work/sallrall>'+ '\n' \
+ ' DAV svn' + '\n' \
+ ' SVNParentPath ' + local_tmp + '\n' \
+ ' AuthzSVNAccessFile ' + self._quote(self.authz_file) + '\n' \
+ ' SVNAdvertiseV2Protocol ' + self.httpv2_option + '\n' \
+ ' SVNListParentPath On' + '\n' \
+ ' AuthType Basic' + '\n' \
+ ' AuthName "Subversion Repository"' + '\n' \
+ ' AuthUserFile ' + self._quote(self.httpd_users) + '\n' \
+ ' AuthzSendForbiddenOnFailure On' + '\n' \
+ ' Satisfy All' + '\n' \
+ ' <RequireAll>' + '\n' \
+ ' Require valid-user' + '\n' \
+ ' Require expr req(\'ALLOW\') == \'1\'' + '\n' \
+ ' </RequireAll>' + '\n' \
+ ' SVNPathAuthz ' + self.path_authz_option + '\n' \
+ '</Location>' + '\n' \
+ '</IfModule>' + '\n' \
+
def start(self):
if self.service:
self._start_service()
@@ -826,6 +989,10 @@ if not test_javahl and not test_swig:
log_file = os.path.join(abs_builddir, log)
fail_log_file = os.path.join(abs_builddir, faillog)
+ if run_httpd:
+ httpd_version = gen_obj._libraries['httpd'].version
+ else:
+ httpd_version = None
th = run_tests.TestHarness(abs_srcdir, abs_builddir,
log_file,
fail_log_file,
@@ -835,6 +1002,7 @@ if not test_javahl and not test_swig:
fsfs_sharding, fsfs_packing,
list_tests, svn_bin, mode_filter,
milestone_filter,
+ httpd_version=httpd_version,
set_log_level=log_level, ssl_cert=ssl_cert,
exclusive_wc_locks=exclusive_wc_locks,
memcached_server=memcached_server,