You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by br...@apache.org on 2015/07/27 02:23:41 UTC
svn commit: r1692801 [4/7] - in /subversion/branches: 1.7.x/ 1.7.x/build/
1.7.x/build/ac-macros/ 1.7.x/subversion/libsvn_repos/
1.7.x/subversion/mod_authz_svn/ 1.7.x/subversion/tests/cmdline/
1.7.x/subversion/tests/cmdline/svntest/ 1.7.x/subversion/tes...
Added: subversion/branches/1.8.x/subversion/tests/cmdline/mod_authz_svn_tests.py
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/tests/cmdline/mod_authz_svn_tests.py?rev=1692801&view=auto
==============================================================================
--- subversion/branches/1.8.x/subversion/tests/cmdline/mod_authz_svn_tests.py (added)
+++ subversion/branches/1.8.x/subversion/tests/cmdline/mod_authz_svn_tests.py Mon Jul 27 00:23:40 2015
@@ -0,0 +1,1073 @@
+#!/usr/bin/env python
+#
+# mod_authz_svn_tests.py: testing mod_authz_svn
+#
+# Subversion is a tool for revision control.
+# See http://subversion.apache.org for more information.
+#
+# ====================================================================
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+######################################################################
+
+# General modules
+import os, re, logging
+
+logger = logging.getLogger()
+
+# Our testing module
+import svntest
+
+# (abbreviation)
+Skip = svntest.testcase.Skip_deco
+SkipUnless = svntest.testcase.SkipUnless_deco
+XFail = svntest.testcase.XFail_deco
+Issues = svntest.testcase.Issues_deco
+Issue = svntest.testcase.Issue_deco
+Wimp = svntest.testcase.Wimp_deco
+
+ls_of_D_no_H = '''<html><head><title>repos - Revision 1: /A/D</title></head>
+<body>
+ <h2>repos - Revision 1: /A/D</h2>
+ <ul>
+ <li><a href="../">..</a></li>
+ <li><a href="G/">G/</a></li>
+ <li><a href="gamma">gamma</a></li>
+ </ul>
+</body></html>'''
+
+ls_of_D_H = '''<html><head><title>repos - Revision 1: /A/D</title></head>
+<body>
+ <h2>repos - Revision 1: /A/D</h2>
+ <ul>
+ <li><a href="../">..</a></li>
+ <li><a href="G/">G/</a></li>
+ <li><a href="H/">H/</a></li>
+ <li><a href="gamma">gamma</a></li>
+ </ul>
+</body></html>'''
+
+ls_of_H = '''<html><head><title>repos - Revision 1: /A/D/H</title></head>
+<body>
+ <h2>repos - Revision 1: /A/D/H</h2>
+ <ul>
+ <li><a href="../">..</a></li>
+ <li><a href="chi">chi</a></li>
+ <li><a href="omega">omega</a></li>
+ <li><a href="psi">psi</a></li>
+ </ul>
+</body></html>'''
+
+user1 = svntest.main.wc_author
+user1_upper = user1.upper()
+user1_pass = svntest.main.wc_passwd
+user1_badpass = 'XXX'
+assert user1_pass != user1_badpass, "Passwords can't match"
+user2 = svntest.main.wc_author2
+user2_upper = user2.upper()
+user2_pass = svntest.main.wc_passwd
+user2_badpass = 'XXX'
+assert user2_pass != user2_badpass, "Passwords can't match"
+
+def write_authz_file(sbox):
+ svntest.main.write_authz_file(sbox, {
+ '/': '$anonymous = r\n' +
+ 'jrandom = rw\n' +
+ 'jconstant = rw',
+ '/A/D/H': '$anonymous =\n' +
+ '$authenticated =\n' +
+ 'jrandom = rw'
+ })
+
+def write_authz_file_groups(sbox):
+ authz_name = sbox.authz_name()
+ svntest.main.write_authz_file(sbox,{
+ '/': '* =',
+ })
+
+def verify_get(test_area_url, path, user, pw,
+ expected_status, expected_body, headers):
+ import httplib
+ from urlparse import urlparse
+ import base64
+
+ req_url = test_area_url + path
+
+ loc = urlparse(req_url)
+
+ if loc.scheme == 'http':
+ h = httplib.HTTPConnection(loc.hostname, loc.port)
+ else:
+ h = httplib.HTTPSConnection(loc.hostname, loc.port)
+
+ if headers is None:
+ headers = {}
+
+ if user and pw:
+ auth_info = user + ':' + pw
+ headers['Authorization'] = 'Basic ' + base64.b64encode(auth_info)
+ else:
+ auth_info = "anonymous"
+
+ h.request('GET', req_url, None, headers)
+
+ r = h.getresponse()
+
+ actual_status = r.status
+ if expected_status and expected_status != actual_status:
+
+ logger.warn("Expected status '" + str(expected_status) +
+ "' but got '" + str(actual_status) +
+ "' on url '" + req_url + "' (" +
+ auth_info + ").")
