]>
git.proxmox.com Git - ceph.git/blob - ceph/src/test/libcephfs/access.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2011 New Dream Network
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
15 #include "gtest/gtest.h"
16 #include "common/ceph_argparse.h"
17 #include "include/buffer.h"
18 #include "include/stringify.h"
19 #include "include/cephfs/libcephfs.h"
20 #include "include/rados/librados.h"
24 #include <sys/types.h>
30 #include "json_spirit/json_spirit.h"
34 #include <sys/xattr.h>
42 int do_mon_command(string s
, string
*key
)
45 size_t outs_len
, outbuf_len
;
46 const char *ss
= s
.c_str();
47 int r
= rados_mon_command(cluster
, (const char **)&ss
, 1,
52 string
s(outbuf
, outbuf_len
);
53 std::cout
<< "out: " << s
<< std::endl
;
56 json_spirit::mValue v
, k
;
57 json_spirit::read_or_throw(s
, v
);
58 k
= v
.get_array()[0].get_obj().find("key")->second
;
60 std::cout
<< "key: " << *key
<< std::endl
;
66 string
s(outs
, outs_len
);
67 std::cout
<< "outs: " << s
<< std::endl
;
73 string
get_unique_dir()
75 return string("/ceph_test_libcephfs_access.") + stringify(rand());
78 TEST(AccessTest
, Foo
) {
79 string dir
= get_unique_dir();
80 string user
= "libcephfs_foo_test." + stringify(rand());
81 // admin mount to set up test
82 struct ceph_mount_info
*admin
;
83 ASSERT_EQ(0, ceph_create(&admin
, NULL
));
84 ASSERT_EQ(0, ceph_conf_read_file(admin
, NULL
));
85 ASSERT_EQ(0, ceph_conf_parse_env(admin
, NULL
));
86 ASSERT_EQ(0, ceph_mount(admin
, "/"));
87 ASSERT_EQ(0, ceph_mkdir(admin
, dir
.c_str(), 0755));
91 ASSERT_EQ(0, do_mon_command(
92 "{\"prefix\": \"auth get-or-create\", \"entity\": \"client." + user
+ "\", "
93 "\"caps\": [\"mon\", \"allow *\", \"osd\", \"allow rw\", "
94 "\"mds\", \"allow rw\""
95 "], \"format\": \"json\"}", &key
));
97 struct ceph_mount_info
*cmount
;
98 ASSERT_EQ(0, ceph_create(&cmount
, user
.c_str()));
99 ASSERT_EQ(0, ceph_conf_read_file(cmount
, NULL
));
100 ASSERT_EQ(0, ceph_conf_parse_env(cmount
, NULL
));
101 ASSERT_EQ(0, ceph_conf_set(cmount
, "key", key
.c_str()));
102 ASSERT_EQ(0, ceph_mount(cmount
, "/"));
104 ceph_shutdown(cmount
);
107 ASSERT_EQ(0, ceph_rmdir(admin
, dir
.c_str()));
108 ceph_shutdown(admin
);
111 TEST(AccessTest
, Path
) {
112 string good
= get_unique_dir();
113 string bad
= get_unique_dir();
114 string user
= "libcephfs_path_test." + stringify(rand());
115 struct ceph_mount_info
*admin
;
116 ASSERT_EQ(0, ceph_create(&admin
, NULL
));
117 ASSERT_EQ(0, ceph_conf_read_file(admin
, NULL
));
118 ASSERT_EQ(0, ceph_conf_parse_env(admin
, NULL
));
119 ASSERT_EQ(0, ceph_mount(admin
, "/"));
120 ASSERT_EQ(0, ceph_mkdir(admin
, good
.c_str(), 0755));
121 ASSERT_EQ(0, ceph_mkdir(admin
, string(good
+ "/p").c_str(), 0755));
122 ASSERT_EQ(0, ceph_mkdir(admin
, bad
.c_str(), 0755));
123 ASSERT_EQ(0, ceph_mkdir(admin
, string(bad
+ "/p").c_str(), 0755));
124 int fd
= ceph_open(admin
, string(good
+ "/q").c_str(), O_CREAT
|O_WRONLY
, 0755);
125 ceph_close(admin
, fd
);
126 fd
= ceph_open(admin
, string(bad
+ "/q").c_str(), O_CREAT
|O_WRONLY
, 0755);
127 ceph_close(admin
, fd
);
128 fd
= ceph_open(admin
, string(bad
+ "/z").c_str(), O_CREAT
|O_WRONLY
, 0755);
129 ceph_write(admin
, fd
, "TEST FAILED", 11, 0);
130 ceph_close(admin
, fd
);
133 ASSERT_EQ(0, do_mon_command(
