You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by da...@apache.org on 2014/01/07 15:39:02 UTC
git commit: Additional itests for command security.
Updated Branches:
refs/heads/master 5335f674d -> 891c43b7e
Additional itests for command security.
These cover the config: commands.
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/891c43b7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/891c43b7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/891c43b7
Branch: refs/heads/master
Commit: 891c43b7eb890b085091570f323ee85037949e21
Parents: 5335f67
Author: David Bosschaert <da...@apache.org>
Authored: Tue Jan 7 14:37:13 2014 +0000
Committer: David Bosschaert <da...@apache.org>
Committed: Tue Jan 7 14:37:13 2014 +0000
----------------------------------------------------------------------
.../karaf/itests/SshCommandSecurityTest.java | 93 +++++++++++++++-----
1 file changed, 71 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/891c43b7/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java
index 90a196a..2606cb4 100644
--- a/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java
@@ -66,31 +66,79 @@ public class SshCommandSecurityTest extends KarafTestSupport {
addUsers(manageruser, vieweruser);
- testCommandCredentials(manageruser, "bundle:refresh -f 999\n", Result.NO_CREDENTIALS);
- testCommandCredentials(manageruser, "bundle:refresh 999\n", Result.OK);
- testCommandCredentials("karaf", "bundle:refresh -f 999\n", Result.OK);
- testCommandCredentials(manageruser, "bundle:restart -f 999\n", Result.NO_CREDENTIALS);
- testCommandCredentials(manageruser, "bundle:restart 999\n", Result.OK);
- testCommandCredentials("karaf", "bundle:restart -f 999\n", Result.OK);
- testCommandCredentials(manageruser, "bundle:start -f 999\n", Result.NO_CREDENTIALS);
- testCommandCredentials(manageruser, "bundle:start 999\n", Result.OK);
- testCommandCredentials("karaf", "bundle:start -f 999\n", Result.OK);
- testCommandCredentials(manageruser, "bundle:stop -f 999\n", Result.NO_CREDENTIALS);
- testCommandCredentials(manageruser, "bundle:stop 999\n", Result.OK);
- testCommandCredentials("karaf", "bundle:stop -f 999\n", Result.OK);
- testCommandCredentials(manageruser, "bundle:uninstall -f 999\n", Result.NO_CREDENTIALS);
- testCommandCredentials(manageruser, "bundle:uninstall 999\n", Result.OK);
- testCommandCredentials("karaf", "bundle:uninstall -f 999\n", Result.OK);
- testCommandCredentials(manageruser, "bundle:update -f 999\n", Result.NO_CREDENTIALS);
- testCommandCredentials(manageruser, "bundle:update 999\n", Result.OK);
- testCommandCredentials("karaf", "bundle:update -f 999\n", Result.OK);
- testCommandCredentials(manageruser, "bundle:install xyz\n", Result.NOT_FOUND);
- testCommandCredentials("karaf", "bundle:install xyz\n", Result.OK);
+ // TODO viewer user
+ assertCommand(manageruser, "bundle:refresh -f 999", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "bundle:refresh 999", Result.OK);
+ assertCommand("karaf", "bundle:refresh -f 999", Result.OK);
+ assertCommand(manageruser, "bundle:restart -f 999", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "bundle:restart 999", Result.OK);
+ assertCommand("karaf", "bundle:restart -f 999", Result.OK);
+ assertCommand(manageruser, "bundle:start -f 999", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "bundle:start 999", Result.OK);
+ assertCommand("karaf", "bundle:start -f 999", Result.OK);
+ assertCommand(manageruser, "bundle:stop -f 999", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "bundle:stop 999", Result.OK);
+ assertCommand("karaf", "bundle:stop -f 999", Result.OK);
+ assertCommand(manageruser, "bundle:uninstall -f 999", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "bundle:uninstall 999", Result.OK);
+ assertCommand("karaf", "bundle:uninstall -f 999", Result.OK);
+ assertCommand(manageruser, "bundle:update -f 999", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "bundle:update 999", Result.OK);
+ assertCommand("karaf", "bundle:update -f 999", Result.OK);
+ assertCommand(manageruser, "bundle:install xyz", Result.NOT_FOUND);
+ assertCommand("karaf", "bundle:install xyz", Result.OK);
}
- private void testCommandCredentials(String user, String command, Result result) throws Exception, IOException {
+ @Test
+ public void testConfigCommandSecurityViaSsh() throws Exception {
+ String manageruser = "man" + System.nanoTime() + "_" + counter++;
+ String vieweruser = "view" + System.nanoTime() + "_" + counter++;
+
+ addUsers(manageruser, vieweruser);
+
+ testConfigEditsSuccessful(manageruser, false);
+ testConfigEditsSuccessful("karaf", true);
+ }
+
+ private void testConfigEditsSuccessful(String user, boolean isAdmin) throws Exception, IOException {
+ String pid = "cfg." + user + "_" + counter++;
+ assertCommand(user, "config:edit " + pid + "\n" +
+ "config:property-set x y\n" +
+ "config:property-set a b\n" +
+ "config:property-append x z\n" +
+ "config:update", Result.OK);
+ String result = assertCommand(user, "config:edit " + pid + "\n" +
+ "config:property-list", Result.OK);
+ Assert.assertTrue(result.contains("x = yz"));
+ Assert.assertTrue(result.contains("a = b"));
+ String result2 = assertCommand(user, "config:edit " + pid + "\n" +
+ "config:property-delete a\n" +
+ "config:property-list\n" +
+ "config:update", Result.OK);
+ Assert.assertTrue(result2.contains("x = yz"));
+ Assert.assertFalse(result2.contains("a = b"));
+
+ if (isAdmin) {
+ assertCommand(user, "config:delete " + pid, Result.OK);
+ String result3 = assertCommand(user, "config:edit " + pid + "\n" +
+ "config:property-list", Result.OK);
+ Assert.assertFalse(result3.contains("x = yz"));
+ Assert.assertFalse(result3.contains("a = b"));
+ } else {
+ assertCommand(user, "config:delete " + pid, Result.NOT_FOUND);
+ String result3 = assertCommand(user, "config:edit " + pid + "\n" +
+ "config:property-list", Result.OK);
+ Assert.assertTrue("The delete command should have had no effect", result3.contains("x = yz"));
+ Assert.assertFalse(result3.contains("a = b"));
+ }
+ }
+
+ private String assertCommand(String user, String command, Result result) throws Exception, IOException {
+ if (!command.endsWith("\n"))
+ command += "\n";
+
ByteArrayOutputStream out = new ByteArrayOutputStream();
- OutputStream pipe = openSshChannel(user, user, out);
+ OutputStream pipe = openSshChannel(user, user, out, out);
pipe.write(command.getBytes());
pipe.flush();
@@ -113,6 +161,7 @@ public class SshCommandSecurityTest extends KarafTestSupport {
default:
Assert.fail("Unexpected enum value: " + result);
}
+ return output;
}
private void addUsers(String manageruser, String vieweruser) throws Exception {