+ raise svntest.Failure
+
+ if expected_body:
+ actual_body = r.read()
+ if expected_body != actual_body:
+ logger.warn("Expected body:")
+ logger.warn(expected_body)
+ logger.warn("But got:")
+ logger.warn(actual_body)
+ logger.warn("on url '" + req_url + "' (" + auth_info + ").")
+ raise svntest.Failure
+
+def verify_gets(test_area_url, tests):
+ for test in tests:
+ verify_get(test_area_url, test['path'], test.get('user'), test.get('pw'),
+ test['status'], test.get('body'), test.get('headers'))
+
+
+######################################################################
+# Tests
+#
+# Each test must return on success or raise on failure.
+
+
+#----------------------------------------------------------------------
+
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def anon(sbox):
+ "test anonymous access"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/anon')
+
+ write_authz_file(sbox)
+
+ anon_tests = (
+ { 'path': '', 'status': 301 },
+ { 'path': '/', 'status': 200 },
+ { 'path': '/repos', 'status': 301 },
+ { 'path': '/repos/', 'status': 200 },
+ { 'path': '/repos/A', 'status': 301 },
+ { 'path': '/repos/A/', 'status': 200 },
+ { 'path': '/repos/A/D', 'status': 301 },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H },
+ { 'path': '/repos/A/D/gamma', 'status': 200 },
+ { 'path': '/repos/A/D/H', 'status': 403 },
+ { 'path': '/repos/A/D/H/', 'status': 403 },
+ { 'path': '/repos/A/D/H/chi', 'status': 403 },
+ # auth isn't configured so nothing should change when passing
+ # authn details
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, anon_tests)
+
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def mixed(sbox):
+ "test mixed anonymous and authenticated access"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/mixed')
+
+ write_authz_file(sbox)
+
+ mixed_tests = (
+ { 'path': '', 'status': 301, },
+ { 'path': '/', 'status': 200, },
+ { 'path': '/repos', 'status': 301, },
+ { 'path': '/repos/', 'status': 200, },
+ { 'path': '/repos/A', 'status': 301, },
+ { 'path': '/repos/A/', 'status': 200, },
+ { 'path': '/repos/A/D', 'status': 301, },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ },
+ { 'path': '/repos/A/D/gamma', 'status': 200, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, mixed_tests)
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+@XFail(svntest.main.is_httpd_authz_provider_enabled)
+# uses the AuthzSVNNoAuthWhenAnonymousAllowed On directive
+# this is broken with httpd 2.3.x+ since it requires the auth system to accept
+# r->user == NULL and there is a test for this in server/request.c now. It
+# was intended as a workaround for the lack of Satisfy Any in 2.3.x+ which
+# was resolved by httpd with mod_access_compat in 2.3.x+.
