From: Xiubo Li Date: Tue, 14 Mar 2023 03:27:03 +0000 (+0800) Subject: libcephfs: move ClearSetuid to suidsgid.cc X-Git-Tag: v18.1.2~8^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=cf9240f5bf93a8b31bb36cfeebf7500cf0847537;p=ceph.git libcephfs: move ClearSetuid to suidsgid.cc And rename it to ChownClearSetuid, which will test the chown only. Fixes: https://tracker.ceph.com/issues/58680 Signed-off-by: Xiubo Li (cherry picked from commit 9c1f7643a0d243bb27cd119caedafe1f2a82037d) --- diff --git a/src/test/libcephfs/suidsgid.cc b/src/test/libcephfs/suidsgid.cc index fc7ee3877619..d750613ebd81 100644 --- a/src/test/libcephfs/suidsgid.cc +++ b/src/test/libcephfs/suidsgid.cc @@ -211,6 +211,77 @@ TEST(SuidsgidTest, WriteClearSetuid) { ceph_shutdown(admin); } +TEST(LibCephFS, ChownClearSetuid) { + struct ceph_mount_info *cmount; + ASSERT_EQ(ceph_create(&cmount, NULL), 0); + ASSERT_EQ(ceph_conf_read_file(cmount, NULL), 0); + ASSERT_EQ(0, ceph_conf_parse_env(cmount, NULL)); + ASSERT_EQ(ceph_mount(cmount, "/"), 0); + + Inode *root; + ASSERT_EQ(ceph_ll_lookup_root(cmount, &root), 0); + + char filename[32]; + sprintf(filename, "clearsetuid%x", getpid()); + + Fh *fh; + Inode *in; + struct ceph_statx stx; + const mode_t after_mode = S_IRWXU; + const mode_t before_mode = S_IRWXU | S_ISUID | S_ISGID; + const unsigned want = CEPH_STATX_UID|CEPH_STATX_GID|CEPH_STATX_MODE; + UserPerm *usercred = ceph_mount_perms(cmount); + + ceph_ll_unlink(cmount, root, filename, usercred); + ASSERT_EQ(ceph_ll_create(cmount, root, filename, before_mode, + O_RDWR|O_CREAT|O_EXCL, &in, &fh, &stx, want, 0, + usercred), 0); + + ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, before_mode); + + // chown -- for this we need to be "root" + UserPerm *rootcred = ceph_userperm_new(0, 0, 0, NULL); + ASSERT_TRUE(rootcred); + stx.stx_uid++; + stx.stx_gid++; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, usercred), 0); + ASSERT_TRUE(stx.stx_mask & CEPH_STATX_MODE); + ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, after_mode); + + /* test chown with supplementary groups, and chown with/without exe bit */ + uid_t u = 65534; + gid_t g = 65534; + gid_t gids[] = {65533,65532}; + UserPerm *altcred = ceph_userperm_new(u, g, sizeof gids / sizeof gids[0], gids); + stx.stx_uid = u; + stx.stx_gid = g; + mode_t m = S_ISGID|S_ISUID|S_IRUSR|S_IWUSR; + stx.stx_mode = m; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_MODE|CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); + /* not dropped without exe bit */ + stx.stx_gid = gids[0]; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); + /* now check dropped with exe bit */ + m = S_ISGID|S_ISUID|S_IRWXU; + stx.stx_mode = m; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_STATX_MODE, altcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); + stx.stx_gid = gids[1]; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m&(S_IRWXU|S_IRWXG|S_IRWXO)); + ceph_userperm_destroy(altcred); + + ASSERT_EQ(ceph_ll_close(cmount, fh), 0); + ceph_shutdown(cmount); +} + static int update_root_mode() { struct ceph_mount_info *admin; diff --git a/src/test/libcephfs/test.cc b/src/test/libcephfs/test.cc index 42563166052c..17b6fe6c922e 100644 --- a/src/test/libcephfs/test.cc +++ b/src/test/libcephfs/test.cc @@ -2042,77 +2042,6 @@ TEST(LibCephFS, SetSize) { ceph_shutdown(cmount); } -TEST(LibCephFS, ClearSetuid) { - struct ceph_mount_info *cmount; - ASSERT_EQ(ceph_create(&cmount, NULL), 0); - ASSERT_EQ(ceph_conf_read_file(cmount, NULL), 0); - ASSERT_EQ(0, ceph_conf_parse_env(cmount, NULL)); - ASSERT_EQ(ceph_mount(cmount, "/"), 0); - - Inode *root; - ASSERT_EQ(ceph_ll_lookup_root(cmount, &root), 0); - - char filename[32]; - sprintf(filename, "clearsetuid%x", getpid()); - - Fh *fh; - Inode *in; - struct ceph_statx stx; - const mode_t after_mode = S_IRWXU; - const mode_t before_mode = S_IRWXU | S_ISUID | S_ISGID; - const unsigned want = CEPH_STATX_UID|CEPH_STATX_GID|CEPH_STATX_MODE; - UserPerm *usercred = ceph_mount_perms(cmount); - - ceph_ll_unlink(cmount, root, filename, usercred); - ASSERT_EQ(ceph_ll_create(cmount, root, filename, before_mode, - O_RDWR|O_CREAT|O_EXCL, &in, &fh, &stx, want, 0, - usercred), 0); - - ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, before_mode); - - // chown -- for this we need to be "root" - UserPerm *rootcred = ceph_userperm_new(0, 0, 0, NULL); - ASSERT_TRUE(rootcred); - stx.stx_uid++; - stx.stx_gid++; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, usercred), 0); - ASSERT_TRUE(stx.stx_mask & CEPH_STATX_MODE); - ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, after_mode); - - /* test chown with supplementary groups, and chown with/without exe bit */ - uid_t u = 65534; - gid_t g = 65534; - gid_t gids[] = {65533,65532}; - UserPerm *altcred = ceph_userperm_new(u, g, sizeof gids / sizeof gids[0], gids); - stx.stx_uid = u; - stx.stx_gid = g; - mode_t m = S_ISGID|S_ISUID|S_IRUSR|S_IWUSR; - stx.stx_mode = m; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_MODE|CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); - /* not dropped without exe bit */ - stx.stx_gid = gids[0]; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); - /* now check dropped with exe bit */ - m = S_ISGID|S_ISUID|S_IRWXU; - stx.stx_mode = m; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_STATX_MODE, altcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); - stx.stx_gid = gids[1]; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m&(S_IRWXU|S_IRWXG|S_IRWXO)); - ceph_userperm_destroy(altcred); - - ASSERT_EQ(ceph_ll_close(cmount, fh), 0); - ceph_shutdown(cmount); -} - TEST(LibCephFS, OperationsOnRoot) { struct ceph_mount_info *cmount;