upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-25 19:05:20 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/tests/sys/fs/fusefs/access.cc
Alan Somers bfcb817bcd Fix issues with FUSE_ACCESS when default_permissions is disabled 
This patch fixes two issues relating to FUSE_ACCESS when the
default_permissions mount option is disabled:

* VOP_ACCESS() calls with VADMIN set should never be sent to a fuse server
  in the form of FUSE_ACCESS operations. The FUSE protocol has no equivalent
  of VADMIN, so we must evaluate such things kernel-side, regardless of the
  default_permissions setting.

* The FUSE protocol only requires FUSE_ACCESS to be sent for two purposes:
  for the access(2) syscall and to check directory permissions for
  searchability during lookup. FreeBSD sends it much more frequently, due to
  differences between our VFS and Linux's, for which FUSE was designed. But
  this patch does eliminate several cases not required by the FUSE protocol:

  * for any FUSE_*XATTR operation
  * when creating a new file
  * when deleting a file
  * when setting timestamps, such as by utimensat(2).

* Additionally, when default_permissions is disabled, this patch removes one
  FUSE_GETATTR operation when deleting a file.

PR:		245689
Reported by:	MooseFS FreeBSD Team <freebsd@moosefs.pro>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24777
2020-05-22 18:11:17 +00:00

303 lines
8.3 KiB
C++
Raw Blame History

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2019 The FreeBSD Foundation
*
* This software was developed by BFF Storage Systems, LLC under sponsorship
* from the FreeBSD Foundation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
extern "C" {
#include <sys/types.h>
#include <sys/extattr.h>
#include <fcntl.h>
#include <unistd.h>
}
#include "mockfs.hh"
#include "utils.hh"
using namespace testing;
class Access: public FuseTest {
public:
virtual void SetUp() {
FuseTest::SetUp();
// Clear the default FUSE_ACCESS expectation
Mock::VerifyAndClearExpectations(m_mock);
}
void expect_lookup(const char *relpath, uint64_t ino)
{
FuseTest::expect_lookup(relpath, ino, S_IFREG | 0644, 0, 1);
}
/*
* Expect tha FUSE_ACCESS will never be called for the given inode, with any
* bits in the supplied access_mask set
*/
void expect_noaccess(uint64_t ino, mode_t access_mask)
{
EXPECT_CALL(*m_mock, process(
ResultOf([=](auto in) {
return (in.header.opcode == FUSE_ACCESS &&
in.header.nodeid == ino &&
in.body.access.mask & access_mask);
}, Eq(true)),
_)
).Times(0);
}
};
class RofsAccess: public Access {
public:
virtual void SetUp() {
m_ro = true;
Access::SetUp();
}
};
/*
* Change the mode of a file.
*
* There should never be a FUSE_ACCESS sent for this operation, except for
* search permissions on the parent directory.
* https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245689
*/
TEST_F(Access, chmod)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
const uint64_t ino = 42;
const mode_t newmode = 0644;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_lookup(RELPATH, ino);
expect_noaccess(ino, 0);
EXPECT_CALL(*m_mock, process(
ResultOf([](auto in) {
return (in.header.opcode == FUSE_SETATTR &&
in.header.nodeid == ino);
}, Eq(true)),
_)
).WillOnce(Invoke(ReturnImmediate([](auto in __unused, auto& out) {
SET_OUT_HEADER_LEN(out, attr);
out.body.attr.attr.ino = ino; // Must match nodeid
out.body.attr.attr.mode = S_IFREG | newmode;
})));
EXPECT_EQ(0, chmod(FULLPATH, newmode)) << strerror(errno);
}
/*
* Create a new file
*
* There should never be a FUSE_ACCESS sent for this operation, except for
* search permissions on the parent directory.
* https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245689
*/
TEST_F(Access, create)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
mode_t mode = S_IFREG | 0755;
uint64_t ino = 42;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_noaccess(FUSE_ROOT_ID, R_OK | W_OK);
EXPECT_LOOKUP(FUSE_ROOT_ID, RELPATH)
.WillOnce(Invoke(ReturnErrno(ENOENT)));
expect_noaccess(ino, 0);
