gvsafronov
/
skytable
1
0
Fork 0
Code Pull Requests Activity

Force users to set root password

Browse Source
next
Sayan Nandan 12 months ago
parent d2faa19140
commit 5ba82a6cf0
No known key found for this signature in database
GPG Key ID: 42EEDF4AE9D96B54
5 changed files with 203 additions and 289 deletions
Show Stats Download Patch File Download Diff File

74
server/src/engine/config.rs
Unescape Escape View File

@ -83,7 +83,7 @@ pub struct Configuration {
endpoints: ConfigEndpoint, endpoints: ConfigEndpoint,
mode: ConfigMode, mode: ConfigMode,
system: ConfigSystem, system: ConfigSystem,
auth: Option<ConfigAuth>, auth: ConfigAuth,
} }
impl Configuration { impl Configuration {
@ -91,7 +91,7 @@ impl Configuration {
endpoints: ConfigEndpoint, endpoints: ConfigEndpoint,
mode: ConfigMode, mode: ConfigMode,
system: ConfigSystem, system: ConfigSystem,
auth: Option<ConfigAuth>, auth: ConfigAuth,
) -> Self { ) -> Self {
Self { Self {
endpoints, endpoints,
@ -103,7 +103,7 @@ impl Configuration {
const DEFAULT_HOST: &'static str = "127.0.0.1"; const DEFAULT_HOST: &'static str = "127.0.0.1";
const DEFAULT_PORT_TCP: u16 = 2003; const DEFAULT_PORT_TCP: u16 = 2003;
const DEFAULT_RELIABILITY_SVC_PING: u64 = 5 * 60; const DEFAULT_RELIABILITY_SVC_PING: u64 = 5 * 60;
pub fn default_dev_mode() -> Self { pub fn default_dev_mode(auth: DecodedAuth) -> Self {
Self { Self {
endpoints: ConfigEndpoint::Insecure(ConfigEndpointTcp { endpoints: ConfigEndpoint::Insecure(ConfigEndpointTcp {
host: Self::DEFAULT_HOST.to_owned(), host: Self::DEFAULT_HOST.to_owned(),
@ -113,7 +113,7 @@ impl Configuration {
system: ConfigSystem { system: ConfigSystem {
reliability_system_window: Self::DEFAULT_RELIABILITY_SVC_PING, reliability_system_window: Self::DEFAULT_RELIABILITY_SVC_PING,
}, },
auth: None, auth: ConfigAuth::new(auth.plugin, auth.root_pass),
} }
} }
} }
@ -634,7 +634,7 @@ Flags:
Options: Options:
--tlscert <path> Specify the path to the TLS certificate. --tlscert <path> Specify the path to the TLS certificate.
--tlskey <path> Define the path to the TLS private key. --tlskey <path> Specify the path to the TLS private key.
--endpoint <definition> Designate an endpoint. Format: protocol@host:port. --endpoint <definition> Designate an endpoint. Format: protocol@host:port.
This option can be repeated to define multiple endpoints. This option can be repeated to define multiple endpoints.
--service-window <seconds> Establish the time window for the background service in seconds. --service-window <seconds> Establish the time window for the background service in seconds.