+def mixed_noauthwhenanon(sbox):
+ "test mixed with noauthwhenanon directive"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/mixed-noauthwhenanon')
+
+ write_authz_file(sbox)
+
+ noauthwhenanon_tests = (
+ { 'path': '', 'status': 301, },
+ { 'path': '/', 'status': 200, },
+ { 'path': '/repos', 'status': 301, },
+ { 'path': '/repos/', 'status': 200, },
+ { 'path': '/repos/A', 'status': 301, },
+ { 'path': '/repos/A/', 'status': 200, },
+ { 'path': '/repos/A/D', 'status': 301, },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ },
+ { 'path': '/repos/A/D/gamma', 'status': 200, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ # note that unlike doing this with Satisfy Any this case
+ # actually provides anon access when provided with an invalid
+ # password
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, noauthwhenanon_tests)
+
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn(sbox):
+ "test authenticated only access"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn')
+
+ write_authz_file(sbox)
+
+ authn_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with upper case username for user1
+ { 'path': '', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with upper case username for user2
+ { 'path': '', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, authn_tests)
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn_anonoff(sbox):
+ "test authenticated only access with anonoff"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn-anonoff')
+
+ write_authz_file(sbox)
+
+ anonoff_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access to H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with upper case username for user1
+ { 'path': '', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1_upper, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with upper case username for user2
+ { 'path': '', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ )
+
+ verify_gets(test_area_url, anonoff_tests)
+
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn_lcuser(sbox):
+ "test authenticated only access with lcuser"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn-lcuser')
+
+ write_authz_file(sbox)
+
+ lcuser_tests = (
+ # try with upper case username for user1 (works due to lcuser option)
+ { 'path': '', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1_upper, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1_upper, 'pw': user1_pass},
+ # try with upper case username for user2 (works due to lcuser option)
+ { 'path': '', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2_upper, 'pw': user2_pass},
+ )
+
+ verify_gets(test_area_url, lcuser_tests)
+
+# authenticated access only by group - a excuse to use AuthzSVNAuthoritative Off
+# this is terribly messed up, Require group runs after mod_authz_svn.
+# so if mod_authz_svn grants the access then it doesn't matter what the group
+# requirement says. If we reject the access then you can use the AuthzSVNAuthoritative Off
+# directive to fall through to the group check. Overall the behavior of setups like this
+# is almost guaranteed to not be what users expect.
+@SkipUnless(svntest.main.is_ra_type_dav)
+def authn_group(sbox):
+ "test authenticated only access via groups"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/authn-group')
+
+ # Can't use write_authz_file() as most tests because we want to deny all
+ # access with mod_authz_svn so the tests fall through to the group handling
+ authz_name = sbox.authz_name()
+ svntest.main.write_authz_file(sbox, {
+ '/': '* =',
+ })
+
+ group_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ )
+
+ verify_gets(test_area_url, group_tests)
+
+# This test exists to validate our behavior when used with the new authz
+# provider system introduced in httpd 2.3.x. The Satisfy directive
+# determines how older authz hooks are combined and the RequireA(ll|ny)
+# blocks handles how new authz providers are combined. The overall results of
+# all the authz providers (combined per the Require* blocks) are then
+# combined with the other authz hooks via the Satisfy directive.
+# Meaning this test requires that mod_authz_svn says yes and there is
+# either a valid user or the ALLOW header is 1. The header may seem
+# like a silly test but it's easier to excercise than say a host directive
+# in a repeatable test.
+@SkipUnless(svntest.main.is_httpd_authz_provider_enabled)
+def authn_sallrany(sbox):
+ "test satisfy all require any config"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/sallrany')
+
+ write_authz_file(sbox)
+
+ allow_header = { 'ALLOW': '1' }
+
+ sallrany_tests = (
+ #anon access isn't allowed without ALLOW header
+ { 'path': '', 'status': 401, },
+ { 'path': '/', 'status': 401, },
+ { 'path': '/repos', 'status': 401, },
+ { 'path': '/repos/', 'status': 401, },
+ { 'path': '/repos/A', 'status': 401, },
+ { 'path': '/repos/A/', 'status': 401, },
+ { 'path': '/repos/A/D', 'status': 401, },
+ { 'path': '/repos/A/D/', 'status': 401, },
+ { 'path': '/repos/A/D/gamma', 'status': 401, },
+ { 'path': '/repos/A/D/H', 'status': 401, },
+ { 'path': '/repos/A/D/H/', 'status': 401, },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass},
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass},
+ # anon is allowed with the ALLOW header
+ { 'path': '', 'status': 301, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'headers': allow_header },
+ # these 3 tests return 403 instead of 401 becasue the config allows
+ # the anon user with the ALLOW header without any auth and the old hook
+ # system has no way of knowing it should return 401 since authentication is
+ # configured and can change the behavior. It could decide to return 401 just on
+ # the basis of authentication being configured but then that leaks info in other
+ # cases so it's better for this case to be "broken".
