summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109>2004-01-31 21:34:17 +0000
committerbescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109>2004-01-31 21:34:17 +0000
commit1559cf861919eaf534989dd612165c999aeb016a (patch)
tree42b34d508c59bcc090d8d37decae603efe7d6389
parent643967ad481bea69ff47d289f656286bf5f2e3b3 (diff)
downloadrdiff-backup-1559cf861919eaf534989dd612165c999aeb016a.tar.gz
Now arg to --restrict options normalized
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/branches/r0-12@517 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
-rw-r--r--rdiff-backup/CHANGELOG3
-rw-r--r--rdiff-backup/rdiff_backup/Main.py10
-rw-r--r--rdiff-backup/testing/securitytest.py129
3 files changed, 136 insertions, 6 deletions
diff --git a/rdiff-backup/CHANGELOG b/rdiff-backup/CHANGELOG
index 34cfb9c..c0664c9 100644
--- a/rdiff-backup/CHANGELOG
+++ b/rdiff-backup/CHANGELOG
@@ -6,6 +6,9 @@ deleted from the target dir. The old behavior was technically
intended and documented but not very convenient. Thanks to Oliver
Kaltenecker for bug report.
+Fixed error when --restrict path given with trailing backslash. Bug
+report by Åke Brännström.
+
New in v0.12.6 (2003/11/02)
---------------------------
diff --git a/rdiff-backup/rdiff_backup/Main.py b/rdiff-backup/rdiff_backup/Main.py
index ad0440c..15258e1 100644
--- a/rdiff-backup/rdiff_backup/Main.py
+++ b/rdiff-backup/rdiff_backup/Main.py
@@ -42,6 +42,10 @@ def parse_cmdlineoptions(arglist):
try: return open(filename, "r")
except IOError: Log.FatalError("Error opening file %s" % filename)
+ def normalize_path(path):
+ """Used below to normalize the security paths before setting"""
+ return rpath.RPath(Globals.local_connection, path).normalize().path
+
try: optlist, args = getopt.getopt(arglist, "blr:sv:V",
["backup-mode", "calculate-average", "chars-to-quote=",
"check-destination-dir", "current-time=", "exclude=",
@@ -128,13 +132,13 @@ def parse_cmdlineoptions(arglist):
elif opt == "--remove-older-than":
remove_older_than_string = arg
action = "remove-older-than"
- elif opt == "--restrict": Globals.restrict_path = arg
+ elif opt == "--restrict": Globals.restrict_path = normalize_path(arg)
elif opt == "--restrict-read-only":
Globals.security_level = "read-only"
- Globals.restrict_path = arg
+ Globals.restrict_path = normalize_path(arg)
elif opt == "--restrict-update-only":
Globals.security_level = "update-only"
- Globals.restrict_path = arg
+ Globals.restrict_path = normalize_path(arg)
elif opt == "-s" or opt == "--server":
action = "server"
Globals.server = 1
diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py
index 863d36a..e47afa0 100644
--- a/rdiff-backup/testing/securitytest.py
+++ b/rdiff-backup/testing/securitytest.py
@@ -1,6 +1,6 @@
-import os, unittest
+import os, unittest, time
from commontest import *
-import rdiff_backup.Security
+import rdiff_backup.Security as Security
#Log.setverbosity(5)
@@ -12,7 +12,7 @@ class SecurityTest(unittest.TestCase):
problem.
