← Back to branch summary

~evarlast/ubuntu/utopic/mongodb/upstart-workaround-debian-bug-718702

« back to all changes in this revision

Viewing changes to src/mongo/db/auth/privilege_set_test.cpp

  • Committer: Package Import Robot
  • Author(s): James Page, James Page, Robie Basak
  • Date: 2013-05-29 17:44:42 UTC
  • mfrom: (44.1.7 sid)
  • Revision ID: package-import@ubuntu.com-20130529174442-z0a4qmoww4y0t458
Tags: 1:2.4.3-1ubuntu1
[ James Page ]
* Merge from Debian unstable, remaining changes:
  - Enable SSL support:
    + d/control: Add libssl-dev to BD's.
    + d/rules: Enabled --ssl option.
    + d/mongodb.conf: Add example SSL configuration options.
  - d/mongodb-server.mongodb.upstart: Add upstart configuration.
  - d/rules: Don't strip binaries during scons build for Ubuntu.
  - d/control: Add armhf to target archs.
  - d/p/SConscript.client.patch: fixup install of client libraries.
  - d/p/0010-install-libs-to-usr-lib-not-usr-lib64-Closes-588557.patch:
    Install libraries to lib not lib64.
* Dropped changes:
  - d/p/arm-support.patch: Included in Debian.
  - d/p/double-alignment.patch: Included in Debian.
  - d/rules,control: Debian also builds with avaliable system libraries
    now.
* Fix FTBFS due to gcc and boost upgrades in saucy:
  - d/p/0008-ignore-unused-local-typedefs.patch: Add -Wno-unused-typedefs
    to unbreak building with g++-4.8.
  - d/p/0009-boost-1.53.patch: Fixup signed/unsigned casting issue.

[ Robie Basak ]
* d/p/0011-Use-a-signed-char-to-store-BSONType-enumerations.patch: Fixup
  build failure on ARM due to missing signed'ness of char cast.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/mongo/db/auth/privilege_set_test.cpp
 
1
/*    Copyright 2012 10gen Inc.
 
2
 *
 
3
 *    Licensed under the Apache License, Version 2.0 (the "License");
 
4
 *    you may not use this file except in compliance with the License.
 
5
 *    You may obtain a copy of the License at
 
6
 *
 
7
 *    http://www.apache.org/licenses/LICENSE-2.0
 
8
 *
 
9
 *    Unless required by applicable law or agreed to in writing, software
 
10
 *    distributed under the License is distributed on an "AS IS" BASIS,
 
11
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
12
 *    See the License for the specific language governing permissions and
 
13
 *    limitations under the License.
 
14
 */
 
15
 
 
16
/**
 
17
 * Unit tests of the PrivilegeSet type.
 
18
 */
 
19
 
 
20
#include <iostream>
 
21
 
 
22
#include "mongo/db/auth/action_set.h"
 
23
#include "mongo/db/auth/privilege_set.h"
 
24
#include "mongo/unittest/unittest.h"
 
25
 
 
26
namespace mongo {
 
27
namespace {
 
28
 
 
29
    // Convenience methods for outputing PrincipalName and construction ActionSets that make tests
 
30
    // concise, but that we're reluctant to put into the types themselves.
 
31
 
 
32
    std::ostream& operator<<(std::ostream& os, const PrincipalName& pname) {
 
33
        return os << pname.toString();
 
34
    }
 
35
 
 
36
    std::ostream& operator<<(std::ostream&os, const std::vector<PrincipalName>& ps) {
 
37
        os << "[ ";
 
38
        for (size_t i = 0; i < ps.size(); ++i)
 
39
            os << ps[i] << ' ';
 
40
        os << ']';
 
41
        return os;
 
42
    }
 
43
 
 
44
    ActionSet operator|(const ActionSet& lhs, const ActionSet& rhs) {
 
45
        ActionSet result = lhs;
 
46
        result.addAllActionsFromSet(rhs);
 
47
        return result;
 
48
    }
 
49
 
 
50
    ActionSet operator|(const ActionSet& lhs, const ActionType& rhs) {
 
51
        ActionSet result = lhs;
 
52
        result.addAction(rhs);
 