+ { 'path': '/repos/A/D/H', 'status': 403, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 403, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'headers': allow_header },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+
+ )
+
+ verify_gets(test_area_url, sallrany_tests)
+
+# See comments on authn_sallrany test for some background on the interaction
+# of Satisfy Any and the newer Require blocks.
+@SkipUnless(svntest.main.is_httpd_authz_provider_enabled)
+def authn_sallrall(sbox):
+ "test satisfy all require all config"
+ sbox.build(read_only = True, create_wc = False)
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/local_tmp/repos',
+ '/authz-test-work/sallrall')
+
+ write_authz_file(sbox)
+
+ allow_header = { 'ALLOW': '1' }
+
+ sallrall_tests = (
+ #anon access isn't allowed without ALLOW header
+ { 'path': '', 'status': 403, },
+ { 'path': '/', 'status': 403, },
+ { 'path': '/repos', 'status': 403, },
+ { 'path': '/repos/', 'status': 403, },
+ { 'path': '/repos/A', 'status': 403, },
+ { 'path': '/repos/A/', 'status': 403, },
+ { 'path': '/repos/A/D', 'status': 403, },
+ { 'path': '/repos/A/D/', 'status': 403, },
+ { 'path': '/repos/A/D/gamma', 'status': 403, },
+ { 'path': '/repos/A/D/H', 'status': 403, },
+ { 'path': '/repos/A/D/H/', 'status': 403, },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, },
+ # auth is configured but no access is allowed without the ALLOW header
+ { 'path': '', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_pass},
+ # try with the wrong password for user1
+ { 'path': '', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user1, 'pw': user1_badpass},
+ # auth is configured but no access is allowed without the ALLOW header
+ { 'path': '', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass},
+ # try with the wrong password for user2
+ { 'path': '', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/gamma', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_badpass},
+ # anon is not allowed even with ALLOW header
+ { 'path': '', 'status': 401, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'headers': allow_header },
+ # auth is configured and user1 is allowed access repo including H
+ { 'path': '', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_H,
+ 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 301, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 200, 'body': ls_of_H, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 200, 'user': user1, 'pw': user1_pass, 'headers': allow_header },
+ # try with the wrong password for user1
+ { 'path': '', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user1, 'pw': user1_badpass, 'headers': allow_header },
+ # auth is configured and user2 is not allowed access to H
+ { 'path': '', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 301, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 200, 'body': ls_of_D_no_H,
+ 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 200, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 403, 'user': user2, 'pw': user2_pass, 'headers': allow_header },
+ # try with the wrong password for user2
+ { 'path': '', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/gamma', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+ { 'path': '/repos/A/D/H/chi', 'status': 401, 'user': user2, 'pw': user2_badpass, 'headers': allow_header },
+
+ )
+
+ verify_gets(test_area_url, sallrall_tests)
+
+
+########################################################################
+# Run the tests
+
+
+# list all tests here, starting with None:
+test_list = [ None,
+ anon,
+ mixed,
+ mixed_noauthwhenanon,
+ authn,
+ authn_anonoff,
+ authn_lcuser,
+ authn_group,
+ authn_sallrany,
+ authn_sallrall,
+ ]
+serial_only = True
+
+if __name__ == '__main__':
+ svntest.main.run_tests(test_list)
+ # NOTREACHED
+
+
+### End of file.
