X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Ftests%2Fsanity-sec.sh;h=b1a68a54d6163530b214e0eb3ff72c5dfd67ca7c;hb=4a540ca0c37a5302c9696b2b626cbb61384c60be;hp=f320e41ae383bef4626210ac7901d446f092b385;hpb=8c4f96f910786ff3d73474ef5f8d4a96a30a0bed;p=fs%2Flustre-release.git

diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index f320e41..b1a68a5 100644
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -32,6 +32,13 @@ CONFDIR=/etc/lustre
 PERM_CONF=$CONFDIR/perm.conf
 FAIL_ON_ERROR=false
 
+HOSTNAME_CHECKSUM=$(hostname | sum | awk '{ print $1 }')
+SUBNET_CHECKSUM=$(expr $HOSTNAME_CHECKSUM % 250 + 1)
+NODEMAP_COUNT=10
+NODEMAP_RANGE_COUNT=3
+NODEMAP_IPADDR_COUNT=30
+NODEMAP_MAX_ID=600
+
 require_dsh_mds || exit 0
 require_dsh_ost || exit 0
 
@@ -74,7 +81,8 @@ else
 	echo "without GSS support"
 fi
 
-MDT="`do_facet $SINGLEMDS "lctl get_param -N mdt.\*MDT\*.stats 2>/dev/null | cut -d"." -f2" || true`"
+MDT=$(do_facet $SINGLEMDS lctl get_param -N "mdt.\*MDT0000" |
+	cut -d. -f2 || true)
 [ -z "$MDT" ] && error "fail to get MDT device" && exit 1
 do_facet $SINGLEMDS "mkdir -p $CONFDIR"
 IDENTITY_FLUSH=mdt.$MDT.identity_flush
@@ -556,6 +564,633 @@ test_6() {
 }
 run_test 6 "capa expiry ========================="
 