53
        return result;
 
54
    }
 
55
 
 
56
    ActionSet operator|(const ActionType& lhs, const ActionType& rhs) {
 
57
        ActionSet result;
 
58
        result.addAction(lhs);
 
59
        result.addAction(rhs);
 
60
        return result;
 
61
    }
 
62
 
 
63
    // Tests
 
64
 
 
65
    TEST(PrivilegeSetTest, PrivilegeSet) {
 
66
        PrivilegeSet capSet;
 
67
        PrincipalName user1("user1", "test");
 
68
        PrincipalName user2("user2", "test2");
 
69
 
 
70
        // Initially, the capability set contains no privileges at all.
 
71
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find)));
 
72
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::find)));
 
73
 
 
74
        // Grant find and update to "foo", only.
 
75
        capSet.grantPrivilege(Privilege("foo", ActionType::find|ActionType::update), user1);
 
76
 
 
77
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::find)));
 
78
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::update)));
 
79
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove)));
 
80
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::find)));
 
81
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::remove)));
 
82
 
 
83
        // Grant "userAdmin", "update" and "remove" on "foo" to user2, which changes the set of
 
84
        // actions this privilege set will approve.
 
85
        capSet.grantPrivilege(
 
86
                Privilege("foo", ActionType::userAdmin|ActionType::update|ActionType::remove),
 
87
                user2);
 
88
 
 
89
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::userAdmin)));
 
90
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::update)));
 
91
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::userAdmin)));
 
92
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove)));
 
93
 
 
94
        // Revoke user2's privileges.
 
95
        capSet.revokePrivilegesFromPrincipal(user2);
 
96
 
 
97
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::userAdmin)));
 
98
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove)));
 
99
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::update)));
 
100
 
 
101
        // Revoke user2's privileges again; should be a no-op.
 
102
        capSet.revokePrivilegesFromPrincipal(user2);
 
103
 
 
104
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::userAdmin)));
 
105
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find|ActionType::remove)));
 
106
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::update)));
 
107
 
 
108
        // Re-grant "userAdmin", "update" and "remove" on "foo" to user2.
 
109
        capSet.grantPrivilege(
 
110
                Privilege("foo", ActionType::userAdmin|ActionType::update|ActionType::remove),
 
111
                user2);
 
112
 
 
113
        // The set still contains no capabilities on "bar".
 
114
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::find)));
 
115
 
 
116
        // Let user2 "find" on "bar".
 
117
        capSet.grantPrivilege(Privilege("bar", ActionType::find), user2);
 
118
 
 
119
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("bar", ActionType::find)));
 
120
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::update)));
 
121
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::remove)));
 
122
 
 
123
        // Let user1 "find" and "update" on "bar".
 
124
        capSet.grantPrivilege(Privilege("bar", ActionType::update|ActionType::find), user1);
 
125
 
 
126
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("bar", ActionType::find|ActionType::update)));
 
127
        ASSERT_FALSE(capSet.hasPrivilege(
 
128
                             Privilege("bar",
 
129
                                       ActionType::find|ActionType::update|ActionType::remove)));
 
130
 
 
131
        // Revoke user1's privileges.
 
132
        capSet.revokePrivilegesFromPrincipal(user1);
 
133
 
 
134
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("foo", ActionType::update)));
 
135
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::find)));
 
136
        ASSERT_TRUE(capSet.hasPrivilege(Privilege("bar", ActionType::find)));
 
137
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::update)));
 
138
 
 
139
        // Revoke user2's privileges.
 
140
        capSet.revokePrivilegesFromPrincipal(user2);
 
141
 
 
142
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("foo", ActionType::update)));
 
143
        ASSERT_FALSE(capSet.hasPrivilege(Privilege("bar", ActionType::find)));
 
144
    }
 
145
 
 
146
    TEST(PrivilegeSetTest, WildcardPrivileges) {
 
147
        // Tests acquisition and revocation of privileges on WILDCARD_RESOURCE.
 