@ -644,12 +644,12 @@ Options:
--auth-root-password <pass> Set the root password --auth-root-password <pass> Set the root password
Examples: Examples:
skyd --mode=dev --endpoint tcp@127.0.0.1:2003 skyd --mode=dev --auth-root-password \"password12345678\"
Notes: Notes:
- When no mode is provided, `--mode=dev` is defaulted to - If no `--mode` is provided, we default to `dev`
- When either of `-h` or `-v` is provided, all other options and flags are ignored. - You must provide `--auth-root-password` to set the default root password
- When `--auth-plugin` is provided, you must provide a value for `--auth-root-password` - To use TLS, you must provide both `--tlscert` and `--tlskey`
For further assistance, refer to the official documentation here: https://docs.skytable.org For further assistance, refer to the official documentation here: https://docs.skytable.org
"; ";
@ -787,8 +787,8 @@ pub fn parse_env_args() -> ConfigResult<Option<ParsedRawArgs>> {
/// Apply the configuration changes to the given mutable config /// Apply the configuration changes to the given mutable config
fn apply_config_changes<CS: ConfigurationSource>( fn apply_config_changes<CS: ConfigurationSource>(
args: &mut ParsedRawArgs, args: &mut ParsedRawArgs,
config: &mut ModifyGuard<DecodedConfiguration>, ) -> ConfigResult<ModifyGuard<DecodedConfiguration>> {
) -> ConfigResult<()> { let mut config = ModifyGuard::new(DecodedConfiguration::default());
enum DecodeKind { enum DecodeKind {
Simple { Simple {
key: &'static str, key: &'static str,
@ -822,21 +822,21 @@ fn apply_config_changes<CS: ConfigurationSource>(
match task { match task {
DecodeKind::Simple { key, f } => match args.get(key) { DecodeKind::Simple { key, f } => match args.get(key) {
Some(values_for_arg) => { Some(values_for_arg) => {
(f)(&values_for_arg, config)?; (f)(&values_for_arg, &mut config)?;
args.remove(key); args.remove(key);
} }
None => {} None => {}
}, },
DecodeKind::Complex { f } => (f)(args, config)?, DecodeKind::Complex { f } => (f)(args, &mut config)?,
} }
} }
if args.is_empty() { if !args.is_empty() {
Ok(())
} else {
Err(ConfigError::with_src( Err(ConfigError::with_src(
CS::SOURCE, CS::SOURCE,
ConfigErrorKind::ErrorString("found unknown arguments".into()), ConfigErrorKind::ErrorString("found unknown arguments".into()),
)) ))
} else {
Ok(config)
} }
} }
@ -896,7 +896,7 @@ macro_rules! if_some {
} }
macro_rules! err_if { macro_rules! err_if {
($(if $cond:expr => $error:expr),*) => { ($(if $cond:expr => $error:expr),* $(,)?) => {
$(if $cond { return Err($error) })* $(if $cond { return Err($error) })*
} }
} }
@ -909,8 +909,17 @@ fn validate_configuration<CS: ConfigurationSource>(
auth, auth,
}: DecodedConfiguration, }: DecodedConfiguration,
) -> ConfigResult<Configuration> { ) -> ConfigResult<Configuration> {
let Some(auth) = auth else {
return Err(ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString(format!(
"root account must be configured with {}",
CS::KEY_AUTH_ROOT_PASSWORD
)),
));
};
// initialize our default configuration // initialize our default configuration
let mut config = Configuration::default_dev_mode(); let mut config = Configuration::default_dev_mode(auth);
// mutate // mutate
if_some!( if_some!(
system => |system: DecodedSystemConfig| { system => |system: DecodedSystemConfig| {
