| // Copyright 2015 The Vanadium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package binarylib_test |
| |
| import ( |
| "fmt" |
| "os" |
| "reflect" |
| "syscall" |
| "testing" |
| |
| "v.io/v23" |
| "v.io/v23/context" |
| "v.io/v23/naming" |
| "v.io/v23/security" |
| "v.io/v23/security/access" |
| "v.io/v23/services/repository" |
| "v.io/v23/verror" |
| "v.io/x/lib/vlog" |
| vsecurity "v.io/x/ref/lib/security" |
| "v.io/x/ref/lib/signals" |
| "v.io/x/ref/services/internal/binarylib" |
| "v.io/x/ref/services/internal/servicetest" |
| "v.io/x/ref/test" |
| "v.io/x/ref/test/modules" |
| "v.io/x/ref/test/testutil" |
| ) |
| |
| //go:generate v23 test generate |
| |
| var binaryd = modules.Register(func(env *modules.Env, args ...string) error { |
| if len(args) < 2 { |
| vlog.Fatalf("binaryd expected at least name and store arguments and optionally AccessList flags per PermissionsFromFlag") |
| } |
| publishName := args[0] |
| storedir := args[1] |
| |
| ctx, shutdown := test.V23Init() |
| |
| defer fmt.Fprintf(env.Stdout, "%v terminating\n", publishName) |
| defer vlog.VI(1).Infof("%v terminating", publishName) |
| defer shutdown() |
| |
| server, endpoint := servicetest.NewServer(ctx) |
| name := naming.JoinAddressName(endpoint, "") |
| vlog.VI(1).Infof("binaryd name: %v", name) |
| |
| depth := 2 |
| state, err := binarylib.NewState(storedir, "", depth) |
| if err != nil { |
| vlog.Fatalf("NewState(%v, %v, %v) failed: %v", storedir, "", depth, err) |
| } |
| dispatcher, err := binarylib.NewDispatcher(v23.GetPrincipal(ctx), state) |
| if err != nil { |
| vlog.Fatalf("Failed to create binaryd dispatcher: %v", err) |
| } |
| if err := server.ServeDispatcher(publishName, dispatcher); err != nil { |
| vlog.Fatalf("Serve(%v) failed: %v", publishName, err) |
| } |
| |
| fmt.Fprintf(env.Stdout, "ready:%d\n", os.Getpid()) |
| <-signals.ShutdownOnSignals(ctx) |
| |
| return nil |
| }, "binaryd") |
| |
| func b(name string) repository.BinaryClientStub { |
| return repository.BinaryClient(name) |
| } |
| |
| func ctxWithBlessedPrincipal(ctx *context.T, childExtension string) (*context.T, error) { |
| parent := v23.GetPrincipal(ctx) |
| child := testutil.NewPrincipal() |
| b, err := parent.Bless(child.PublicKey(), parent.BlessingStore().Default(), childExtension, security.UnconstrainedUse()) |
| if err != nil { |
| return nil, err |
| } |
| if err := vsecurity.SetDefaultBlessings(child, b); err != nil { |
| return nil, err |
| } |
| return v23.WithPrincipal(ctx, child) |
| } |
| |
| func TestBinaryCreateAccessList(t *testing.T) { |
| ctx, shutdown := test.V23Init() |
| defer shutdown() |
| v23.GetNamespace(ctx).CacheCtl(naming.DisableCache(true)) |
| |
| selfCtx, err := v23.WithPrincipal(ctx, testutil.NewPrincipal("self")) |
| if err != nil { |
| t.Fatalf("WithPrincipal failed: %v", err) |
| } |
| childCtx, err := ctxWithBlessedPrincipal(selfCtx, "child") |
| if err != nil { |
| t.Fatalf("WithPrincipal failed: %v", err) |
| } |
| |
| sh, deferFn := servicetest.CreateShellAndMountTable(t, childCtx, v23.GetPrincipal(childCtx)) |
| defer deferFn() |
| // make selfCtx and childCtx have the same Namespace Roots as set by |
| // CreateShellAndMountTable |
| v23.GetNamespace(selfCtx).SetRoots(v23.GetNamespace(childCtx).Roots()...) |
| |
| // setup mock up directory to put state in |
| storedir, cleanup := servicetest.SetupRootDir(t, "bindir") |
| defer cleanup() |
| prepDirectory(t, storedir) |
| |
| nmh := servicetest.RunCommand(t, sh, nil, binaryd, "bini", storedir) |
| pid := servicetest.ReadPID(t, nmh) |
| defer syscall.Kill(pid, syscall.SIGINT) |
| |
| vlog.VI(2).Infof("Self uploads a shared and private binary.") |
| if err := b("bini/private").Create(childCtx, 1, repository.MediaInfo{Type: "application/octet-stream"}); err != nil { |
| t.Fatalf("Create() failed %v", err) |
| } |
| fakeDataPrivate := testData() |
| if streamErr, err := invokeUpload(t, childCtx, b("bini/private"), fakeDataPrivate, 0); streamErr != nil || err != nil { |
| t.Fatalf("invokeUpload() failed %v, %v", err, streamErr) |
| } |
| |
| vlog.VI(2).Infof("Validate that the AccessList also allows Self") |
| perms, _, err := b("bini/private").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %v", err) |
| } |
| expected := access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}}, |
| } |
| if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| } |
| |
| func TestBinaryRootAccessList(t *testing.T) { |
| ctx, shutdown := test.V23Init() |
| defer shutdown() |
| v23.GetNamespace(ctx).CacheCtl(naming.DisableCache(true)) |
| |
| selfPrincipal := testutil.NewPrincipal("self") |
| selfCtx, err := v23.WithPrincipal(ctx, selfPrincipal) |