134 "{\"prefix\": \"auth get-or-create\", \"entity\": \"client." + user
+ "\", "
135 "\"caps\": [\"mon\", \"allow r\", \"osd\", \"allow rwx\", "
136 "\"mds\", \"allow r, allow rw path=" + good
+ "\""
137 "], \"format\": \"json\"}", &key
));
139 struct ceph_mount_info
*cmount
;
140 ASSERT_EQ(0, ceph_create(&cmount
, user
.c_str()));
141 ASSERT_EQ(0, ceph_conf_read_file(cmount
, NULL
));
142 ASSERT_EQ(0, ceph_conf_parse_env(cmount
, NULL
));
143 ASSERT_EQ(0, ceph_conf_set(cmount
, "key", key
.c_str()));
144 ASSERT_EQ(0, ceph_mount(cmount
, "/"));
147 ASSERT_GE(ceph_mkdir(cmount
, string(good
+ "/x").c_str(), 0755), 0);
148 ASSERT_GE(ceph_rmdir(cmount
, string(good
+ "/p").c_str()), 0);
149 ASSERT_GE(ceph_unlink(cmount
, string(good
+ "/q").c_str()), 0);
150 fd
= ceph_open(cmount
, string(good
+ "/y").c_str(), O_CREAT
|O_WRONLY
, 0755);
152 ceph_write(cmount
, fd
, "bar", 3, 0);
153 ceph_close(cmount
, fd
);
154 ASSERT_GE(ceph_unlink(cmount
, string(good
+ "/y").c_str()), 0);
155 ASSERT_GE(ceph_rmdir(cmount
, string(good
+ "/x").c_str()), 0);
157 fd
= ceph_open(cmount
, string(bad
+ "/z").c_str(), O_RDONLY
, 0644);
159 ceph_close(cmount
, fd
);
162 ASSERT_LT(ceph_mkdir(cmount
, string(bad
+ "/x").c_str(), 0755), 0);
163 ASSERT_LT(ceph_rmdir(cmount
, string(bad
+ "/p").c_str()), 0);
164 ASSERT_LT(ceph_unlink(cmount
, string(bad
+ "/q").c_str()), 0);
165 fd
= ceph_open(cmount
, string(bad
+ "/y").c_str(), O_CREAT
|O_WRONLY
, 0755);
169 fd
= ceph_open(cmount
, string(good
+ "/unlinkme").c_str(), O_CREAT
|O_WRONLY
, 0755);
170 ceph_unlink(cmount
, string(good
+ "/unlinkme").c_str());
171 ASSERT_GE(ceph_write(cmount
, fd
, "foo", 3, 0), 0);
172 ASSERT_GE(ceph_fchmod(cmount
, fd
, 0777), 0);
173 ASSERT_GE(ceph_ftruncate(cmount
, fd
, 0), 0);
174 ASSERT_GE(ceph_fsetxattr(cmount
, fd
, "user.any", "bar", 3, 0), 0);
175 ceph_close(cmount
, fd
);
178 fd
= ceph_open(cmount
, string(good
+ "/renameme").c_str(), O_CREAT
|O_WRONLY
, 0755);
179 ASSERT_EQ(ceph_rename(admin
, string(good
+ "/renameme").c_str(),
180 string(bad
+ "/asdf").c_str()), 0);
181 ASSERT_GE(ceph_write(cmount
, fd
, "foo", 3, 0), 0);
182 ASSERT_GE(ceph_fchmod(cmount
, fd
, 0777), -EACCES
);
183 ASSERT_GE(ceph_ftruncate(cmount
, fd
, 0), -EACCES
);
184 ASSERT_GE(ceph_fsetxattr(cmount
, fd
, "user.any", "bar", 3, 0), -EACCES
);
185 ceph_close(cmount
, fd
);
187 ceph_shutdown(cmount
);
188 ASSERT_EQ(0, ceph_unlink(admin
, string(bad
+ "/q").c_str()));
189 ASSERT_EQ(0, ceph_unlink(admin
, string(bad
+ "/z").c_str()));
190 ASSERT_EQ(0, ceph_rmdir(admin
, string(bad
+ "/p").c_str()));
191 ASSERT_EQ(0, ceph_unlink(admin
, string(bad
+ "/asdf").c_str()));
192 ASSERT_EQ(0, ceph_rmdir(admin
, good
.c_str()));
193 ASSERT_EQ(0, ceph_rmdir(admin
, bad
.c_str()));
194 ceph_shutdown(admin
);
197 TEST(AccessTest
, ReadOnly
) {
198 string dir
= get_unique_dir();
199 string dir2
= get_unique_dir();
200 string user
= "libcephfs_readonly_test." + stringify(rand());
201 struct ceph_mount_info
*admin
;
202 ASSERT_EQ(0, ceph_create(&admin
, NULL
));
203 ASSERT_EQ(0, ceph_conf_read_file(admin
, NULL
));
204 ASSERT_EQ(0, ceph_conf_parse_env(admin
, NULL
));
205 ASSERT_EQ(0, ceph_mount(admin
, "/"));
206 ASSERT_EQ(0, ceph_mkdir(admin
, dir
.c_str(), 0755));
207 int fd
= ceph_open(admin
, string(dir
