summaryrefslogtreecommitdiffstats
path: root/src/test/libcephfs/acl.cc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/test/libcephfs/acl.cc309
1 files changed, 309 insertions, 0 deletions
diff --git a/src/test/libcephfs/acl.cc b/src/test/libcephfs/acl.cc
new file mode 100644
index 00000000..a6c4a659
--- /dev/null
+++ b/src/test/libcephfs/acl.cc
@@ -0,0 +1,309 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2011 New Dream Network
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software
+ * Foundation. See file COPYING.
+ *
+ */
+#include "include/types.h"
+#include "gtest/gtest.h"
+#include "include/cephfs/libcephfs.h"
+#include "include/ceph_fs.h"
+#include "client/posix_acl.h"
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef __linux__
+#include <sys/xattr.h>
+#endif
+
+static size_t acl_ea_size(int count)
+{
+ return sizeof(acl_ea_header) + count * sizeof(acl_ea_entry);
+}
+
+static int acl_ea_count(size_t size)
+{
+ if (size < sizeof(acl_ea_header))
+ return -1;
+ size -= sizeof(acl_ea_header);
+ if (size % sizeof(acl_ea_entry))
+ return -1;
+ return size / sizeof(acl_ea_entry);
+}
+
+static int check_acl_and_mode(const void *buf, size_t size, mode_t mode)
+{
+ const acl_ea_entry *group_entry = NULL, *mask_entry = NULL;
+ const acl_ea_header *header = reinterpret_cast<const acl_ea_header*>(buf);
+ const acl_ea_entry *entry = header->a_entries;
+ int count = (size - sizeof(*header)) / sizeof(*entry);
+ for (int i = 0; i < count; ++i) {
+ __u16 tag = entry->e_tag;
+ __u16 perm = entry->e_perm;
+ switch(tag) {
+ case ACL_USER_OBJ:
+ if (perm != ((mode >> 6) & 7))
+ return -EINVAL;
+ break;
+ case ACL_USER:
+ case ACL_GROUP:
+ break;
+ case ACL_GROUP_OBJ:
+ group_entry = entry;
+ break;
+ case ACL_OTHER:
+ if (perm != (mode & 7))
+ return -EINVAL;
+ break;
+ case ACL_MASK:
+ mask_entry = entry;
+ break;
+ default:
+ return -EIO;
+ }
+ ++entry;
+ }
+ if (mask_entry) {
+ __u16 perm = mask_entry->e_perm;
+ if (perm != ((mode >> 3) & 7))
+ return -EINVAL;
+ } else {
+ if (!group_entry)
+ return -EIO;
+ __u16 perm = group_entry->e_perm;
+ if (perm != ((mode >> 3) & 7))
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int generate_test_acl(void *buf, size_t size, mode_t mode)
+{
+ if (acl_ea_count(size) != 5)
+ return -1;
+ acl_ea_header *header = reinterpret_cast<acl_ea_header*>(buf);
+ header->a_version = (__u32)ACL_EA_VERSION;
+ acl_ea_entry *entry = header->a_entries;
+ entry->e_tag = ACL_USER_OBJ;
+ entry->e_perm = (mode >> 6) & 7;
+ ++entry;
+ entry->e_tag = ACL_USER;
+ entry->e_perm = 7;
+ entry->e_id = getuid();
+ ++entry;
+ entry->e_tag = ACL_GROUP_OBJ;
+ entry->e_perm = (mode >> 3) & 7;
+ ++entry;
+ entry->e_tag = ACL_MASK;
+ entry->e_perm = 7;
+ ++entry;
+ entry->e_tag = ACL_OTHER;
+ entry->e_perm = mode & 7;
+ return 0;
+}
+
+static int generate_empty_acl(void *buf, size_t size, mode_t mode)
+{
+
+ if (acl_ea_count(size) != 3)
+ return -1;
+ acl_ea_header *header = reinterpret_cast<acl_ea_header*>(buf);
+ header->a_version = (__u32)ACL_EA_VERSION;
+ acl_ea_entry *entry = header->a_entries;
+ entry->e_tag = ACL_USER_OBJ;
+ entry->e_perm = (mode >> 6) & 7;
+ ++entry;
+ entry->e_tag = ACL_GROUP_OBJ;
+ entry->e_perm = (mode >> 3) & 7;
+ ++entry;
+ entry->e_tag = ACL_OTHER;
+ entry->e_perm = mode & 7;