EXPECT_CALL(*m_mock, process(
ResultOf([=](auto in) {
return (in.header.opcode == FUSE_CREATE);
}, Eq(true)),
_)
).WillOnce(ReturnErrno(EPERM));
EXPECT_EQ(-1, open(FULLPATH, O_CREAT | O_EXCL, mode));
EXPECT_EQ(EPERM, errno);
}
/* The error case of FUSE_ACCESS. */
TEST_F(Access, eaccess)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
mode_t access_mode = X_OK;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_lookup(RELPATH, ino);
expect_access(ino, access_mode, EACCES);
ASSERT_NE(0, access(FULLPATH, access_mode));
ASSERT_EQ(EACCES, errno);
}
/*
* If the filesystem returns ENOSYS, then it is treated as a permanent success,
* and subsequent VOP_ACCESS calls will succeed automatically without querying
* the daemon.
*/
TEST_F(Access, enosys)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
mode_t access_mode = R_OK;
expect_access(FUSE_ROOT_ID, X_OK, ENOSYS);
FuseTest::expect_lookup(RELPATH, ino, S_IFREG | 0644, 0, 2);
ASSERT_EQ(0, access(FULLPATH, access_mode)) << strerror(errno);
ASSERT_EQ(0, access(FULLPATH, access_mode)) << strerror(errno);
}
TEST_F(RofsAccess, erofs)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
mode_t access_mode = W_OK;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_lookup(RELPATH, ino);
ASSERT_NE(0, access(FULLPATH, access_mode));
ASSERT_EQ(EROFS, errno);
}
/*
* Lookup an extended attribute
*
* There should never be a FUSE_ACCESS sent for this operation, except for
* search permissions on the parent directory.
* https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245689
*/
TEST_F(Access, Getxattr)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
char data[80];
int ns = EXTATTR_NAMESPACE_USER;
ssize_t r;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_lookup(RELPATH, ino);
expect_noaccess(ino, 0);
expect_getxattr(ino, "user.foo", ReturnErrno(ENOATTR));
r = extattr_get_file(FULLPATH, ns, "foo", data, sizeof(data));
ASSERT_EQ(-1, r);
ASSERT_EQ(ENOATTR, errno);
}
/* The successful case of FUSE_ACCESS. */
TEST_F(Access, ok)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
mode_t access_mode = R_OK;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_lookup(RELPATH, ino);
expect_access(ino, access_mode, 0);
ASSERT_EQ(0, access(FULLPATH, access_mode)) << strerror(errno);
}
/*
* Unlink a file
*
* There should never be a FUSE_ACCESS sent for this operation, except for
* search permissions on the parent directory.
* https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245689
*/
TEST_F(Access, unlink)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_noaccess(FUSE_ROOT_ID, W_OK | R_OK);
expect_noaccess(ino, 0);
expect_lookup(RELPATH, ino);
expect_unlink(1, RELPATH, EPERM);
ASSERT_NE(0, unlink(FULLPATH));
ASSERT_EQ(EPERM, errno);
}
/*
* Unlink a file whose parent diretory's sticky bit is set
*
* There should never be a FUSE_ACCESS sent for this operation, except for
* search permissions on the parent directory.
* https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245689
*/
TEST_F(Access, unlink_sticky_directory)
{
const char FULLPATH[] = "mountpoint/some_file.txt";
const char RELPATH[] = "some_file.txt";
uint64_t ino = 42;
expect_access(FUSE_ROOT_ID, X_OK, 0);
expect_noaccess(FUSE_ROOT_ID, W_OK | R_OK);
expect_noaccess(ino, 0);
EXPECT_CALL(*m_mock, process(
ResultOf([=](auto in) {
return (in.header.opcode == FUSE_GETATTR &&
in.header.nodeid == FUSE_ROOT_ID);
}, Eq(true)),
_)
).WillRepeatedly(Invoke(ReturnImmediate([=](auto i __unused, auto& out)
{
SET_OUT_HEADER_LEN(out, attr);
out.body.attr.attr.ino = FUSE_ROOT_ID;
out.body.attr.attr.mode = S_IFDIR | 01777;
out.body.attr.attr.uid = 0;
out.body.attr.attr_valid = UINT64_MAX;
})));
EXPECT_CALL(*m_mock, process(
ResultOf([=](auto in) {
return (in.header.opcode == FUSE_ACCESS &&
in.header.nodeid == ino);
}, Eq(true)),
_)
).Times(0);
expect_lookup(RELPATH, ino);
expect_unlink(FUSE_ROOT_ID, RELPATH, EPERM);
ASSERT_EQ(-1, unlink(FULLPATH));
ASSERT_EQ(EPERM, errno);
}
Reference in a new issue View git blame Copy permalink