PolicyKit: Branch 'master' - 5 commits
David Zeuthen
david at kemper.freedesktop.org
Sun Nov 25 13:07:31 PST 2007
configure.in | 8
src/kit/Makefile.am | 4
src/kit/kit-memory.c | 40 +++
src/kit/kit-spawn.c | 43 +++-
src/kit/kit.h | 5
src/polkit-dbus/Makefile.am | 4
src/polkit-dbus/polkit-dbus.c | 7
src/polkit-dbus/polkit-read-auth-helper.c | 124 ++++++++++-
src/polkit-grant/Makefile.am | 2
src/polkit-grant/polkit-authorization-db-write.c | 9
src/polkit/Makefile.am | 7
src/polkit/polkit-authorization-db.c | 246 ++++++++++++++++++++---
src/polkit/polkit-authorization-db.h | 6
src/polkit/polkit-caller.c | 5
src/polkit/polkit-context.c | 6
src/polkit/polkit-error.c | 4
src/polkit/polkit-sysdeps.c | 4
src/polkit/polkit-test.c | 1
src/polkit/polkit-test.h | 1
src/polkit/polkit-utils.c | 18 +
tools/polkit-auth.c | 3
21 files changed, 487 insertions(+), 60 deletions(-)
New commits:
commit cef2e2079532b966b0ff88403eb1a86b337685b7
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Nov 25 16:06:42 2007 -0500
add (partial) test cases for polkit-authorization-db.c
diff --git a/src/polkit-dbus/polkit-dbus.c b/src/polkit-dbus/polkit-dbus.c
index cb102e9..7fd22b2 100644
--- a/src/polkit-dbus/polkit-dbus.c
+++ b/src/polkit-dbus/polkit-dbus.c
@@ -732,6 +732,13 @@ not_in_session:
goto out;
}
+#ifdef POLKIT_BUILD_TESTS
+ char *pretend;
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_UID")) != NULL) {
+ polkit_caller_set_uid (caller, atoi (pretend));
+ }
+#endif
+
out:
g_free (selinux_context);
g_free (ck_session_objpath);
diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit-dbus/polkit-read-auth-helper.c
index 767b7b1..13d196a 100644
--- a/src/polkit-dbus/polkit-read-auth-helper.c
+++ b/src/polkit-dbus/polkit-read-auth-helper.c
@@ -45,6 +45,7 @@
#include <dirent.h>
#include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit-private.h>
static polkit_bool_t
dump_auths_from_file (const char *path, uid_t uid)
@@ -144,6 +145,76 @@ out:
return ret;
}
+#ifdef POLKIT_BUILD_TESTS
+static struct passwd *
+kit_getpwnam (const char *username)
+{
+ struct passwd *pw;
+ FILE *f;
+ const char *passwd_file;
+
+ f = NULL;
+ pw = NULL;
+
+ if ((passwd_file = getenv ("POLKIT_TEST_PASSWD_FILE")) == NULL)
+ return getpwnam (username);
+
+ f = fopen (passwd_file, "r");
+ if (f == NULL)
+ goto out;
+
+ while ((pw = fgetpwent (f)) != NULL) {
+ if (strcmp (pw->pw_name, username) == 0)
+ goto out;
+ }
+
+out:
+ if (f != NULL)
+ fclose (f);
+ return pw;
+}
+
+static struct passwd *
+kit_getpwuid (uid_t uid)
+{
+ struct passwd *pw;
+ FILE *f;
+ const char *passwd_file;
+
+ f = NULL;
+ pw = NULL;
+
+ if ((passwd_file = getenv ("POLKIT_TEST_PASSWD_FILE")) == NULL)
+ return getpwuid (uid);
+
+ f = fopen (passwd_file, "r");
+ if (f == NULL)
+ goto out;
+
+ while ((pw = fgetpwent (f)) != NULL) {
+ if (pw->pw_uid == uid)
+ goto out;
+ }
+
+out:
+ if (f != NULL)
+ fclose (f);
+ return pw;
+}
+#else
+static struct passwd *
+kit_getpwnam (const char *username)
+{
+ return getpwnam (username);
+}
+
+static struct passwd *
+kit_getpwuid (uid_t uid)
+{
+ return getpwuid (uid);
+}
+#endif
+
static polkit_bool_t
dump_auths_all (const char *root)
{
@@ -217,7 +288,7 @@ dump_auths_all (const char *root)
strncpy (username, filename + m, n - m);
username[n - m] = '\0';
- pw = getpwnam (username);
+ pw = kit_getpwnam (username);
if (pw == NULL) {
fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
continue;
@@ -247,7 +318,7 @@ dump_auths_for_uid (const char *root, uid_t uid)
char path[256];
struct passwd *pw;
- pw = getpwuid (uid);
+ pw = kit_getpwuid (uid);
if (pw == NULL) {
fprintf (stderr, "polkit-read-auth-helper: cannot lookup user name for uid %d\n", uid);
return FALSE;
@@ -266,20 +337,20 @@ int
main (int argc, char *argv[])
{
int ret;
- gid_t egid;
- struct group *group;
uid_t caller_uid;
uid_t requesting_info_for_uid;
char *endp;
- struct passwd *pw;
uid_t uid_for_polkit_user;
ret = 1;
+
+#ifndef POLKIT_BUILD_TESTS
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
if (clearenv () != 0)
goto out;
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+#endif
openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
@@ -298,7 +369,18 @@ main (int argc, char *argv[])
fprintf (stderr, "polkit-read-auth-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
goto out;
}
-
+
+#ifdef POLKIT_BUILD_TESTS
+ char *pretend;
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_UID")) != NULL) {
