itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java - karaf - Git at Google

 /*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.karaf.itests;

 import java.io.IOException;

 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.ops4j.pax.exam.junit.PaxExam;
 import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
 import org.ops4j.pax.exam.spi.reactors.PerClass;

 /**
  * This test exercises the Shell Command ACL for the config scope commands as defined in
  * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
  */
 @RunWith(PaxExam.class)
 @ExamReactorStrategy(PerClass.class)
 public class ConfigSshCommandSecurityTest extends SshCommandTestBase {

     private static int counter = 0;

     @Test
     public void testConfigCommandSecurityViaSsh() throws Exception {
         String manageruser = "man" + System.nanoTime() + "_" + counter++;
         String vieweruser = "view" + System.nanoTime() + "_" + counter++;

         addUsers(manageruser, vieweruser);

         // A viewer cannot do anything to ConfigAdmin
         assertCommand(vieweruser, "config:edit cfg." + vieweruser, Result.NOT_FOUND);
         assertCommand(vieweruser, "config:delete cfg." + vieweruser, Result.NOT_FOUND);

         testConfigEdits(manageruser, Result.OK, "cfg." + manageruser, false);
         testConfigEdits(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++, false);
         testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++, false);
         testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++, false);
         testConfigEdits("karaf", Result.OK, "cfg.karaf_" + counter++, true);
         testConfigEdits("karaf", Result.OK, "jmx.acl.test_" + counter++, true);
         testConfigEdits("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++, true);
         testConfigEdits("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++, true);
     }

     private void testConfigEdits(String user, Result expectedEditResult, String pid, boolean isAdmin) throws Exception, IOException {
         assertCommand(user, "config:edit " + pid + "\n" +
                 "config:property-set x y\n" +
                 "config:property-set a b\n" +
                 "config:property-append x z\n" +
                 "config:update", expectedEditResult);
         if (expectedEditResult != Result.OK)
             // If we're expecting failure, don't continue any further...
             return;

         String result = assertCommand(user, "config:edit " + pid + "\n" +
                 "config:property-list\n" +
                 "config:cancel", Result.OK);
         Assert.assertTrue(result.contains("x = yz"));
         Assert.assertTrue(result.contains("a = b"));
         String result2 = assertCommand(user, "config:edit " + pid + "\n" +
                 "config:property-delete a\n" +
                 "config:property-list\n" +
                 "config:update", Result.OK);
         Assert.assertTrue(result2.contains("x = yz"));
         Assert.assertFalse(result2.contains("a = b"));

         if (isAdmin) {
             assertCommand(user, "config:delete " + pid, Result.OK);
             String result3 = assertCommand(user, "config:edit " + pid + "\n" +
                     "config:property-list", Result.OK);
             Assert.assertFalse(result3.contains("x = yz"));
             Assert.assertFalse(result3.contains("a = b"));
         } else {
             assertCommand(user, "config:delete " + pid, Result.NOT_FOUND);
             String result3 = assertCommand(user, "config:edit " + pid + "\n" +
                     "config:property-list", Result.OK);
             Assert.assertTrue("The delete command should have had no effect", result3.contains("x = yz"));
             Assert.assertFalse(result3.contains("a = b"));
         }
     }

     @Test
     public void testConfigCommandSecurityWithoutEditSessionViaSsh() throws Exception {
         String manageruser = "man" + System.nanoTime() + "_" + counter++;
         String vieweruser = "view" + System.nanoTime() + "_" + counter++;

         addUsers(manageruser, vieweruser);

         // Test the viewer user. Since the viewer cannot modify anything wrt Config Admin
         // the commands should not even be found...
         testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "cfg." + vieweruser);
         testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "jmx.acl.test_" + counter++);
         testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.command.acl.test_" + counter++);
         testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.service.acl.test_" + counter++);

         // Test the manager user. The manager can modify some properties, but not the ones associated with security
         // Therefore the config: commands will be found, but in some cases the manager is denied access
         testConfigEditsNoSession(manageruser, Result.OK, "cfg." + manageruser);
         testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++);
         testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++);
         testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++);

         // The admin user can modify everything.
         testConfigEditsNoSession("karaf", Result.OK, "cfg.karaf.test_" + counter++);
         testConfigEditsNoSession("karaf", Result.OK, "jmx.acl.test_" + counter++);
         testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++);
         testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++);
     }

     private void testConfigEditsNoSession(String user, Result expectedResult, String pid) throws Exception, IOException {
         assertCommand(user, "config:property-set -p " + pid + " a.b.c d.e.f", expectedResult);
         assertCommand(user, "config:property-append -p " + pid + " a.b.c .g.h", expectedResult);

         if (expectedResult == Result.OK) {
             Assert.assertTrue(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c = d.e.f.g.h"));
         }
         assertCommand(user, "config:property-delete -p " + pid + " a.b.c", expectedResult);
         if (expectedResult == Result.OK) {
             Assert.assertFalse(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c"));
         }
     }
 }
	/*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.karaf.itests;

	import java.io.IOException;

	import org.junit.Assert;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.ops4j.pax.exam.junit.PaxExam;
	import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
	import org.ops4j.pax.exam.spi.reactors.PerClass;