| if err != nil { |
| t.Fatalf("WithPrincipal failed: %v", err) |
| } |
| sh, deferFn := servicetest.CreateShellAndMountTable(t, selfCtx, v23.GetPrincipal(selfCtx)) |
| defer deferFn() |
| |
| // setup mock up directory to put state in |
| storedir, cleanup := servicetest.SetupRootDir(t, "bindir") |
| defer cleanup() |
| prepDirectory(t, storedir) |
| |
| otherPrincipal := testutil.NewPrincipal("other") |
| if err := otherPrincipal.AddToRoots(selfPrincipal.BlessingStore().Default()); err != nil { |
| t.Fatalf("otherPrincipal.AddToRoots() failed: %v", err) |
| } |
| otherCtx, err := v23.WithPrincipal(selfCtx, otherPrincipal) |
| if err != nil { |
| t.Fatalf("WithPrincipal() failed: %v", err) |
| } |
| |
| nmh := servicetest.RunCommand(t, sh, nil, binaryd, "bini", storedir) |
| pid := servicetest.ReadPID(t, nmh) |
| defer syscall.Kill(pid, syscall.SIGINT) |
| |
| vlog.VI(2).Infof("Self uploads a shared and private binary.") |
| if err := b("bini/private").Create(selfCtx, 1, repository.MediaInfo{Type: "application/octet-stream"}); err != nil { |
| t.Fatalf("Create() failed %v", err) |
| } |
| fakeDataPrivate := testData() |
| if streamErr, err := invokeUpload(t, selfCtx, b("bini/private"), fakeDataPrivate, 0); streamErr != nil || err != nil { |
| t.Fatalf("invokeUpload() failed %v, %v", err, streamErr) |
| } |
| |
| if err := b("bini/shared").Create(selfCtx, 1, repository.MediaInfo{Type: "application/octet-stream"}); err != nil { |
| t.Fatalf("Create() failed %v", err) |
| } |
| fakeDataShared := testData() |
| if streamErr, err := invokeUpload(t, selfCtx, b("bini/shared"), fakeDataShared, 0); streamErr != nil || err != nil { |
| t.Fatalf("invokeUpload() failed %v, %v", err, streamErr) |
| } |
| |
| vlog.VI(2).Infof("Verify that in the beginning other can't access bini/private or bini/shared") |
| if _, _, err := b("bini/private").Stat(otherCtx); verror.ErrorID(err) != verror.ErrNoAccess.ID { |
| t.Fatalf("Stat() should have failed but didn't: %v", err) |
| } |
| if _, _, err := b("bini/shared").Stat(otherCtx); verror.ErrorID(err) != verror.ErrNoAccess.ID { |
| t.Fatalf("Stat() should have failed but didn't: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Validate the AccessList file on bini/private.") |
| perms, _, err := b("bini/private").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %v", err) |
| } |
| expected := access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self"}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self"}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self"}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self"}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self"}}, |
| } |
| if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| vlog.VI(2).Infof("Validate the AccessList file on bini/private.") |
| perms, version, err := b("bini/private").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %v", err) |
| } |
| if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| vlog.VI(2).Infof("self blesses other as self/other and locks the bini/private binary to itself.") |
| selfBlessing := selfPrincipal.BlessingStore().Default() |
| otherBlessing, err := selfPrincipal.Bless(otherPrincipal.PublicKey(), selfBlessing, "other", security.UnconstrainedUse()) |
| if err != nil { |
| t.Fatalf("selfPrincipal.Bless() failed: %v", err) |
| } |
| if _, err := otherPrincipal.BlessingStore().Set(otherBlessing, security.AllPrincipals); err != nil { |
| t.Fatalf("otherPrincipal.BlessingStore() failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Self modifies the AccessList file on bini/private.") |
| for _, tag := range access.AllTypicalTags() { |
| perms.Clear("self", string(tag)) |
| perms.Add("self/$", string(tag)) |
| } |
| if err := b("bini/private").SetPermissions(selfCtx, perms, version); err != nil { |
| t.Fatalf("SetPermissions failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof(" Verify that bini/private's perms are updated.") |
| updated := access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self/$"}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self/$"}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self/$"}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self/$"}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self/$"}}, |
| } |
| perms, _, err = b("bini/private").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %v", err) |
| } |
| if got, want := perms.Normalize(), updated.Normalize(); !reflect.DeepEqual(got, want) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| // Other still can't access bini/shared because there's no AccessList file at the |