+ caller_uid = atoi (pretend);
+ goto skip_check;
+ }
+#endif
+ gid_t egid;
+ struct group *group;
+ struct passwd *pw;
+
/* check that we are setgid polkituser */
egid = getegid ();
group = getgrgid (egid);
@@ -311,7 +393,11 @@ main (int argc, char *argv[])
goto out;
}
- pw = getpwnam (POLKIT_USER);
+#ifdef POLKIT_BUILD_TESTS
+skip_check:
+#endif
+
+ pw = kit_getpwnam (POLKIT_USER);
if (pw == NULL) {
fprintf (stderr, "polkit-read-auth-helper: cannot lookup uid for " POLKIT_USER "\n");
goto out;
@@ -343,17 +429,33 @@ main (int argc, char *argv[])
}
}
+#ifdef POLKIT_BUILD_TESTS
+ char *test_dir;
+ char dir_run[256];
+ char dir_lib[256];
+
+ if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) {
+ test_dir = PACKAGE_LOCALSTATE_DIR;
+ }
+ kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run));
+ kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib));
+
+#else
+ char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
+ char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
+#endif
+
if (requesting_info_for_uid == (uid_t) -1) {
- if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"))
+ if (!dump_auths_all (dir_run))
goto out;
- if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"))
+ if (!dump_auths_all (dir_lib))
goto out;
} else {
- if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit", requesting_info_for_uid))
+ if (!dump_auths_for_uid (dir_run, requesting_info_for_uid))
goto out;
- if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit", requesting_info_for_uid))
+ if (!dump_auths_for_uid (dir_lib, requesting_info_for_uid))
goto out;
}
diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c
index c3b5c1b..b2e3da1 100644
--- a/src/polkit/polkit-authorization-db.c
+++ b/src/polkit/polkit-authorization-db.c
@@ -72,11 +72,19 @@ struct _PolKitAuthorizationDB;
/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
+static kit_bool_t
+clear_auth (KitList *list, void *data, void *user_data)
+{
+ PolKitAuthorization *auth = (PolKitAuthorization *) data;
+ polkit_authorization_unref (auth);
+ return FALSE;
+}
+
static void
_free_authlist (KitList *authlist)
{
if (authlist != NULL) {
- kit_list_foreach (authlist, (KitListForeachFunc) polkit_authorization_unref, NULL);
+ kit_list_foreach (authlist, clear_auth, NULL);
kit_list_free (authlist);
}
}
@@ -173,7 +181,8 @@ polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
authdb->refcount--;
if (authdb->refcount > 0)
return;
- kit_hash_unref (authdb->uid_to_authlist);
+ if (authdb->uid_to_authlist != NULL)
+ kit_hash_unref (authdb->uid_to_authlist);
kit_free (authdb);
}
@@ -257,7 +266,7 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
PolKitError **error)
{
KitList *ret;
- char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper", NULL, NULL};
+ char *helper_argv[] = {NULL, NULL, NULL};
int exit_status;
char *standard_output;
size_t len;
@@ -266,12 +275,31 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
ret = NULL;
standard_output = NULL;
+#ifdef POLKIT_BUILD_TESTS
+ char helper_buf[256];
+ char *helper_bin_dir;
+ if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) {
+ kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-dbus/polkit-read-auth-helper", helper_bin_dir) < sizeof (helper_buf));
+ helper_argv[0] = helper_buf;
+ } else {
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper";
+ }
+#else
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper";
+#endif
+
/* first, see if this is in the cache */
ret = kit_hash_lookup (authdb->uid_to_authlist, (void *) uid, NULL);
if (ret != NULL)
goto out;
helper_argv[1] = kit_strdup_printf ("%d", uid);
+ if (helper_argv[1] == NULL) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ "No memory");
+ goto out;
+ }
/* we need to do this through a setgid polkituser helper
* because the auth file is readable only for uid 0 and gid
@@ -339,12 +367,37 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
if (strlen (line) >= 2 && line[0] != '#') {
auth = _polkit_authorization_new_for_uid (line, uid2);
-
+ if (auth == NULL) {
+ if (errno == ENOMEM) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ "No memory");
+ _free_authlist (ret);
+ ret = NULL;
+ goto out;
+ } else {
+ kit_warning ("Skipping invalid authline '%s'", line);
+ }
+ }
+
+ //kit_warning (" #got %s", line);
+
if (auth != NULL) {
+ KitList *ret2;
/* we need the authorizations in the chronological order...
