#
# add_file "tests/t_netsync_read_permissions.at"
#
# patch "ChangeLog"
# from [eae32b0ac132ce4c767df1c4697a43ff2898764a]
# to [ea0771fdc5b6c4c00a82ab99650c159f69d5a5f6]
#
# patch "netsync.cc"
# from [cebe0aa43271d815df89c6012d070881c4f589a6]
# to [b0e674d2488fab67c11d3b1ddff075f2a950072f]
#
# patch "tests/t_netsync_read_permissions.at"
# from []
# to [b25f34bb748f72ffa5cdfe08f91d982c2b87eaff]
#
# patch "testsuite.at"
# from [a25816f59fe97b9948421613a85948bc25282fd2]
# to [9c11ce705172a7591aa56833f300c8ee1464651e]
#
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,11 @@
+2005-07-10 Nathaniel Smith
+
+ * tests/t_netsync_read_permissions.at: New test.
+ * testsuite.at: Run it.
+ * netsync.cc (set_session_key, dispatch_payload)
+ (respond_to_auth_cmd): Refactor to key HMAC earlier, so error
+ packets will get the right HMAC.
+
2005-07-09 Nathaniel Smith
* schema.sql (revision_ancestry__child, revision_certs__id,
--- netsync.cc
+++ netsync.cc
@@ -304,6 +304,7 @@
void mark_recent_io();
void set_session_key(string const & key);
+ void set_session_key(rsa_oaep_sha_data const & key_encrypted);
void setup_client_tickers();
@@ -392,7 +393,6 @@
id const & client,
id const & nonce1,
string const & signature);
- void respond_to_auth_cmd(rsa_oaep_sha_data hmac_key_encrypted);
bool process_confirm_cmd(string const & signature);
void respond_to_confirm_cmd();
bool process_refine_cmd(merkle_node const & node);
@@ -618,6 +618,16 @@
}
void
+session::set_session_key(rsa_oaep_sha_data const & hmac_key_encrypted)
+{
+ base64< arc4 > our_priv;
+ load_priv_key(app, app.signing_key, our_priv);
+ string hmac_key;
+ decrypt_rsa(app.lua, app.signing_key, our_priv, hmac_key_encrypted, hmac_key);
+ set_session_key(hmac_key);
+}
+
+void
session::setup_client_tickers()
{
byte_in_ticker.reset(new ticker("bytes in", ">", 1024, true));
@@ -2009,18 +2019,6 @@
return false;
}
-void
-session::respond_to_auth_cmd(rsa_oaep_sha_data hmac_key_encrypted)
-{
- L(F("Writing HMAC confirm command"));
- base64< arc4 > our_priv;
- load_priv_key(app, app.signing_key, our_priv);
- string hmac_key;
- decrypt_rsa(app.lua, app.signing_key, our_priv, hmac_key_encrypted, hmac_key);
- set_session_key(hmac_key);
- queue_confirm_cmd();
-}
-
bool
session::process_confirm_cmd(string const & signature)
{
@@ -2992,9 +2990,10 @@
% (role == source_and_sink_role ? "source and sink" :
(role == source_role ? "source " : "sink")));
+ set_session_key(hmac_key_encrypted);
if (!process_anonymous_cmd(role, their_include_pattern, their_exclude_pattern))
return false;
- respond_to_auth_cmd(hmac_key_encrypted);
+ queue_confirm_cmd();
return true;
}
break;
@@ -3023,10 +3022,11 @@
(role == source_role ? "source " : "sink"))
% hnonce1);
+ set_session_key(hmac_key_encrypted);
if (!process_auth_cmd(role, their_include_pattern, their_exclude_pattern,
client, nonce1, signature))
return false;
- respond_to_auth_cmd(hmac_key_encrypted);
+ queue_confirm_cmd();
return true;
}
break;
--- tests/t_netsync_read_permissions.at
+++ tests/t_netsync_read_permissions.at
@@ -0,0 +1,55 @@
+AT_SETUP([get_netsync_read_permitted])
+MONOTONE_SETUP
+NETSYNC_SETUP
+
+ADD_FILE(testfile, [1
+])
+COMMIT(branch1)
+B1=`BASE_REVISION`
+
+SET_FILE(testfile, [2
+])
+COMMIT(branch2)
+B2=`BASE_REVISION`
+
+ADD_FILE(testfile, [3
+])
+COMMIT(branch3)
+B3=`BASE_REVISION`
+
+SET_FILE(testfile, [4
+])
+COMMIT(branch4)
+B4=`BASE_REVISION`
+
+# Allow permission to branch1 and branch3 only
+# pulling more than that should error out
+# pulling exactly that should give revs B1, B2, B3; and only give
+# branch certs on B1, B3.
+
+AT_DATA(limited_permission.at, [function get_netsync_read_permitted(branch, key)
+ if branch == "branch1" then return true end
+ if branch == "branch3" then return true end
+ return false
+end
+])
+
+NETSYNC_SERVE_START(--rcfile=limited_permission.at '*')
+
+NETSYNC_CLIENT_RUN(pull, 'branch*')
+AT_CHECK(MONOTONE2 cat revision $B1, [1], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B2, [1], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B3, [1], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B4, [1], [ignore], [ignore])
+
+NETSYNC_CLIENT_RUN(pull, branch1 branch3)
+AT_CHECK(MONOTONE2 cat revision $B1, [], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B2, [], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B3, [], [ignore], [ignore])
+AT_CHECK(MONOTONE2 cat revision $B4, [1], [ignore], [ignore])
+
+AT_CHECK(MONOTONE2 ls certs $B2 | grep -q branch2, [1])
+
+NETSYNC_SERVE_STOP
+
+AT_CLEANUP
--- testsuite.at
+++ testsuite.at
@@ -666,3 +666,4 @@
m4_include(tests/t_db_kill_branch_locally.at)
m4_include(tests/t_netsync_globs.at)
m4_include(tests/t_set_default.at)
+m4_include(tests/t_netsync_read_permissions.at)