gvsafronov
/
skytable
1
0
Fork 0
Code Pull Requests Activity

Force users to set root password

Browse Source
next
Sayan Nandan 12 months ago
parent d2faa19140
commit 5ba82a6cf0
No known key found for this signature in database
GPG Key ID: 42EEDF4AE9D96B54
5 changed files with 203 additions and 289 deletions
Show Stats Download Patch File Download Diff File

74
server/src/engine/config.rs
Unescape Escape View File

@ -83,7 +83,7 @@ pub struct Configuration {
endpoints: ConfigEndpoint,
mode: ConfigMode,
system: ConfigSystem,
auth: Option<ConfigAuth>,
auth: ConfigAuth,
}
impl Configuration {
@ -91,7 +91,7 @@ impl Configuration {
endpoints: ConfigEndpoint,
mode: ConfigMode,
system: ConfigSystem,
auth: Option<ConfigAuth>,
auth: ConfigAuth,
) -> Self {
Self {
endpoints,
@ -103,7 +103,7 @@ impl Configuration {
const DEFAULT_HOST: &'static str = "127.0.0.1";
const DEFAULT_PORT_TCP: u16 = 2003;
const DEFAULT_RELIABILITY_SVC_PING: u64 = 5 * 60;
pub fn default_dev_mode() -> Self {
pub fn default_dev_mode(auth: DecodedAuth) -> Self {
Self {
endpoints: ConfigEndpoint::Insecure(ConfigEndpointTcp {
host: Self::DEFAULT_HOST.to_owned(),
@ -113,7 +113,7 @@ impl Configuration {
system: ConfigSystem {
reliability_system_window: Self::DEFAULT_RELIABILITY_SVC_PING,
},
auth: None,
auth: ConfigAuth::new(auth.plugin, auth.root_pass),
}
}
}
@ -634,7 +634,7 @@ Flags:
Options:
--tlscert <path> Specify the path to the TLS certificate.
--tlskey <path> Define the path to the TLS private key.
--tlskey <path> Specify the path to the TLS private key.
--endpoint <definition> Designate an endpoint. Format: protocol@host:port.
This option can be repeated to define multiple endpoints.
--service-window <seconds> Establish the time window for the background service in seconds.
@ -644,12 +644,12 @@ Options:
--auth-root-password <pass> Set the root password
Examples:
skyd --mode=dev --endpoint tcp@127.0.0.1:2003
skyd --mode=dev --auth-root-password \"password12345678\"
Notes:
- When no mode is provided, `--mode=dev` is defaulted to
- When either of `-h` or `-v` is provided, all other options and flags are ignored.
- When `--auth-plugin` is provided, you must provide a value for `--auth-root-password`
- If no `--mode` is provided, we default to `dev`
- You must provide `--auth-root-password` to set the default root password
- To use TLS, you must provide both `--tlscert` and `--tlskey`
For further assistance, refer to the official documentation here: https://docs.skytable.org
";
@ -787,8 +787,8 @@ pub fn parse_env_args() -> ConfigResult<Option<ParsedRawArgs>> {
/// Apply the configuration changes to the given mutable config
fn apply_config_changes<CS: ConfigurationSource>(
args: &mut ParsedRawArgs,
config: &mut ModifyGuard<DecodedConfiguration>,
) -> ConfigResult<()> {
) -> ConfigResult<ModifyGuard<DecodedConfiguration>> {