+ return 0;
+}
+
+TEST(ACL, SetACL) {
+ struct ceph_mount_info *cmount;
+ ASSERT_EQ(0, ceph_create(&cmount, NULL));
+ ASSERT_EQ(0, ceph_conf_read_file(cmount, NULL));
+ ASSERT_EQ(0, ceph_mount(cmount, "/"));
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_acl_type", "posix_acl"));
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_permissions", "0"));
+
+ char test_file[256];
+ sprintf(test_file, "file1_setacl_%d", getpid());
+
+ int fd = ceph_open(cmount, test_file, O_CREAT|O_RDWR, 0600);
+ ASSERT_GT(fd, 0);
+ // change ownership to nobody -- we assume nobody exists and id is always 65534
+ ASSERT_EQ(ceph_fchown(cmount, fd, 65534, 65534), 0);
+
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_permissions", "1"));
+ ASSERT_EQ(ceph_open(cmount, test_file, O_RDWR, 0), -EACCES);
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_permissions", "0"));
+
+ size_t acl_buf_size = acl_ea_size(5);
+ void *acl_buf = malloc(acl_buf_size);
+ ASSERT_EQ(generate_test_acl(acl_buf, acl_buf_size, 0750), 0);
+
+ // can't set default acl for non-directory
+ ASSERT_EQ(ceph_fsetxattr(cmount, fd, ACL_EA_DEFAULT, acl_buf, acl_buf_size, 0), -EACCES);
+ ASSERT_EQ(ceph_fsetxattr(cmount, fd, ACL_EA_ACCESS, acl_buf, acl_buf_size, 0), 0);
+
+ int tmpfd = ceph_open(cmount, test_file, O_RDWR, 0);
+ ASSERT_GT(tmpfd, 0);
+ ceph_close(cmount, tmpfd);
+
+ struct ceph_statx stx;
+ ASSERT_EQ(ceph_fstatx(cmount, fd, &stx, CEPH_STATX_MODE, 0), 0);
+ // mode was modified according to ACL
+ ASSERT_EQ(stx.stx_mode & 0777u, 0770u);
+ ASSERT_EQ(check_acl_and_mode(acl_buf, acl_buf_size, stx.stx_mode), 0);
+
+ acl_buf_size = acl_ea_size(3);
+ // setting ACL that is equivalent to file mode
+ ASSERT_EQ(generate_empty_acl(acl_buf, acl_buf_size, 0600), 0);
+ ASSERT_EQ(ceph_fsetxattr(cmount, fd, ACL_EA_ACCESS, acl_buf, acl_buf_size, 0), 0);
+ // ACL was deleted
+ ASSERT_EQ(ceph_fgetxattr(cmount, fd, ACL_EA_ACCESS, NULL, 0), -ENODATA);
+
+ ASSERT_EQ(ceph_fstatx(cmount, fd, &stx, CEPH_STATX_MODE, 0), 0);
+ // mode was modified according to ACL
+ ASSERT_EQ(stx.stx_mode & 0777u, 0600u);
+
+ free(acl_buf);
+ ceph_close(cmount, fd);
+ ceph_shutdown(cmount);
+}
+
+TEST(ACL, Chmod) {
+ struct ceph_mount_info *cmount;
+ ASSERT_EQ(0, ceph_create(&cmount, NULL));
+ ASSERT_EQ(0, ceph_conf_read_file(cmount, NULL));
+ ASSERT_EQ(0, ceph_mount(cmount, "/"));
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_acl_type", "posix_acl"));
+
+ char test_file[256];
+ sprintf(test_file, "file1_acl_chmod_%d", getpid());
+
+ int fd = ceph_open(cmount, test_file, O_CREAT|O_RDWR, 0600);
+ ASSERT_GT(fd, 0);
+
+ int acl_buf_size = acl_ea_size(5);
+ void *acl_buf = malloc(acl_buf_size);
+ ASSERT_EQ(generate_test_acl(acl_buf, acl_buf_size, 0775), 0);
+ ASSERT_EQ(ceph_fsetxattr(cmount, fd, ACL_EA_ACCESS, acl_buf, acl_buf_size, 0), 0);
+
+ struct ceph_statx stx;
+ ASSERT_EQ(ceph_fstatx(cmount, fd, &stx, CEPH_STATX_MODE, 0), 0);
+ // mode was updated according to ACL
+ ASSERT_EQ(stx.stx_mode & 0777u, 0775u);
+
+ // change mode
+ ASSERT_EQ(ceph_fchmod(cmount, fd, 0640), 0);
+
+ ASSERT_EQ(ceph_fstatx(cmount, fd, &stx, CEPH_STATX_MODE, 0), 0);
+ ASSERT_EQ(stx.stx_mode & 0777u, 0640u);
+
+ // ACL was updated according to mode
+ ASSERT_EQ(ceph_fgetxattr(cmount, fd, ACL_EA_ACCESS, acl_buf, acl_buf_size), acl_buf_size);
