credentials: Add test coverage for groups

Signed-off-by: Simon McVittie <smcv@collabora.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737 Reviewed-by: Philip Withnall <withnall@endlessm.com>
author: Simon McVittie <smcv@collabora.com> 2018-01-16 13:16:23 +0000
committer: Simon McVittie <smcv@collabora.com> 2018-03-02 14:51:32 +0000
commit: 5efe081fd4c44934a96cfc0a1900a843aad36925 (patch)
tree: cbd1e86564585f7fa4b3f02dd59c080a5ab1276a
parent: b6648ca6550c0d407957e9a859b0cd3f9480827c (diff)
1 files changed, 83 insertions, 7 deletions
diff --git a/dbus/dbus-credentials-util.c b/dbus/dbus-credentials-util.c
index b40072dfc..166fc627e 100644
--- a/dbus/dbus-credentials-util.c
+++ b/dbus/dbus-credentials-util.c
@@ -41,9 +41,28 @@
 static DBusCredentials*
 make_credentials(dbus_uid_t  unix_uid,
                  dbus_pid_t  pid,
+                 int group_vector,
                  const char *windows_sid)
 {
   DBusCredentials *credentials;
+  static const struct
+    {
+      size_t n;
+      const dbus_gid_t gids[4];
+    }
+  group_vectors[] =
+    {
+        { 4, { 1000, 42, 123, 5678 } },
+        { 2, { 23, 1001 } },
+        { 4, { 5678, 123, 42, 1000 } }
+    };
+
+  /*
+   * group_vector is 0 to not add any groups, or n > 0 to add groups from
+   * group_vectors[n-1].
+   */
+  _dbus_assert (group_vector >= 0);
+  _dbus_assert (group_vector <= _DBUS_N_ELEMENTS (group_vectors));
 
   credentials = _dbus_credentials_new ();
 
@@ -65,6 +84,25 @@ make_credentials(dbus_uid_t  unix_uid,
         }
     }
 
+  if (group_vector)
+    {
+      dbus_gid_t *copy;
+
+      copy = dbus_new0 (dbus_gid_t, group_vectors[group_vector - 1].n);
+
+      if (copy == NULL)
+        {
+          _dbus_credentials_unref (credentials);
+          return NULL;
+        }
+
+      memcpy (copy, group_vectors[group_vector - 1].gids,
+              sizeof (dbus_gid_t) * group_vectors[group_vector - 1].n);
+
+      _dbus_credentials_take_unix_gids (credentials, copy,
+                                        group_vectors[group_vector - 1].n);
+    }
+
   if (windows_sid != NULL)
     {
       if (!_dbus_credentials_add_windows_sid (credentials, windows_sid))
@@ -85,11 +123,14 @@ _dbus_credentials_test (const char *test_data_dir)
 {
   DBusCredentials *creds;
   DBusCredentials *creds2;
+  DBusString str;
+  const dbus_gid_t *gids;
+  size_t n;
   
   if (test_data_dir == NULL)
     return TRUE;
 
-  creds = make_credentials (12, 511, SAMPLE_SID);
+  creds = make_credentials (12, 511, 1, SAMPLE_SID);
   if (creds == NULL)
     _dbus_test_fatal ("oom");
 
@@ -99,11 +140,18 @@ _dbus_credentials_test (const char *test_data_dir)
   
   _dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_USER_ID));
   _dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_PROCESS_ID));
+  _dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_GROUP_IDS));
   _dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_WINDOWS_SID));
 
   _dbus_assert (_dbus_credentials_get_unix_uid (creds) == 12);
   _dbus_assert (_dbus_credentials_get_pid (creds) == 511);
   _dbus_assert (strcmp (_dbus_credentials_get_windows_sid (creds), SAMPLE_SID) == 0);
+  _dbus_assert (_dbus_credentials_get_unix_gids (creds, &gids, &n));
+  _dbus_assert (n == 4);
+  _dbus_assert (gids[0] == 42);
+  _dbus_assert (gids[1] == 123);
+  _dbus_assert (gids[2] == 1000);
+  _dbus_assert (gids[3] == 5678);
 
   _dbus_assert (!_dbus_credentials_are_empty (creds));
   _dbus_assert (!_dbus_credentials_are_anonymous (creds));
@@ -115,18 +163,25 @@ _dbus_credentials_test (const char *test_data_dir)
 
   _dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_UNIX_USER_ID));
   _dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_UNIX_PROCESS_ID));
+  _dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_UNIX_GROUP_IDS));
   _dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_WINDOWS_SID));
 