| // root level. Self has to set one explicitly to enable sharing. This way, self |
| // can't accidentally expose the server without setting a root AccessList. |
| vlog.VI(2).Infof(" Verify that other still can't access bini/shared.") |
| if _, _, err := b("bini/shared").Stat(otherCtx); verror.ErrorID(err) != verror.ErrNoAccess.ID { |
| t.Fatalf("Stat() should have failed but didn't: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Self sets a root AccessList.") |
| newRootAccessList := make(access.Permissions) |
| for _, tag := range access.AllTypicalTags() { |
| newRootAccessList.Add("self/$", string(tag)) |
| } |
| if err := b("bini").SetPermissions(selfCtx, newRootAccessList, ""); err != nil { |
| t.Fatalf("SetPermissions failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Verify that other can access bini/shared now but not access bini/private.") |
| if _, _, err := b("bini/shared").Stat(otherCtx); err != nil { |
| t.Fatalf("Stat() shouldn't have failed: %v", err) |
| } |
| if _, _, err := b("bini/private").Stat(otherCtx); verror.ErrorID(err) != verror.ErrNoAccess.ID { |
| t.Fatalf("Stat() should have failed but didn't: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Other still can't create so Self gives Other right to Create.") |
| perms, tag, err := b("bini").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions() failed: %v", err) |
| } |
| |
| // More than one AccessList change will result in the same functional result in |
| // this test: that self/other acquires the right to invoke Create at the |
| // root. In particular: |
| // |
| // a. perms.Add("self", "Write ") |
| // b. perms.Add("self/other", "Write") |
| // c. perms.Add("self/other/$", "Write") |
| // |
| // will all give self/other the right to invoke Create but in the case of |
| // (a) it will also extend this right to self's delegates (because of the |
| // absence of the $) including other and in (b) will also extend the |
| // Create right to all of other's delegates. Since (c) is the minimum |
| // case, use that. |
| perms.Add("self/other/$", string("Write")) |
| err = b("bini").SetPermissions(selfCtx, perms, tag) |
| if err != nil { |
| t.Fatalf("SetPermissions() failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Other creates bini/otherbinary") |
| if err := b("bini/otherbinary").Create(otherCtx, 1, repository.MediaInfo{Type: "application/octet-stream"}); err != nil { |
| t.Fatalf("Create() failed %v", err) |
| } |
| fakeDataOther := testData() |
| if streamErr, err := invokeUpload(t, otherCtx, b("bini/otherbinary"), fakeDataOther, 0); streamErr != nil || err != nil { |
| t.FailNow() |
| } |
| |
| vlog.VI(2).Infof("Other can read perms for bini/otherbinary.") |
| updated = access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self/$", "self/other"}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self/$", "self/other"}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self/$", "self/other"}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self/$", "self/other"}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self/$", "self/other"}}, |
| } |
| perms, _, err = b("bini/otherbinary").GetPermissions(otherCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %v", err) |
| } |
| if got, want := perms.Normalize(), updated.Normalize(); !reflect.DeepEqual(want, got) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| vlog.VI(2).Infof("Other tries to exclude self by removing self from the AccessList set") |
| perms, tag, err = b("bini/otherbinary").GetPermissions(otherCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions() failed: %v", err) |
| } |
| perms.Clear("self/$") |
| err = b("bini/otherbinary").SetPermissions(otherCtx, perms, tag) |
| if err != nil { |
| t.Fatalf("SetPermissions() failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Verify that other can make this change.") |
| updated = access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self/other"}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self/other"}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self/other"}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self/other"}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self/other"}}, |
| } |
| perms, _, err = b("bini/otherbinary").GetPermissions(otherCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %v", err) |
| } |
| if got, want := perms.Normalize(), updated.Normalize(); !reflect.DeepEqual(want, got) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| vlog.VI(2).Infof("But self's rights are inherited from root so self can still access despite this.") |
| if _, _, err := b("bini/otherbinary").Stat(selfCtx); err != nil { |
