You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/07 06:30:06 UTC

git commit: [KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add ConfigSshCommandSecurityTest

Repository: karaf
Updated Branches:
  refs/heads/karaf-2.x 0b62b8636 -> 25e5df29f


[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add ConfigSshCommandSecurityTest


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/25e5df29
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/25e5df29
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/25e5df29

Branch: refs/heads/karaf-2.x
Commit: 25e5df29f179c772b729a993fdaa2d3829c95c6d
Parents: 0b62b86
Author: Freeman Fang <fr...@gmail.com>
Authored: Wed May 7 12:29:44 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Wed May 7 12:29:44 2014 +0800

----------------------------------------------------------------------
 .../itests/ConfigSshCommandSecurityTest.java    | 132 +++++++++++++++++++
 .../apache/karaf/itests/SshCommandTestBase.java |   4 +-
 2 files changed, 134 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/25e5df29/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
new file mode 100644
index 0000000..6b72241
--- /dev/null
+++ b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.itests;
+
+import java.io.IOException;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.junit.PaxExam;
+import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
+import org.ops4j.pax.exam.spi.reactors.PerClass;
+
+/**
+ * This test exercises the Shell Command ACL for the config scope commands as defined in
+ * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
+ */
+@RunWith(PaxExam.class)
+@ExamReactorStrategy(PerClass.class)
+public class ConfigSshCommandSecurityTest extends SshCommandTestBase {
+    private static int counter = 0;
+    @Test
+    public void testConfigCommandSecurityViaSsh() throws Exception {
+        String manageruser = "man" + System.nanoTime() + "_" + counter++;
+        String vieweruser = "view" + System.nanoTime() + "_" + counter++;
+
+        addUsers(manageruser, vieweruser);
+
+        // A viewer cannot do anything to ConfigAdmin
+        assertCommand(vieweruser, "config:edit cfg." + vieweruser, Result.NOT_FOUND);
+        assertCommand(vieweruser, "config:delete cfg." + vieweruser, Result.NOT_FOUND);
+
+        testConfigEdits(manageruser, Result.OK, "cfg." + manageruser, false);
+        testConfigEdits(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++, false);
+        testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++, false);
+        testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++, false);
+        testConfigEdits("karaf", Result.OK, "cfg.karaf_" + counter++, true);
+        testConfigEdits("karaf", Result.OK, "jmx.acl.test_" + counter++, true);
+        testConfigEdits("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++, true);
+        testConfigEdits("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++, true);
+    }
+
+    private void testConfigEdits(String user, Result expectedEditResult, String pid, boolean isAdmin) throws Exception, IOException {
+        assertCommand(user, "config:edit " + pid + "\n" +
+                "config:propset x y\n" +
+                "config:propset a b\n" +
+                "config:propappend x z\n" +
+                "config:update", expectedEditResult);
+        if (expectedEditResult != Result.OK)
+            // If we're expecting failure, don't continue any further...
+            return;
+
+        String result = assertCommand(user, "config:edit " + pid + "\n" +
+                "config:proplist\n" +
+                "config:cancel", Result.OK);
+        Assert.assertTrue(result.contains("x = yz"));
+        Assert.assertTrue(result.contains("a = b"));
+        String result2 = assertCommand(user, "config:edit " + pid + "\n" +
+                "config:propdel a\n" +
+                "config:proplist\n" +
+                "config:update", Result.OK);
+        Assert.assertTrue(result2.contains("x = yz"));
+        Assert.assertFalse(result2.contains("a = b"));
+
+        if (isAdmin) {
+            assertCommand(user, "config:delete " + pid, Result.OK);
+            String result3 = assertCommand(user, "config:edit " + pid + "\n" +
+                    "config:proplist", Result.OK);
+            Assert.assertFalse(result3.contains("x = yz"));
+            Assert.assertFalse(result3.contains("a = b"));
+        } else {
+            assertCommand(user, "config:delete " + pid, Result.NOT_FOUND);
+            String result3 = assertCommand(user, "config:edit " + pid + "\n" +
+                    "config:proplist", Result.OK);
+            Assert.assertTrue("The delete command should have had no effect", result3.contains("x = yz"));
+            Assert.assertFalse(result3.contains("a = b"));
+        }
+    }
+
+    @Test
+    public void testConfigCommandSecurityWithoutEditSessionViaSsh() throws Exception {
+        String manageruser = "man" + System.nanoTime() + "_" + counter++;
+        String vieweruser = "view" + System.nanoTime() + "_" + counter++;
+
+        addUsers(manageruser, vieweruser);
+
+        // Test the viewer user. Since the viewer cannot modify anything wrt Config Admin
+        // the commands should not even be found...
+        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "cfg." + vieweruser);
+        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "jmx.acl.test_" + counter++);
+        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.command.acl.test_" + counter++);
+        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.service.acl.test_" + counter++);
+        
+
+        // Test the manager user. The manager can modify some properties, but not the ones associated with security
+        // Therefore the config: commands will be found, but in some cases the manager is denied access
+        testConfigEditsNoSession(manageruser, Result.OK, "cfg." + manageruser);
+        testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++);
+        testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++);
+        testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++);
+        
+
+        // The admin user can modify everything.
+        testConfigEditsNoSession("karaf", Result.OK, "cfg.karaf.test_" + counter++);
+        testConfigEditsNoSession("karaf", Result.OK, "jmx.acl.test_" + counter++);
+        testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++);
+        testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++);
+    }
+
+    private void testConfigEditsNoSession(String user, Result expectedResult, String pid) throws Exception, IOException {
+        assertCommand(user, "config:propset -b -p " + pid + " a.b.c d.e.f", expectedResult);
+        assertCommand(user, "config:propappend -b -p " + pid + " a.b.c .g.h", expectedResult);
+        if (expectedResult == Result.OK) {
+            Assert.assertTrue(assertCommand(user, "config:proplist -p " + pid, Result.OK).contains("a.b.c = d.e.f.g.h"));
+        }
+        assertCommand(user, "config:propdel -b -p " + pid + " a.b.c", expectedResult);
+        if (expectedResult == Result.OK) {
+            Assert.assertFalse(assertCommand(user, "config:proplist -b -p " + pid, Result.OK).contains("a.b.c"));
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/karaf/blob/25e5df29/itests/src/test/java/org/apache/karaf/itests/SshCommandTestBase.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/SshCommandTestBase.java b/itests/src/test/java/org/apache/karaf/itests/SshCommandTestBase.java
index 48085cb..b508451 100644
--- a/itests/src/test/java/org/apache/karaf/itests/SshCommandTestBase.java
+++ b/itests/src/test/java/org/apache/karaf/itests/SshCommandTestBase.java
@@ -91,10 +91,10 @@ public class SshCommandTestBase extends KarafTestSupport {
         OutputStream pipe = openSshChannel(user, user, out, out);
         pipe.write(command.getBytes());
         pipe.flush();
-
+        //wait for command done;
         closeSshChannel(pipe);
         String output = new String(out.toByteArray());
-
+            
         switch(result) {
         case OK:
             Assert.assertFalse("Should not contain 'Insufficient credentials' or 'Command not found': " + output,