* (TODO: optimized: prepend, then reverse after all items have been inserted)
*/
- ret = kit_list_append (ret, auth);
+ ret2 = kit_list_append (ret, auth);
+ if (ret2 == NULL) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ "No memory");
+ polkit_authorization_unref (auth);
+ _free_authlist (ret);
+ ret = NULL;
+ goto out;
+ }
+ ret = ret2;
}
}
@@ -352,7 +405,14 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
}
}
- kit_hash_insert (authdb->uid_to_authlist, (void *) uid, ret);
+ if (!kit_hash_insert (authdb->uid_to_authlist, (void *) uid, ret)) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ "No memory");
+ _free_authlist (ret);
+ ret = NULL;
+ goto out;
+ }
out:
kit_free (helper_argv[1]);
@@ -617,6 +677,7 @@ no_match:
* @session: the session to check for
* @out_is_authorized: return location
* @out_is_negative_authorized: return location
+ * @error: return location for error
*
* Looks in the authorization database and determine if processes from
* the given session are authorized to do the given specific
@@ -627,7 +688,7 @@ no_match:
*
* Returns: #TRUE if the look up was performed; #FALSE if the caller
* of this function lacks privileges to ask this question (e.g. asking
- * about a user that is not himself).
+ * about a user that is not himself) or OOM (and @error will be set)
*
* Since: 0.7
*/
@@ -636,7 +697,8 @@ polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
PolKitAction *action,
PolKitSession *session,
polkit_bool_t *out_is_authorized,
- polkit_bool_t *out_is_negative_authorized)
+ polkit_bool_t *out_is_negative_authorized,
+ PolKitError **error)
{
polkit_bool_t ret;
CheckDataSession cd;
@@ -774,6 +836,7 @@ no_match:
* discussion in polkit_context_is_caller_authorized() for details.
* @out_is_authorized: return location
* @out_is_negative_authorized: return location
+ * @error: return location for error
*
* Looks in the authorization database if the given caller is
* authorized to do the given action. If there is an authorization
@@ -783,7 +846,7 @@ no_match:
*
* Returns: #TRUE if the look up was performed; #FALSE if the caller
* of this function lacks privileges to ask this question (e.g. asking
- * about a user that is not himself).
+ * about a user that is not himself) or if OOM (and @error will be set)
*
* Since: 0.7
*/
@@ -793,11 +856,13 @@ polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
PolKitCaller *caller,
polkit_bool_t revoke_if_one_shot,
polkit_bool_t *out_is_authorized,
- polkit_bool_t *out_is_negative_authorized)
+ polkit_bool_t *out_is_negative_authorized,
+ PolKitError **error)
{
PolKitSession *session;
polkit_bool_t ret;
CheckData cd;
+ PolKitError *error2;
ret = FALSE;
@@ -807,20 +872,30 @@ polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
kit_return_val_if_fail (out_is_authorized != NULL, FALSE);
if (!polkit_action_get_action_id (action, &cd.action_id))
- return FALSE;
+ goto out;
if (!polkit_caller_get_pid (caller, &cd.caller_pid))
- return FALSE;
+ goto out;
if (!polkit_caller_get_uid (caller, &cd.caller_uid))
- return FALSE;
+ goto out;
cd.caller = caller;
cd.revoke_if_one_shot = revoke_if_one_shot;
cd.caller_pid_start_time = polkit_sysdeps_get_start_time_for_pid (cd.caller_pid);
- if (cd.caller_pid_start_time == 0)
- return FALSE;
+ if (cd.caller_pid_start_time == 0) {
+ if (errno == ENOMEM) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ "No memory");
+ } else {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Errno %d: %m", errno);
+ }
+ goto out;
+ }
/* Caller does not _have_ to be member of a session */
cd.session_objpath = NULL;
@@ -829,21 +904,32 @@ polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
cd.session_objpath = NULL;
}
- ret = TRUE;
-
cd.out_is_authorized = out_is_authorized;
cd.out_is_negative_authorized = out_is_negative_authorized;
*out_is_authorized = FALSE;
*out_is_negative_authorized = FALSE;
+ error2 = NULL;
if (polkit_authorization_db_foreach_for_uid (authdb,
cd.caller_uid,
_check_auth_for_caller,
&cd,
- NULL)) {
+ &error2)) {
;
}
+ if (polkit_error_is_set (error2)) {
+ if (error != NULL) {
+ *error = error2;