let mut config = ModifyGuard::new(DecodedConfiguration::default());
enum DecodeKind {
Simple {
key: &'static str,
@ -822,21 +822,21 @@ fn apply_config_changes<CS: ConfigurationSource>(
match task {
DecodeKind::Simple { key, f } => match args.get(key) {
Some(values_for_arg) => {
(f)(&values_for_arg, config)?;
(f)(&values_for_arg, &mut config)?;
args.remove(key);
}
None => {}
},
DecodeKind::Complex { f } => (f)(args, config)?,
DecodeKind::Complex { f } => (f)(args, &mut config)?,
}
}
if args.is_empty() {
Ok(())
} else {
if !args.is_empty() {
Err(ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString("found unknown arguments".into()),
))
} else {
Ok(config)
}
}
@ -896,7 +896,7 @@ macro_rules! if_some {
}
macro_rules! err_if {
($(if $cond:expr => $error:expr),*) => {
($(if $cond:expr => $error:expr),* $(,)?) => {
$(if $cond { return Err($error) })*
}
}
@ -909,8 +909,17 @@ fn validate_configuration<CS: ConfigurationSource>(
auth,
}: DecodedConfiguration,
) -> ConfigResult<Configuration> {
let Some(auth) = auth else {
return Err(ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString(format!(
"root account must be configured with {}",
CS::KEY_AUTH_ROOT_PASSWORD
)),
));
};
// initialize our default configuration
let mut config = Configuration::default_dev_mode();
let mut config = Configuration::default_dev_mode(auth);
// mutate
if_some!(
system => |system: DecodedSystemConfig| {
@ -946,26 +955,16 @@ fn validate_configuration<CS: ConfigurationSource>(
})
}
);
if let Some(auth) = auth {
if auth.root_pass.len() < ROOT_PASSWORD_MIN_LEN {
return Err(ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString(format!(
"root password must have atleast {ROOT_PASSWORD_MIN_LEN} characters"
)),
));
}
config.auth = Some(ConfigAuth {
plugin: auth.plugin,
root_key: auth.root_pass,
});
}
// now check a few things
err_if!(
if config.system.reliability_system_window == 0 => ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString("invalid value for service window. must be nonzero".into())
)
ConfigErrorKind::ErrorString("invalid value for service window. must be nonzero".into()),
),
if config.auth.root_key.len() <= ROOT_PASSWORD_MIN_LEN => ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString("the root password must have at least 16 characters".into()),
),
);
Ok(config)
}
@ -999,10 +998,9 @@ impl ConfigReturn {
pub(super) fn apply_and_validate<CS: ConfigurationSource>(
mut args: ParsedRawArgs,
) -> ConfigResult<ConfigReturn> {
let mut modcfg = ModifyGuard::new(DecodedConfiguration::default());
apply_config_changes::<CS>(&mut args, &mut modcfg)?;
if ModifyGuard::modified(&modcfg) {
validate_configuration::<CS>(modcfg.val).map(ConfigReturn::Config)
let cfg = apply_config_changes::<CS>(&mut args)?;
if ModifyGuard::modified(&cfg) {
validate_configuration::<CS>(cfg.val).map(ConfigReturn::Config)
} else {
Ok(ConfigReturn::Default)
}

