summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniel Mack <daniel@zonque.org>2014-09-19 14:50:53 +0200
committerDaniel Mack <daniel@zonque.org>2014-09-20 18:47:45 +0200
commit20725d929ff566e53d7a857d6f0ee94aa8383469 (patch)
tree59f7ebbf70dc6f9f6c97b2382cb582a8953edd7f /src
parent38349552d8d6418229fee9ee68b1f470b4ad7a52 (diff)
bus-policy: add test utility
Add some test files and routines for dbus policy checking.
Diffstat (limited to 'src')
-rw-r--r--src/bus-proxyd/test-bus-policy.c165
1 files changed, 165 insertions, 0 deletions
diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
new file mode 100644
index 0000000000..ed17bfe96e
--- /dev/null
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -0,0 +1,165 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2014 Daniel Mack
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/poll.h>
+#include <stddef.h>
+#include <getopt.h>
+
+#include "log.h"
+#include "util.h"
+#include "sd-bus.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "bus-internal.h"
+#include "build.h"
+#include "strv.h"
+#include "def.h"
+#include "capability.h"
+
+#include <bus-proxyd/bus-policy.h>
+
+static int make_name_request(sd_bus *bus,
+ const char *name,
+ sd_bus_message **ret) {
+
+ int r;
+ sd_bus_message *m = NULL;
+
+ r = sd_bus_message_new_method_call(bus, &m, "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", "RequestName");
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append_basic(m, 's', name);
+ if (r < 0)
+ return r;
+
+ m->sealed = 1;
+ sd_bus_message_rewind(m, true);
+
+ *ret = m;
+ return 0;
+}
+
+int main(int argc, char *argv[]) {
+
+ Policy p = {};
+ sd_bus_message *m;
+ struct ucred ucred = {};
+ _cleanup_bus_close_unref_ sd_bus *bus = NULL;;
+
+ assert_se(sd_bus_default_system(&bus) >= 0);
+
+ /* Fake pid for policy checks */
+ ucred.pid = 1;
+
+ /* Ownership tests */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/ownerships.conf")) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test1", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test2", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test3", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test4", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ policy_free(&p);
+
+ /* Signal test */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/signals.conf")) == 0);
+
+ assert_se(sd_bus_message_new_signal(bus, &m, "/an/object/path", "bli.bla.blubb", "Name") == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ policy_free(&p);
+
+ /* Method calls */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/methods.conf")) == 0);
+
+ ucred.uid = 0;
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.foo.bar", "/an/object/path", "bli.bla.blubb", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ bus->is_kernel = 1;
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.test.test1", "/an/object/path", "org.test.int1", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ policy_free(&p);
+
+ /* User and groups */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/hello.conf")) == 0);
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", "Hello") == 0);
+ policy_dump(&p);
+
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ ucred.uid = 0;
+ ucred.gid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ policy_free(&p);
+
+
+ return EXIT_SUCCESS;
+}