# 
# add_file "tests/t_netsync_read_permissions.at"
# 
# patch "ChangeLog"
#  from [eae32b0ac132ce4c767df1c4697a43ff2898764a]
#    to [ea0771fdc5b6c4c00a82ab99650c159f69d5a5f6]
# 
# patch "netsync.cc"
#  from [cebe0aa43271d815df89c6012d070881c4f589a6]
#    to [b0e674d2488fab67c11d3b1ddff075f2a950072f]
# 
# patch "tests/t_netsync_read_permissions.at"
#  from []
#    to [b25f34bb748f72ffa5cdfe08f91d982c2b87eaff]
# 
# patch "testsuite.at"
#  from [a25816f59fe97b9948421613a85948bc25282fd2]
#    to [9c11ce705172a7591aa56833f300c8ee1464651e]
# 
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,11 @@
+2005-07-10  Nathaniel Smith  <address@hidden>
+
+	* tests/t_netsync_read_permissions.at: New test.
+	* testsuite.at: Run it.
+	* netsync.cc (set_session_key, dispatch_payload)
+	(respond_to_auth_cmd): Refactor to key HMAC earlier, so error
+	packets will get the right HMAC.
+
 2005-07-09  Nathaniel Smith  <address@hidden>
 
 	* schema.sql (revision_ancestry__child, revision_certs__id,
--- netsync.cc
+++ netsync.cc
@@ -304,6 +304,7 @@
   void mark_recent_io();
 
   void set_session_key(string const & key);
+  void set_session_key(rsa_oaep_sha_data const & key_encrypted);
 
   void setup_client_tickers();
 
@@ -392,7 +393,6 @@
                         id const & client, 
                         id const & nonce1, 
                         string const & signature);
-  void respond_to_auth_cmd(rsa_oaep_sha_data hmac_key_encrypted);
   bool process_confirm_cmd(string const & signature);
   void respond_to_confirm_cmd();
   bool process_refine_cmd(merkle_node const & node);
@@ -618,6 +618,16 @@
 }
 
 void
+session::set_session_key(rsa_oaep_sha_data const & hmac_key_encrypted)
+{
+  base64< arc4<rsa_priv_key> > our_priv;
+  load_priv_key(app, app.signing_key, our_priv);
+  string hmac_key;
+  decrypt_rsa(app.lua, app.signing_key, our_priv, hmac_key_encrypted, hmac_key);
+  set_session_key(hmac_key);
+}
+
+void
 session::setup_client_tickers()
 {
   byte_in_ticker.reset(new ticker("bytes in", ">", 1024, true));
@@ -2009,18 +2019,6 @@
   return false;
 }
 
-void 
-session::respond_to_auth_cmd(rsa_oaep_sha_data hmac_key_encrypted)
-{
-  L(F("Writing HMAC confirm command"));
-  base64< arc4<rsa_priv_key> > our_priv;
-  load_priv_key(app, app.signing_key, our_priv);
-  string hmac_key;
-  decrypt_rsa(app.lua, app.signing_key, our_priv, hmac_key_encrypted, hmac_key);
-  set_session_key(hmac_key);
-  queue_confirm_cmd();
-}
-
 bool 
 session::process_confirm_cmd(string const & signature)
 {
@@ -2992,9 +2990,10 @@
           % (role == source_and_sink_role ? "source and sink" :
              (role == source_role ? "source " : "sink")));
 
+        set_session_key(hmac_key_encrypted);
         if (!process_anonymous_cmd(role, their_include_pattern, their_exclude_pattern))
             return false;
-        respond_to_auth_cmd(hmac_key_encrypted);
+        queue_confirm_cmd();
         return true;
       }
       break;
@@ -3023,10 +3022,11 @@
              (role == source_role ? "source " : "sink"))
           % hnonce1);
 
+        set_session_key(hmac_key_encrypted);
         if (!process_auth_cmd(role, their_include_pattern, their_exclude_pattern,
                               client, nonce1, signature))
             return false;
-        respond_to_auth_cmd(hmac_key_encrypted);
+        queue_confirm_cmd();
         return true;
       }
       break;
--- tests/t_netsync_read_permissions.at
+++ tests/t_netsync_read_permissions.at
@@ -0,0 +1,55 @@
+AT_SETUP([get_netsync_read_permitted])
+MONOTONE_SETUP
+NETSYNC_SETUP
+
+ADD_FILE(testfile, [1
+])
+COMMIT(branch1)
+B1=`BASE_REVISION`
+
+SET_FILE(testfile, [2
+])
+COMMIT(branch2)
+B2=`BASE_REVISION`
+
+ADD_FILE(testfile, [3
+])
+COMMIT(branch3)
+B3=`BASE_REVISION`
+
+SET_FILE(testfile, [4
+])
+COMMIT(branch4)
+B4=`BASE_REVISION`
+
+# Allow permission to branch1 and branch3 only
+# pulling more than that should error out
+# pulling exactly that should give revs B1, B2, B3; and only give
+# branch certs on B1, B3.
+
+AT_DATA(limited_permission.at, [function get_netsync_read_permitted(branch, key)
+  if branch == "branch1" then return true end
+  if branch == "branch3" then return true end
+  return false
+end
+])
+
+NETSYNC_SERVE_START(--rcfile=limited_permission.at '*')
+
+NETSYNC_CLIENT_RUN(pull, 'branch*')
+AT_CHECK(MONOTONE2 cat revision $B1, [1], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B2, [1], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B3, [1], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B4, [1], [ignore], [ignore])
+
+NETSYNC_CLIENT_RUN(pull, branch1 branch3)
+AT_CHECK(MONOTONE2 cat revision $B1, [], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B2, [], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B3, [], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B4, [1], [ignore], [ignore])
+
+AT_CHECK(MONOTONE2 ls certs $B2 | grep -q branch2, [1])
+
+NETSYNC_SERVE_STOP
+
+AT_CLEANUP
--- testsuite.at
+++ testsuite.at
@@ -666,3 +666,4 @@
 m4_include(tests/t_db_kill_branch_locally.at)
 m4_include(tests/t_netsync_globs.at)
 m4_include(tests/t_set_default.at)
+m4_include(tests/t_netsync_read_permissions.at)