Propchange: subversion/branches/1.8.x/subversion/tests/cmdline/mod_authz_svn_tests.py
------------------------------------------------------------------------------
svn:eol-style = native
Modified: subversion/branches/1.8.x/subversion/tests/cmdline/svntest/main.py
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/tests/cmdline/svntest/main.py?rev=1692801&r1=1692800&r2=1692801&view=diff
==============================================================================
--- subversion/branches/1.8.x/subversion/tests/cmdline/svntest/main.py (original)
+++ subversion/branches/1.8.x/subversion/tests/cmdline/svntest/main.py Mon Jul 27 00:23:40 2015
@@ -1378,6 +1378,30 @@ def is_plaintext_password_storage_disabl
return False
return True
+
+# https://issues.apache.org/bugzilla/show_bug.cgi?id=56480
+# https://issues.apache.org/bugzilla/show_bug.cgi?id=55397
+__mod_dav_url_quoting_broken_versions = frozenset([
+ '2.2.27',
+ '2.2.26',
+ '2.2.25',
+ '2.4.9',
+ '2.4.8',
+ '2.4.7',
+ '2.4.6',
+ '2.4.5',
+])
+def is_mod_dav_url_quoting_broken():
+ if is_ra_type_dav():
+ return (options.httpd_version in __mod_dav_url_quoting_broken_versions)
+ return None
+
+def is_httpd_authz_provider_enabled():
+ if is_ra_type_dav():
+ v = options.httpd_version.split('.')
+ return (v[0] == '2' and int(v[1]) >= 3) or int(v[0]) > 2
+ return None
+
######################################################################
@@ -1435,6 +1459,8 @@ class TestSpawningThread(threading.Threa
args.append('--ssl-cert=' + options.ssl_cert)
if options.http_proxy:
args.append('--http-proxy=' + options.http_proxy)
+ if options.httpd_version:
+ args.append('--httpd-version=' + options.httpd_version)
result, stdout_lines, stderr_lines = spawn_process(command, 0, False, None,
*args)
@@ -1600,6 +1626,12 @@ class TestRunner:
sandbox.cleanup_test_paths()
return exit_code
+def is_httpd_authz_provider_enabled():
+ if is_ra_type_dav():
+ v = options.httpd_version.split('.')
+ return (v[0] == '2' and int(v[1]) >= 3) or int(v[0]) > 2
+ return None
+
######################################################################
# Main testing functions
@@ -1780,6 +1812,8 @@ def _create_parser():
help='Path to SSL server certificate.')
parser.add_option('--http-proxy', action='store',
help='Use the HTTP Proxy at hostname:port.')
+ parser.add_option('--httpd-version', action='store',
+ help='Assume HTTPD is this version.')
parser.add_option('--tools-bin', action='store', dest='tools_bin',
help='Use the svn tools installed in this path')
Modified: subversion/branches/1.8.x/subversion/tests/libsvn_repos/repos-test.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/tests/libsvn_repos/repos-test.c?rev=1692801&r1=1692800&r2=1692801&view=diff
==============================================================================
--- subversion/branches/1.8.x/subversion/tests/libsvn_repos/repos-test.c (original)
+++ subversion/branches/1.8.x/subversion/tests/libsvn_repos/repos-test.c Mon Jul 27 00:23:40 2015
@@ -3524,6 +3524,245 @@ test_load_r0_mergeinfo(const svn_test_op
return SVN_NO_ERROR;
}
+static svn_error_t *
+mkdir_delete_copy(svn_repos_t *repos,
+ const char *src,
+ const char *dst,
+ apr_pool_t *pool)
+{
+ svn_fs_t *fs = svn_repos_fs(repos);
+ svn_revnum_t youngest_rev;