48
server/src/engine/fractal/config.rs
Unescape Escape View File

@ -35,53 +35,53 @@ use {
#[derive(Debug)]
/// The global system configuration
pub struct SysConfig {
auth_data: Option<RwLock<SysAuth>>,
auth_data: RwLock<SysAuth>,
host_data: SysHostData,
}
impl PartialEq for SysConfig {
fn eq(&self, other: &Self) -> bool {
self.host_data == other.host_data
&& match (self.auth_data.as_ref(), other.auth_data.as_ref()) {
(None, None) => true,
(Some(a), Some(b)) => &*a.read() == &*b.read(),
_ => false,
}
self.host_data == other.host_data && self.auth_data.read().eq(&other.auth_data.read())
}
}
impl SysConfig {
/// Initialize a new system config
pub fn new(auth_data: Option<RwLock<SysAuth>>, host_data: SysHostData) -> Self {
pub fn new(auth_data: RwLock<SysAuth>, host_data: SysHostData) -> Self {
Self {
auth_data,
host_data,
}
}
pub fn new_auth(new_auth: Option<ConfigAuth>, host_data: SysHostData) -> Self {
match new_auth {
Some(ConfigAuth { root_key, .. }) => Self::new(
Some(RwLock::new(SysAuth::new(
rcrypt::hash(root_key, rcrypt::DEFAULT_COST)
.unwrap()
.into_boxed_slice(),
Default::default(),
))),
host_data,
),
None => Self::new(None, host_data),
}
pub fn new_full(new_auth: ConfigAuth, host_data: SysHostData) -> Self {
Self::new(
RwLock::new(SysAuth::new(
rcrypt::hash(new_auth.root_key, rcrypt::DEFAULT_COST)
.unwrap()
.into_boxed_slice(),
Default::default(),
)),
host_data,
)
}
pub fn new_auth(new_auth: ConfigAuth) -> Self {
Self::new_full(new_auth, SysHostData::new(0, 0))
}
#[cfg(test)]
/// A test-mode default setting with auth disabled
/// A test-mode default setting with the root password set to `password12345678`
pub(super) fn test_default() -> Self {
Self {
auth_data: None,
auth_data: RwLock::new(SysAuth::new(
rcrypt::hash("password12345678", rcrypt::DEFAULT_COST)
.unwrap()
.into_boxed_slice(),
Default::default(),
)),
host_data: SysHostData::new(0, 0),
}
}
/// Returns a handle to the authentication data
pub fn auth_data(&self) -> &Option<RwLock<SysAuth>> {
pub fn auth_data(&self) -> &RwLock<SysAuth> {
&self.auth_data
}
/// Returns a reference to host data

