Google Git
Sign in
vanadium / release.go.x.ref / 77357d7d7d92413c0caab8b6bff1481edb3d66e0^! / . / runtimes / google / naming / namespace / all_test.go
commit77357d7d7d92413c0caab8b6bff1481edb3d66e0[log] [tgz]
authorSuharsh Sivakumar <suharshs@google.com>Sat Feb 21 22:14:20 2015 -0800
committerSuharsh Sivakumar <suharshs@google.com>Sat Feb 21 22:14:29 2015 -0800
treed1c0e20b3badb71b6004e1f7308769bb9c75a7c9
parentab121830ae35922150b17aa211dd2ad2628eaec0 [diff] [blame]
veyron/runtimes/google/ipc: The blessings the server is started with
are the its blessings FOREVER!

If one wants to use new blessings they need to create a new server
with those blessings.

Change-Id: I49a06b5cfe367d728f37c0b4dc43f4a4d7a4e808

diff --git a/runtimes/google/naming/namespace/all_test.go b/runtimes/google/naming/namespace/all_test.go
index 823b547..29e7bcc 100644
--- a/runtimes/google/naming/namespace/all_test.go
+++ b/runtimes/google/naming/namespace/all_test.go

@@ -715,23 +715,19 @@
 	}
 
 	// Intermediate mounttables should be authenticated.
-	// Simulate an "attacker" by changing the blessings presented by this
-	// intermediate mounttable (which will not be consistent with the
-	// blessing pattern in the mount entry). A subtle annoyance here: This
-	// "attack" is valid only until the child mounttable remounts itself.
-	// Currently this remounting period is set to 1 minute (publishPeriod
-	// in ipc/consts.go), but if that changes - then this test may need
-	// to change as well.
-	runMT(t, mtCtx, "mt")
-	attacker, err := veyron2.GetPrincipal(mtCtx).BlessSelf("attacker")
-	if err != nil {
-		t.Fatal(err)
-	}
+	mt := runMT(t, mtCtx, "mt")
+	// Mount a server on "mt".
 	if err := mount("mt/server", ep1, time.Minute, naming.ReplaceMountOpt(true)); err != nil {
 		t.Error(err)
-	} else if err := veyron2.GetPrincipal(mtCtx).BlessingStore().SetDefault(attacker); err != nil {
+	}
+	// Imagine that the network address of "mt" has been taken over by an attacker. However, this attacker cannot
+	// mess with the mount entry for "mt". This would result in "mt" and its mount entry (in the global mounttable)
+	// having inconsistent blessings. Simulate this by explicitly changing the mount entry for "mt".
+	if err := veyron2.GetNamespace(mtCtx).Mount(mtCtx, "mt", mt.name, time.Minute, naming.ServesMountTableOpt(true), naming.MountedServerBlessingsOpt{"realmounttable"}, naming.ReplaceMountOpt(true)); err != nil {
 		t.Error(err)
-	} else if e, err := resolve("mt/server", options.SkipResolveAuthorization{}); err != nil {
+	}
+
+	if e, err := resolve("mt/server", options.SkipResolveAuthorization{}); err != nil {
 		t.Errorf("Resolve should succeed when skipping server authorization. Got (%v, %v)", e, err)
 	} else if e, err := resolve("mt/server"); !verror.Is(err, verror.ErrNotTrusted.ID) {
 		t.Errorf("Resolve should have failed with %q because an attacker has taken over the intermediate mounttable. Got (%+v, errorid=%q:%v)", verror.ErrNotTrusted.ID, e, verror.ErrorID(err), err)