   _dbus_assert (_dbus_credentials_get_unix_uid (creds2) == 12);
   _dbus_assert (_dbus_credentials_get_pid (creds2) == 511);
   _dbus_assert (strcmp (_dbus_credentials_get_windows_sid (creds2), SAMPLE_SID) == 0);  
+  _dbus_assert (_dbus_credentials_get_unix_gids (creds2, &gids, &n));
+  _dbus_assert (n == 4);
+  _dbus_assert (gids[0] == 42);
+  _dbus_assert (gids[1] == 123);
+  _dbus_assert (gids[2] == 1000);
+  _dbus_assert (gids[3] == 5678);
 
   _dbus_assert (_dbus_credentials_are_superset (creds, creds2));
   
   _dbus_credentials_unref (creds2);
   
   /* Same user if both unix and windows are the same */
-  creds2 = make_credentials (12, DBUS_PID_UNSET, SAMPLE_SID);
+  creds2 = make_credentials (12, DBUS_PID_UNSET, 0, SAMPLE_SID);
   if (creds2 == NULL)
     _dbus_test_fatal ("oom");
 
@@ -135,7 +190,7 @@ _dbus_credentials_test (const char *test_data_dir)
   _dbus_credentials_unref (creds2);
 
   /* Not the same user if Windows is missing */
-  creds2 = make_credentials (12, DBUS_PID_UNSET, NULL);
+  creds2 = make_credentials (12, DBUS_PID_UNSET, 0, NULL);
   if (creds2 == NULL)
     _dbus_test_fatal ("oom");
 
@@ -145,7 +200,7 @@ _dbus_credentials_test (const char *test_data_dir)
   _dbus_credentials_unref (creds2);
 
   /* Not the same user if Windows is different */
-  creds2 = make_credentials (12, DBUS_PID_UNSET, OTHER_SAMPLE_SID);
+  creds2 = make_credentials (12, DBUS_PID_UNSET, 0, OTHER_SAMPLE_SID);
   if (creds2 == NULL)
     _dbus_test_fatal ("oom");
 
@@ -155,7 +210,7 @@ _dbus_credentials_test (const char *test_data_dir)
   _dbus_credentials_unref (creds2);
 
   /* Not the same user if Unix is missing */
-  creds2 = make_credentials (DBUS_UID_UNSET, DBUS_PID_UNSET, SAMPLE_SID);
+  creds2 = make_credentials (DBUS_UID_UNSET, DBUS_PID_UNSET, 0, SAMPLE_SID);
   if (creds2 == NULL)
     _dbus_test_fatal ("oom");
 
@@ -165,7 +220,7 @@ _dbus_credentials_test (const char *test_data_dir)
   _dbus_credentials_unref (creds2);
 
   /* Not the same user if Unix is different */
-  creds2 = make_credentials (15, DBUS_PID_UNSET, SAMPLE_SID);
+  creds2 = make_credentials (15, DBUS_PID_UNSET, 0, SAMPLE_SID);
   if (creds2 == NULL)
     _dbus_test_fatal ("oom");
 
@@ -175,7 +230,7 @@ _dbus_credentials_test (const char *test_data_dir)
   _dbus_credentials_unref (creds2);
 
   /* Not the same user if both are missing */
-  creds2 = make_credentials (DBUS_UID_UNSET, DBUS_PID_UNSET, NULL);
+  creds2 = make_credentials (DBUS_UID_UNSET, DBUS_PID_UNSET, 0, NULL);
   if (creds2 == NULL)
     _dbus_test_fatal ("oom");
 
@@ -184,6 +239,27 @@ _dbus_credentials_test (const char *test_data_dir)
   
   _dbus_credentials_unref (creds2);
 
+  /* Same user, but not a superset, if groups are different */
+  creds2 = make_credentials (12, 511, 2, SAMPLE_SID);
+  if (creds2 == NULL)
+    _dbus_test_fatal ("oom");
+
+  _dbus_assert (_dbus_credentials_same_user (creds, creds2));
+  _dbus_assert (!_dbus_credentials_are_superset (creds, creds2));
+
+  _dbus_credentials_unref (creds2);
+
+  /* Groups being in the same order make no difference */
+  creds2 = make_credentials (12, 511, 3, SAMPLE_SID);
+  if (creds2 == NULL)
+    _dbus_test_fatal ("oom");
+
+  _dbus_assert (_dbus_credentials_same_user (creds, creds2));
+  _dbus_assert (_dbus_credentials_are_superset (creds, creds2));
+  _dbus_assert (_dbus_credentials_are_superset (creds2, creds));
+
+  _dbus_credentials_unref (creds2);
+
   /* Clearing credentials works */
   _dbus_credentials_clear (creds);
author	Simon McVittie <smcv@collabora.com>	2018-01-16 13:16:23 +0000
committer	Simon McVittie <smcv@collabora.com>	2018-03-02 14:51:32 +0000
commit	5efe081fd4c44934a96cfc0a1900a843aad36925 (patch)
tree	cbd1e86564585f7fa4b3f02dd59c080a5ab1276a
parent	b6648ca6550c0d407957e9a859b0cd3f9480827c (diff)