+ } else {
+ polkit_error_free (error2);
+ }
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
return ret;
}
@@ -994,20 +1080,39 @@ _run_test (void)
{
PolKitAuthorizationDB *adb;
const char test_passwd[] =
- "pu1:x:50400:50400:PolKit Test user 1:/home/polkittest1:/bin/bash\n"
- "pu2:x:50401:50401:PolKit Test user 2:/home/polkittest2:/bin/bash\n";
+ "root:x:0:0:PolKit root user:/root:/bin/bash\n"
+ POLKIT_USER ":x:50400:50400:PolKit user:/:/sbin/nologin\n"
+ "pu1:x:50401:50401:PolKit Test user 0:/home/polkittest1:/bin/bash\n"
+ "pu2:x:50402:50402:PolKit Test user 1:/home/polkittest2:/bin/bash\n"
+ "pu3:x:50403:50403:PolKit Test user 2:/home/polkittest3:/bin/bash\n";
const char test_pu1_run[] =
"";
const char test_pu1_lib[] =
- "grant:org.freedesktop.policykit.read:1194634242:0:none\n";
+ "scope=grant:action-id=org.freedesktop.policykit.read:when=1194634242:granted-by=0:constraint=none\n";
const char test_pu2_run[] =
"";
const char test_pu2_lib[] =
"";
+ const char test_pu3_run[] =
+ "";
+ const char test_pu3_lib[] =
+ "";
+ PolKitCaller *caller;
+ PolKitAction *action;
+ polkit_bool_t is_auth;
+ polkit_bool_t is_neg;
+ PolKitError *error;
+
+ adb = NULL;
+ caller = NULL;
+ action = NULL;
if (setenv ("POLKIT_TEST_LOCALSTATE_DIR", TEST_DATA_DIR "authdb-test", 1) != 0)
goto fail;
+ if (setenv ("POLKIT_TEST_BUILD_DIR", TEST_BUILD_DIR, 1) != 0)
+ goto fail;
+
if (setenv ("POLKIT_TEST_PASSWD_FILE", TEST_DATA_DIR "authdb-test/passwd", 1) != 0)
goto fail;
@@ -1029,25 +1134,118 @@ _run_test (void)
if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu2.auths", 0644,
test_pu2_lib, sizeof (test_pu2_lib) - 1))
goto out;
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu3.auths", 0644,
+ test_pu3_run, sizeof (test_pu3_run) - 1))
+ goto out;
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu3.auths", 0644,
+ test_pu3_lib, sizeof (test_pu3_lib) - 1))
+ goto out;
if ((adb = _polkit_authorization_db_new ()) == NULL)
goto out;
- if (setenv ("POLKIT_TEST_PRETEND_TO_BE_UID", "50400", 1) != 0)
+
+ if ((action = polkit_action_new ()) == NULL)
+ goto out;
+ if ((caller = polkit_caller_new ()) == NULL)
+ goto out;
+ kit_assert (polkit_caller_set_pid (caller, getpid ()));
+
+
+ /*
+ * test: "org.freedesktop.policykit.read"
+ */
+ if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.read"))
+ goto out;
+
+ /* test: pu1 has the auth org.freedesktop.policykit.read */
+ kit_assert (polkit_caller_set_uid (caller, 50401));
+ if (setenv ("POLKIT_TEST_PRETEND_TO_BE_UID", "50401", 1) != 0)
+ goto fail;
+ error = NULL;
+ if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) {
+ kit_assert (! polkit_error_is_set (error) && is_auth && !is_neg);
+ } else {
+ kit_assert (polkit_error_is_set (error) &&
+ polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
+ polkit_error_free (error);
+ }
+
+ _polkit_authorization_db_invalidate_cache (adb);
+
+ /* test: pu2 does not have the auth org.freedesktop.policykit.read */
+ kit_assert (polkit_caller_set_uid (caller, 50402));
+ if (setenv ("POLKIT_TEST_PRETEND_TO_BE_UID", "50402", 1) != 0)
goto fail;
+ error = NULL;
+ if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) {
+ kit_assert (! polkit_error_is_set (error));
+ kit_assert (!is_auth && !is_neg);
+ } else {
+ kit_assert (polkit_error_is_set (error) &&
+ polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
+ polkit_error_free (error);
+ }
- /* TODO: FIXME: this code is not finished */
+ _polkit_authorization_db_invalidate_cache (adb);
+ /* test: pu1 can check that pu2 does not have the auth org.freedesktop.policykit.read */
+ kit_assert (polkit_caller_set_uid (caller, 50402));
+ if (setenv ("POLKIT_TEST_PRETEND_TO_BE_UID", "50401", 1) != 0)
+ goto fail;
+ error = NULL;
+ if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) {
+ kit_assert (! polkit_error_is_set (error) && !is_auth && !is_neg);
+ } else {
+ kit_assert (polkit_error_is_set (error) &&
+ polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
+ polkit_error_free (error);
+ }
- polkit_authorization_db_unref (adb);
+ _polkit_authorization_db_invalidate_cache (adb);