+ svn_fs_txn_t *txn;
+ svn_fs_root_t *txn_root, *rev_root;
+
+ SVN_ERR(svn_fs_youngest_rev(&youngest_rev, fs, pool));
+
+ SVN_ERR(svn_fs_begin_txn(&txn, fs, youngest_rev, pool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, pool));
+ SVN_ERR(svn_fs_make_dir(txn_root, "A/T", pool));
+ SVN_ERR(svn_repos_fs_commit_txn(NULL, repos, &youngest_rev, txn, pool));
+
+ SVN_ERR(svn_fs_begin_txn(&txn, fs, youngest_rev, pool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, pool));
+ SVN_ERR(svn_fs_delete(txn_root, "A/T", pool));
+ SVN_ERR(svn_repos_fs_commit_txn(NULL, repos, &youngest_rev, txn, pool));
+
+ SVN_ERR(svn_fs_begin_txn(&txn, fs, youngest_rev, pool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, pool));
+ SVN_ERR(svn_fs_revision_root(&rev_root, fs, youngest_rev - 1, pool));
+ SVN_ERR(svn_fs_copy(rev_root, src, txn_root, dst, pool));
+ SVN_ERR(svn_repos_fs_commit_txn(NULL, repos, &youngest_rev, txn, pool));
+
+ return SVN_NO_ERROR;
+}
+
+struct authz_read_baton_t {
+ apr_hash_t *paths;
+ apr_pool_t *pool;
+ const char *deny;
+};
+
+static svn_error_t *
+authz_read_func(svn_boolean_t *allowed,
+ svn_fs_root_t *root,
+ const char *path,
+ void *baton,
+ apr_pool_t *pool)
+{
+ struct authz_read_baton_t *b = baton;
+
+ if (b->deny && !strcmp(b->deny, path))
+ *allowed = FALSE;
+ else
+ *allowed = TRUE;
+
+ svn_hash_sets(b->paths, apr_pstrdup(b->pool, path), (void*)1);
+
+ return SVN_NO_ERROR;
+}
+
+static svn_error_t *
+verify_locations(apr_hash_t *actual,
+ apr_hash_t *expected,
+ apr_hash_t *checked,
+ apr_pool_t *pool)
+{
+ apr_hash_index_t *hi;
+
+ for (hi = apr_hash_first(pool, expected); hi; hi = apr_hash_next(hi))
+ {
+ const svn_revnum_t *rev = svn__apr_hash_index_key(hi);
+ const char *path = apr_hash_get(actual, rev, sizeof(svn_revnum_t));
+
+ if (!path)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "expected %s for %d found (null)",
+ (char*)svn__apr_hash_index_val(hi),
+ (int)*rev);
+ else if (strcmp(path, svn__apr_hash_index_val(hi)))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "expected %s for %d found %s",
+ (char*)svn__apr_hash_index_val(hi),
+ (int)*rev, path);
+
+ }
+
+ for (hi = apr_hash_first(pool, actual); hi; hi = apr_hash_next(hi))
+ {
+ const svn_revnum_t *rev = svn__apr_hash_index_key(hi);
+ const char *path = apr_hash_get(expected, rev, sizeof(svn_revnum_t));
+
+ if (!path)
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "found %s for %d expected (null)",
+ (char*)svn__apr_hash_index_val(hi),
+ (int)*rev);
+ else if (strcmp(path, svn__apr_hash_index_val(hi)))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "found %s for %d expected %s",
+ (char*)svn__apr_hash_index_val(hi),
+ (int)*rev, path);
+
+ if (!svn_hash_gets(checked, path))
+ return svn_error_createf(SVN_ERR_TEST_FAILED, NULL,
+ "did not check %s", path);
+ }
+
+ return SVN_NO_ERROR;
+}
+
+static void
+set_expected(apr_hash_t *expected,
+ svn_revnum_t rev,
+ const char *path,
+ apr_pool_t *pool)
+{
+ svn_revnum_t *rp = apr_palloc(pool, sizeof(svn_revnum_t));
+ *rp = rev;
+ apr_hash_set(expected, rp, sizeof(svn_revnum_t), path);
+}
+
+static svn_error_t *
+trace_node_locations_authz(const svn_test_opts_t *opts,
+ apr_pool_t *pool)
+{
+ svn_repos_t *repos;
+ svn_fs_t *fs;