212
server/src/engine/storage/v1/sysdb.rs
Unescape Escape View File

@ -54,10 +54,6 @@ pub enum SystemStoreInitState {
Unchanged,
/// The system store was present, root settings were updated
UpdatedRoot,
/// the system store was present, auth was previously enabled but is now disabled
UpdatedAuthDisabled,
/// the system store was present, auth was previously disabled but is now enabled
UpdatedAuthEnabled,
}
#[derive(Debug, PartialEq)]
@ -77,56 +73,55 @@ impl SystemStoreInit {
///
/// - If it doesn't exist, create it
/// - If it exists, look for config changes and sync them
pub fn open_system_database<Fs: RawFSInterface>(
auth: Option<ConfigAuth>,
) -> SDSSResult<SystemStoreInit> {
pub fn open_system_database<Fs: RawFSInterface>(auth: ConfigAuth) -> SDSSResult<SystemStoreInit> {
open_or_reinit_system_database::<Fs>(auth, SYSDB_PATH, SYSDB_COW_PATH)
}
/// Open or re-initialize the system database
pub fn open_or_reinit_system_database<Fs: RawFSInterface>(
auth: Option<ConfigAuth>,
auth: ConfigAuth,
sysdb_path: &str,
sysdb_path_cow: &str,
) -> SDSSResult<SystemStoreInit> {
let (ex, _) = match SDSSFileIO::<Fs>::open_or_create_perm_rw::<spec::SysDBV1>(sysdb_path)? {
FileOpen::Created(new_sysdb) => {
let syscfg = SysConfig::new_auth(auth, SysHostData::new(0, 0));
sync_system_database_to(&syscfg, new_sysdb)?;
return Ok(SystemStoreInit::new(syscfg, SystemStoreInitState::Created));
let sysdb_file = match SDSSFileIO::<Fs>::open_or_create_perm_rw::<spec::SysDBV1>(sysdb_path)? {
FileOpen::Created(new) => {
// init new syscfg
let new_syscfg = SysConfig::new_auth(auth);
sync_system_database_to(&new_syscfg, new)?;
return Ok(SystemStoreInit::new(
new_syscfg,
SystemStoreInitState::Created,
));
}
FileOpen::Existing(ex) => ex,
FileOpen::Existing((ex, _)) => ex,
};
let last_syscfg = decode_system_database(ex)?;
let mut state = SystemStoreInitState::Unchanged;
match (last_syscfg.auth_data(), &auth) {
(Some(last_auth), Some(new_auth)) => {
let last_auth = last_auth.read();
if last_auth.verify_user("root", &new_auth.root_key).is_err() {
// the root password was changed
state = SystemStoreInitState::UpdatedRoot;
}
}
(Some(_), None) => {
state = SystemStoreInitState::UpdatedAuthDisabled;
}
(None, Some(_)) => {
state = SystemStoreInitState::UpdatedAuthEnabled;
}
(None, None) => {}
let prev_sysdb = decode_system_database(sysdb_file)?;
let state;
// see if settings have changed
if prev_sysdb
.auth_data()
.read()
.verify_user("root", &auth.root_key)
.is_ok()
{
state = SystemStoreInitState::Unchanged;
} else {
state = SystemStoreInitState::UpdatedRoot;
}
let new_syscfg = SysConfig::new_auth(
// create new config
let new_syscfg = SysConfig::new_full(
auth,
SysHostData::new(
last_syscfg.host_data().startup_counter() + 1,
last_syscfg.host_data().settings_version()
prev_sysdb.host_data().startup_counter() + 1,
prev_sysdb.host_data().settings_version()
+ !matches!(state, SystemStoreInitState::Unchanged) as u32,
),
);
// sync
let cow_file = SDSSFileIO::<Fs>::create::<spec::SysDBV1>(sysdb_path_cow)?;
sync_system_database_to(&new_syscfg, cow_file)?;
// replace
sync_system_database_to(
&new_syscfg,
SDSSFileIO::<Fs>::create::<spec::SysDBV1>(sysdb_path_cow)?,
)?;
Fs::fs_rename_file(sysdb_path_cow, sysdb_path)?;
Ok(SystemStoreInit::new(new_syscfg, state))
}
@ -145,38 +140,29 @@ pub fn sync_system_database_to<Fs: RawFSInterface>(
SYS_KEY_AUTH => DictGeneric::new(),
);
let auth_key = map.get_mut(SYS_KEY_AUTH).unwrap();
match cfg.auth_data() {
None => {
*auth_key = DictEntryGeneric::Map(
into_dict!(SYS_KEY_AUTH_ROOT => Datacell::null(), SYS_KEY_AUTH_USERS => Datacell::null()),
)
}
Some(auth) => {
let auth = auth.read();
let auth_key = auth_key.as_dict_mut().unwrap();
auth_key.insert(
SYS_KEY_AUTH_ROOT.into(),
DictEntryGeneric::Data(Datacell::new_bin(auth.root_key().into())),
);
auth_key.insert(
SYS_KEY_AUTH_USERS.into(),
DictEntryGeneric::Map(
// username -> [..settings]
auth.users()
.iter()
.map(|(username, user)| {
(
username.to_owned(),
DictEntryGeneric::Data(Datacell::new_list(vec![
