summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Goodliffe <dan@randomdan.homeip.net>2015-07-20 21:00:22 +0100
committerDan Goodliffe <dan@randomdan.homeip.net>2015-07-20 21:00:22 +0100
commit9c7d9414051a9b6febdff80ae3f508b62ab10455 (patch)
treebf000780e628f5cdb0bbe505f34a0545a76a6ed3
parentSupport specification of configuration files when creating a test core (diff)
downloadnetfs-9c7d9414051a9b6febdff80ae3f508b62ab10455.tar.bz2
netfs-9c7d9414051a9b6febdff80ae3f508b62ab10455.tar.xz
netfs-9c7d9414051a9b6febdff80ae3f508b62ab10455.zip
Implement authtoken security
-rw-r--r--netfs/daemon/daemonConfig.ice3
-rw-r--r--netfs/daemon/daemonService.cpp5
-rw-r--r--netfs/fuse/fuseApp.cpp5
-rw-r--r--netfs/fuse/fuseConfig.ice3
-rw-r--r--netfs/unittests/Jamfile.jam2
-rw-r--r--netfs/unittests/secureDaemon.xml12
-rw-r--r--netfs/unittests/secureFuse.xml16
-rw-r--r--netfs/unittests/testCore.cpp30
8 files changed, 73 insertions, 3 deletions
diff --git a/netfs/daemon/daemonConfig.ice b/netfs/daemon/daemonConfig.ice
index bb77344..07fef60 100644
--- a/netfs/daemon/daemonConfig.ice
+++ b/netfs/daemon/daemonConfig.ice
@@ -11,6 +11,9 @@ module NetFS {
class Export {
["slicer:name:root"]
string RootPath;
+
+ ["slicer:name:authtoken"]
+ string AuthToken;
};
["slicer:key:name","slicer:value:export","slicer:item:export"]
diff --git a/netfs/daemon/daemonService.cpp b/netfs/daemon/daemonService.cpp
index fe587f1..7a81e51 100644
--- a/netfs/daemon/daemonService.cpp
+++ b/netfs/daemon/daemonService.cpp
@@ -9,13 +9,16 @@ ServiceServer::ServiceServer(NetFS::Daemon::ConfigurationPtr c) :
}
NetFS::VolumePrx
-ServiceServer::connect(const std::string & share, const std::string &, const Ice::Current & ice)
+ServiceServer::connect(const std::string & share, const std::string & authtoken, const Ice::Current & ice)
{
//boost::lock_guard<boost::mutex> lg(lock);
NetFS::Daemon::ExportMap::iterator e = config->Exports.find(share);
if (e == config->Exports.end()) {
throw NetFS::ConfigError();
}
+ if (!e->second->AuthToken.empty() && e->second->AuthToken != authtoken) {
+ throw NetFS::AuthError();
+ }
return NetFS::VolumePrx::checkedCast(ice.adapter->addWithUUID(new VolumeServer(e->second->RootPath)));
}
diff --git a/netfs/fuse/fuseApp.cpp b/netfs/fuse/fuseApp.cpp
index ac0dab5..a752e47 100644
--- a/netfs/fuse/fuseApp.cpp
+++ b/netfs/fuse/fuseApp.cpp
@@ -118,7 +118,7 @@ void
NetFS::FuseApp::connectToVolume()
{
if (!volume) {
- volume = service->connect(fcr->ExportName, "bar");
+ volume = service->connect(fcr->ExportName, fcr->AuthToken);
if (!volume) {
throw std::runtime_error("Invalid filesystem proxy");
}
@@ -188,6 +188,9 @@ NetFS::FuseApp::onError(const std::exception & e) throw()
connectHandles();
return 0;
}
+ if (dynamic_cast<const NetFS::AuthError *>(&e)) {
+ return -EPERM;