+ "/out").c_str(), O_CREAT
|O_WRONLY
, 0755);
208 ceph_write(admin
, fd
, "foo", 3, 0);
209 ceph_close(admin
,fd
);
212 ASSERT_EQ(0, do_mon_command(
213 "{\"prefix\": \"auth get-or-create\", \"entity\": \"client." + user
+ "\", "
214 "\"caps\": [\"mon\", \"allow r\", \"osd\", \"allow rw\", "
215 "\"mds\", \"allow r\""
216 "], \"format\": \"json\"}", &key
));
218 struct ceph_mount_info
*cmount
;
219 ASSERT_EQ(0, ceph_create(&cmount
, user
.c_str()));
220 ASSERT_EQ(0, ceph_conf_read_file(cmount
, NULL
));
221 ASSERT_EQ(0, ceph_conf_parse_env(cmount
, NULL
));
222 ASSERT_EQ(0, ceph_conf_set(cmount
, "key", key
.c_str()));
223 ASSERT_EQ(0, ceph_mount(cmount
, "/"));
226 fd
= ceph_open(cmount
, string(dir
+ "/out").c_str(), O_RDONLY
, 0644);
228 ceph_close(cmount
,fd
);
231 fd
= ceph_open(cmount
, string(dir
+ "/bar").c_str(), O_CREAT
|O_WRONLY
, 0755);
233 ASSERT_LT(ceph_mkdir(cmount
, dir2
.c_str(), 0755), 0);
235 ceph_shutdown(cmount
);
236 ASSERT_EQ(0, ceph_unlink(admin
, string(dir
+ "/out").c_str()));
237 ASSERT_EQ(0, ceph_rmdir(admin
, dir
.c_str()));
238 ceph_shutdown(admin
);
241 TEST(AccessTest
, User
) {
242 string dir
= get_unique_dir();
243 string user
= "libcephfs_user_test." + stringify(rand());
245 // admin mount to set up test
246 struct ceph_mount_info
*admin
;
247 ASSERT_EQ(0, ceph_create(&admin
, NULL
));
248 ASSERT_EQ(0, ceph_conf_read_file(admin
, NULL
));
249 ASSERT_EQ(0, ceph_conf_parse_env(admin
, NULL
));
250 ASSERT_EQ(0, ceph_conf_set(admin
, "client_permissions", "0"));
251 ASSERT_EQ(0, ceph_mount(admin
, "/"));
252 ASSERT_EQ(0, ceph_mkdir(admin
, dir
.c_str(), 0755));
256 ASSERT_EQ(0, do_mon_command(
257 "{\"prefix\": \"auth get-or-create\", \"entity\": \"client." + user
+ "\", "
258 "\"caps\": [\"mon\", \"allow *\", \"osd\", \"allow rw\", "
259 "\"mds\", \"allow rw uid=123 gids=456,789\""
260 "], \"format\": \"json\"}", &key
));
262 struct ceph_mount_info
*cmount
;
263 ASSERT_EQ(0, ceph_create(&cmount
, user
.c_str()));
264 ASSERT_EQ(0, ceph_conf_read_file(cmount
, NULL
));
265 ASSERT_EQ(0, ceph_conf_parse_env(cmount
, NULL
));
266 ASSERT_EQ(0, ceph_conf_set(cmount
, "key", key
.c_str()));
267 ASSERT_EQ(-EACCES
, ceph_mount(cmount
, "/"));
268 ASSERT_EQ(0, ceph_init(cmount
));
270 UserPerm
*perms
= ceph_userperm_new(123, 456, 0, NULL
);
271 ASSERT_NE(nullptr, perms
);
272 ASSERT_EQ(0, ceph_mount_perms_set(cmount
, perms
));
273 ceph_userperm_destroy(perms
);
275 ASSERT_EQ(0, ceph_conf_set(cmount
, "client_permissions", "0"));
276 ASSERT_EQ(0, ceph_mount(cmount
, "/"));
279 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 0700));
280 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 123, 456));
281 ASSERT_EQ(0, ceph_mkdir(cmount
, string(dir
+ "/u1").c_str(), 0755));
282 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 456));
283 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
286 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 0770));
287 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 456));
288 ASSERT_EQ(0, ceph_mkdir(cmount
, string(dir
+ "/u2").c_str(), 0755));
289 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 2));
290 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
292 // user overrides group
293 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 0470));
