MB-51871: Enable AuditDroppedTest for windows

And ensure that the code works with and without execute permissions
for the directory

Change-Id: Ide8a52418ba67d90a3dda8e52f67e35b739461a7
Reviewed-on: https://review.couchbase.org/c/kv_engine/+/236669
Reviewed-by: Mohammad Zaeem <[email protected]>
Tested-by: Build Bot <[email protected]>

Author: trondn

auditd/src/auditfile.cc

@@ -189,6 +189,7 @@ bool AuditFile::open() {
     // In order for this to happen in production you would generate
     // so much audit data that you would rotate within the same second
     int count = 0;
+    std::error_code ec;
     do {
         if (count == 0) {
             open_file_name =
@@ -202,7 +203,7 @@ bool AuditFile::open() {
                                                          extension);
         }
         ++count;
-    } while (exists(open_file_name));
+    } while (exists(open_file_name, ec));
 
     try {
         file = cb::crypto::FileWriter::create(
@@ -286,15 +287,15 @@ void AuditFile::set_log_directory(const std::string& new_directory) {
     }
 
     log_directory = cb::io::makeExtendedLengthPath(new_directory);
-    try {
-        create_directories(log_directory);
-    } catch (const std::runtime_error& error) {
+    std::error_code ec;
+    create_directories(log_directory, ec);
+    if (ec) {
         // The directory does not exist and we failed to create
         // it. This is not a fatal error, but it does mean that the
         // node won't be able to do any auditing
         LOG_WARNING_CTX("Audit: failed to create audit directory",
                         {"path", new_directory},
-                        {"error", error.what()});
+                        {"error", ec.message()});
     }
 }
 
@@ -327,13 +328,13 @@ bool AuditFile::flush() {
 }
 
 void AuditFile::remove_file(const std::filesystem::path& path) {
-    if (exists(path)) {
-        try {
-            remove(path);
-        } catch (const std::exception& exception) {
+    std::error_code ec;
+    if (exists(path, ec)) {
+        remove(path, ec);
+        if (ec) {
             LOG_WARNING_CTX("Audit: Failed to remove file",
                             {"path", path.generic_string()},
-                            {"error", exception.what()});
+                            {"error", ec.message()});
         }
     }
 }

tests/testapp/testapp_audit.cc

@@ -16,6 +16,7 @@
 
 #include "testapp_client_test.h"
 #include <auditd/couchbase_audit_events.h>
+#include <folly/ScopeGuard.h>
 #include <mcbp/codec/frameinfo.h>
 #include <nlohmann/json.hpp>
 #include <platform/dirutils.h>
@@ -654,38 +655,66 @@ TEST_P(AuditTest, MB51863) {
     ASSERT_EQ("0x0", document["collection_id"].get<std::string>());
 }
 
-#ifdef WIN32
-#define AuditDroppedTest DISABLED_AuditDroppedTest
-#endif
 TEST_P(AuditTest, AuditDroppedTest) {
+    using namespace std::filesystem;
     auto orgLogDir = mcd_env->getAuditLogDir();
     setEnabled(true);
 
     auto stats = getAdminConnection().stats("audit");
     // Get the current count for dropped events:
-    const auto org_dropped = stats["dropped_events"].get<size_t>();
+    auto org_dropped = stats["dropped_events"].get<size_t>();
 
     auto& json = mcd_env->getAuditConfig();
-    // Set the audit log to a path which cannot be created
-    // due to access permissions (not just the file but
-    // missing path elements in the path which needs to be
-    // created which we won't have access to create).
-    json["log_path"] = "/AuditTest/auditlog/myaudit";
-    try {
-        mcd_env->rewriteAuditConfig();
-    } catch (std::exception& e) {
-        FAIL() << "Failed to toggle audit state: " << e.what();
-    }
 
-    getAdminConnection().reloadAuditConfiguration();
+    auto writeProtectedDir = orgLogDir / "writeprotected";
+    auto filesystem_permission_guard = folly::makeGuard([&writeProtectedDir]() {
+        std::error_code ec;
+        permissions(
+                writeProtectedDir, perms::owner_all, perm_options::replace, ec);
+        if (ec) {
+            std::cerr << "Failed to restore permissions on '"
+                      << writeProtectedDir.string() << "': " << ec.message()
+                      << std::endl;
+        }
+    });
 
-    stats = getAdminConnection().stats("audit");
-    while (!stats["enabled"].get<bool>()) {
-        std::this_thread::sleep_for(std::chrono::milliseconds{10});
-        stats = getAdminConnection().stats("audit");
+    create_directories(writeProtectedDir);
+#ifdef WIN32
+    // Seems like we can't remove the ability for a user to create a directory
+    // in a directory by removing the write permission on the parent directory.
+    // Let's just create a file with the name of the audit directory. That
+    // should cause creation of the file to fail ;)
+    {
+        auto* fp = fopen((writeProtectedDir / "myaudit").string().c_str(), "w");
+        ASSERT_NE(nullptr, fp);
+        fclose(fp);
+        std::error_code ec;
+        create_directories(writeProtectedDir / "myaudit", ec);
+        ASSERT_TRUE(ec) << ec.message();
     }
+#endif
+    // Verify that it work with both read-exec and read-only permissions
+    // set for the directory
+    for (const auto mode :
+         {perms::owner_read | perms::owner_exec, perms::owner_read}) {
+        permissions(writeProtectedDir, mode, perm_options::replace);
+        json["log_path"] = writeProtectedDir / "myaudit";
+        try {
+            mcd_env->rewriteAuditConfig();
+        } catch (std::exception& e) {
+            FAIL() << "Failed to toggle audit state: " << e.what();
+        }
 
-    EXPECT_LT(org_dropped, stats["dropped_events"].get<size_t>());
+        getAdminConnection().reloadAuditConfiguration();
+        stats = getAdminConnection().stats("audit");
+        while (!stats["enabled"].get<bool>()) {
+            std::this_thread::sleep_for(std::chrono::milliseconds{10});
+            stats = getAdminConnection().stats("audit");
+        }
+
+        EXPECT_LT(org_dropped, stats["dropped_events"].get<size_t>());
+        org_dropped = stats["dropped_events"].get<size_t>();
+    }
 
     // Rewrite the config back to the original one
     json["log_path"] = orgLogDir;