+ }
return FuseAppBase::onError(e);
}
diff --git a/netfs/fuse/fuseConfig.ice b/netfs/fuse/fuseConfig.ice
index db37770..d4cee41 100644
--- a/netfs/fuse/fuseConfig.ice
+++ b/netfs/fuse/fuseConfig.ice
@@ -12,6 +12,9 @@ module NetFS {
["slicer:name:endpoints"]
EndpointList Endpoints;
+
+ ["slicer:name:authtoken"]
+ string AuthToken;
};
["slicer:key:name","slicer:value:resource","slicer:item:resource"]
diff --git a/netfs/unittests/Jamfile.jam b/netfs/unittests/Jamfile.jam
index 316491e..f1a4663 100644
--- a/netfs/unittests/Jamfile.jam
+++ b/netfs/unittests/Jamfile.jam
@@ -27,7 +27,7 @@ lib testMocks :
run testCore.cpp
- : : defaultDaemon.xml defaultFuse.xml :
+ : : defaultDaemon.xml defaultFuse.xml secureDaemon.xml secureFuse.xml :
<define>BOOST_TEST_DYN_LINK
<library>boost_utf
<library>testMocks
diff --git a/netfs/unittests/secureDaemon.xml b/netfs/unittests/secureDaemon.xml
new file mode 100644
index 0000000..73e2f9d
--- /dev/null
+++ b/netfs/unittests/secureDaemon.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="ascii"?>
+<config>
+ <exports>
+ <export>
+ <name>testvol</name>
+ <export>
+ <authtoken>secure_key</authtoken>
+ <root>/overridden</root>
+ </export>
+ </export>
+ </exports>
+</config>
diff --git a/netfs/unittests/secureFuse.xml b/netfs/unittests/secureFuse.xml
new file mode 100644
index 0000000..e7e8418
--- /dev/null
+++ b/netfs/unittests/secureFuse.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="ascii"?>
+<config>
+ <resources>
+ <resource>
+ <name>testvol</name>
+ <resource>
+ <export>testvol</export>
+ <authtoken>secure_key</authtoken>
+ <endpoints>
+ <endpoint>overridden</endpoint>
+ </endpoints>
+ </resource>
+ </resource>
+ </resources>
+</config>
+
diff --git a/netfs/unittests/testCore.cpp b/netfs/unittests/testCore.cpp
index 10b04e2..927262b 100644
--- a/netfs/unittests/testCore.cpp
+++ b/netfs/unittests/testCore.cpp
@@ -33,6 +33,8 @@ class Core {
FuseMockHost fuseHost;
Ice::CommunicatorPtr ic;
+
+ public:
const fuse_operations * fuse;
};
@@ -53,3 +55,31 @@ BOOST_AUTO_TEST_CASE ( clientInitialised )
BOOST_AUTO_TEST_SUITE_END();
+BOOST_AUTO_TEST_CASE( testNoAuthNoPass )
+{
+ Core c("defaultDaemon.xml", "defaultFuse.xml");
+ struct statvfs s;
+ BOOST_REQUIRE_EQUAL(0, c.fuse->statfs("/", &s));
+}
+
+BOOST_AUTO_TEST_CASE( testWithAuthNoPass )
+{
+ Core c("secureDaemon.xml", "defaultFuse.xml");
+ struct statvfs s;
+ BOOST_REQUIRE_EQUAL(-EPERM, c.fuse->statfs("/", &s));
+}
+
+BOOST_AUTO_TEST_CASE( testWithAuthWithPass )
+{
+ Core c("secureDaemon.xml", "secureFuse.xml");
+ struct statvfs s;
+ BOOST_REQUIRE_EQUAL(0, c.fuse->statfs("/", &s));
+}
+
+BOOST_AUTO_TEST_CASE( testNoAuthWithPass )
+{
+ Core c("defaultDaemon.xml", "secureFuse.xml");
+ struct statvfs s;
+ BOOST_REQUIRE_EQUAL(0, c.fuse->statfs("/", &s));
+}
+