2
* Copyright (C) 2011 Google Inc.
4
* This library is free software; you can redistribute it and/or
5
* modify it under the terms of the GNU Lesser General Public
6
* License as published by the Free Software Foundation; either
7
* version 2 of the License, or (at your option) any later version.
9
* This library is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12
* Lesser General Public License for more details.
14
* You should have received a copy of the GNU Lesser General
15
* Public License along with this library; if not, write to the
16
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
17
* Boston, MA 02111-1307, USA.
19
* Author: Nikki VonHollen <vonhollen@google.com>
24
#include <polkittesthelper.h>
25
#include <polkit/polkit.h>
26
#include <polkitbackend/polkitbackendlocalauthority.h>
28
#define TEST_CONFIG_PATH "etc/polkit-1/localauthority.conf.d"
29
#define TEST_AUTH_PATH1 "etc/polkit-1/localauthority"
30
#define TEST_AUTH_PATH2 "var/lib/polkit-1/localauthority"
32
/* Test helper types */
35
const gchar *identity;
36
gboolean subject_is_local;
37
gboolean subject_is_active;
38
const gchar *action_id;
39
PolkitImplicitAuthorization implicit;
40
PolkitImplicitAuthorization expect;
43
static PolkitBackendLocalAuthority *create_authority (void);
46
/* Test implementations */
49
test_check_authorization_sync (const void *_ctx)
51
const struct auth_context *ctx = (const struct auth_context *) _ctx;
53
PolkitBackendLocalAuthority *authority = create_authority ();
55
PolkitSubject *caller = polkit_unix_session_new ("caller-session");
58
PolkitSubject *subject = polkit_unix_session_new ("subject-session");;
62
PolkitIdentity *user_for_subject = polkit_identity_from_string (ctx->identity, &error);
63
g_assert_no_error (error);
64
g_assert (user_for_subject);
66
PolkitDetails *details = polkit_details_new ();
69
PolkitDetails *out_details = polkit_details_new ();
70
g_assert (out_details);
72
PolkitImplicitAuthorization auth;
74
auth = polkit_backend_interactive_authority_check_authorization_sync (
75
POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority),
79
ctx->subject_is_local,
80
ctx->subject_is_active,
86
g_assert_cmpint (auth, ==, ctx->expect);
88
g_object_unref (authority);
89
g_object_unref (caller);
90
g_object_unref (subject);
91
g_object_unref (user_for_subject);
92
g_object_unref (details);
93
g_object_unref (out_details);
97
test_get_admin_identities (void)
99
/* Note: The implementation for get_admin_identities is called
100
* get_admin_auth_identities in PolkitBackendLocalAuthority */
102
PolkitBackendLocalAuthority *authority = create_authority ();
104
/* Setup required arguments, but none of their values matter */
105
PolkitSubject *caller = polkit_unix_session_new ("caller-session");
108
PolkitSubject *subject = polkit_unix_session_new ("subject-session");;
111
GError *error = NULL;
112
PolkitIdentity *user_for_subject = polkit_identity_from_string ("unix-user:root", &error);
113
g_assert_no_error (error);
114
g_assert (user_for_subject);
116
PolkitDetails *details = polkit_details_new ();
119
/* Get the list of PolkitUnixUser objects who are admins */
121
result = polkit_backend_interactive_authority_get_admin_identities (
122
POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority),
126
"com.example.doesntmatter",
129
guint result_len = g_list_length (result);
130
g_assert_cmpint (result_len, >, 0);
132
/* Test against each of the admins in the following list */
133
const gchar *expect_admins [] = {
142
for (i = 0; expect_admins[i] != NULL; i++)
144
g_assert_cmpint (i, <, result_len);
146
PolkitIdentity *test_identity = POLKIT_IDENTITY (g_list_nth_data (result, i));
147
g_assert (test_identity);
149
gchar *test_identity_str = polkit_identity_to_string (test_identity);
150
g_assert_cmpstr (expect_admins[i], ==, test_identity_str);
155
/* Factory for mock local authority. */
156
static PolkitBackendLocalAuthority *
157
create_authority (void)
159
gchar *config_path = polkit_test_get_data_path (TEST_CONFIG_PATH);
160
gchar *auth_path1 = polkit_test_get_data_path (TEST_AUTH_PATH1);
161
gchar *auth_path2 = polkit_test_get_data_path (TEST_AUTH_PATH2);
162
gchar *auth_paths = g_strconcat (auth_path1, ";", auth_path2, NULL);
164
g_assert (config_path);
165
g_assert (auth_path1);
166
g_assert (auth_path2);
167
g_assert (auth_paths);
169
PolkitBackendLocalAuthority *authority = g_object_new (
170
POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY,
171
"config-path", config_path,
172
"auth-store-paths", auth_paths,
175
g_free (config_path);
183
/* Variations of the check_authorization_sync */
184
struct auth_context check_authorization_test_data [] = {
185
/* Test root, john, and jane on action awesomeproduct.foo (all users are ok) */
186
{"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.foo",
187
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
188
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
189
{"unix-user:root", TRUE, FALSE, "com.example.awesomeproduct.foo",
190
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
191
POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED},
192
{"unix-user:root", FALSE, FALSE, "com.example.awesomeproduct.foo",
193
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
194
POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED},
195
{"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.foo",
196
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
197
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
198
{"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.foo",
199
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
200
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
202
/* Test root, john, and jane on action restrictedproduct.foo (only root is ok) */
203
{"unix-user:root", TRUE, TRUE, "com.example.restrictedproduct.foo",
204
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
205
POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED},
206
{"unix-user:john", TRUE, TRUE, "com.example.restrictedproduct.foo",
207
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
208
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
209
{"unix-user:jane", TRUE, TRUE, "com.example.restrictedproduct.foo",
210
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
211
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
213
/* Test root against some missing actions */
214
{"unix-user:root", TRUE, TRUE, "com.example.missingproduct.foo",
215
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
216
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
218
/* Test root, john, and jane against action awesomeproduct.bar
219
* which uses "unix-netgroup:baz" for auth (john and jane are OK, root is not) */
220
{"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.bar",
221
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
222
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
223
{"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.bar",
224
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
225
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
226
{"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar",
227
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
228
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
234
/* Automatically create many variations of the check_authorization_sync test */
236
add_check_authorization_tests (void) {
238
for (i = 0; check_authorization_test_data[i].identity; i++) {
239
struct auth_context *ctx = &check_authorization_test_data[i];
240
gchar *test_name = g_strdup_printf (
241
"/PolkitBackendLocalAuthority/check_authorization_sync_%d", i);
242
g_test_add_data_func (test_name, ctx, test_check_authorization_sync);
248
main (int argc, char *argv[])
251
g_test_init (&argc, &argv, NULL);
252
polkit_test_redirect_logs ();
254
// Register extension point only once. Required to create authority.
255
GIOExtensionPoint *ep = g_io_extension_point_register (
256
POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME);
257
g_io_extension_point_set_required_type (ep,
258
POLKIT_BACKEND_TYPE_AUTHORITY);
260
add_check_authorization_tests ();
261
g_test_add_func ("/PolkitBackendLocalAuthority/get_admin_identities", test_get_admin_identities);
263
return g_test_run ();