+
+ /* test: pu2 cannot check if pu1 have the auth org.freedesktop.policykit.read */
+ kit_assert (polkit_caller_set_uid (caller, 50401));
+ if (setenv ("POLKIT_TEST_PRETEND_TO_BE_UID", "50402", 1) != 0)
+ goto fail;
+ error = NULL;
+ if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) {
+ kit_warning ("pu2 shouldn't be able to read auths for pu1: %d %d", is_auth, is_neg);
+ goto fail;
+ } else {
+ kit_assert (polkit_error_is_set (error) &&
+ (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY ||
+ polkit_error_get_error_code (error) == POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS));
+ polkit_error_free (error);
+ }
+
+ _polkit_authorization_db_invalidate_cache (adb);
out:
+
+ if (action != NULL)
+ polkit_action_unref (action);
+
+ if (caller != NULL)
+ polkit_caller_unref (caller);
+
+ if (adb != NULL) {
+ polkit_authorization_db_debug (adb);
+ polkit_authorization_db_validate (adb);
+ polkit_authorization_db_ref (adb);
+ polkit_authorization_db_unref (adb);
+ polkit_authorization_db_unref (adb);
+ }
+
if (unsetenv ("POLKIT_TEST_PRETEND_TO_BE_UID") != 0)
goto fail;
if (unsetenv ("POLKIT_TEST_LOCALSTATE_DIR") != 0)
goto fail;
+ if (unsetenv ("POLKIT_TEST_BUILD_DIR") != 0)
+ goto fail;
+
if (unsetenv ("POLKIT_TEST_PASSWD_FILE") != 0)
goto fail;
diff --git a/src/polkit/polkit-authorization-db.h b/src/polkit/polkit-authorization-db.h
index 3e4dffe..4b9abf6 100644
--- a/src/polkit/polkit-authorization-db.h
+++ b/src/polkit/polkit-authorization-db.h
@@ -69,14 +69,16 @@ polkit_bool_t polkit_authorization_db_is_session_authorized (PolKitAuthorization
PolKitAction *action,
PolKitSession *session,
polkit_bool_t *out_is_authorized,
- polkit_bool_t *out_is_negative_authorized);
+ polkit_bool_t *out_is_negative_authorized,
+ PolKitError **error);
polkit_bool_t polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
PolKitAction *action,
PolKitCaller *caller,
polkit_bool_t revoke_if_one_shot,
polkit_bool_t *out_is_authorized,
- polkit_bool_t *out_is_negative_authorized);
+ polkit_bool_t *out_is_negative_authorized,
+ PolKitError **error);
/**
* PolKitAuthorizationDBForeach:
diff --git a/src/polkit/polkit-caller.c b/src/polkit/polkit-caller.c
index b8ac256..0a89b37 100644
--- a/src/polkit/polkit-caller.c
+++ b/src/polkit/polkit-caller.c
@@ -138,7 +138,10 @@ polkit_bool_t
polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name)
{
kit_return_val_if_fail (caller != NULL, FALSE);
- kit_return_val_if_fail (dbus_name == NULL || _pk_validate_unique_bus_name (dbus_name), FALSE);
+
+ if (dbus_name != NULL && ! _pk_validate_unique_bus_name (dbus_name))
+ return FALSE;
+
if (caller->dbus_name != NULL)
kit_free (caller->dbus_name);
if (dbus_name == NULL) {
diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c
index 6414db2..61a8b22 100644
--- a/src/polkit/polkit-context.c
+++ b/src/polkit/polkit-context.c
@@ -519,7 +519,8 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
action,
session,
&from_authdb,
- &from_authdb_negative)) {
+ &from_authdb_negative,
+ NULL /* TODO */)) {
if (from_authdb)
result_from_grantdb = POLKIT_RESULT_YES;
}
@@ -675,7 +676,8 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
caller,
revoke_if_one_shot,
&from_authdb,
- &from_authdb_negative)) {
+ &from_authdb_negative,
+ NULL /* TODO */)) {
if (from_authdb)
result_from_grantdb = POLKIT_RESULT_YES;
}
diff --git a/src/polkit/polkit-error.c b/src/polkit/polkit-error.c
index 0d8d792..25123c7 100644
--- a/src/polkit/polkit-error.c
+++ b/src/polkit/polkit-error.c
@@ -177,7 +177,9 @@ polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const c
PolKitError *e;
kit_return_val_if_fail (format != NULL, FALSE);
- kit_return_val_if_fail (error_code >= 0 && error_code < POLKIT_ERROR_NUM_ERROR_CODES, FALSE);
+
+ if (error_code < 0 || error_code >= POLKIT_ERROR_NUM_ERROR_CODES)
+ return FALSE;
if (error == NULL)
goto out;
diff --git a/src/polkit/polkit-sysdeps.c b/src/polkit/polkit-sysdeps.c
index 5a34ee9..ea1ec43 100644
--- a/src/polkit/polkit-sysdeps.c
+++ b/src/polkit/polkit-sysdeps.c
@@ -59,7 +59,7 @@
*
* Get when a process started.