+create_nodemaps() {
+	local i
+	local out
+	local rc
+
+	for (( i = 0; i < NODEMAP_COUNT; i++ )); do
+		if ! do_facet mgs $LCTL nodemap_add			\
+		       	${HOSTNAME_CHECKSUM}_${i}; then
+		       	return 1
+		fi
+		out=$(do_facet mgs $LCTL get_param			\
+			nodemap.${HOSTNAME_CHECKSUM}_${i}.id)
+		## This needs to return zero if the following statement is 1
+		rc=$(echo $out | grep -c ${HOSTNAME_CHECKSUM}_${i})
+		[[ $rc == 0 ]] && return 1
+	done
+	return 0
+}
+
+delete_nodemaps() {
+	local i
+	local out
+	local rc
+
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! do_facet mgs $LCTL nodemap_del 			\
+			${HOSTNAME_CHECKSUM}_${i}; then
+			error "nodemap_del ${HOSTNAME_CHECKSUM}_${i} 	\
+				failed with $rc"
+			return 3
+		fi
+		out=$(do_facet mgs $LCTL get_param 			\
+			nodemap.${HOSTNAME_CHECKSUM}_${i}.id)
+		rc=$(echo $out | grep -c ${HOSTNAME_CHECKSUM}_${i})
+		[[ $rc != 0 ]] && return 1
+	done
+	return 0
+}
+
+add_range() {
+	local j
+	local cmd="$LCTL nodemap_add_range"
+	local range
+	local rc=0
+
+	for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+		range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
+		if ! do_facet mgs $cmd --name $1	\
+			--range $range; then
+			rc=$(($rc + 1))
+		fi
+	done
+	return $rc
+}
+
+delete_range() {
+	local j
+	local cmd="$LCTL nodemap_del_range"
+	local range
+	local rc=0
+
+	for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+		range="$SUBNET_CHECKSUM.${2}.${j}.[1-253]@tcp"
+		if ! do_facet mgs $cmd --name $1	\
+			--range $range; then
+			rc=$(($rc + 1))
+		fi
+	done
+
+	return $rc
+}
+
+add_idmaps() {
+	local i
+	local j
+	local client_id
+	local fs_id
+	local cmd="$LCTL nodemap_add_idmap"
+	local rc=0
+
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		for ((j = 500; j < NODEMAP_MAX_ID; j++)); do
+			client_id=$j
+			fs_id=$(($j + 1))
+			if ! do_facet mgs $cmd				\
+			--name ${HOSTNAME_CHECKSUM}_${i}		\
+		       	--idtype uid --idmap $client_id:$fs_id; then
+				rc=$(($rc + 1))
+			fi
+			if ! do_facet mgs $cmd				\
+			--name ${HOSTNAME_CHECKSUM}_${i}		\
+		       	--idtype gid --idmap $client_id:$fs_id; then
+				rc=$(($rc + 1))
+			fi
+		done
+	done
+
+	return $rc
+}
+
+delete_idmaps() {
+	local i
+	local j
+	local client_id
+	local fs_id
+	local cmd="$LCTL nodemap_del_idmap"
+	local rc=0
+
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		for ((j = 500; j < NODEMAP_MAX_ID; j++)); do
+			client_id=$j
+			fs_id=$(($j + 1))
+			if ! do_facet mgs $cmd				\
+			--name ${HOSTNAME_CHECKSUM}_${i}		\
+		       	--idtype uid --idmap $client_id:$fs_id; then
+				rc=$(($rc + 1))
+			fi
+			if ! do_facet mgs $cmd				\
+			--name ${HOSTNAME_CHECKSUM}_${i}		\
+		       	--idtype gid --idmap $client_id:$fs_id; then
+				rc=$(($rc + 1))
+			fi
+		done
+	done
+
+	return $rc
+}
+
+modify_flags() {
+	local i
+	local proc
+	local option
+	local cmd="$LCTL nodemap_modify"
+	local rc=0
+
+	proc[0]="admin_nodemap"
+	proc[1]="trusted_nodemap"
+	option[0]="admin"
+	option[1]="trusted"
+
+	for ((idx = 0; idx < 2; idx++)); do
+		if ! do_facet mgs $cmd --name $1	\
+			--property ${option[$idx]}	\
+			--value 1; then
+			rc=$((rc + 1))
+		fi
+
+		if ! do_facet mgs $cmd --name $1	\
+			--property ${option[$idx]}	\
+			--value 0; then
+			rc=$((rc + 1))
+		fi
+	done
+
+	return $rc
+}
+
+squash_id() {
+	local cmd
+
+	cmd[0]="$LCTL nodemap_modify --property squash_uid"
+	cmd[1]="$LCTL nodemap_modify --property squash_gid"
+
+	if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
+		return 1
+	fi
+}
+
+test_nid() {
+	local cmd
+
+	cmd="$LCTL nodemap_test_nid"
+
+	nid=$(do_facet mgs $cmd $1)
+
+	if [ $nid == $2 ]; then
+		return 0
+	fi
+
+	return 1
+}
+
+test_idmap() {
+	local i
+	local j
+	local fs_id
+	local cmd="$LCTL nodemap_test_id"
+	local rc=0
+
+	## nodemap deactivated
+	if ! do_facet mgs lctl nodemap_activate 0; then
+		return 1
+	fi
+	for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
+		for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+			nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
+			fs_id=$(do_facet mgs $cmd --nid $nid	\
+				--idtype uid --id $id)
+			if [ $fs_id != $id ]; then
+				rc=$((rc + 1))
+			fi
+		done
+	done
+
+	## nodemap activated
+	if ! do_facet mgs lctl nodemap_activate 1; then
+		return 2
+	fi
+
+	for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
+		for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+			nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
+			fs_id=$(do_facet mgs $cmd --nid $nid	\
+				--idtype uid --id $id)
+			expected_id=$((id + 1))
+			if [ $fs_id != $expected_id ]; then
+				rc=$((rc + 1))
+			fi
+		done
+	done
+
+	## trust client ids
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! do_facet mgs $LCTL nodemap_modify			\
+				--name ${HOSTNAME_CHECKSUM}_${i}	\
+				--property trusted --value 1; then
+			error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
+				"failed with $rc"
+			return 3
+		fi
+	done
+
+	for ((id = 500; id < NODEMAP_MAX_ID; id++)); do
+		for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+			nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
+			fs_id=$(do_facet mgs $cmd --nid $nid	\
+				--idtype uid --id $id)
+			expected_id=$((id + 1))
+			if [ $fs_id != $id ]; then
+				rc=$((rc + 1))
+			fi
+		done
+	done
+
+	## ensure allow_root_access is enabled
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! do_facet mgs $LCTL nodemap_modify		\