+ ASSERT_EQ(check_acl_and_mode(acl_buf, acl_buf_size, stx.stx_mode), 0);
+
+ free(acl_buf);
+ ceph_close(cmount, fd);
+ ceph_shutdown(cmount);
+}
+
+TEST(ACL, DefaultACL) {
+ struct ceph_mount_info *cmount;
+ ASSERT_EQ(0, ceph_create(&cmount, NULL));
+ ASSERT_EQ(0, ceph_conf_read_file(cmount, NULL));
+ ASSERT_EQ(0, ceph_mount(cmount, "/"));
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_acl_type", "posix_acl"));
+
+ int acl_buf_size = acl_ea_size(5);
+ void *acl1_buf = malloc(acl_buf_size);
+ void *acl2_buf = malloc(acl_buf_size);
+
+ ASSERT_EQ(generate_test_acl(acl1_buf, acl_buf_size, 0750), 0);
+
+ char test_dir1[256];
+ sprintf(test_dir1, "dir1_acl_default_%d", getpid());
+ ASSERT_EQ(ceph_mkdir(cmount, test_dir1, 0750), 0);
+
+ // set default acl
+ ASSERT_EQ(ceph_setxattr(cmount, test_dir1, ACL_EA_DEFAULT, acl1_buf, acl_buf_size, 0), 0);
+
+ char test_dir2[262];
+ sprintf(test_dir2, "%s/dir2", test_dir1);
+ ASSERT_EQ(ceph_mkdir(cmount, test_dir2, 0755), 0);
+
+ // inherit default acl
+ ASSERT_EQ(ceph_getxattr(cmount, test_dir2, ACL_EA_DEFAULT, acl2_buf, acl_buf_size), acl_buf_size);
+ ASSERT_EQ(memcmp(acl1_buf, acl2_buf, acl_buf_size), 0);
+
+ // mode and ACL are updated
+ ASSERT_EQ(ceph_getxattr(cmount, test_dir2, ACL_EA_ACCESS, acl2_buf, acl_buf_size), acl_buf_size);
+ {
+ struct ceph_statx stx;
+ ASSERT_EQ(ceph_statx(cmount, test_dir2, &stx, CEPH_STATX_MODE, 0), 0);
+ // other bits of mode &= acl other perm
+ ASSERT_EQ(stx.stx_mode & 0777u, 0750u);
+ ASSERT_EQ(check_acl_and_mode(acl2_buf, acl_buf_size, stx.stx_mode), 0);
+ }
+
+ char test_file1[262];
+ sprintf(test_file1, "%s/file1", test_dir1);
+ int fd = ceph_open(cmount, test_file1, O_CREAT|O_RDWR, 0666);
+ ASSERT_GT(fd, 0);
+
+ // no default acl
+ ASSERT_EQ(ceph_fgetxattr(cmount, fd, ACL_EA_DEFAULT, NULL, 0), -ENODATA);
+
+ // mode and ACL are updated
+ ASSERT_EQ(ceph_fgetxattr(cmount, fd, ACL_EA_ACCESS, acl2_buf, acl_buf_size), acl_buf_size);
+ {
+ struct ceph_statx stx;
+ ASSERT_EQ(ceph_statx(cmount, test_file1, &stx, CEPH_STATX_MODE, 0), 0);
+ // other bits of mode &= acl other perm
+ ASSERT_EQ(stx.stx_mode & 0777u, 0660u);
+ ASSERT_EQ(check_acl_and_mode(acl2_buf, acl_buf_size, stx.stx_mode), 0);
+ }
+
+ free(acl1_buf);
+ free(acl2_buf);
+ ceph_close(cmount, fd);
+ ceph_shutdown(cmount);
+}
+
+TEST(ACL, Disabled) {
+ struct ceph_mount_info *cmount;
+ ASSERT_EQ(0, ceph_create(&cmount, NULL));
+ ASSERT_EQ(0, ceph_conf_read_file(cmount, NULL));
+ ASSERT_EQ(0, ceph_mount(cmount, "/"));
+ ASSERT_EQ(0, ceph_conf_set(cmount, "client_acl_type", ""));
+
+ size_t acl_buf_size = acl_ea_size(3);
+ void *acl_buf = malloc(acl_buf_size);
+ ASSERT_EQ(generate_empty_acl(acl_buf, acl_buf_size, 0755), 0);
+
+ char test_dir[256];
+ sprintf(test_dir, "dir1_acl_disabled_%d", getpid());
+ ASSERT_EQ(ceph_mkdir(cmount, test_dir, 0750), 0);
+
+ ASSERT_EQ(ceph_setxattr(cmount, test_dir, ACL_EA_DEFAULT, acl_buf, acl_buf_size, 0), -EOPNOTSUPP);
+ ASSERT_EQ(ceph_setxattr(cmount, test_dir, ACL_EA_ACCESS, acl_buf, acl_buf_size, 0), -EOPNOTSUPP);
+ ASSERT_EQ(ceph_getxattr(cmount, test_dir, ACL_EA_DEFAULT, acl_buf, acl_buf_size), -EOPNOTSUPP);
+ ASSERT_EQ(ceph_getxattr(cmount, test_dir, ACL_EA_ACCESS, acl_buf, acl_buf_size), -EOPNOTSUPP);
+
+ free(acl_buf);
+ ceph_shutdown(cmount);
+}