diff options
author | Dan Goodliffe <dan@randomdan.homeip.net> | 2015-07-20 21:00:22 +0100 |
---|---|---|
committer | Dan Goodliffe <dan@randomdan.homeip.net> | 2015-07-20 21:00:22 +0100 |
commit | 9c7d9414051a9b6febdff80ae3f508b62ab10455 (patch) | |
tree | bf000780e628f5cdb0bbe505f34a0545a76a6ed3 | |
parent | Support specification of configuration files when creating a test core (diff) | |
download | netfs-9c7d9414051a9b6febdff80ae3f508b62ab10455.tar.bz2 netfs-9c7d9414051a9b6febdff80ae3f508b62ab10455.tar.xz netfs-9c7d9414051a9b6febdff80ae3f508b62ab10455.zip |
Implement authtoken security
-rw-r--r-- | netfs/daemon/daemonConfig.ice | 3 | ||||
-rw-r--r-- | netfs/daemon/daemonService.cpp | 5 | ||||
-rw-r--r-- | netfs/fuse/fuseApp.cpp | 5 | ||||
-rw-r--r-- | netfs/fuse/fuseConfig.ice | 3 | ||||
-rw-r--r-- | netfs/unittests/Jamfile.jam | 2 | ||||
-rw-r--r-- | netfs/unittests/secureDaemon.xml | 12 | ||||
-rw-r--r-- | netfs/unittests/secureFuse.xml | 16 | ||||
-rw-r--r-- | netfs/unittests/testCore.cpp | 30 |
8 files changed, 73 insertions, 3 deletions
diff --git a/netfs/daemon/daemonConfig.ice b/netfs/daemon/daemonConfig.ice index bb77344..07fef60 100644 --- a/netfs/daemon/daemonConfig.ice +++ b/netfs/daemon/daemonConfig.ice @@ -11,6 +11,9 @@ module NetFS { class Export { ["slicer:name:root"] string RootPath; + + ["slicer:name:authtoken"] + string AuthToken; }; ["slicer:key:name","slicer:value:export","slicer:item:export"] diff --git a/netfs/daemon/daemonService.cpp b/netfs/daemon/daemonService.cpp index fe587f1..7a81e51 100644 --- a/netfs/daemon/daemonService.cpp +++ b/netfs/daemon/daemonService.cpp @@ -9,13 +9,16 @@ ServiceServer::ServiceServer(NetFS::Daemon::ConfigurationPtr c) : } NetFS::VolumePrx -ServiceServer::connect(const std::string & share, const std::string &, const Ice::Current & ice) +ServiceServer::connect(const std::string & share, const std::string & authtoken, const Ice::Current & ice) { //boost::lock_guard<boost::mutex> lg(lock); NetFS::Daemon::ExportMap::iterator e = config->Exports.find(share); if (e == config->Exports.end()) { throw NetFS::ConfigError(); } + if (!e->second->AuthToken.empty() && e->second->AuthToken != authtoken) { + throw NetFS::AuthError(); + } return NetFS::VolumePrx::checkedCast(ice.adapter->addWithUUID(new VolumeServer(e->second->RootPath))); } diff --git a/netfs/fuse/fuseApp.cpp b/netfs/fuse/fuseApp.cpp index ac0dab5..a752e47 100644 --- a/netfs/fuse/fuseApp.cpp +++ b/netfs/fuse/fuseApp.cpp @@ -118,7 +118,7 @@ void NetFS::FuseApp::connectToVolume() { if (!volume) { - volume = service->connect(fcr->ExportName, "bar"); + volume = service->connect(fcr->ExportName, fcr->AuthToken); if (!volume) { throw std::runtime_error("Invalid filesystem proxy"); } @@ -188,6 +188,9 @@ NetFS::FuseApp::onError(const std::exception & e) throw() connectHandles(); return 0; } + if (dynamic_cast<const NetFS::AuthError *>(&e)) { + return -EPERM; + } return FuseAppBase::onError(e); } diff --git a/netfs/fuse/fuseConfig.ice b/netfs/fuse/fuseConfig.ice index db37770..d4cee41 100644 --- a/netfs/fuse/fuseConfig.ice +++ b/netfs/fuse/fuseConfig.ice @@ -12,6 +12,9 @@ module NetFS { ["slicer:name:endpoints"] EndpointList Endpoints; + + ["slicer:name:authtoken"] + string AuthToken; }; ["slicer:key:name","slicer:value:resource","slicer:item:resource"] diff --git a/netfs/unittests/Jamfile.jam b/netfs/unittests/Jamfile.jam index 316491e..f1a4663 100644 --- a/netfs/unittests/Jamfile.jam +++ b/netfs/unittests/Jamfile.jam @@ -27,7 +27,7 @@ lib testMocks : run testCore.cpp - : : defaultDaemon.xml defaultFuse.xml : + : : defaultDaemon.xml defaultFuse.xml secureDaemon.xml secureFuse.xml : <define>BOOST_TEST_DYN_LINK <library>boost_utf <library>testMocks diff --git a/netfs/unittests/secureDaemon.xml b/netfs/unittests/secureDaemon.xml new file mode 100644 index 0000000..73e2f9d --- /dev/null +++ b/netfs/unittests/secureDaemon.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="ascii"?> +<config> + <exports> + <export> + <name>testvol</name> + <export> + <authtoken>secure_key</authtoken> + <root>/overridden</root> + </export> + </export> + </exports> +</config> diff --git a/netfs/unittests/secureFuse.xml b/netfs/unittests/secureFuse.xml new file mode 100644 index 0000000..e7e8418 --- /dev/null +++ b/netfs/unittests/secureFuse.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="ascii"?> +<config> + <resources> + <resource> + <name>testvol</name> + <resource> + <export>testvol</export> + <authtoken>secure_key</authtoken> + <endpoints> + <endpoint>overridden</endpoint> + </endpoints> + </resource> + </resource> + </resources> +</config> + diff --git a/netfs/unittests/testCore.cpp b/netfs/unittests/testCore.cpp index 10b04e2..927262b 100644 --- a/netfs/unittests/testCore.cpp +++ b/netfs/unittests/testCore.cpp @@ -33,6 +33,8 @@ class Core { FuseMockHost fuseHost; Ice::CommunicatorPtr ic; + + public: const fuse_operations * fuse; }; @@ -53,3 +55,31 @@ BOOST_AUTO_TEST_CASE ( clientInitialised ) BOOST_AUTO_TEST_SUITE_END(); +BOOST_AUTO_TEST_CASE( testNoAuthNoPass ) +{ + Core c("defaultDaemon.xml", "defaultFuse.xml"); + struct statvfs s; + BOOST_REQUIRE_EQUAL(0, c.fuse->statfs("/", &s)); +} + +BOOST_AUTO_TEST_CASE( testWithAuthNoPass ) +{ + Core c("secureDaemon.xml", "defaultFuse.xml"); + struct statvfs s; + BOOST_REQUIRE_EQUAL(-EPERM, c.fuse->statfs("/", &s)); +} + +BOOST_AUTO_TEST_CASE( testWithAuthWithPass ) +{ + Core c("secureDaemon.xml", "secureFuse.xml"); + struct statvfs s; + BOOST_REQUIRE_EQUAL(0, c.fuse->statfs("/", &s)); +} + +BOOST_AUTO_TEST_CASE( testNoAuthWithPass ) +{ + Core c("defaultDaemon.xml", "secureFuse.xml"); + struct statvfs s; + BOOST_REQUIRE_EQUAL(0, c.fuse->statfs("/", &s)); +} + |