	/**
	* This test exercises the Shell Command ACL for the config scope commands as defined in
	* /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
	*/
	@RunWith(PaxExam.class)
	@ExamReactorStrategy(PerClass.class)
	public class ConfigSshCommandSecurityTest extends SshCommandTestBase {

	private static int counter = 0;

	@Test
	public void testConfigCommandSecurityViaSsh() throws Exception {
	String manageruser = "man" + System.nanoTime() + "_" + counter++;
	String vieweruser = "view" + System.nanoTime() + "_" + counter++;

	addUsers(manageruser, vieweruser);

	// A viewer cannot do anything to ConfigAdmin
	assertCommand(vieweruser, "config:edit cfg." + vieweruser, Result.NOT_FOUND);
	assertCommand(vieweruser, "config:delete cfg." + vieweruser, Result.NOT_FOUND);

	testConfigEdits(manageruser, Result.OK, "cfg." + manageruser, false);
	testConfigEdits(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++, false);
	testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++, false);
	testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++, false);
	testConfigEdits("karaf", Result.OK, "cfg.karaf_" + counter++, true);
	testConfigEdits("karaf", Result.OK, "jmx.acl.test_" + counter++, true);
	testConfigEdits("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++, true);
	testConfigEdits("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++, true);
	}

	private void testConfigEdits(String user, Result expectedEditResult, String pid, boolean isAdmin) throws Exception, IOException {
	assertCommand(user, "config:edit " + pid + "\n" +
	"config:property-set x y\n" +
	"config:property-set a b\n" +
	"config:property-append x z\n" +
	"config:update", expectedEditResult);
	if (expectedEditResult != Result.OK)
	// If we're expecting failure, don't continue any further...
	return;

	String result = assertCommand(user, "config:edit " + pid + "\n" +
	"config:property-list\n" +
	"config:cancel", Result.OK);
	Assert.assertTrue(result.contains("x = yz"));
	Assert.assertTrue(result.contains("a = b"));
	String result2 = assertCommand(user, "config:edit " + pid + "\n" +
	"config:property-delete a\n" +
	"config:property-list\n" +
	"config:update", Result.OK);
	Assert.assertTrue(result2.contains("x = yz"));
	Assert.assertFalse(result2.contains("a = b"));

	if (isAdmin) {
	assertCommand(user, "config:delete " + pid, Result.OK);
	String result3 = assertCommand(user, "config:edit " + pid + "\n" +
	"config:property-list", Result.OK);
	Assert.assertFalse(result3.contains("x = yz"));
	Assert.assertFalse(result3.contains("a = b"));
	} else {
	assertCommand(user, "config:delete " + pid, Result.NOT_FOUND);
	String result3 = assertCommand(user, "config:edit " + pid + "\n" +
	"config:property-list", Result.OK);
	Assert.assertTrue("The delete command should have had no effect", result3.contains("x = yz"));
	Assert.assertFalse(result3.contains("a = b"));
	}
	}

	@Test
	public void testConfigCommandSecurityWithoutEditSessionViaSsh() throws Exception {
	String manageruser = "man" + System.nanoTime() + "_" + counter++;
	String vieweruser = "view" + System.nanoTime() + "_" + counter++;

	addUsers(manageruser, vieweruser);

	// Test the viewer user. Since the viewer cannot modify anything wrt Config Admin
	// the commands should not even be found...
	testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "cfg." + vieweruser);
	testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "jmx.acl.test_" + counter++);
	testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.command.acl.test_" + counter++);
	testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.service.acl.test_" + counter++);

	// Test the manager user. The manager can modify some properties, but not the ones associated with security
	// Therefore the config: commands will be found, but in some cases the manager is denied access
	testConfigEditsNoSession(manageruser, Result.OK, "cfg." + manageruser);
	testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++);
	testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++);
	testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++);

	// The admin user can modify everything.
	testConfigEditsNoSession("karaf", Result.OK, "cfg.karaf.test_" + counter++);
	testConfigEditsNoSession("karaf", Result.OK, "jmx.acl.test_" + counter++);
	testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++);
	testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++);
	}

	private void testConfigEditsNoSession(String user, Result expectedResult, String pid) throws Exception, IOException {
	assertCommand(user, "config:property-set -p " + pid + " a.b.c d.e.f", expectedResult);
	assertCommand(user, "config:property-append -p " + pid + " a.b.c .g.h", expectedResult);

	if (expectedResult == Result.OK) {
	Assert.assertTrue(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c = d.e.f.g.h"));
	}
	assertCommand(user, "config:property-delete -p " + pid + " a.b.c", expectedResult);
	if (expectedResult == Result.OK) {
	Assert.assertFalse(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c"));
	}
	}
	}