From bbf0ea5fff7e397e6170f280ca7e8f4d3d596934 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Mon, 21 May 2012 12:15:10 -0400 Subject: Add test cases for evaluation order In fact, this test uncovered that we were evaluating the rules in the wrong order. Fix this. Signed-off-by: David Zeuthen --- test/data/etc/polkit-1/rules.d/10-testing.rules | 24 +++-- test/data/etc/polkit-1/rules.d/15-testing.rules | 24 +++++ .../usr/share/polkit-1/rules.d/10-testing.rules | 14 +++ .../usr/share/polkit-1/rules.d/20-testing.rules | 25 +++++ .../polkitbackendlocalauthoritytest.c | 2 +- test/polkitbackend/test-polkitbackendjsauthority.c | 119 ++++++++++++++++++++- 6 files changed, 199 insertions(+), 9 deletions(-) create mode 100644 test/data/etc/polkit-1/rules.d/15-testing.rules create mode 100644 test/data/usr/share/polkit-1/rules.d/20-testing.rules (limited to 'test') diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules index 1c3a562..4fce8c5 100644 --- a/test/data/etc/polkit-1/rules.d/10-testing.rules +++ b/test/data/etc/polkit-1/rules.d/10-testing.rules @@ -4,10 +4,6 @@ /* NOTE: this is the /etc/polkit-1/rules.d version of 10-testing.rules */ -polkit.addAdminRule(function(action, subject, details) { - return ["unix-group:admin", "unix-user:root"]; -}); - polkit.addAdminRule(function(action, subject, details) { if (action == "net.company.action1") { return ["unix-group:admin"]; @@ -20,14 +16,28 @@ polkit.addAdminRule(function(action, subject, details) { } }); +// Fallback +polkit.addAdminRule(function(action, subject, details) { + return ["unix-group:admin", "unix-user:root"]; +}); + // ----- polkit.addRule(function(action, subject, details) { - return "auth_admin"; + if (action == "net.company.productA.action0") { + return "auth_admin"; + } }); polkit.addRule(function(action, subject, details) { - if (action == "org.freedesktop.policykit.exec") { - return "auth_admin"; + if (action == "net.company.productA.action1") { + return "auth_self"; + } +}); + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order0") { + details["test_detail"] = "a"; + return "yes"; } }); diff --git a/test/data/etc/polkit-1/rules.d/15-testing.rules b/test/data/etc/polkit-1/rules.d/15-testing.rules new file mode 100644 index 0000000..9968aa7 --- /dev/null +++ b/test/data/etc/polkit-1/rules.d/15-testing.rules @@ -0,0 +1,24 @@ +/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ + +/* see test/polkitbackend/test-polkitbackendjsauthority.c */ + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order0") { + details["test_detail"] = "c"; + return "yes"; + } +}); + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order1") { + details["test_detail"] = "c"; + return "yes"; + } +}); + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order2") { + details["test_detail"] = "c"; + return "yes"; + } +}); diff --git a/test/data/usr/share/polkit-1/rules.d/10-testing.rules b/test/data/usr/share/polkit-1/rules.d/10-testing.rules index ab2fd97..48c4957 100644 --- a/test/data/usr/share/polkit-1/rules.d/10-testing.rules +++ b/test/data/usr/share/polkit-1/rules.d/10-testing.rules @@ -3,3 +3,17 @@ /* see test/polkitbackend/test-polkitbackendjsauthority.c */ /* NOTE: this is the /usr/share/polkit-1/rules.d version of 10-testing.rules */ + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order0") { + details["test_detail"] = "c"; + return "yes"; + } +}); + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order1") { + details["test_detail"] = "b"; + return "yes"; + } +}); diff --git a/test/data/usr/share/polkit-1/rules.d/20-testing.rules b/test/data/usr/share/polkit-1/rules.d/20-testing.rules new file mode 100644 index 0000000..16dd039 --- /dev/null +++ b/test/data/usr/share/polkit-1/rules.d/20-testing.rules @@ -0,0 +1,25 @@ +/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ + +/* see test/polkitbackend/test-polkitbackendjsauthority.c */ + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order0") { + polkit.log("blabla"); + details["test_detail"] = "d"; + return "yes"; + } +}); + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order1") { + details["test_detail"] = "d"; + return "yes"; + } +}); + +polkit.addRule(function(action, subject, details) { + if (action == "net.company.order2") { + details["test_detail"] = "d"; + return "yes"; + } +}); diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 9fc7848..40e9619 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -253,7 +253,7 @@ main (int argc, char *argv[]) POLKIT_BACKEND_TYPE_AUTHORITY); add_check_authorization_tests (); - g_test_add_func ("/PolkitBackendLocalAuthority/get_admin_identities", test_get_admin_identities); + g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities); return g_test_run (); }; diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c index 67f5d8b..8057707 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -102,7 +102,7 @@ test_get_admin_identities_for_action_id (const gchar *action_id, g_clear_object (&subject); g_clear_object (&caller); g_clear_object (&authority); -} + } static void test_get_admin_identities (void) @@ -140,6 +140,122 @@ test_get_admin_identities (void) } } +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct RulesTestCase RulesTestCase; + +struct RulesTestCase +{ + const gchar *test_name; + const gchar *action_id; + PolkitImplicitAuthorization expected_result; + const gchar *expected_detail; +}; + +static const RulesTestCase rules_test_cases[] = { + /* Check basics */ + { + "basic0", + "net.company.productA.action0", + POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED, + NULL + }, + { + "basic1", + "net.company.productA.action1", + POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED, + NULL + }, + + /* Ordering tests ... we have four rules files, check they are + * evaluated in order by checking the detail set by each rules + * + * - etc/polkit-1/rules.d/10-testing.rules (file a) + * - usr/share/polkit-1/rules.d/10-testing.rules (file b) + * - etc/polkit-1/rules.d/15-testing.rules (file c) + * - usr/share/polkit-1/rules.d/20-testing.rules (file d) + * + * file. + */ + { + /* defined in file a, b, c, d - should pick file a */ + "order0", + "net.company.order0", + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, + "a" + }, + { + /* defined in file b, c, d - should pick file b */ + "order1", + "net.company.order1", + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, + "b" + }, + { + /* defined in file c, d - should pick file c */ + "order2", + "net.company.order2", + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, + "c" + }, +}; + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +rules_test_func (gconstpointer user_data) +{ + const RulesTestCase *tc = user_data; + PolkitBackendJsAuthority *authority = NULL; + PolkitSubject *caller = NULL; + PolkitSubject *subject = NULL; + PolkitIdentity *user_for_subject = NULL; + PolkitDetails *details = NULL; + GError *error = NULL; + PolkitImplicitAuthorization result; + + authority = get_authority (); + + caller = polkit_unix_process_new (getpid ()); + subject = polkit_unix_process_new (getpid ()); + user_for_subject = polkit_identity_from_string ("unix-user:root", &error); + g_assert_no_error (error); + + details = polkit_details_new (); + + result = polkit_backend_interactive_authority_check_authorization_sync (POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), + caller, + subject, + user_for_subject, + TRUE, + TRUE, + tc->action_id, + details, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN); + g_assert_cmpint (result, ==, tc->expected_result); + g_assert_cmpstr (polkit_details_lookup (details, "test_detail"), ==, tc->expected_detail); + + g_clear_object (&user_for_subject); + g_clear_object (&subject); + g_clear_object (&caller); + g_clear_object (&authority); +} + +static void +add_rules_tests (void) +{ + guint n; + for (n = 0; n < G_N_ELEMENTS (rules_test_cases); n++) + { + const RulesTestCase *tc = &rules_test_cases[n]; + gchar *s; + s = g_strdup_printf ("/PolkitBackendJsAuthority/rules_%s", tc->test_name); + g_test_add_data_func (s, &rules_test_cases[n], rules_test_func); + g_free (s); + } +} + +/* ---------------------------------------------------------------------------------------------------- */ int main (int argc, char *argv[]) @@ -154,6 +270,7 @@ main (int argc, char *argv[]) g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities); + add_rules_tests (); return g_test_run (); }; -- cgit v1.2.3