+			--name ${HOSTNAME_CHECKSUM}_${i}	\
+			--property admin --value 1; then
+			error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
+				"failed with $rc"
+			return 3
+		fi
+	done
+
+	## check that root is mapped to 99
+	for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+		nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
+		fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
+		expected_id=$((id + 1))
+		if [ $fs_id != 0 ]; then
+			rc=$((rc + 1))
+		fi
+	done
+
+	## ensure allow_root_access is disabled
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! do_facet mgs $LCTL nodemap_modify		\
+				--name ${HOSTNAME_CHECKSUM}_${i}	\
+				--property admin --value 0; then
+			error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
+				"failed with $rc"
+			return 3
+		fi
+	done
+
+	## check that root allowed
+	for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+		nid="$SUBNET_CHECKSUM.0.${j}.100@tcp"
+		fs_id=$(do_facet mgs $cmd --nid $nid --idtype uid --id 0)
+		expected_id=$((id + 1))
+		if [ $fs_id != 99 ]; then
+			rc=$((rc + 1))
+		fi
+	done
+
+	## reset client trust to 0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! do_facet mgs $LCTL nodemap_modify		\
+			--name ${HOSTNAME_CHECKSUM}_${i}	\
+			--property trusted --value 0; then
+			error "nodemap_modify ${HOSTNAME_CHECKSUM}_${i} "
+				"failed with $rc"
+			return 3
+		fi
+	done
+
+	return $rc
+}
+
+test_7() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 2
+
+	return 0
+}
+run_test 7 "nodemap create and delete"
+
+test_8() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	# Set up nodemaps
+
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	# Try duplicates
+
+	create_nodemaps
+	rc=$?
+	[[ $rc == 0 ]] && error "duplicate nodemap_add allowed with $rc" &&
+	return 2
+
+	# Clean up
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 3
+
+	return 0
+}
+run_test 8 "nodemap reject duplicates"
+
+test_9() {
+	local i
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
+
+	rc=0
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 4
+
+	return 0
+}
+run_test 9 "nodemap range add"
+
+test_10() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc == 0 ]] && error "nodemap_add_range duplicate add with $rc" &&
+		return 2
+
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! delete_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_del_range failed with $rc" && return 4
+
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 5
+
+	return 0
+}
+run_test 10 "nodemap reject duplicate ranges"
+
+test_11() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! modify_flags ${HOSTNAME_CHECKSUM}_${i}; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_modify with $rc" && return 2
+
+	rc=0
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 3
+
+	return 0
+}
+run_test 11 "nodemap modify"
+
+test_12() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 0; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap squash_uid with $rc" && return 2
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 1; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
+
+	rc=0
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
+
+	return 0
+}
+run_test 12 "nodemap set squash ids"
+
+test_13() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+			for ((k = 1; k < 253; k++)); do
+				if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k	\
+				       ${HOSTNAME_CHECKSUM}_${i}; then
+					rc=$((rc + 1))
+				fi
+			done
+		done
+	done
+	[[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
+
+	rc=0
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
+
+	return 0
+}
+run_test 13 "test nids"
+
+test_14() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		for ((j = 0; j < NODEMAP_RANGE_COUNT; j++)); do
+			for ((k = 1; k < 253; k++)); do
+				if ! test_nid $SUBNET_CHECKSUM.$i.$j.$k \
+					default; then
+					rc=$((rc + 1))
+				fi
+			done
+		done
+	done
+	[[ $rc != 0 ]] && error "nodemap_test_nid failed with $rc" && return 3
+
+	rc=0
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
+
+	return 0
+}
+run_test 14 "test default nodemap nid lookup"
+
+test_15() {
+	local rc
+
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code $SINGLEMGS) -lt $(version_code 2.5.53) ] &&
+		skip "No nodemap on $(get_lustre_version) MGS, need 2.5.53+" &&
+		return
+
+	rc=0
+	create_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add failed with $rc" && return 1
+
+	rc=0
+	for ((i = 0; i < NODEMAP_COUNT; i++)); do
+		if ! add_range ${HOSTNAME_CHECKSUM}_${i} $i; then
+			rc=$((rc + 1))
+		fi
+	done
+	[[ $rc != 0 ]] && error "nodemap_add_range failed with $rc" && return 2
+
+	rc=0
+	add_idmaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_add_idmap failed with $rc" && return 3
+
+	rc=0
+	test_idmap
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_test_id failed with $rc" && return 4
+
+	rc=0
+	delete_idmaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_del_idmap failed with $rc" && return 5
+
+	rc=0
+	delete_nodemaps
+	rc=$?
+	[[ $rc != 0 ]] && error "nodemap_delete failed with $rc" && return 6
+
+	return 0
+}
+run_test 15 "test id mapping"
+
 log "cleanup: ======================================================"
 
 sec_unsetup() {
@@ -572,5 +1207,5 @@ sec_unsetup
 
 sec_cleanup
 
-complete $(basename $0) $SECONDS
+complete $SECONDS
 exit_status