@ -946,26 +955,16 @@ fn validate_configuration<CS: ConfigurationSource>(
}) })
} }
); );
if let Some(auth) = auth {
if auth.root_pass.len() < ROOT_PASSWORD_MIN_LEN {
return Err(ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString(format!(
"root password must have atleast {ROOT_PASSWORD_MIN_LEN} characters"
)),
));
}
config.auth = Some(ConfigAuth {
plugin: auth.plugin,
root_key: auth.root_pass,
});
}
// now check a few things // now check a few things
err_if!( err_if!(
if config.system.reliability_system_window == 0 => ConfigError::with_src( if config.system.reliability_system_window == 0 => ConfigError::with_src(
CS::SOURCE, CS::SOURCE,
ConfigErrorKind::ErrorString("invalid value for service window. must be nonzero".into()) ConfigErrorKind::ErrorString("invalid value for service window. must be nonzero".into()),
) ),
if config.auth.root_key.len() <= ROOT_PASSWORD_MIN_LEN => ConfigError::with_src(
CS::SOURCE,
ConfigErrorKind::ErrorString("the root password must have at least 16 characters".into()),
),
); );
Ok(config) Ok(config)
} }
@ -999,10 +998,9 @@ impl ConfigReturn {
pub(super) fn apply_and_validate<CS: ConfigurationSource>( pub(super) fn apply_and_validate<CS: ConfigurationSource>(
mut args: ParsedRawArgs, mut args: ParsedRawArgs,
) -> ConfigResult<ConfigReturn> { ) -> ConfigResult<ConfigReturn> {
let mut modcfg = ModifyGuard::new(DecodedConfiguration::default()); let cfg = apply_config_changes::<CS>(&mut args)?;
apply_config_changes::<CS>(&mut args, &mut modcfg)?; if ModifyGuard::modified(&cfg) {
if ModifyGuard::modified(&modcfg) { validate_configuration::<CS>(cfg.val).map(ConfigReturn::Config)
validate_configuration::<CS>(modcfg.val).map(ConfigReturn::Config)
} else { } else {
Ok(ConfigReturn::Default) Ok(ConfigReturn::Default)
} }

48
server/src/engine/fractal/config.rs
Unescape Escape View File

@ -35,53 +35,53 @@ use {
#[derive(Debug)] #[derive(Debug)]
/// The global system configuration /// The global system configuration
pub struct SysConfig { pub struct SysConfig {
auth_data: Option<RwLock<SysAuth>>, auth_data: RwLock<SysAuth>,
host_data: SysHostData, host_data: SysHostData,
} }
impl PartialEq for SysConfig { impl PartialEq for SysConfig {
fn eq(&self, other: &Self) -> bool { fn eq(&self, other: &Self) -> bool {
self.host_data == other.host_data self.host_data == other.host_data && self.auth_data.read().eq(&other.auth_data.read())
&& match (self.auth_data.as_ref(), other.auth_data.as_ref()) {
(None, None) => true,
(Some(a), Some(b)) => &*a.read() == &*b.read(),
_ => false,
}
} }
} }
impl SysConfig { impl SysConfig {
/// Initialize a new system config /// Initialize a new system config
pub fn new(auth_data: Option<RwLock<SysAuth>>, host_data: SysHostData) -> Self { pub fn new(auth_data: RwLock<SysAuth>, host_data: SysHostData) -> Self {
Self { Self {
auth_data, auth_data,
host_data, host_data,
} }
} }
pub fn new_auth(new_auth: Option<ConfigAuth>, host_data: SysHostData) -> Self { pub fn new_full(new_auth: ConfigAuth, host_data: SysHostData) -> Self {
match new_auth { Self::new(
Some(ConfigAuth { root_key, .. }) => Self::new( RwLock::new(SysAuth::new(
Some(RwLock::new(SysAuth::new( rcrypt::hash(new_auth.root_key, rcrypt::DEFAULT_COST)
rcrypt::hash(root_key, rcrypt::DEFAULT_COST) .unwrap()
.unwrap() .into_boxed_slice(),
.into_boxed_slice(), Default::default(),