148
 
 
149
        PrivilegeSet privSet;
 
150
 
 
151
        PrincipalName user("user", "db");
 
152
        Privilege wildcardFind("*", ActionType::find);
 
153
        Privilege wildcardUpdate("*", ActionType::update);
 
154
        Privilege wildcardFindAndUpdate("*", ActionType::find|ActionType::update);
 
155
        Privilege fooFind("foo", ActionType::find);
 
156
        Privilege fooUpdate("foo", ActionType::update);
 
157
        Privilege fooFindAndUpdate("foo", ActionType::find|ActionType::update);
 
158
        Privilege barFind("bar", ActionType::find);
 
159
        Privilege barUpdate("bar", ActionType::update);
 
160
        Privilege barFindAndUpdate("bar", ActionType::find|ActionType::update);
 
161
 
 
162
        // With no granted privileges, assert that hasPrivilege returns false.
 
163
        ASSERT_FALSE(privSet.hasPrivilege(wildcardFind));
 
164
        ASSERT_FALSE(privSet.hasPrivilege(wildcardUpdate));
 
165
        ASSERT_FALSE(privSet.hasPrivilege(wildcardFindAndUpdate));
 
166
 
 
167
        ASSERT_FALSE(privSet.hasPrivilege(fooFind));
 
168
        ASSERT_FALSE(privSet.hasPrivilege(fooUpdate));
 
169
        ASSERT_FALSE(privSet.hasPrivilege(fooFindAndUpdate));
 
170
 
 
171
        ASSERT_FALSE(privSet.hasPrivilege(barFind));
 
172
        ASSERT_FALSE(privSet.hasPrivilege(barUpdate));
 
173
        ASSERT_FALSE(privSet.hasPrivilege(barFindAndUpdate));
 
174
 
 
175
        // Grant some privileges, and ensure that exactly those privileges are granted.
 
176
        std::vector<Privilege> grantedPrivileges;
 
177
        grantedPrivileges.push_back(wildcardFind);
 
178
        grantedPrivileges.push_back(fooUpdate);
 
179
 
 
180
        privSet.grantPrivileges(grantedPrivileges, user);
 
181
 
 
182
        ASSERT_TRUE(privSet.hasPrivilege(wildcardFind));
 
183
        ASSERT_FALSE(privSet.hasPrivilege(wildcardUpdate));
 
184
        ASSERT_FALSE(privSet.hasPrivilege(wildcardFindAndUpdate));
 
185
 
 
186
        ASSERT_TRUE(privSet.hasPrivilege(fooFind));
 
187
        ASSERT_TRUE(privSet.hasPrivilege(fooUpdate));
 
188
        ASSERT_TRUE(privSet.hasPrivilege(fooFindAndUpdate));
 
189
 
 
190
        ASSERT_TRUE(privSet.hasPrivilege(barFind));
 
191
        ASSERT_FALSE(privSet.hasPrivilege(barUpdate));
 
192
        ASSERT_FALSE(privSet.hasPrivilege(barFindAndUpdate));
 
193
 
 
194
        // Revoke the granted privileges, and assert that hasPrivilege returns false.
 
195
        privSet.revokePrivilegesFromPrincipal(user);
 
196
 
 
197
        ASSERT_FALSE(privSet.hasPrivilege(wildcardFind));
 
198
        ASSERT_FALSE(privSet.hasPrivilege(wildcardUpdate));
 
199
        ASSERT_FALSE(privSet.hasPrivilege(wildcardFindAndUpdate));
 
200
 
 
201
        ASSERT_FALSE(privSet.hasPrivilege(fooFind));
 
202
        ASSERT_FALSE(privSet.hasPrivilege(fooUpdate));
 
203
        ASSERT_FALSE(privSet.hasPrivilege(fooFindAndUpdate));
 
204
 
 
205
        ASSERT_FALSE(privSet.hasPrivilege(barFind));
 
206
        ASSERT_FALSE(privSet.hasPrivilege(barUpdate));
 
207
        ASSERT_FALSE(privSet.hasPrivilege(barFindAndUpdate));
 
208
    }
 
209
 
 
210
}  // namespace
 
211
}  // namespace mongo