| blob | da4fc0bb636fbe2bb13864034c8711598aafdd9b |
1 #!/usr/bin/perl
3 # Call like this:
4 # TSH_VERBOSE=1 TSH_ERREXIT=1 HARNESS_ACTIVE=1 GITOLITE_TEST=y prove t/ukm.t
9 # this is hardcoded; change it if needed
14 # basic tests using ssh
15 # ----------------------------------------------------------------------
28 # Reset everything.
29 # Only admin and u1, u2, and u3 keys are available initially
30 # Keys u4, u5, and u6 are used as guests later.
31 # For easy access, we put the keys into ~/.ssh/, though.
32 try "
38 perl s/%USER/$ENV{USER}/
45 # Put the keys into ~/.ssh/authorized_keys
48 # enable user key management in a simple form.
49 # Guest key managers can add keyids looking like email addresses, but
50 # cannot add emails containing example.com or hemmecke.org.
51 system("sed -i \"s/.*ENABLE =>.*/'UKM_CONFIG'=>{'FORBIDDEN_GUEST_PATTERN'=>'example.com|hemmecke.org'}, ENABLE => ['ukm',/\" $h/.gitolite.rc");
53 # super-key-managers can add/del any key
54 # super-key-managers should in fact agree with people having write
55 # access to gitolite-admin repo.
56 # guest-key-managers can add/del guest keys
60 repo pub/CREATOR/..*
62 RW+ = CREATOR
63 RW = WRITERS
64 R = READERS
67 # Populate the gitolite-admin/keydir in the same way as it was used for
68 # the initialization of .ssh/authorized_keys above.
69 try "
70 mkdir keydir; ok or die 8
73 git add conf keydir; ok
74 git commit -m ukm; ok; /master.* ukm/
77 # Activate new config data.
80 # Check whether the above setup yields the expected behavior for ukm.
81 # The admin is super-key-manager, thus can manage every key.
82 try "
83 ssh admin ukm; ok; /Hello admin, you manage the following keys:/
84 / admin +admin/
85 / u1 +u1/
86 / u2 +u2/
87 / u3 +u3/
90 # u1 isn't a key manager, so shouldn't be above to manage keys.
93 # u2 and u3 are guest key managers, but don't yet manage any key.
98 ###################################################################
99 # Unknows subkommands abort ukm.
103 ###################################################################
104 # Addition of keys.
106 # If no data is provided on stdin, we don't block, but rather timeout
107 # after one second and abort the program.
110 # If no keyid is given, we cannot add a key.
113 try "
121 # Neither a guest key manager nor a super key manager can add keys that have
122 # double dot in their keyid. This is hardcoded to forbid paths with .. in it.
123 try "
126 ADDNOK u4 admin ./../.myshrc; /Not allowed to use '..' in keyid./
129 # guest-key-managers can only add keys that look like emails.
130 try "
131 FORBIDDEN_PATTERN u4
135 # No support for 'old style' multiple keys.
138 # No path delimiter in keyid
141 # Certain specific domains listed in FORBIDDEN_GUEST_PATTERN are forbidden.
143 # contains a regular expression --> I don't care.
148 # Accept one guest key.
150 try "ssh u2 ukm; ok; /Hello u2, you manage the following keys:/
153 # Various ways how a key must be rejected.
154 try "
155 # Cannot add the same key again.
158 # u2 can also not add u4.pub under another keyid
160 /Same key is already available under another userid./
162 # u2 can also not add another key under the same keyid.
165 # Also u3 cannot not add another key under the same keyid.
167 /FATAL: cannot add another public key for an existing user/
169 # And u3 cannot not add u4.pub under another keyid.
171 /Same key is already available under another userid./
173 # Not even the admin can add the same key u4 under a different userid.
175 /Same key is already available under another userid./
178 # Super key managers cannot add keys that start with @.
179 # We don't care about @ in the dirname, though.
186 # But u3 can add u4.pub under the same keyid.
189 try "ssh u3 ukm; ok; /Hello u3, you manage the following keys:/
192 # The admin can add multiple keys for the same userid.
193 try "
200 # And admin can also do this for other guest key managers. Note,
201 # however, that the gitolite-admin must be told where the
202 # GUEST_DIRECTORY is. But he/she could find out by cloning the
203 # gitolite-admin repository and adding the same key directly.
204 try "
210 fingerprint userid keyid
211 a4:d1:11:1d:25:5c:55:9b:5f:91:37:0e:44:a5:a5:f2 admin admin
212 00:2c:1f:dd:a3:76:5a:1e:c4:3c:01:15:65:19:a5:2e u1 u1
213 69:6f:b5:8a:f5:7b:d8:40:ce:94:09:a2:b8:95:79:5b u2 u2
214 26:4b:20:24:98:a4:e4:a5:b9:97:76:9a:15:92:27:2d u3 u3
220 78:cf:7e:2b:bf:18:58:54:23:cc:4b:3d:7e:f4:63:79 u4\@example.org zzz/guests/u2/u4\@example.org\@foo
225 # Now, u2 has two keys in his directory, but u2 can manage only one of
226 # them, since the one added by the admin has two @ in it. Thus the key
227 # added by admin is invisible to u2.