Default::default(), )),
))), host_data,
host_data, )
), }
None => Self::new(None, host_data), pub fn new_auth(new_auth: ConfigAuth) -> Self {
} Self::new_full(new_auth, SysHostData::new(0, 0))
} }
#[cfg(test)] #[cfg(test)]
/// A test-mode default setting with auth disabled /// A test-mode default setting with the root password set to `password12345678`
pub(super) fn test_default() -> Self { pub(super) fn test_default() -> Self {
Self { Self {
auth_data: None, auth_data: RwLock::new(SysAuth::new(
rcrypt::hash("password12345678", rcrypt::DEFAULT_COST)
.unwrap()
.into_boxed_slice(),
Default::default(),
)),
host_data: SysHostData::new(0, 0), host_data: SysHostData::new(0, 0),
} }
} }
/// Returns a handle to the authentication data /// Returns a handle to the authentication data
pub fn auth_data(&self) -> &Option<RwLock<SysAuth>> { pub fn auth_data(&self) -> &RwLock<SysAuth> {
&self.auth_data &self.auth_data
} }
/// Returns a reference to host data /// Returns a reference to host data

212
server/src/engine/storage/v1/sysdb.rs
Unescape Escape View File

@ -54,10 +54,6 @@ pub enum SystemStoreInitState {
Unchanged, Unchanged,
/// The system store was present, root settings were updated /// The system store was present, root settings were updated
UpdatedRoot, UpdatedRoot,
/// the system store was present, auth was previously enabled but is now disabled
UpdatedAuthDisabled,
/// the system store was present, auth was previously disabled but is now enabled
UpdatedAuthEnabled,
} }
#[derive(Debug, PartialEq)] #[derive(Debug, PartialEq)]
@ -77,56 +73,55 @@ impl SystemStoreInit {
/// ///
/// - If it doesn't exist, create it /// - If it doesn't exist, create it
/// - If it exists, look for config changes and sync them /// - If it exists, look for config changes and sync them
pub fn open_system_database<Fs: RawFSInterface>( pub fn open_system_database<Fs: RawFSInterface>(auth: ConfigAuth) -> SDSSResult<SystemStoreInit> {
auth: Option<ConfigAuth>,
) -> SDSSResult<SystemStoreInit> {
open_or_reinit_system_database::<Fs>(auth, SYSDB_PATH, SYSDB_COW_PATH) open_or_reinit_system_database::<Fs>(auth, SYSDB_PATH, SYSDB_COW_PATH)
} }
/// Open or re-initialize the system database /// Open or re-initialize the system database
pub fn open_or_reinit_system_database<Fs: RawFSInterface>( pub fn open_or_reinit_system_database<Fs: RawFSInterface>(
auth: Option<ConfigAuth>, auth: ConfigAuth,
sysdb_path: &str, sysdb_path: &str,
sysdb_path_cow: &str, sysdb_path_cow: &str,
) -> SDSSResult<SystemStoreInit> { ) -> SDSSResult<SystemStoreInit> {
let (ex, _) = match SDSSFileIO::<Fs>::open_or_create_perm_rw::<spec::SysDBV1>(sysdb_path)? { let sysdb_file = match SDSSFileIO::<Fs>::open_or_create_perm_rw::<spec::SysDBV1>(sysdb_path)? {
FileOpen::Created(new_sysdb) => { FileOpen::Created(new) => {
let syscfg = SysConfig::new_auth(auth, SysHostData::new(0, 0)); // init new syscfg
sync_system_database_to(&syscfg, new_sysdb)?; let new_syscfg = SysConfig::new_auth(auth);
return Ok(SystemStoreInit::new(syscfg, SystemStoreInitState::Created)); sync_system_database_to(&new_syscfg, new)?;
return Ok(SystemStoreInit::new(
new_syscfg,
SystemStoreInitState::Created,
));
} }
FileOpen::Existing(ex) => ex, FileOpen::Existing((ex, _)) => ex,
}; };
let last_syscfg = decode_system_database(ex)?; let prev_sysdb = decode_system_database(sysdb_file)?;