Datacell::new_bin(user.key().into()),
])),
)
})
.collect(),
),
);
}
}
let auth = cfg.auth_data().read();
let auth_key = auth_key.as_dict_mut().unwrap();
auth_key.insert(
SYS_KEY_AUTH_ROOT.into(),
DictEntryGeneric::Data(Datacell::new_bin(auth.root_key().into())),
);
auth_key.insert(
SYS_KEY_AUTH_USERS.into(),
DictEntryGeneric::Map(
// username -> [..settings]
auth.users()
.iter()
.map(|(username, user)| {
(
username.to_owned(),
DictEntryGeneric::Data(Datacell::new_list(vec![Datacell::new_bin(
user.key().into(),
)])),
)
})
.collect(),
),
);
// write
let buf = super::inf::enc::enc_dict_full::<super::inf::map::GenericDictSpec>(&map);
f.fsynced_write(&buf)
@ -195,59 +181,49 @@ fn rkey<T>(
/// Decode the system database
pub fn decode_system_database<Fs: RawFSInterface>(mut f: SDSSFileIO<Fs>) -> SDSSResult<SysConfig> {
let rem = f.load_remaining_into_buffer()?;
let mut store = inf::dec::dec_dict_full::<inf::map::GenericDictSpec>(&rem)?;
// find auth and sys stores
let mut auth_store = rkey(&mut store, SYS_KEY_AUTH, DictEntryGeneric::into_dict)?;
let mut sys_store = rkey(&mut store, SYS_KEY_SYS, DictEntryGeneric::into_dict)?;
// get our auth
let auth_root = rkey(&mut auth_store, SYS_KEY_AUTH_ROOT, |dict| {
let data = dict.into_data()?;
match data.kind() {
_ if data.is_null() => Some(None),
_ => data.into_bin().map(Some),
}
let mut sysdb_data =
inf::dec::dec_dict_full::<inf::map::GenericDictSpec>(&f.load_remaining_into_buffer()?)?;
// get our auth and sys stores
let mut auth_store = rkey(&mut sysdb_data, SYS_KEY_AUTH, DictEntryGeneric::into_dict)?;
let mut sys_store = rkey(&mut sysdb_data, SYS_KEY_SYS, DictEntryGeneric::into_dict)?;
// load auth store
let root_key = rkey(&mut auth_store, SYS_KEY_AUTH_ROOT, |d| {
d.into_data()?.into_bin()
})?;
let auth_users = rkey(&mut auth_store, SYS_KEY_AUTH_USERS, |dict| match dict {
DictEntryGeneric::Data(dc) if dc.is_null() => Some(None),
DictEntryGeneric::Map(m) => Some(Some(m)),
_ => None,
})?;
let sys_auth = match (auth_root, auth_users) {
(Some(root_pass), Some(users)) => {
let mut usermap = HashMap::new();
for (user_name, user) in users {
let mut user_data = user
.into_data()
.and_then(|d| d.into_list())
.ok_or(SDSSError::SysDBCorrupted)?;
if user_data.len() != 1 {
return Err(SDSSError::SysDBCorrupted);
}
let password = user_data
.remove(0)
.into_bin()
.ok_or(SDSSError::SysDBCorrupted)?;
usermap.insert(user_name, SysAuthUser::new(password.into_boxed_slice()));
}
Some(RwLock::new(SysAuth::new(
root_pass.into_boxed_slice(),
usermap,
)))
let users = rkey(
&mut auth_store,
SYS_KEY_AUTH_USERS,
DictEntryGeneric::into_dict,
)?;
// load users
let mut loaded_users = HashMap::new();
for (username, userdata) in users {
let mut userdata = userdata
.into_data()
.and_then(Datacell::into_list)
.ok_or(SDSSError::SysDBCorrupted)?;
if userdata.len() != 1 {
return Err(SDSSError::SysDBCorrupted);
}
(None, None) => None,
_ => return Err(SDSSError::SysDBCorrupted),
};
// get our sys
let sv = rkey(&mut sys_store, SYS_KEY_SYS_SETTINGS_VERSION, |de| {
de.into_data()?.into_uint()
let user_password = userdata
.remove(0)
.into_bin()
.ok_or(SDSSError::SysDBCorrupted)?;
loaded_users.insert(username, SysAuthUser::new(user_password.into_boxed_slice()));
}
let sys_auth = SysAuth::new(root_key.into_boxed_slice(), loaded_users);
// load sys data
let sc = rkey(&mut sys_store, SYS_KEY_SYS_STARTUP_COUNTER, |d| {
d.into_data()?.into_uint()
})?;
let sc = rkey(&mut sys_store, SYS_KEY_SYS_STARTUP_COUNTER, |de| {
de.into_data()?.into_uint()
let sv = rkey(&mut sys_store, SYS_KEY_SYS_SETTINGS_VERSION, |d| {
d.into_data()?.into_uint()
})?;
if !(sys_store.is_empty() & auth_store.is_empty() & store.is_empty()) {
// the stores have more keys than we expected. something is wrong here
if !(sysdb_data.is_empty() & auth_store.is_empty() & sys_store.is_empty()) {
return Err(SDSSError::SysDBCorrupted);
}
Ok(SysConfig::new(sys_auth, SysHostData::new(sc, sv as u32)))
Ok(SysConfig::new(
RwLock::new(sys_auth),
SysHostData::new(sc, sv as u32),
))
}

