From 28abecb2d4ebdc715aa08c882e078d12155fc876 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Sun, 28 Sep 2003 18:21:27 +0000 Subject: This commit was manufactured by cvs2svn to create tag 'r0-12-5'. git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/tags/r0-12-5@462 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109 --- rdiff-backup/rdiff_backup/regress.py | 22 +++--- rdiff-backup/testing/securitytest.py | 128 ++++++++++++++++++++++++++++++++++- 2 files changed, 138 insertions(+), 12 deletions(-) diff --git a/rdiff-backup/rdiff_backup/regress.py b/rdiff-backup/rdiff_backup/regress.py index bcd1cd0..b619fea 100644 --- a/rdiff-backup/rdiff_backup/regress.py +++ b/rdiff-backup/rdiff_backup/regress.py @@ -114,23 +114,27 @@ def remove_rbdir_increments(): def iterate_raw_rfs(mirror_rp, inc_rp): """Iterate all RegressFile objects in mirror/inc directory - Also changes permissions of unreadable files. We don't have to - change them back later because regress will do that for us. + Also changes permissions of unreadable files to allow access and + then changes them back later. """ root_rf = RegressFile(mirror_rp, inc_rp, restore.get_inclist(inc_rp)) def helper(rf): mirror_rp = rf.mirror_rp - if Globals.process_uid != 0: - if mirror_rp.isreg() and not mirror_rp.readable(): - mirror_rp.chmod(0400 | mirror_rp.getperms()) - elif mirror_rp.isdir() and not mirror_rp.hasfullperms(): - mirror_rp.chmod(0700 | mirror_rp.getperms()) + if (Globals.process_uid != 0 and + ((mirror_rp.isreg() and not mirror_rp.readable()) or + (mirror_rp.isdir() and not mirror_rp.hasfullperms()))): + unreadable, old_perms = 1, mirror_rp.getperms() + if mirror_rp.isreg(): mirror_rp.chmod(0400 | old_perms) + else: mirror_rp.chmod(0700 | old_perms) + else: unreadable = 0 yield rf + if unreadable and mirror_rp.isreg(): mirror_rp.chmod(old_perms) if rf.mirror_rp.isdir() or rf.inc_rp.isdir(): for sub_rf in rf.yield_sub_rfs(): for sub_sub_rf in helper(sub_rf): yield sub_sub_rf + if unreadable and mirror_rp.isdir(): mirror_rp.chmod(old_perms) return helper(root_rf) def yield_metadata(): @@ -245,14 +249,14 @@ class RegressITRB(rorpiter.ITRBranch): if rf.mirror_rp.isreg(): tf = TempFile.new(rf.mirror_rp) tf.write_from_fileobj(rf.get_restore_fp()) - tf.fsync_with_dir() # make sure tf fully written before move rpath.copy_attribs(rf.metadata_rorp, tf) + tf.fsync_with_dir() # make sure tf fully written before move rpath.rename(tf, rf.mirror_rp) # move is atomic else: if rf.mirror_rp.lstat(): rf.mirror_rp.delete() rf.mirror_rp.write_from_fileobj(rf.get_restore_fp()) rpath.copy_attribs(rf.metadata_rorp, rf.mirror_rp) - rf.mirror_rp.get_parent_rp().fsync() # require move before inc delete + rf.mirror_rp.fsync_with_dir() # require move before inc delete def start_process(self, index, rf): """Start processing directory""" diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py index 863d36a..1c7bade 100644 --- a/rdiff-backup/testing/securitytest.py +++ b/rdiff-backup/testing/securitytest.py @@ -1,6 +1,6 @@ -import os, unittest +import os, unittest, time from commontest import * -import rdiff_backup.Security +import rdiff_backup.Security as Security #Log.setverbosity(5) @@ -12,7 +12,7 @@ class SecurityTest(unittest.TestCase): problem. """ - assert isinstance(exc, rdiff_backup.Security.Violation) + assert isinstance(exc, Security.Violation) #assert str(exc).find("Security") >= 0, "%s\n%s" % (exc, repr(exc)) def test_vet_request_ro(self): @@ -56,5 +56,127 @@ class SecurityTest(unittest.TestCase): SetConnections.CloseConnections() + def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args, + extra_args = "", success = 1, current_time = None): + """Run rdiff-backup locally, with given restrict settings""" + if not current_time: current_time = int(time.time()) + prefix = ('rdiff-backup --current-time %s ' % (current_time,) + + '--remote-schema %s ') + + if in_local: out_dir = ("'rdiff-backup %s --server'::%s" % + (restrict_args, out_dir)) + else: in_dir = ("'rdiff-backup %s --server'::%s" % + (restrict_args, in_dir)) + + cmdline = "%s %s %s %s" % (prefix, extra_args, in_dir, out_dir) + print "Executing:", cmdline + exit_val = os.system(cmdline) + if success: assert not exit_val + else: assert exit_val, "Success when wanted failure" + + def test_restrict_positive(self): + """Test that --restrict switch doesn't get in the way + + This makes sure that basic backups with the restrict operator + work, (initial backup, incremental, restore). + + """ + Myrm("testfiles/output") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict testfiles/output', + current_time = 10000) + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict testfiles/output') + + Myrm("testfiles/restore_out") + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict testfiles/restore_out', + extra_args = '-r now') + + def test_restrict_negative(self): + """Test that --restrict switch denies certain operations""" + # Backup to wrong directory + Myrm("testfiles/output testfiles/output2") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output2', 1, + '--restrict testfiles/output', + success = 0) + + # Restore to wrong directory + Myrm("testfiles/output testfiles/restore_out") + rdiff_backup(1, 1, 'testfiles/various_file_types', + 'testfiles/output') + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict testfiles/output2', + extra_args = '-r now', + success = 0) + + # Backup from wrong directory + Myrm("testfiles/output") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 0, + '--restrict testfiles/foobar', + success = 0) + + def test_restrict_readonly_positive(self): + """Test that --restrict-read-only switch doesn't impair normal ops""" + Myrm("testfiles/output testfiles/restore_out") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 0, + '--restrict-read-only testfiles/various_file_types') + + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 0, + '--restrict-read-only testfiles/output', + extra_args = '-r now') + + def test_restrict_readonly_negative(self): + """Test that --restrict-read-only doesn't allow too much""" + # Backup to restricted directory + Myrm('testfiles/output') + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict-read-only testfiles/output', + success = 0) + + # Restore to restricted directory + Myrm('testfiles/output testfiles/restore_out') + rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output') + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict-read-only testfiles/restore_out', + extra_args = '-r now', + success = 0) + + def test_restrict_updateonly_positive(self): + """Test that --restrict-update-only allows intended use""" + Myrm('testfiles/output') + rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output', + current_time = 10000) + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict-update-only testfiles/output') + + def test_restrict_updateonly_negative(self): + """Test that --restrict-update-only impairs unintended""" + Myrm('testfiles/output') + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict-update-only testfiles/output', + success = 0) + + Myrm('testfiles/output testfiles/restore_out') + rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output') + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict-update-only testfiles/restore_out', + extra_args = '-r now', + success = 0) + + if __name__ == "__main__": unittest.main() -- cgit v1.2.1