let mut state = SystemStoreInitState::Unchanged; let state;
match (last_syscfg.auth_data(), &auth) { // see if settings have changed
(Some(last_auth), Some(new_auth)) => { if prev_sysdb
let last_auth = last_auth.read(); .auth_data()
if last_auth.verify_user("root", &new_auth.root_key).is_err() { .read()
// the root password was changed .verify_user("root", &auth.root_key)
state = SystemStoreInitState::UpdatedRoot; .is_ok()
} {
} state = SystemStoreInitState::Unchanged;
(Some(_), None) => { } else {
state = SystemStoreInitState::UpdatedAuthDisabled; state = SystemStoreInitState::UpdatedRoot;
}
(None, Some(_)) => {
state = SystemStoreInitState::UpdatedAuthEnabled;
}
(None, None) => {}
} }
let new_syscfg = SysConfig::new_auth( // create new config
let new_syscfg = SysConfig::new_full(
auth, auth,
SysHostData::new( SysHostData::new(
last_syscfg.host_data().startup_counter() + 1, prev_sysdb.host_data().startup_counter() + 1,
last_syscfg.host_data().settings_version() prev_sysdb.host_data().settings_version()
+ !matches!(state, SystemStoreInitState::Unchanged) as u32, + !matches!(state, SystemStoreInitState::Unchanged) as u32,
), ),
); );
// sync // sync
let cow_file = SDSSFileIO::<Fs>::create::<spec::SysDBV1>(sysdb_path_cow)?; sync_system_database_to(
sync_system_database_to(&new_syscfg, cow_file)?; &new_syscfg,
// replace SDSSFileIO::<Fs>::create::<spec::SysDBV1>(sysdb_path_cow)?,
)?;
Fs::fs_rename_file(sysdb_path_cow, sysdb_path)?; Fs::fs_rename_file(sysdb_path_cow, sysdb_path)?;
Ok(SystemStoreInit::new(new_syscfg, state)) Ok(SystemStoreInit::new(new_syscfg, state))
} }
@ -145,38 +140,29 @@ pub fn sync_system_database_to<Fs: RawFSInterface>(
SYS_KEY_AUTH => DictGeneric::new(), SYS_KEY_AUTH => DictGeneric::new(),
); );
let auth_key = map.get_mut(SYS_KEY_AUTH).unwrap(); let auth_key = map.get_mut(SYS_KEY_AUTH).unwrap();
match cfg.auth_data() { let auth = cfg.auth_data().read();
None => { let auth_key = auth_key.as_dict_mut().unwrap();
*auth_key = DictEntryGeneric::Map( auth_key.insert(
into_dict!(SYS_KEY_AUTH_ROOT => Datacell::null(), SYS_KEY_AUTH_USERS => Datacell::null()), SYS_KEY_AUTH_ROOT.into(),
) DictEntryGeneric::Data(Datacell::new_bin(auth.root_key().into())),
} );
Some(auth) => { auth_key.insert(
let auth = auth.read(); SYS_KEY_AUTH_USERS.into(),
let auth_key = auth_key.as_dict_mut().unwrap(); DictEntryGeneric::Map(
auth_key.insert( // username -> [..settings]
SYS_KEY_AUTH_ROOT.into(), auth.users()
DictEntryGeneric::Data(Datacell::new_bin(auth.root_key().into())), .iter()
); .map(|(username, user)| {
auth_key.insert( (
SYS_KEY_AUTH_USERS.into(), username.to_owned(),
DictEntryGeneric::Map( DictEntryGeneric::Data(Datacell::new_list(vec![Datacell::new_bin(
// username -> [..settings] user.key().into(),
auth.users() )])),
.iter() )
.map(|(username, user)| { })
( .collect(),
username.to_owned(), ),
DictEntryGeneric::Data(Datacell::new_list(vec![ );
Datacell::new_bin(user.key().into()),
])),
)
})
.collect(),
),
);
}
}
// write // write
let buf = super::inf::enc::enc_dict_full::<super::inf::map::GenericDictSpec>(&map); let buf = super::inf::enc::enc_dict_full::<super::inf::map::GenericDictSpec>(&map);
f.fsynced_write(&buf) f.fsynced_write(&buf)
@ -195,59 +181,49 @@ fn rkey<T>(
/// Decode the system database /// Decode the system database