+ svn_revnum_t youngest_rev = 0;
+ svn_fs_txn_t *txn;
+ svn_fs_root_t *txn_root;
+ struct authz_read_baton_t arb;
+ apr_array_header_t *revs = apr_array_make(pool, 10, sizeof(svn_revnum_t));
+ apr_hash_t *locations;
+ apr_hash_t *expected = apr_hash_make(pool);
+ int i;
+
+ /* Create test repository. */
+ SVN_ERR(svn_test__create_repos(&repos, "test-repo-trace-node-locations-authz",
+ opts, pool));
+ fs = svn_repos_fs(repos);
+
+ /* r1 create A */
+ SVN_ERR(svn_fs_begin_txn(&txn, fs, youngest_rev, pool));
+ SVN_ERR(svn_fs_txn_root(&txn_root, txn, pool));
+ SVN_ERR(svn_fs_make_dir(txn_root, "A", pool));
+ SVN_ERR(svn_fs_make_file(txn_root, "A/f", pool));
+ SVN_ERR(svn_test__set_file_contents(txn_root, "A/f", "foobar", pool));
+ SVN_ERR(svn_repos_fs_commit_txn(NULL, repos, &youngest_rev, txn, pool));
+
+ /* r4 copy A to B */
+ SVN_ERR(mkdir_delete_copy(repos, "A", "B", pool));
+
+ /* r7 copy B to C */
+ SVN_ERR(mkdir_delete_copy(repos, "B", "C", pool));
+
+ /* r10 copy C to D */
+ SVN_ERR(mkdir_delete_copy(repos, "C", "D", pool));
+
+ SVN_ERR(svn_fs_youngest_rev(&youngest_rev, fs, pool));
+ SVN_ERR_ASSERT(youngest_rev == 10);
+
+ arb.paths = apr_hash_make(pool);
+ arb.pool = pool;
+ arb.deny = NULL;
+
+ apr_array_clear(revs);
+ for (i = 0; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ set_expected(expected, 10, "/D/f", pool);
+ set_expected(expected, 8, "/C/f", pool);
+ set_expected(expected, 7, "/C/f", pool);
+ set_expected(expected, 5, "/B/f", pool);
+ set_expected(expected, 4, "/B/f", pool);
+ set_expected(expected, 2, "/A/f", pool);
+ set_expected(expected, 1, "/A/f", pool);
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ apr_array_clear(revs);
+ for (i = 1; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ apr_array_clear(revs);
+ for (i = 2; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ set_expected(expected, 1, NULL, pool);
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ apr_array_clear(revs);
+ for (i = 3; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ set_expected(expected, 2, NULL, pool);
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ apr_array_clear(revs);
+ for (i = 6; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ set_expected(expected, 5, NULL, pool);
+ set_expected(expected, 4, NULL, pool);
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ arb.deny = "/B/f";
+ apr_array_clear(revs);
+ for (i = 0; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ apr_array_clear(revs);
+ for (i = 6; i <= youngest_rev; ++i)
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = i;
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ APR_ARRAY_PUSH(revs, svn_revnum_t) = 0;
+ apr_hash_clear(arb.paths);
+ SVN_ERR(svn_repos_trace_node_locations(fs, &locations, "D/f", 10, revs,
+ authz_read_func, &arb, pool));
+ SVN_ERR(verify_locations(locations, expected, arb.paths, pool));
+
+ return SVN_NO_ERROR;
+}
+
/* The test table. */
struct svn_test_descriptor_t test_funcs[] =
@@ -3573,5 +3812,7 @@ struct svn_test_descriptor_t test_funcs[
"test dumping with r0 mergeinfo"),
SVN_TEST_OPTS_PASS(test_load_r0_mergeinfo,
"test loading with r0 mergeinfo"),
+ SVN_TEST_OPTS_PASS(trace_node_locations_authz,
+ "authz for svn_repos_trace_node_locations"),
SVN_TEST_NULL
};