commit - b40156b396aae8abd087e32813a37ab1f8555b99
commit + 5667a3a5135f6c4afdbb2d5db39e786906f7e4b4
blob - 10ccfa7d4f15646fb9c20b0a78fa400ec58cddf2
blob + cd20ee9bf8631fcd757767edf78df5f410e56161
--- regress/gotd/Makefile
+++ regress/gotd/Makefile
REGRESS_TARGETS=test_repo_read test_repo_read_group \
- test_repo_read_denied_user \
+ test_repo_read_denied_user test_repo_read_denied_group \
test_repo_read_bad_user test_repo_read_bad_group \
test_repo_write test_repo_write_empty
NOOBJ=Yes
@$(GOTD_TRAP); $(GOTD_START_CMD)
@$(GOTD_TRAP); sleep .5
+# try a permit rule followed by a deny rule; last matched rule wins
+start_gotd_ro_denied_group: ensure_root
+ @echo 'unix_socket "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
+ @echo "unix_group $(GOTD_GROUP)" >> $(PWD)/gotd.conf
+ @echo "user $(GOTD_USER)" >> $(PWD)/gotd.conf
+ @echo 'repository "test-repo" {' >> $(PWD)/gotd.conf
+ @echo ' path "$(GOTD_TEST_REPO)"' >> $(PWD)/gotd.conf
+ @echo ' permit ro $(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
+ @echo ' deny :$(GOTD_DEVUSER)' >> $(PWD)/gotd.conf
+ @echo "}" >> $(PWD)/gotd.conf
+ @$(GOTD_TRAP); $(GOTD_START_CMD)
+ @$(GOTD_TRAP); sleep .5
+
# $GOTD_DEVUSER should not equal $GOTD_USER
start_gotd_ro_bad_user: ensure_root
@echo 'unix_socket "$(GOTD_SOCK)"' > $(PWD)/gotd.conf
@$(GOTD_STOP_CMD) 2>/dev/null
@su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
+test_repo_read_denied_group: prepare_test_repo start_gotd_ro_denied_group
+ @-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
+ 'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
+ @$(GOTD_STOP_CMD) 2>/dev/null
+ @su -m ${GOTD_USER} -c 'env $(GOTD_TEST_ENV) sh ./check_test_repo.sh'
+
test_repo_read_bad_user: prepare_test_repo start_gotd_ro_bad_user
@-$(GOTD_TRAP); su ${GOTD_TEST_USER} -c \
'env $(GOTD_TEST_ENV) sh ./repo_read_access_denied.sh'