152
server/src/engine/storage/v1/tests.rs
Unescape Escape View File

@ -38,138 +38,78 @@ mod sysdb {
},
crate::engine::config::{AuthDriver, ConfigAuth},
};
#[test]
fn simple_open_close() {
{
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_1.db",
"sysdb_test_1.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::Created);
assert!(syscfg_new.store.auth_data().is_none());
assert_eq!(syscfg_new.store.host_data().settings_version(), 0);
assert_eq!(syscfg_new.store.host_data().startup_counter(), 0);
}
let syscfg_restore = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_1.db",
"sysdb_test_1.cow.db",
)
.unwrap();
assert_eq!(syscfg_restore.state, SystemStoreInitState::Unchanged);
assert!(syscfg_restore.store.auth_data().is_none());
assert_eq!(syscfg_restore.store.host_data().settings_version(), 0);
assert_eq!(syscfg_restore.store.host_data().startup_counter(), 1);
fn open_sysdb(
auth_config: ConfigAuth,
sysdb_path: &str,
sysdb_cow_path: &str,
) -> sysdb::SystemStoreInit {
sysdb::open_or_reinit_system_database::<VFS>(auth_config, sysdb_path, sysdb_cow_path)
.unwrap()
}
#[test]
fn with_auth_nochange() {
let auth = ConfigAuth::new(AuthDriver::Pwd, "password12345678".to_string());
{
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>(
Some(auth.clone()),
"sysdb_test_2.db",
"sysdb_test_2.cow.db",
fn open_close() {
let open = |auth_config| {
open_sysdb(
auth_config,
"open_close_test.sys.db",
"open_close_test.sys.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::Created);
assert!(syscfg_new
};
let auth_config = ConfigAuth::new(AuthDriver::Pwd, "password12345678".into());
{
let config = open(auth_config.clone());
assert_eq!(config.state, SystemStoreInitState::Created);
assert!(config
.store
.auth_data()
.as_ref()
.unwrap()
.read()
.verify_user("root", "password12345678")
.is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 0);
assert_eq!(syscfg_new.store.host_data().settings_version(), 0);
assert_eq!(config.store.host_data().settings_version(), 0);
assert_eq!(config.store.host_data().startup_counter(), 0);
}
// now reboot
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>(
Some(auth),
"sysdb_test_2.db",
"sysdb_test_2.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::Unchanged);
assert!(syscfg_new
// reboot
let config = open(auth_config);
assert_eq!(config.state, SystemStoreInitState::Unchanged);
assert!(config
.store
.auth_data()
.as_ref()
.unwrap()
.read()
.verify_user("root", "password12345678")
.is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 1);
assert_eq!(syscfg_new.store.host_data().settings_version(), 0);
assert_eq!(config.store.host_data().settings_version(), 0);
assert_eq!(config.store.host_data().startup_counter(), 1);
}
#[test]
fn disable_auth() {
{
let auth = ConfigAuth::new(AuthDriver::Pwd, "password12345678".to_string());
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>(
Some(auth),
"sysdb_test_3.db",
"sysdb_test_3.cow.db",
fn open_change_root_password() {
let open = |auth_config| {
open_sysdb(
auth_config,
"open_change_root_password.sys.db",
"open_change_root_password.sys.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::Created);
assert!(syscfg_new
};
{
let config = open(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into()));
assert_eq!(config.state, SystemStoreInitState::Created);
assert!(config
.store
.auth_data()
.as_ref()
.unwrap()
.read()
.verify_user("root", "password12345678")
.is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 0);
assert_eq!(syscfg_new.store.host_data().settings_version(), 0);
}
// reboot
let sysdb_cfg = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_3.db",
"sysdb_test_3.cow.db",
)
.unwrap();
assert_eq!(sysdb_cfg.state, SystemStoreInitState::UpdatedAuthDisabled);
assert!(sysdb_cfg.store.auth_data().is_none());
assert_eq!(sysdb_cfg.store.host_data().startup_counter(), 1);
assert_eq!(sysdb_cfg.store.host_data().settings_version(), 1);
}
#[test]
fn enable_auth() {
{
let sysdb_cfg = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_4.db",
"sysdb_test_4.cow.db",
)
.unwrap();
assert_eq!(sysdb_cfg.state, SystemStoreInitState::Created);
assert!(sysdb_cfg.store.auth_data().is_none());
assert_eq!(sysdb_cfg.store.host_data().startup_counter(), 0);
assert_eq!(sysdb_cfg.store.host_data().settings_version(), 0);
assert_eq!(config.store.host_data().settings_version(), 0);
assert_eq!(config.store.host_data().startup_counter(), 0);
}
// reboot
let auth = ConfigAuth::new(AuthDriver::Pwd, "password12345678".to_string());
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>(
Some(auth),
"sysdb_test_4.db",
"sysdb_test_4.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::UpdatedAuthEnabled);
assert!(syscfg_new
let config = open(ConfigAuth::new(AuthDriver::Pwd, "password23456789".into()));
assert_eq!(config.state, SystemStoreInitState::UpdatedRoot);
assert!(config
.store
.auth_data()
.as_ref()
.unwrap()
.read()
.verify_user("root", "password12345678")
.verify_user("root", "password23456789")
.is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 1);
assert_eq!(syscfg_new.store.host_data().settings_version(), 1);
assert_eq!(config.store.host_data().settings_version(), 1);
assert_eq!(config.store.host_data().startup_counter(), 1);
}
}

6
server/src/engine/tests/mod.rs
Unescape Escape View File

@ -120,7 +120,7 @@ mod cfg {
),
ConfigMode::Dev,
ConfigSystem::new(600),
Some(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into()))
ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())
)
)
},
@ -231,7 +231,7 @@ mod cfg {
),
ConfigMode::Dev,
ConfigSystem::new(600),
Some(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into()))
ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())
)
)
},
@ -277,7 +277,7 @@ endpoints:
),
ConfigMode::Dev,
ConfigSystem::new(600),
Some(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into()))
ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())
)
)
},

Write Preview
Loading…
Cancel
Save