ConfigSshCommandSecurityTest.java

/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.karaf.itests;

import java.io.IOException;

import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.ops4j.pax.exam.junit.PaxExam;
import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
import org.ops4j.pax.exam.spi.reactors.PerClass;

/**
 * This test exercises the Shell Command ACL for the config scope commands as defined in
 * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
 */
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class ConfigSshCommandSecurityTest extends SshCommandTestBase {

    private static int counter = 0;
    
    

    @Test
    public void testConfigCommandSecurityViaSsh() throws Exception {
        String manageruser = "man" + System.nanoTime() + "_" + counter++;
        String vieweruser = "view" + System.nanoTime() + "_" + counter++;

        addUsers(manageruser, vieweruser);

        // A viewer cannot do anything to ConfigAdmin
        assertCommand(vieweruser, "config:edit cfg." + vieweruser, Result.NOT_FOUND);
        assertCommand(vieweruser, "config:delete cfg." + vieweruser, Result.NOT_FOUND);

        testConfigEdits(manageruser, Result.OK, "cfg." + manageruser, false);
        testConfigEdits(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++, false);
        testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++, false);
        testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++, false);
        testConfigEdits("karaf", Result.OK, "cfg.karaf_" + counter++, true);
        testConfigEdits("karaf", Result.OK, "jmx.acl.test_" + counter++, true);
        testConfigEdits("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++, true);
        testConfigEdits("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++, true);
    }

    private void testConfigEdits(String user, Result expectedEditResult, String pid, boolean isAdmin) throws Exception, IOException {
        assertCommand(user, "config:edit " + pid + "\n" +
                "config:property-set x y\n" +
                "config:property-set a b\n" +
                "config:property-append x z\n" +
                "config:update", expectedEditResult);
        if (expectedEditResult != Result.OK)
            // If we're expecting failure, don't continue any further...
            return;

        String result = assertCommand(user, "config:edit " + pid + "\n" +
                "config:property-list\n" +
                "config:cancel", Result.OK);
        Assert.assertTrue(result.contains("x = yz"));
        Assert.assertTrue(result.contains("a = b"));
        String result2 = assertCommand(user, "config:edit " + pid + "\n" +
                "config:property-delete a\n" +
                "config:property-list\n" +
                "config:update", Result.OK);
        Assert.assertTrue(result2.contains("x = yz"));
        Assert.assertFalse(result2.contains("a = b"));

        if (isAdmin) {
            assertCommand(user, "config:delete " + pid, Result.OK);
            String result3 = assertCommand(user, "config:edit " + pid + "\n" +
                    "config:property-list", Result.OK);
            Assert.assertFalse(result3.contains("x = yz"));
            Assert.assertFalse(result3.contains("a = b"));
        } else {
            assertCommand(user, "config:delete " + pid, Result.NOT_FOUND);
            String result3 = assertCommand(user, "config:edit " + pid + "\n" +
                    "config:property-list", Result.OK);
            Assert.assertTrue("The delete command should have had no effect", result3.contains("x = yz"));
            Assert.assertFalse(result3.contains("a = b"));
        }
    }

    @Test
    public void testConfigCommandSecurityWithoutEditSessionViaSsh() throws Exception {
        String manageruser = "man" + System.nanoTime() + "_" + counter++;
        String vieweruser = "view" + System.nanoTime() + "_" + counter++;

        addUsers(manageruser, vieweruser);

        // Test the viewer user. Since the viewer cannot modify anything wrt Config Admin
        // the commands should not even be found...
        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "cfg." + vieweruser);
        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "jmx.acl.test_" + counter++);
        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.command.acl.test_" + counter++);
        testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.service.acl.test_" + counter++);

        // Test the manager user. The manager can modify some properties, but not the ones associated with security
        // Therefore the config: commands will be found, but in some cases the manager is denied access
        testConfigEditsNoSession(manageruser, Result.OK, "cfg." + manageruser);
        testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++);
        testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++);
        testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++);

        // The admin user can modify everything.
        testConfigEditsNoSession("karaf", Result.OK, "cfg.karaf.test_" + counter++);
        testConfigEditsNoSession("karaf", Result.OK, "jmx.acl.test_" + counter++);
        testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++);
        testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++);
    }

    private void testConfigEditsNoSession(String user, Result expectedResult, String pid) throws Exception, IOException {
        assertCommand(user, "config:property-set -p " + pid + " a.b.c d.e.f", expectedResult);
        assertCommand(user, "config:property-append -p " + pid + " a.b.c .g.h", expectedResult);

        if (expectedResult == Result.OK) {
            Assert.assertTrue(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c = d.e.f.g.h"));
        }
        assertCommand(user, "config:property-delete -p " + pid + " a.b.c", expectedResult);
        if (expectedResult == Result.OK) {
            Assert.assertFalse(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c"));
        }
    }
}