294 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 123, 456));
295 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
298 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 0777));
299 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 1));
300 ASSERT_EQ(0, ceph_mkdir(cmount
, string(dir
+ "/u3").c_str(), 0755));
301 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 0770));
302 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
304 // user and group overrides other
305 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 07));
306 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 456));
307 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
308 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 123, 1));
309 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
310 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 123, 456));
311 ASSERT_EQ(-EACCES
, ceph_mkdir(cmount
, string(dir
+ "/no").c_str(), 0755));
314 ASSERT_EQ(0, ceph_chmod(admin
, dir
.c_str(), 0700));
315 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 123, 456));
316 // FIXME: Re-enable these 789 tests once we can set multiple GIDs via libcephfs/config
317 // ASSERT_EQ(0, ceph_chown(cmount, dir.c_str(), 123, 789));
318 ASSERT_EQ(0, ceph_chown(cmount
, dir
.c_str(), 123, 456));
319 // ASSERT_EQ(0, ceph_chown(cmount, dir.c_str(), -1, 789));
320 ASSERT_EQ(0, ceph_chown(cmount
, dir
.c_str(), -1, 456));
321 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), 123, 1));
322 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), 1, 456));
324 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 1));
325 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), 123, 456));
326 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), 123, -1));
327 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), -1, 456));
329 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 1, 456));
330 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), 123, 456));
331 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), 123, -1));
332 ASSERT_EQ(-EACCES
, ceph_chown(cmount
, dir
.c_str(), -1, 456));
334 ASSERT_EQ(0, ceph_chown(admin
, dir
.c_str(), 123, 1));
335 ASSERT_EQ(0, ceph_chown(cmount
, dir
.c_str(), -1, 456));
336 // ASSERT_EQ(0, ceph_chown(cmount, dir.c_str(), 123, 789));
338 ceph_shutdown(cmount
);
341 ASSERT_EQ(0, ceph_rmdir(admin
, string(dir
+ "/u1").c_str()));
342 ASSERT_EQ(0, ceph_rmdir(admin
, string(dir
+ "/u2").c_str()));
343 ASSERT_EQ(0, ceph_rmdir(admin
, string(dir
+ "/u3").c_str()));
344 ASSERT_EQ(0, ceph_rmdir(admin
, dir
.c_str()));
345 ceph_shutdown(admin
);
348 static int update_root_mode()
350 struct ceph_mount_info
*admin
;
351 int r
= ceph_create(&admin
, NULL
);
354 ceph_conf_read_file(admin
, NULL
);
355 ceph_conf_parse_env(admin
, NULL
);
356 ceph_conf_set(admin
, "client_permissions", "false");
357 r
= ceph_mount(admin
, "/");
360 r
= ceph_chmod(admin
, "/", 0777);
362 ceph_shutdown(admin
);
367 int main(int argc
, char **argv
)
369 int r
= update_root_mode();
373 ::testing::InitGoogleTest(&argc
, argv
);
377 r
= rados_create(&cluster
, NULL
);
381 r
= rados_conf_read_file(cluster
, NULL
);
385 rados_conf_parse_env(cluster
, NULL
);
386 r
= rados_connect(cluster
);
392 rados_shutdown(cluster
);