*
- * Returns: start time for the process or 0 if an error occured
+ * Returns: start time for the process or 0 if an error occured and errno will be set
*
* Since: 0.7
*/
@@ -80,7 +80,7 @@ polkit_sysdeps_get_start_time_for_pid (pid_t pid)
filename = kit_strdup_printf ("/proc/%d/stat", pid);
if (filename == NULL) {
- kit_warning ("Out of memory");
+ errno = ENOMEM;
goto out;
}
diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c
index 772b31a..076d592 100644
--- a/tools/polkit-auth.c
+++ b/tools/polkit-auth.c
@@ -605,7 +605,7 @@ revoke_authorizations (const char *action_id, uid_t uid)
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action_id);
- pk_error = 0;
+ pk_error = NULL;
if (!polkit_authorization_db_foreach_for_action_for_uid (pk_authdb,
pk_action,
uid,
@@ -884,6 +884,7 @@ main (int argc, char *argv[])
/* first the explicit authorizations */
+ pk_error = NULL;
if (!polkit_authorization_db_foreach_for_uid (pk_authdb,
uid,
auth_iterator_cb,
commit abede42d32643e444dcfbe74dd427bc74129735e
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Nov 25 16:06:12 2007 -0500
build with -rdynamic for maint mode and use this to print a stack trace
diff --git a/configure.in b/configure.in
index cfc4b98..2ec1c65 100644
--- a/configure.in
+++ b/configure.in
@@ -52,6 +52,14 @@ fi
AM_CONDITIONAL(KIT_GCOV_ENABLED, test x$enable_gcov = xyes)
AM_CONDITIONAL(POLKIT_GCOV_ENABLED, test x$enable_gcov = xyes)
+if test "${enable_verbose_mode}" != no; then
+ # To get -rdynamic you pass -export-dynamic to libtool.
+ AC_DEFINE(BUILT_R_DYNAMIC,1,[whether -export-dynamic was passed to libtool])
+ R_DYNAMIC_LDFLAG=-export-dynamic
+else
+ R_DYNAMIC_LDFLAG=
+fi
+AC_SUBST(R_DYNAMIC_LDFLAG)
if test "${enable_man_page}" != no; then
dnl
diff --git a/src/kit/Makefile.am b/src/kit/Makefile.am
index 9594c0a..16eb69f 100644
--- a/src/kit/Makefile.am
+++ b/src/kit/Makefile.am
@@ -44,11 +44,11 @@ kit_test_SOURCES= \
kit-test-main.c
kit_test_LDADD=$(top_builddir)/src/kit/libkit.la
-kit_test_LDFLAGS=
+kit_test_LDFLAGS=@R_DYNAMIC_LDFLAG@
if KIT_GCOV_ENABLED
clean-gcov:
- rm -f *.gcov .libs/*.gcda
+ rm -f *.gcov .libs/*.gcda *.gcda
.PHONY: coverage-report.txt covered-files.txt
diff --git a/src/kit/kit-memory.c b/src/kit/kit-memory.c
index 4b3ea9c..6283828 100644
--- a/src/kit/kit-memory.c
+++ b/src/kit/kit-memory.c
@@ -34,6 +34,10 @@
#include <string.h>
#include <errno.h>
+#ifdef BUILT_R_DYNAMIC
+#include <execinfo.h>
+#endif
+
#include <kit/kit-memory.h>
#include <kit/kit-test.h>
@@ -232,6 +236,42 @@ _kit_memory_fail_nth_alloc (int number)
#endif /* KIT_BUILD_TESTS */
+/* There's probably a better place for this function ... */
+
+/**
+ * kit_print_backtrace:
+ *
+ * Print a back trace if built with -rdynamic or similar.