| t.Fatalf("Stat() shouldn't have failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Self petulantly blacklists other back.") |
| perms, tag, err = b("bini").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions() failed: %v", err) |
| } |
| for _, tag := range access.AllTypicalTags() { |
| perms.Blacklist("self/other", string(tag)) |
| } |
| err = b("bini").SetPermissions(selfCtx, perms, tag) |
| if err != nil { |
| t.Fatalf("SetPermissions() failed: %v", err) |
| } |
| |
| vlog.VI(2).Infof("And now other can do nothing at affecting the root. Other should be penitent.") |
| if err := b("bini/nototherbinary").Create(otherCtx, 1, repository.MediaInfo{Type: "application/octet-stream"}); verror.ErrorID(err) != verror.ErrNoAccess.ID { |
| t.Fatalf("Create() should have failed %v", err) |
| } |
| |
| vlog.VI(2).Infof("But other can still access shared.") |
| if _, _, err := b("bini/shared").Stat(otherCtx); err != nil { |
| t.Fatalf("Stat() should not have failed but did: %v", err) |
| } |
| |
| vlog.VI(2).Infof("Self petulantly blacklists other's binary too.") |
| perms, tag, err = b("bini/shared").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions() failed: %v", err) |
| } |
| for _, tag := range access.AllTypicalTags() { |
| perms.Blacklist("self/other", string(tag)) |
| } |
| err = b("bini/shared").SetPermissions(selfCtx, perms, tag) |
| if err != nil { |
| t.Fatalf("SetPermissions() failed: %v", err) |
| } |
| vlog.VI(2).Infof("And now other can't access shared either.") |
| if _, _, err := b("bini/shared").Stat(otherCtx); verror.ErrorID(err) != verror.ErrNoAccess.ID { |
| t.Fatalf("Stat() should have failed but didn't: %v", err) |
| } |
| // TODO(rjkroege): Extend the test with a third principal and verify that |
| // new principals can be given Admin perimission at the root. |
| |
| vlog.VI(2).Infof("Self feels guilty for petulance and disempowers itself") |
| // TODO(rjkroege,caprita): This is a one-way transition for self. Perhaps it |
| // should not be. Consider adding a factory-reset facility. |
| perms, tag, err = b("bini").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions() failed: %v", err) |
| } |
| perms.Clear("self/$", "Admin") |
| err = b("bini").SetPermissions(selfCtx, perms, tag) |
| if err != nil { |
| t.Fatalf("SetPermissions() failed: %v", err) |
| } |
| |
| vlog.VI(2).Info("Self can't access other's binary now") |
| if _, _, err := b("bini/otherbinary").Stat(selfCtx); err == nil { |
| t.Fatalf("Stat() should have failed but didn't") |
| } |
| } |
| |
| func TestBinaryRationalStartingValueForGetPermissions(t *testing.T) { |
| ctx, shutdown := test.V23Init() |
| defer shutdown() |
| v23.GetNamespace(ctx).CacheCtl(naming.DisableCache(true)) |
| |
| selfPrincipal := testutil.NewPrincipal("self") |
| selfCtx, err := v23.WithPrincipal(ctx, selfPrincipal) |
| if err != nil { |
| t.Fatalf("WithPrincipal failed: %v", err) |
| } |
| sh, deferFn := servicetest.CreateShellAndMountTable(t, selfCtx, v23.GetPrincipal(selfCtx)) |
| defer deferFn() |
| |
| // setup mock up directory to put state in |
| storedir, cleanup := servicetest.SetupRootDir(t, "bindir") |
| defer cleanup() |
| prepDirectory(t, storedir) |
| |
| otherPrincipal := testutil.NewPrincipal("other") |
| if err := otherPrincipal.AddToRoots(selfPrincipal.BlessingStore().Default()); err != nil { |
| t.Fatalf("otherPrincipal.AddToRoots() failed: %v", err) |
| } |
| |
| nmh := servicetest.RunCommand(t, sh, nil, binaryd, "bini", storedir) |
| pid := servicetest.ReadPID(t, nmh) |
| defer syscall.Kill(pid, syscall.SIGINT) |
| |
| perms, tag, err := b("bini").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %#v", err) |
| } |
| expected := access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| } |
| if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| perms.Blacklist("self", string("Read")) |
| err = b("bini").SetPermissions(selfCtx, perms, tag) |
| if err != nil { |
| t.Fatalf("SetPermissions() failed: %v", err) |
| } |
| |
| perms, tag, err = b("bini").GetPermissions(selfCtx) |
| if err != nil { |
| t.Fatalf("GetPermissions failed: %#v", err) |
| } |
| expected = access.Permissions{ |
| "Admin": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Read": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{"self"}}, |
| "Write": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Debug": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| "Resolve": access.AccessList{In: []security.BlessingPattern{"self/$", "self/child"}, NotIn: []string{}}, |
| } |
| if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) { |
| t.Errorf("got %#v, expected %#v ", got, want) |
| } |
| |
| } |