From 254eeb2730881ee48b4743e1422749d5b643f52a Mon Sep 17 00:00:00 2001 From: Xiubo Li Date: Tue, 14 Mar 2023 11:27:03 +0800 Subject: [PATCH] libcephfs: move ClearSetuid to suidsgid.cc And rename it to ChownClearSetuid, which will test the chown only. Fixes: https://tracker.ceph.com/issues/58680 Signed-off-by: Xiubo Li --- src/test/libcephfs/suidsgid.cc | 71 ++++++++++++++++++++++++++++++++++ src/test/libcephfs/test.cc | 71 ---------------------------------- 2 files changed, 71 insertions(+), 71 deletions(-) diff --git a/src/test/libcephfs/suidsgid.cc b/src/test/libcephfs/suidsgid.cc index fc7ee38776196..d750613ebd814 100644 --- a/src/test/libcephfs/suidsgid.cc +++ b/src/test/libcephfs/suidsgid.cc @@ -211,6 +211,77 @@ TEST(SuidsgidTest, WriteClearSetuid) { ceph_shutdown(admin); } +TEST(LibCephFS, ChownClearSetuid) { + struct ceph_mount_info *cmount; + ASSERT_EQ(ceph_create(&cmount, NULL), 0); + ASSERT_EQ(ceph_conf_read_file(cmount, NULL), 0); + ASSERT_EQ(0, ceph_conf_parse_env(cmount, NULL)); + ASSERT_EQ(ceph_mount(cmount, "/"), 0); + + Inode *root; + ASSERT_EQ(ceph_ll_lookup_root(cmount, &root), 0); + + char filename[32]; + sprintf(filename, "clearsetuid%x", getpid()); + + Fh *fh; + Inode *in; + struct ceph_statx stx; + const mode_t after_mode = S_IRWXU; + const mode_t before_mode = S_IRWXU | S_ISUID | S_ISGID; + const unsigned want = CEPH_STATX_UID|CEPH_STATX_GID|CEPH_STATX_MODE; + UserPerm *usercred = ceph_mount_perms(cmount); + + ceph_ll_unlink(cmount, root, filename, usercred); + ASSERT_EQ(ceph_ll_create(cmount, root, filename, before_mode, + O_RDWR|O_CREAT|O_EXCL, &in, &fh, &stx, want, 0, + usercred), 0); + + ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, before_mode); + + // chown -- for this we need to be "root" + UserPerm *rootcred = ceph_userperm_new(0, 0, 0, NULL); + ASSERT_TRUE(rootcred); + stx.stx_uid++; + stx.stx_gid++; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, usercred), 0); + ASSERT_TRUE(stx.stx_mask & CEPH_STATX_MODE); + ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, after_mode); + + /* test chown with supplementary groups, and chown with/without exe bit */ + uid_t u = 65534; + gid_t g = 65534; + gid_t gids[] = {65533,65532}; + UserPerm *altcred = ceph_userperm_new(u, g, sizeof gids / sizeof gids[0], gids); + stx.stx_uid = u; + stx.stx_gid = g; + mode_t m = S_ISGID|S_ISUID|S_IRUSR|S_IWUSR; + stx.stx_mode = m; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_MODE|CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); + /* not dropped without exe bit */ + stx.stx_gid = gids[0]; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); + /* now check dropped with exe bit */ + m = S_ISGID|S_ISUID|S_IRWXU; + stx.stx_mode = m; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_STATX_MODE, altcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); + stx.stx_gid = gids[1]; + ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); + ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); + ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m&(S_IRWXU|S_IRWXG|S_IRWXO)); + ceph_userperm_destroy(altcred); + + ASSERT_EQ(ceph_ll_close(cmount, fh), 0); + ceph_shutdown(cmount); +} + static int update_root_mode() { struct ceph_mount_info *admin; diff --git a/src/test/libcephfs/test.cc b/src/test/libcephfs/test.cc index 5fb659e378afb..5aba114ff0894 100644 --- a/src/test/libcephfs/test.cc +++ b/src/test/libcephfs/test.cc @@ -2042,77 +2042,6 @@ TEST(LibCephFS, SetSize) { ceph_shutdown(cmount); } -TEST(LibCephFS, ClearSetuid) { - struct ceph_mount_info *cmount; - ASSERT_EQ(ceph_create(&cmount, NULL), 0); - ASSERT_EQ(ceph_conf_read_file(cmount, NULL), 0); - ASSERT_EQ(0, ceph_conf_parse_env(cmount, NULL)); - ASSERT_EQ(ceph_mount(cmount, "/"), 0); - - Inode *root; - ASSERT_EQ(ceph_ll_lookup_root(cmount, &root), 0); - - char filename[32]; - sprintf(filename, "clearsetuid%x", getpid()); - - Fh *fh; - Inode *in; - struct ceph_statx stx; - const mode_t after_mode = S_IRWXU; - const mode_t before_mode = S_IRWXU | S_ISUID | S_ISGID; - const unsigned want = CEPH_STATX_UID|CEPH_STATX_GID|CEPH_STATX_MODE; - UserPerm *usercred = ceph_mount_perms(cmount); - - ceph_ll_unlink(cmount, root, filename, usercred); - ASSERT_EQ(ceph_ll_create(cmount, root, filename, before_mode, - O_RDWR|O_CREAT|O_EXCL, &in, &fh, &stx, want, 0, - usercred), 0); - - ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, before_mode); - - // chown -- for this we need to be "root" - UserPerm *rootcred = ceph_userperm_new(0, 0, 0, NULL); - ASSERT_TRUE(rootcred); - stx.stx_uid++; - stx.stx_gid++; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, usercred), 0); - ASSERT_TRUE(stx.stx_mask & CEPH_STATX_MODE); - ASSERT_EQ(stx.stx_mode & (mode_t)ALLPERMS, after_mode); - - /* test chown with supplementary groups, and chown with/without exe bit */ - uid_t u = 65534; - gid_t g = 65534; - gid_t gids[] = {65533,65532}; - UserPerm *altcred = ceph_userperm_new(u, g, sizeof gids / sizeof gids[0], gids); - stx.stx_uid = u; - stx.stx_gid = g; - mode_t m = S_ISGID|S_ISUID|S_IRUSR|S_IWUSR; - stx.stx_mode = m; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_MODE|CEPH_SETATTR_UID|CEPH_SETATTR_GID, rootcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); - /* not dropped without exe bit */ - stx.stx_gid = gids[0]; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); - /* now check dropped with exe bit */ - m = S_ISGID|S_ISUID|S_IRWXU; - stx.stx_mode = m; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_STATX_MODE, altcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m); - stx.stx_gid = gids[1]; - ASSERT_EQ(ceph_ll_setattr(cmount, in, &stx, CEPH_SETATTR_GID, altcred), 0); - ASSERT_EQ(ceph_ll_getattr(cmount, in, &stx, CEPH_STATX_MODE, 0, altcred), 0); - ASSERT_EQ(stx.stx_mode&(mode_t)ALLPERMS, m&(S_IRWXU|S_IRWXG|S_IRWXO)); - ceph_userperm_destroy(altcred); - - ASSERT_EQ(ceph_ll_close(cmount, fh), 0); - ceph_shutdown(cmount); -} - TEST(LibCephFS, OperationsOnRoot) { struct ceph_mount_info *cmount; -- 2.39.5