From 67149c17f515c27b8d3604c1300adf7ada23436d Mon Sep 17 00:00:00 2001
From: cvs2svn <cvs2svn@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109>
Date: Sun, 2 Nov 2003 08:13:51 +0000
Subject: This commit was manufactured by cvs2svn to create tag 'r0-12-6'.

git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/tags/r0-12-6@490 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
---
 rdiff-backup/testing/securitytest.py | 128 ++++++++++++++++++++++++++++++++++-
 1 file changed, 125 insertions(+), 3 deletions(-)

diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py
index 863d36a..1c7bade 100644
--- a/rdiff-backup/testing/securitytest.py
+++ b/rdiff-backup/testing/securitytest.py
@@ -1,6 +1,6 @@
-import os, unittest
+import os, unittest, time
 from commontest import *
-import rdiff_backup.Security
+import rdiff_backup.Security as Security
 
 #Log.setverbosity(5)
 
@@ -12,7 +12,7 @@ class SecurityTest(unittest.TestCase):
 		problem.
 
 		"""
-		assert isinstance(exc, rdiff_backup.Security.Violation)
+		assert isinstance(exc, Security.Violation)
 		#assert str(exc).find("Security") >= 0, "%s\n%s" % (exc, repr(exc))
 
 	def test_vet_request_ro(self):
@@ -56,5 +56,127 @@ class SecurityTest(unittest.TestCase):
 
 		SetConnections.CloseConnections()
 
+	def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args,
+							extra_args = "", success = 1, current_time = None):
+		"""Run rdiff-backup locally, with given restrict settings"""
+		if not current_time: current_time = int(time.time())
+		prefix = ('rdiff-backup --current-time %s ' % (current_time,) +
+				  '--remote-schema %s ')
+
+		if in_local: out_dir = ("'rdiff-backup %s --server'::%s" %
+								(restrict_args, out_dir))
+		else: in_dir = ("'rdiff-backup %s --server'::%s" %
+						(restrict_args, in_dir))
+
+		cmdline = "%s %s %s %s" % (prefix, extra_args, in_dir, out_dir)
+		print "Executing:", cmdline
+		exit_val = os.system(cmdline)
+		if success: assert not exit_val
+		else: assert exit_val, "Success when wanted failure"
+
+	def test_restrict_positive(self):
+		"""Test that --restrict switch doesn't get in the way
+
+		This makes sure that basic backups with the restrict operator
+		work, (initial backup, incremental, restore).
+
+		"""
+		Myrm("testfiles/output")
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 1,
+								 '--restrict testfiles/output',
+								 current_time = 10000)
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 1,
+								 '--restrict testfiles/output')
+
+		Myrm("testfiles/restore_out")
+		self.secure_rdiff_backup('testfiles/output',
+								 'testfiles/restore_out', 1,
+								 '--restrict testfiles/restore_out',
+								 extra_args = '-r now')
+
+	def test_restrict_negative(self):
+		"""Test that --restrict switch denies certain operations"""
+		# Backup to wrong directory
+		Myrm("testfiles/output testfiles/output2")
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output2', 1,
+								 '--restrict testfiles/output',
+								 success = 0)
+
+		# Restore to wrong directory
+		Myrm("testfiles/output testfiles/restore_out")
+		rdiff_backup(1, 1, 'testfiles/various_file_types',
+					 'testfiles/output')
+		self.secure_rdiff_backup('testfiles/output',
+								 'testfiles/restore_out', 1,
+								 '--restrict testfiles/output2',
+								 extra_args = '-r now',
+								 success = 0)
+
+		# Backup from wrong directory
+		Myrm("testfiles/output")
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 0,
+								 '--restrict testfiles/foobar',
+								 success = 0)
+
+	def test_restrict_readonly_positive(self):
+		"""Test that --restrict-read-only switch doesn't impair normal ops"""
+		Myrm("testfiles/output testfiles/restore_out")
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 0,
+						   '--restrict-read-only testfiles/various_file_types')
+								 
+		self.secure_rdiff_backup('testfiles/output',
+								 'testfiles/restore_out', 0,
+								 '--restrict-read-only testfiles/output',
+								 extra_args = '-r now')
+
+	def test_restrict_readonly_negative(self):
+		"""Test that --restrict-read-only doesn't allow too much"""
+		# Backup to restricted directory
+		Myrm('testfiles/output')
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 1,
+								 '--restrict-read-only testfiles/output',
+								 success = 0)
+
+		# Restore to restricted directory
+		Myrm('testfiles/output testfiles/restore_out')
+		rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output')
+		self.secure_rdiff_backup('testfiles/output',
+								 'testfiles/restore_out', 1,
+								 '--restrict-read-only testfiles/restore_out',
+								 extra_args = '-r now',
+								 success = 0)
+
+	def test_restrict_updateonly_positive(self):
+		"""Test that --restrict-update-only allows intended use"""
+		Myrm('testfiles/output')
+		rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output',
+					 current_time = 10000)
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 1,
+								 '--restrict-update-only testfiles/output')
+
+	def test_restrict_updateonly_negative(self):
+		"""Test that --restrict-update-only impairs unintended"""
+		Myrm('testfiles/output')
+		self.secure_rdiff_backup('testfiles/various_file_types',
+								 'testfiles/output', 1,
+								 '--restrict-update-only testfiles/output',
+								 success = 0)
+
+		Myrm('testfiles/output testfiles/restore_out')
+		rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output')
+		self.secure_rdiff_backup('testfiles/output',
+								 'testfiles/restore_out', 1,
+							   '--restrict-update-only testfiles/restore_out',
+								 extra_args = '-r now',
+								 success = 0)
+
+
 if __name__ == "__main__": unittest.main()
 		
-- 
cgit v1.2.1