pub fn decode_system_database<Fs: RawFSInterface>(mut f: SDSSFileIO<Fs>) -> SDSSResult<SysConfig> { pub fn decode_system_database<Fs: RawFSInterface>(mut f: SDSSFileIO<Fs>) -> SDSSResult<SysConfig> {
let rem = f.load_remaining_into_buffer()?; let mut sysdb_data =
let mut store = inf::dec::dec_dict_full::<inf::map::GenericDictSpec>(&rem)?; inf::dec::dec_dict_full::<inf::map::GenericDictSpec>(&f.load_remaining_into_buffer()?)?;
// find auth and sys stores // get our auth and sys stores
let mut auth_store = rkey(&mut store, SYS_KEY_AUTH, DictEntryGeneric::into_dict)?; let mut auth_store = rkey(&mut sysdb_data, SYS_KEY_AUTH, DictEntryGeneric::into_dict)?;
let mut sys_store = rkey(&mut store, SYS_KEY_SYS, DictEntryGeneric::into_dict)?; let mut sys_store = rkey(&mut sysdb_data, SYS_KEY_SYS, DictEntryGeneric::into_dict)?;
// get our auth // load auth store
let auth_root = rkey(&mut auth_store, SYS_KEY_AUTH_ROOT, |dict| { let root_key = rkey(&mut auth_store, SYS_KEY_AUTH_ROOT, |d| {
let data = dict.into_data()?; d.into_data()?.into_bin()
match data.kind() {
_ if data.is_null() => Some(None),
_ => data.into_bin().map(Some),
}
})?; })?;
let auth_users = rkey(&mut auth_store, SYS_KEY_AUTH_USERS, |dict| match dict { let users = rkey(
DictEntryGeneric::Data(dc) if dc.is_null() => Some(None), &mut auth_store,
DictEntryGeneric::Map(m) => Some(Some(m)), SYS_KEY_AUTH_USERS,
_ => None, DictEntryGeneric::into_dict,
})?; )?;
let sys_auth = match (auth_root, auth_users) { // load users
(Some(root_pass), Some(users)) => { let mut loaded_users = HashMap::new();
let mut usermap = HashMap::new(); for (username, userdata) in users {
for (user_name, user) in users { let mut userdata = userdata
let mut user_data = user .into_data()
.into_data() .and_then(Datacell::into_list)
.and_then(|d| d.into_list()) .ok_or(SDSSError::SysDBCorrupted)?;
.ok_or(SDSSError::SysDBCorrupted)?; if userdata.len() != 1 {
if user_data.len() != 1 { return Err(SDSSError::SysDBCorrupted);
return Err(SDSSError::SysDBCorrupted);
}
let password = user_data
.remove(0)
.into_bin()
.ok_or(SDSSError::SysDBCorrupted)?;
usermap.insert(user_name, SysAuthUser::new(password.into_boxed_slice()));
}
Some(RwLock::new(SysAuth::new(
root_pass.into_boxed_slice(),
usermap,
)))
} }
(None, None) => None, let user_password = userdata
_ => return Err(SDSSError::SysDBCorrupted), .remove(0)
}; .into_bin()
// get our sys .ok_or(SDSSError::SysDBCorrupted)?;
let sv = rkey(&mut sys_store, SYS_KEY_SYS_SETTINGS_VERSION, |de| { loaded_users.insert(username, SysAuthUser::new(user_password.into_boxed_slice()));
de.into_data()?.into_uint() }
let sys_auth = SysAuth::new(root_key.into_boxed_slice(), loaded_users);
// load sys data
let sc = rkey(&mut sys_store, SYS_KEY_SYS_STARTUP_COUNTER, |d| {
d.into_data()?.into_uint()
})?; })?;
let sc = rkey(&mut sys_store, SYS_KEY_SYS_STARTUP_COUNTER, |de| { let sv = rkey(&mut sys_store, SYS_KEY_SYS_SETTINGS_VERSION, |d| {
de.into_data()?.into_uint() d.into_data()?.into_uint()
})?; })?;
if !(sys_store.is_empty() & auth_store.is_empty() & store.is_empty()) { if !(sysdb_data.is_empty() & auth_store.is_empty() & sys_store.is_empty()) {
// the stores have more keys than we expected. something is wrong here
return Err(SDSSError::SysDBCorrupted); return Err(SDSSError::SysDBCorrupted);
} }
Ok(SysConfig::new(sys_auth, SysHostData::new(sc, sv as u32))) Ok(SysConfig::new(
