# HG changeset patch # User Matt Mackall # Date 1158354016 18000 # Node ID c27d1e1798a3e0045e132849c773f4c139d5da6e # Parent 494521a3f142599dbe3ace9c61aa017da215f4fe Back out trusted hgrc change for now Backed out changeset 494521a3f1425 diff -r 494521a3f142 -r c27d1e1798a3 doc/hgrc.5.txt --- a/doc/hgrc.5.txt Tue Aug 22 20:45:03 2006 -0300 +++ b/doc/hgrc.5.txt Fri Sep 15 16:00:16 2006 -0500 @@ -50,8 +50,6 @@ particular repository. This file is not version-controlled, and will not get transferred during a "clone" operation. Options in this file override options in all other configuration files. - On Unix, this file is only read if it belongs to a trusted user - or to a trusted group. SYNTAX ------ @@ -351,16 +349,6 @@ 6Mbps), uncompressed streaming is slower, because of the extra data transfer overhead. Default is False. -trusted:: - Mercurial will only read the .hg/hgrc file from a repository if - it belongs to a trusted user or to a trusted group. This section - specifies what users and groups are trusted. To trust everybody, - list a user or a group with name "*". - users;; - Comma-separated list of trusted users. - groups;; - Comma-separated list of trusted groups. - ui:: User interface controls. debug;; diff -r 494521a3f142 -r c27d1e1798a3 mercurial/ui.py --- a/mercurial/ui.py Tue Aug 22 20:45:03 2006 -0300 +++ b/mercurial/ui.py Fri Sep 15 16:00:16 2006 -0500 @@ -19,8 +19,6 @@ # this is the parent of all ui children self.parentui = None self.readhooks = list(readhooks) - self.trusted_users = {} - self.trusted_groups = {} self.cdata = ConfigParser.SafeConfigParser() self.readconfig(util.rcpath()) @@ -39,8 +37,6 @@ # parentui may point to an ui object which is already a child self.parentui = parentui.parentui or parentui self.readhooks = list(parentui.readhooks or readhooks) - self.trusted_users = parentui.trusted_users.copy() - self.trusted_groups = parentui.trusted_groups.copy() parent_cdata = self.parentui.cdata self.cdata = ConfigParser.SafeConfigParser(parent_cdata.defaults()) # make interpolation work @@ -76,22 +72,7 @@ fn = [fn] for f in fn: try: - fp = open(f) - except IOError: - continue - if ((self.trusted_users or self.trusted_groups) and - '*' not in self.trusted_users and - '*' not in self.trusted_groups): - st = util.fstat(fp) - user = util.username(st.st_uid) - group = util.groupname(st.st_gid) - if (user not in self.trusted_users and - group not in self.trusted_groups): - self.warn(_('not reading file %s from untrusted ' - 'user %s, group %s\n') % (f, user, group)) - continue - try: - self.cdata.readfp(fp, f) + self.cdata.read(f) except ConfigParser.ParsingError, inst: raise util.Abort(_("Failed to parse %s\n%s") % (f, inst)) # translate paths relative to root (or home) into absolute paths @@ -100,13 +81,6 @@ for name, path in self.configitems("paths"): if path and "://" not in path and not os.path.isabs(path): self.cdata.set("paths", name, os.path.join(root, path)) - user = util.username() - if user is not None: - self.trusted_users[user] = 1 - for user in self.configlist('trusted', 'users'): - self.trusted_users[user] = 1 - for group in self.configlist('trusted', 'groups'): - self.trusted_groups[group] = 1 for hook in self.readhooks: hook(self) diff -r 494521a3f142 -r c27d1e1798a3 mercurial/util.py --- a/mercurial/util.py Tue Aug 22 20:45:03 2006 -0300 +++ b/mercurial/util.py Fri Sep 15 16:00:16 2006 -0500 @@ -15,7 +15,7 @@ from i18n import gettext as _ from demandload import * demandload(globals(), "cStringIO errno getpass popen2 re shutil sys tempfile") -demandload(globals(), "os threading time pwd grp") +demandload(globals(), "os threading time") # used by parsedate defaultdateformats = ('%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M', @@ -509,38 +509,6 @@ raise Abort(_('user name not available - set USERNAME ' 'environment variable')) -def username(uid=None): - """Return the name of the user with the given uid. - - If uid is None, return the name of the current user.""" - try: - # force an ImportError if there's no module pwd - getpwuid = pwd.getpwuid - if uid is None: - uid = os.getuid() - try: - return getpwuid(uid)[0] - except KeyError: - return str(uid) - except ImportError: - return None - -def groupname(gid=None): - """Return the name of the group with the given gid. - - If gid is None, return the name of the current group.""" - try: - # force an ImportError if there's no module grp - getgrgid = grp.getgrgid - if gid is None: - gid = os.getgid() - try: - return getgrgid(gid)[0] - except KeyError: - return str(gid) - except ImportError: - return None - # Platform specific variants if os.name == 'nt': demandload(globals(), "msvcrt") diff -r 494521a3f142 -r c27d1e1798a3 tests/test-trusted.py --- a/tests/test-trusted.py Tue Aug 22 20:45:03 2006 -0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,112 +0,0 @@ -#!