"""
- assert isinstance(exc, rdiff_backup.Security.Violation)
+ assert isinstance(exc, Security.Violation)
#assert str(exc).find("Security") >= 0, "%s\n%s" % (exc, repr(exc))
def test_vet_request_ro(self):
@@ -56,5 +56,128 @@ class SecurityTest(unittest.TestCase):
SetConnections.CloseConnections()
+ def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args,
+ extra_args = "", success = 1, current_time = None):
+ """Run rdiff-backup locally, with given restrict settings"""
+ if not current_time: current_time = int(time.time())
+ prefix = ('rdiff-backup --current-time %s ' % (current_time,) +
+ '--remote-schema %s ')
+
+ if in_local: out_dir = ("'rdiff-backup %s --server'::%s" %
+ (restrict_args, out_dir))
+ else: in_dir = ("'rdiff-backup %s --server'::%s" %
+ (restrict_args, in_dir))
+
+ cmdline = "%s %s %s %s" % (prefix, extra_args, in_dir, out_dir)
+ print "Executing:", cmdline
+ exit_val = os.system(cmdline)
+ if success: assert not exit_val
+ else: assert exit_val, "Success when wanted failure"
+
+ def test_restrict_positive(self):
+ """Test that --restrict switch doesn't get in the way
+
+ This makes sure that basic backups with the restrict operator
+ work, (initial backup, incremental, restore).
+
+ """
+ Myrm("testfiles/output")
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 1,
+ '--restrict testfiles/output',
+ current_time = 10000)
+ # Note the backslash below -- test for bug in path normalization
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 1,
+ '--restrict testfiles/output/')
+
+ Myrm("testfiles/restore_out")
+ self.secure_rdiff_backup('testfiles/output',
+ 'testfiles/restore_out', 1,
+ '--restrict testfiles/restore_out',
+ extra_args = '-r now')
+
+ def test_restrict_negative(self):
+ """Test that --restrict switch denies certain operations"""
+ # Backup to wrong directory
+ Myrm("testfiles/output testfiles/output2")
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output2', 1,
+ '--restrict testfiles/output',
+ success = 0)
+
+ # Restore to wrong directory
+ Myrm("testfiles/output testfiles/restore_out")
+ rdiff_backup(1, 1, 'testfiles/various_file_types',
+ 'testfiles/output')
+ self.secure_rdiff_backup('testfiles/output',
+ 'testfiles/restore_out', 1,
+ '--restrict testfiles/output2',
+ extra_args = '-r now',
+ success = 0)
+
+ # Backup from wrong directory
+ Myrm("testfiles/output")
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 0,
+ '--restrict testfiles/foobar',
+ success = 0)
+
+ def test_restrict_readonly_positive(self):
+ """Test that --restrict-read-only switch doesn't impair normal ops"""
+ Myrm("testfiles/output testfiles/restore_out")
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 0,
+ '--restrict-read-only testfiles/various_file_types')
+
+ self.secure_rdiff_backup('testfiles/output',
+ 'testfiles/restore_out', 0,
+ '--restrict-read-only testfiles/output',
+ extra_args = '-r now')
+
+ def test_restrict_readonly_negative(self):
+ """Test that --restrict-read-only doesn't allow too much"""
+ # Backup to restricted directory
+ Myrm('testfiles/output')
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 1,
+ '--restrict-read-only testfiles/output',
+ success = 0)
+
+ # Restore to restricted directory
+ Myrm('testfiles/output testfiles/restore_out')
+ rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output')
+ self.secure_rdiff_backup('testfiles/output',
+ 'testfiles/restore_out', 1,
+ '--restrict-read-only testfiles/restore_out',
+ extra_args = '-r now',
+ success = 0)
+
+ def test_restrict_updateonly_positive(self):
+ """Test that --restrict-update-only allows intended use"""
+ Myrm('testfiles/output')
+ rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output',
+ current_time = 10000)
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 1,
+ '--restrict-update-only testfiles/output')
+
+ def test_restrict_updateonly_negative(self):
+ """Test that --restrict-update-only impairs unintended"""
+ Myrm('testfiles/output')
+ self.secure_rdiff_backup('testfiles/various_file_types',
+ 'testfiles/output', 1,
+ '--restrict-update-only testfiles/output',
+ success = 0)
+
+ Myrm('testfiles/output testfiles/restore_out')
+ rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output')
+ self.secure_rdiff_backup('testfiles/output',
+ 'testfiles/restore_out', 1,
+ '--restrict-update-only testfiles/restore_out',
+ extra_args = '-r now',
+ success = 0)
+
+
if __name__ == "__main__": unittest.main()