RwLock::new(sys_auth),
SysHostData::new(sc, sv as u32),
))
} }

152
server/src/engine/storage/v1/tests.rs
Unescape Escape View File

@ -38,138 +38,78 @@ mod sysdb {
}, },
crate::engine::config::{AuthDriver, ConfigAuth}, crate::engine::config::{AuthDriver, ConfigAuth},
}; };
#[test] fn open_sysdb(
fn simple_open_close() { auth_config: ConfigAuth,
{ sysdb_path: &str,
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>( sysdb_cow_path: &str,
None, ) -> sysdb::SystemStoreInit {
"sysdb_test_1.db", sysdb::open_or_reinit_system_database::<VFS>(auth_config, sysdb_path, sysdb_cow_path)
"sysdb_test_1.cow.db", .unwrap()
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::Created);
assert!(syscfg_new.store.auth_data().is_none());
assert_eq!(syscfg_new.store.host_data().settings_version(), 0);
assert_eq!(syscfg_new.store.host_data().startup_counter(), 0);
}
let syscfg_restore = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_1.db",
"sysdb_test_1.cow.db",
)
.unwrap();
assert_eq!(syscfg_restore.state, SystemStoreInitState::Unchanged);
assert!(syscfg_restore.store.auth_data().is_none());
assert_eq!(syscfg_restore.store.host_data().settings_version(), 0);
assert_eq!(syscfg_restore.store.host_data().startup_counter(), 1);
} }
#[test] #[test]
fn with_auth_nochange() { fn open_close() {
let auth = ConfigAuth::new(AuthDriver::Pwd, "password12345678".to_string()); let open = |auth_config| {
{ open_sysdb(
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>( auth_config,
Some(auth.clone()), "open_close_test.sys.db",
"sysdb_test_2.db", "open_close_test.sys.cow.db",
"sysdb_test_2.cow.db",
) )
.unwrap(); };
assert_eq!(syscfg_new.state, SystemStoreInitState::Created); let auth_config = ConfigAuth::new(AuthDriver::Pwd, "password12345678".into());
assert!(syscfg_new {
let config = open(auth_config.clone());
assert_eq!(config.state, SystemStoreInitState::Created);
assert!(config
.store .store
.auth_data() .auth_data()
.as_ref()
.unwrap()
.read() .read()
.verify_user("root", "password12345678") .verify_user("root", "password12345678")
.is_ok()); .is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 0); assert_eq!(config.store.host_data().settings_version(), 0);
assert_eq!(syscfg_new.store.host_data().settings_version(), 0); assert_eq!(config.store.host_data().startup_counter(), 0);
} }
// now reboot // reboot
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>( let config = open(auth_config);
Some(auth), assert_eq!(config.state, SystemStoreInitState::Unchanged);
"sysdb_test_2.db", assert!(config
"sysdb_test_2.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::Unchanged);
assert!(syscfg_new
.store .store
.auth_data() .auth_data()
.as_ref()
.unwrap()
.read() .read()
.verify_user("root", "password12345678") .verify_user("root", "password12345678")
.is_ok()); .is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 1); assert_eq!(config.store.host_data().settings_version(), 0);
assert_eq!(syscfg_new.store.host_data().settings_version(), 0); assert_eq!(config.store.host_data().startup_counter(), 1);
} }
#[test] #[test]
fn disable_auth() { fn open_change_root_password() {
{ let open = |auth_config| {
let auth = ConfigAuth::new(AuthDriver::Pwd, "password12345678".to_string()); open_sysdb(
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>( auth_config,