+ */
+void
+kit_print_backtrace (void)
+{
+#ifdef BUILT_R_DYNAMIC
+ void *bt[500];
+ int bt_size;
+ int i;
+ char **syms;
+
+ bt_size = backtrace (bt, 500);
+
+ syms = backtrace_symbols (bt, bt_size);
+
+ i = 0;
+ while (i < bt_size)
+ {
+ fprintf (stderr, " %s\n", syms[i]);
+ ++i;
+ }
+ fprintf (stderr, "\n");
+ fflush (stderr);
+
+ free (syms);
+#else
+ fprintf (stderr, " Not built with -rdynamic so unable to print a backtrace\n");
+#endif
+}
+
+
#ifdef KIT_BUILD_TESTS
diff --git a/src/kit/kit.h b/src/kit/kit.h
index 324cb67..51d0059 100644
--- a/src/kit/kit.h
+++ b/src/kit/kit.h
@@ -66,6 +66,8 @@ typedef int kit_bool_t;
# define FALSE 0
#endif
+void kit_print_backtrace (void);
+
/**
* kit_assert:
* @expr: expression
@@ -80,6 +82,7 @@ do {
; \
} else { \
kit_warning ("%s:%d:%s(): %s", __FILE__, __LINE__, __PRETTY_FUNCTION__, #expr); \
+ kit_print_backtrace (); \
exit (1); \
} \
} while (0)
@@ -99,6 +102,7 @@ do {
; \
} else { \
kit_warning ("%s:%d:%s(): %s", __FILE__, __LINE__, __PRETTY_FUNCTION__, #expr); \
+ kit_print_backtrace (); \
return; \
} \
} while (0)
@@ -119,6 +123,7 @@ do {
; \
} else { \
kit_warning ("%s:%d:%s(): %s", __FILE__, __LINE__, __PRETTY_FUNCTION__, #expr); \
+ kit_print_backtrace (); \
return val; \
} \
} while (0)
diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am
index d426848..d28a69c 100644
--- a/src/polkit-dbus/Makefile.am
+++ b/src/polkit-dbus/Makefile.am
@@ -27,7 +27,7 @@ libpolkit_dbus_la_SOURCES = \
libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(SELINUX_LIBS) $(GLIB_LIBS)
-libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
if POLKIT_AUTHDB_DEFAULT
libexec_PROGRAMS = polkit-read-auth-helper polkit-set-default-helper
@@ -71,7 +71,7 @@ polkit_dbus_test_LDFLAGS=
if KIT_GCOV_ENABLED
clean-gcov:
- rm -f *.gcov .libs/*.gcda
+ rm -f *.gcov .libs/*.gcda *.gcda
.PHONY: coverage-report.txt covered-files.txt
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index c26daf1..0ac986c 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -34,7 +34,7 @@ endif
libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
# Only if the authdb backend has the capability POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN
# then the backend must supply the /usr/libexec/polkit-grant-helper program.. also remember to
diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
index caba5e0..0a8bc8c 100644
--- a/src/polkit/Makefile.am
+++ b/src/polkit/Makefile.am
@@ -11,7 +11,8 @@ INCLUDES = \
-DPACKAGE_LIB_DIR=\""$(libdir)"\" \
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
-DPOLKIT_COMPILATION \
- -DTEST_DATA_DIR=\"$(top_srcdir)/test/\"
+ -DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \
+ -DTEST_BUILD_DIR=\"$(top_builddir)\"
lib_LTLIBRARIES=libpolkit.la
@@ -72,7 +73,7 @@ endif
libpolkit_la_LIBADD = @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la
-libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
## note that TESTS has special meaning (stuff to use in make check)
## so if adding tests not to be run in make check, don't add them to
@@ -91,7 +92,7 @@ polkit_test_LDFLAGS=
if POLKIT_GCOV_ENABLED
clean-gcov:
- rm -f *.gcov .libs/*.gcda
+ rm -f *.gcov .libs/*.gcda *.gcda
.PHONY: coverage-report.txt covered-files.txt
commit d6411e8a0f815683eef46fce3dc34965da44829c
Author: David Zeuthen <davidz at redhat.com>
Date: Sat Nov 24 12:36:41 2007 -0500
fix a bug where the childs environment wasn't inherited
diff --git a/src/kit/kit-spawn.c b/src/kit/kit-spawn.c
index 2f90f97..f4b5e97 100644
--- a/src/kit/kit-spawn.c
+++ b/src/kit/kit-spawn.c
@@ -178,7 +178,6 @@ kit_spawn_sync (const char *working_directory,
{
kit_bool_t ret;
pid_t pid;
- char **envp_to_use;
int stdin_pipe[2] = {-1, -1};
int stdout_pipe[2] = {-1, -1};
int stderr_pipe[2] = {-1, -1};
@@ -197,11 +196,6 @@ kit_spawn_sync (const char *working_directory,
if (stderr != NULL)
*stderr = NULL;
- if (envp != NULL)
- envp_to_use = envp;