/usr/bin/env python -# Since it's not easy to write a test that portably deals -# with files from different users/groups, we cheat a bit by -# monkey-patching some functions in the util module - -import os -from mercurial import ui, util - -hgrc = os.environ['HGRCPATH'] - -def testui(user='foo', group='bar', tusers=(), tgroups=(), - cuser='foo', cgroup='bar'): - # user, group => owners of the file - # tusers, tgroups => trusted users/groups - # cuser, cgroup => user/group of the current process - - # write a global hgrc with the list of trusted users/groups and - # some setting so that we can be sure it was read - f = open(hgrc, 'w') - f.write('[paths]\n') - f.write('global = /some/path\n\n') - - if tusers or tgroups: - f.write('[trusted]\n') - if tusers: - f.write('users = %s\n' % ', '.join(tusers)) - if tgroups: - f.write('groups = %s\n' % ', '.join(tgroups)) - f.close() - - # override the functions that give names to uids and gids - def username(uid=None): - if uid is None: - return cuser - return user - util.username = username - - def groupname(gid=None): - if gid is None: - return 'bar' - return group - util.groupname = groupname - - # try to read everything - #print '# File belongs to user %s, group %s' % (user, group) - #print '# trusted users = %s; trusted groups = %s' % (tusers, tgroups) - kind = ('different', 'same') - who = ('', 'user', 'group', 'user and the group') - trusted = who[(user in tusers) + 2*(group in tgroups)] - if trusted: - trusted = ', but we trust the ' + trusted - print '# %s user, %s group%s' % (kind[user == cuser], kind[group == cgroup], - trusted) - - parentui = ui.ui() - u = ui.ui(parentui=parentui) - u.readconfig('.hg/hgrc') - for name, path in u.configitems('paths'): - print name, '=', path - print - - return u - -os.mkdir('repo') -os.chdir('repo') -os.mkdir('.hg') -f = open('.hg/hgrc', 'w') -f.write('[paths]\n') -f.write('local = /another/path\n\n') -f.close() - -#print '# Everything is run by user foo, group bar\n' - -# same user, same group -testui() -# same user, different group -testui(group='def') -# different user, same group -testui(user='abc') -# ... but we trust the group -testui(user='abc', tgroups=['bar']) -# different user, different group -testui(user='abc', group='def') -# ... but we trust the user -testui(user='abc', group='def', tusers=['abc']) -# ... but we trust the group -testui(user='abc', group='def', tgroups=['def']) -# ... but we trust the user and the group -testui(user='abc', group='def', tusers=['abc'], tgroups=['def']) -# ... but we trust all users -print '# we trust all users' -testui(user='abc', group='def', tusers=['*']) -# ... but we trust all groups -print '# we trust all groups' -testui(user='abc', group='def', tgroups=['*']) -# ... but we trust the whole universe -print '# we trust all users and groups' -testui(user='abc', group='def', tusers=['*'], tgroups=['*']) -# ... check that users and groups are in different namespaces -print "# we don't get confused by users and groups with the same name" -testui(user='abc', group='def', tusers=['def'], tgroups=['abc']) -# ... lists of user names work -print "# list of user names" -testui(user='abc', group='def', tusers=['foo', 'xyz', 'abc', 'bleh'], - tgroups=['bar', 'baz', 'qux']) -# ... lists of group names work -print "# list of group names" -testui(user='abc', group='def', tusers=['foo', 'xyz', 'bleh'], - tgroups=['bar', 'def', 'baz', 'qux']) - -print "# Can't figure out the name of the user running this process" -testui(user='abc', group='def', cuser=None) diff -r 494521a3f142 -r c27d1e1798a3 tests/test-trusted.py.out --- a/tests/test-trusted.py.out Tue Aug 22 20:45:03 2006 -0300 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,67 +0,0 @@ -# same user, same group -global = /some/path -local = /another/path - -# same user, different group -global = /some/path -local = /another/path - -# different user, same group -not reading file .hg/hgrc from untrusted user abc, group bar -global = /some/path - -# different user, same group, but we trust the group -global = /some/path -local = /another/path - -# different user, different group -not reading file .hg/hgrc from untrusted user abc, group def -global = /some/path - -# different user, different group, but we trust the user -global = /some/path -local = /another/path - -# different user, different group, but we trust the group -global = /some/path -local = /another/path - -# different user, different group, but we trust the user and the group -global = /some/path -local = /another/path - -# we trust all users -# different user, different group -global = /some/path -local = /another/path - -# we trust all groups -# different user, different group -global = /some/path -local = /another/path - -# we trust all users and groups -# different user, different group -global = /some/path -local = /another/path - -# we don't get confused by users and groups with the same name -# different user, different group -not reading file .hg/hgrc from untrusted user abc, group def -global = /some/path - -# list of user names -# different user, different group, but we trust the user -global = /some/path -local = /another/path - -# list of group names -# different user, different group, but we trust the group -global = /some/path -local = /another/path - -# Can't figure out the name of the user running this process -# different user, different group -global = /some/path -local = /another/path -