Some(auth), "open_change_root_password.sys.db",
"sysdb_test_3.db", "open_change_root_password.sys.cow.db",
"sysdb_test_3.cow.db",
) )
.unwrap(); };
assert_eq!(syscfg_new.state, SystemStoreInitState::Created); {
assert!(syscfg_new let config = open(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into()));
assert_eq!(config.state, SystemStoreInitState::Created);
assert!(config
.store .store
.auth_data() .auth_data()
.as_ref()
.unwrap()
.read() .read()
.verify_user("root", "password12345678") .verify_user("root", "password12345678")
.is_ok()); .is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 0); assert_eq!(config.store.host_data().settings_version(), 0);
assert_eq!(syscfg_new.store.host_data().settings_version(), 0); assert_eq!(config.store.host_data().startup_counter(), 0);
}
// reboot
let sysdb_cfg = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_3.db",
"sysdb_test_3.cow.db",
)
.unwrap();
assert_eq!(sysdb_cfg.state, SystemStoreInitState::UpdatedAuthDisabled);
assert!(sysdb_cfg.store.auth_data().is_none());
assert_eq!(sysdb_cfg.store.host_data().startup_counter(), 1);
assert_eq!(sysdb_cfg.store.host_data().settings_version(), 1);
}
#[test]
fn enable_auth() {
{
let sysdb_cfg = sysdb::open_or_reinit_system_database::<VFS>(
None,
"sysdb_test_4.db",
"sysdb_test_4.cow.db",
)
.unwrap();
assert_eq!(sysdb_cfg.state, SystemStoreInitState::Created);
assert!(sysdb_cfg.store.auth_data().is_none());
assert_eq!(sysdb_cfg.store.host_data().startup_counter(), 0);
assert_eq!(sysdb_cfg.store.host_data().settings_version(), 0);
} }
// reboot let config = open(ConfigAuth::new(AuthDriver::Pwd, "password23456789".into()));
let auth = ConfigAuth::new(AuthDriver::Pwd, "password12345678".to_string()); assert_eq!(config.state, SystemStoreInitState::UpdatedRoot);
let syscfg_new = sysdb::open_or_reinit_system_database::<VFS>( assert!(config
Some(auth),
"sysdb_test_4.db",
"sysdb_test_4.cow.db",
)
.unwrap();
assert_eq!(syscfg_new.state, SystemStoreInitState::UpdatedAuthEnabled);
assert!(syscfg_new
.store .store
.auth_data() .auth_data()
.as_ref()
.unwrap()
.read() .read()
.verify_user("root", "password12345678") .verify_user("root", "password23456789")
.is_ok()); .is_ok());
assert_eq!(syscfg_new.store.host_data().startup_counter(), 1); assert_eq!(config.store.host_data().settings_version(), 1);
assert_eq!(syscfg_new.store.host_data().settings_version(), 1); assert_eq!(config.store.host_data().startup_counter(), 1);
} }
} }

6
server/src/engine/tests/mod.rs
Unescape Escape View File

@ -120,7 +120,7 @@ mod cfg {
), ),
ConfigMode::Dev, ConfigMode::Dev,
ConfigSystem::new(600), ConfigSystem::new(600),
Some(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())) ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())
) )
) )
}, },
@ -231,7 +231,7 @@ mod cfg {
), ),
ConfigMode::Dev, ConfigMode::Dev,
ConfigSystem::new(600), ConfigSystem::new(600),
Some(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())) ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())
) )
) )
}, },
@ -277,7 +277,7 @@ endpoints:
), ),
ConfigMode::Dev, ConfigMode::Dev,
ConfigSystem::new(600), ConfigSystem::new(600),
Some(ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())) ConfigAuth::new(AuthDriver::Pwd, "password12345678".into())
) )
) )
}, },

Write Preview
Loading…
Cancel
Save