- else
- envp_to_use = environ;
-
if (stdin != NULL) {
if (pipe (stdin_pipe) != 0) {
goto out;
@@ -298,8 +292,14 @@ kit_spawn_sync (const char *working_directory,
close (fd_null);
/* finally, execute the child */
- if (execve (argv[0], argv, envp_to_use) == -1) {
- exit (128 + errno);
+ if (envp != NULL) {
+ if (execve (argv[0], argv, envp) == -1) {
+ exit (128 + errno);
+ }
+ } else {
+ if (execv (argv[0], argv) == -1) {
+ exit (128 + errno);
+ }
}
} else {
@@ -459,6 +459,13 @@ _run_test (void)
" exit 0" "\n"
"fi" "\n"
"exit 1" "\n";
+ char *script4b =
+ "#!/bin/sh" "\n"
+ "/bin/env > /tmp/food2" "\n"
+ "if [ \"x$KIT_TEST_VAR\" = \"xfoobar2\" ] ; then" "\n"
+ " exit 0" "\n"
+ "fi" "\n"
+ "exit 1" "\n";
char *script5 =
"#!/bin/sh" "\n"
"pwd" "\n"
@@ -567,6 +574,26 @@ _run_test (void)
kit_assert (unsetenv ("KIT_TEST_VAR") == 0);
}
+ /* check environment is inherited */
+ if (kit_file_set_contents (path, 0700, script4b, strlen (script4b))) {
+
+ kit_assert (setenv ("KIT_TEST_VAR", "foobar2", 1) == 0);
+
+ if (kit_spawn_sync ("/",
+ 0,
+ argv,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &exit_status)) {
+ kit_assert (WEXITSTATUS (exit_status) == 0);
+ }
+
+ kit_assert (unlink (path) == 0);
+ kit_assert (unsetenv ("KIT_TEST_VAR") == 0);
+ }
+
/* check working directory */
if (kit_file_set_contents (path, 0700, script5, strlen (script5))) {
kit_assert (stat ("/tmp", &statbuf) == 0 && S_ISDIR (statbuf.st_mode));
commit b68d89a49af8519f66e8828e8c7027dc5843b612
Author: David Zeuthen <davidz at redhat.com>
Date: Sat Nov 24 11:13:40 2007 -0500
add test harness for polkit-utils
diff --git a/src/polkit/polkit-test.c b/src/polkit/polkit-test.c
index 4a37ce1..9d61afd 100644
--- a/src/polkit/polkit-test.c
+++ b/src/polkit/polkit-test.c
@@ -55,6 +55,7 @@ static KitTest *tests[] = {
&_test_authorization_db,
&_test_config,
&_test_sysdeps,
+ &_test_utils,
&_test_context,
};
diff --git a/src/polkit/polkit-test.h b/src/polkit/polkit-test.h
index 45e033d..c380544 100644
--- a/src/polkit/polkit-test.h
+++ b/src/polkit/polkit-test.h
@@ -50,6 +50,7 @@ extern KitTest _test_authorization;
extern KitTest _test_authorization_db;
extern KitTest _test_config;
extern KitTest _test_sysdeps;
+extern KitTest _test_utils;
extern KitTest _test_context;
POLKIT_END_DECLS
diff --git a/src/polkit/polkit-utils.c b/src/polkit/polkit-utils.c
index 199ca7b..0656d6d 100644
--- a/src/polkit/polkit-utils.c
+++ b/src/polkit/polkit-utils.c
@@ -37,6 +37,7 @@
#include "polkit-utils.h"
#include "polkit-debug.h"
#include "polkit-private.h"
+#include "polkit-test.h"
/**
* SECTION:polkit-utils
@@ -151,3 +152,20 @@ error:
_pk_debug ("name '%s' did not validate", unique_bus_name);
return ret;
}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ return TRUE;
+}
+
+KitTest _test_utils = {
+ "polkit_utils",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
commit cd4b5f9268a530042bc900587a6cb33b2ebc0718
Author: David Zeuthen <davidz at redhat.com>
Date: Sat Nov 24 11:08:51 2007 -0500
write newline since kit_string_entry_create doesn't do that any more
diff --git a/src/polkit-grant/polkit-authorization-db-write.c b/src/polkit-grant/polkit-authorization-db-write.c
index 9ca5b5c..c4d33d3 100644
--- a/src/polkit-grant/polkit-authorization-db-write.c
+++ b/src/polkit-grant/polkit-authorization-db-write.c
@@ -91,6 +91,7 @@ _polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transien
polkit_bool_t ret;
struct stat statbuf;
struct passwd *pw;
+ char *newline = "\n";
ret = FALSE;
path = NULL;
@@ -170,6 +171,14 @@ _polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transien
}
goto out;
}
+ if (!_write_to_fd (fd, newline, 1)) {
+ g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
+ close (fd);
+ if (unlink (path_tmp) != 0) {
+ g_warning ("Cannot unlink %s: %m", path_tmp);
+ }
+ goto out;
+ }
close (fd);
if (path != NULL) {
More information about the hal-commit
mailing list