229 fingerprint userid keyid
233 # Since admin added key u6@example.org to the directory of u2, u2 is
234 # also able to see it and, in fact, to manage it.
236 fingerprint userid keyid
241 ###################################################################
242 # Deletion of keys.
243 try "
250 # Deletion requires a keyid.
253 # u3 can, of course, not remove any unmanaged key.
256 # But u3 can delete u4@example.org and u6@example.org. This will, of course,
257 # not remove the key u4@example.org that u2 manages.
258 try "
263 # After having deleted u4@example.org, u3 cannot remove it again,
264 # even though, u2 still manages that key.
267 # Of course a super-key-manager can remove any (existing) key.
268 try "
277 # As the admin could do that via pushing to the gitolite-admin manually,
278 # it's also allowed to delete even non-guest keys.
281 # Let's clean the environment again.
282 try "
287 ADDOK u3 admin u3
290 # Currently the admin has just one key. It cannot be removed.
291 # But after adding another key, deletion should work fine.
292 try "
293 DELNOK admin admin; /FATAL: You cannot delete your last key./
294 ADDOK u6 admin second/admin; /Adding new public key for admin./
295 DELOK admin admin
296 DELNOK u6 admin; /FATAL: You are not managing the key admin./
297 DELNOK u6 second/admin; /FATAL: You cannot delete your last key./
298 ADDOK admin u6 admin; /Adding new public key for admin./
299 DELOK u6 second/admin
302 ###################################################################
303 # Selfkey management.
305 # If self key management is not switched on in the .gitolite.rc file,
306 # it's not allowed at all.
309 # Let's enable it.
312 # And add self-key-managers to gitolite.conf
313 # chdir("../gitolite-admin") or die "in `pwd`, could not cd ../g-a";
316 repo gitolite-admin
317 RW+ = admin
318 repo testing
323 repo pub/CREATOR/..*
325 RW+ = CREATOR
326 RW = WRITERS
327 R = READERS
329 try "
330 git add conf keydir; ok
331 git commit -m selfkey; ok; /master.* selfkey/
335 # Now we can start with the tests.
337 # Only self key managers are allowed to use selfkey management.
338 # See variable @self-key-managers.
341 # Cannot add keyid that are not alphanumeric.
344 # Add a second key for u1, but leave it pending by not feeding in the
345 # session key. The new user can login, but he/she lives under a quite
346 # random gl_user name and thus is pretty much excluded from everything
347 # except permissions given to @all. If this new id calls ukm without
348 # providing the session key, this (pending) key is automatically
349 # removed from the system.
350 # If a certain keyid is in the system, then it cannot be added again.
351 try "
353 ssh admin ukm; ok; /u1 zzz/self/u1/zzz-add-[a-z0-9]{32}-second-u1/
357 ssh admin ukm; ok; !/zzz/; !/second/
360 # Not providing a proper ssh public key will abort. Providing a good
361 # ssh public key, which is not a session key makes the key invalid.
362 # The key will, therefore, be deleted by this operation.
363 try "
365 echo fake|ssh u4 ukm; !ok; /FATAL: does not seem to be a valid pubkey/
367 /session key not accepted/
371 # True addition of a new selfkey is done via piping it to a second ssh
372 # call that uses the new key to call ukm. Note that the first ssh must
373 # have completed its job before the second ssh is able to successfully
374 # log in. This can be done via sleep or via redirecting to a file and
375 # then reading from it.
376 try "
382 # u1 cannot add his/her initial key, since that key can never be
383 # confirmed via ukm, so it is forbidden altogether. In fact, u1 is not
384 # allowed to add any key twice.
385 try "
387 /FATAL: You cannot add a key that already belongs to you./
389 /FATAL: You cannot add a key that already belongs to you./
392 # u1 also can add more keys, but not under an existing keyid. That can
393 # be done by any of his/her identities (here we choose u4).
394 try "
400 # u2 cannot add the same key, but is allowed to use the same name (@third).
401 try "
403 /Same key is already available under another userid./
408 # u6 can schedule his/her own key for deletion, but cannot actually
409 # remove it. Trying to do so results in bringing back the key. Actual
410 # deletion must be confirmed by another key.
411 try "
419 # While in pending-deletion state, it's forbidden to add another key
420 # with the same keyid. It's also forbidden to add a key with the same
421 # fingerprint as the to-be-deleted key).
422 # A new key under another keyid, is OK.
423 try "
427 /FATAL: You cannot add a key that already belongs to you./
429 ssh u1 ukm; ok;
434 # We can remove a pending-for-addition key (@fourth) by logging in
435 # with a non-pending key. Trying to do anything with key u5 (@third)
436 # will just bring it back to its normal state, but not change the
437 # state of any other key. As already shown above, using u6 (@fourth)
438 # without a proper session key, would remove it from the system.
439 # Here we want to demonstrate that key u1 can delete u6 immediately.
442 # The pending-for-deletion key @third can also be removed via the u4
443 # (@second) key.
446 # Non-existing selfkeys cannot be deleted.