/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2022 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @file test_cases_helpers.cpp
* @author Aleksander Zdyb <a.zdyb@samsung.com>
* @version 1.0
- * @brief Tests for cynara-helper-credentials-socket
+ * @brief Tests for cynara-helper-credentials-socket and cynara-helper-credentials-dbus
*/
#include <cstdlib>
#include <sys/types.h>
#include <sys/un.h>
#include <unistd.h>
+#include <utility>
-#include <access_provider.h>
+#include <dbus/dbus.h>
+#include <glib-object.h>
+#include <gio/gio.h>
+#include <systemd/sd-bus.h>
+
+#include <tests_common.h>
+#include <app_context.h>
#include <dpl/test/test_runner.h>
#include <memory.h>
#include <synchronization_pipe.h>
#include <tests_common.h>
#include <uds.h>
#include <passwd_access.h>
+#include <cynara_helpers_creds.h>
+#include <cynara_helpers_dbus.h>
+
+#include <cynara-creds-dbus.h>
+#include <cynara-creds-gdbus.h>
+#include <cynara-creds-self.h>
+#include <scoped_process_label.h>
+
+
+static const cynara_client_creds G_CLIENT_METHOD_DEFAULT = CLIENT_METHOD_DEFAULT;
+static const cynara_client_creds G_CLIENT_METHOD_SMACK = CLIENT_METHOD_SMACK;
+static const cynara_client_creds G_CLIENT_METHOD_PID = CLIENT_METHOD_PID;
+
+static const cynara_user_creds G_USER_METHOD_DEFAULT = USER_METHOD_DEFAULT;
+static const cynara_user_creds G_USER_METHOD_UID = USER_METHOD_UID;
+static const cynara_user_creds G_USER_METHOD_GID = USER_METHOD_GID;
+
+static const cynara_client_creds G_CLIENT_METHOD_LOW = (cynara_client_creds)-1;
+static const cynara_client_creds G_CLIENT_METHOD_HIGH = (cynara_client_creds)(CLIENT_METHOD_PID+10);
+
+static const cynara_user_creds G_USER_METHOD_LOW = (cynara_user_creds)-1;
+static const cynara_user_creds G_USER_METHOD_HIGH = (cynara_user_creds)(USER_METHOD_GID+10);
-#include <cynara_test_helpers.h>
class ProcessCredentials {
public:
std::string m_label = "cynara_helpers";
};
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
+cynara_client_creds getClientDefaultMethod() {
+ cynara_client_creds def;
+ int ret = cynara_creds_get_default_client_method(&def);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_creds_get_default_client_method failed with " << ret);
+ return def;
+}
- return pid;
+cynara_user_creds getUserDefaultMethod() {
+ cynara_user_creds def;
+ int ret = cynara_creds_get_default_user_method(&def);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_creds_get_default_user_method failed with " << ret);
+ return def;
}
+
void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
const struct ProcessCredentials &peerCredentials) {
- SecurityServer::AccessProvider ap(peerCredentials.label());
- ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
+ AppContext ctx(peerCredentials.label());
+ ctx.apply(peerCredentials.uid(), peerCredentials.gid());
pipe.claimChildEp();
int sock = UDSHelpers::createServer(&sockaddr);
RUNNER_TEST_GROUP_INIT(cynara_creds_socket)
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
+void testSocketClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
+ socketTestTemplate([method] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
+ CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, method));
RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
"Labels don't match ret = " << label.get()
<< "; expected = " << peerCredentials.label());
}, "tccs01");
}
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs02_socket_credentials_client_pid)
-{
- socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) {
- CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID));
+void testSocketClientPid(cynara_client_creds method = CLIENT_METHOD_PID) {
+ socketTestTemplate([method] (int sock, pid_t pid, const ProcessCredentials &) {
+ CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, method));
pid_t clientPid = std::stoi(clientPidStr.get());
RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
<< "; expected = " << pid);
}, "tccs02");
}
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_user_uid)
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack)
+{
+ testSocketClientSmack();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccs02_socket_credentials_client_pid)
+{
+ testSocketClientPid();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_client_default)
{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID));
+ auto method = getClientDefaultMethod();
+ switch(method) {
+ case CLIENT_METHOD_SMACK:
+ testSocketClientSmack(CLIENT_METHOD_DEFAULT);
+ break;
+ case CLIENT_METHOD_PID:
+ testSocketClientPid(CLIENT_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_client_method returned unexpected value "
+ << method);
+ }
+}
+
+void testSocketUserUid(cynara_user_creds method = USER_METHOD_UID) {
+ socketTestTemplate([method] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
+ CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, method));
uid_t uid = std::stoul(uidStr.get());
RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
<< "; expected = "<< peerCredentials.uid());
- }, "tccs03");
+ }, "tccs04");
}
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs04_socket_credentials_user_gid)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID));
+void testSocketUserGid(cynara_user_creds method = USER_METHOD_GID) {
+ socketTestTemplate([method] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
+ CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, method));
gid_t gid = std::stoul(gidStr.get());
RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
<< "; expected = "<< peerCredentials.gid());
- }, "tccs04");
+ }, "tccs05");
+}
+
+RUNNER_MULTIPROCESS_TEST(tccs04_socket_credentials_user_uid)
+{
+ testSocketUserUid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccs05_socket_credentials_user_gid)
+{
+ testSocketUserGid();
}
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs05_cynara_creds_socket_pid)
+RUNNER_MULTIPROCESS_TEST(tccs06_socket_credentials_user_default)
{
- const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket");
+ auto method = getUserDefaultMethod();
+ switch(method) {
+ case USER_METHOD_UID:
+ testSocketUserUid(USER_METHOD_DEFAULT);
+ break;
+ case USER_METHOD_GID:
+ testSocketUserGid(USER_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_user_method returned unexpected value "
+ << method);
+ }
+}
+
+RUNNER_MULTIPROCESS_TEST(tccs07_socket_credentials_pid)
+{
+ socketTestTemplate([] (int sock, pid_t expectedPid, const ProcessCredentials &) {
+ pid_t peerPid(CynaraHelperCredentials::socketGetPid(sock));
+ RUNNER_ASSERT_MSG(peerPid == expectedPid, "Pids don't match ret = " << peerPid
+ << "; expected = "<< expectedPid);
+ }, "tccs05");
+}
+
+
+//=====================================DBus===========================================
+
+// TODO: Create utility namespace for DBus, maybe?
+DBusConnectionPtr createDBusConnection(const std::string &name) {
+ DBusError err;
+
+ dbus_error_init(&err);
+ DBusConnection *conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
+ RUNNER_ASSERT_MSG(dbus_error_is_set(&err) != 1, "Error in dbus_bus_get: " << err.message);
+ dbus_connection_set_exit_on_disconnect(conn, FALSE);
+
+ DBusConnectionPtr ret(conn, [] (DBusConnection *conn) {
+ dbus_connection_close(conn);
+ dbus_connection_unref(conn);
+ });
+
+ if (name.empty() == false) {
+ dbus_bus_request_name(conn, name.c_str(), DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
+ RUNNER_ASSERT_MSG(dbus_error_is_set(&err) != TRUE,
+ "Error in dbus_bus_request_name: " << err.message);
+ }
+
+ return ret;
+}
+
+void dbusServer(SynchronizationPipe &pipe, const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ AppContext ctx(peerCredentials.label());
+ ctx.allowAccessFrom("System", "rwx"); // for DBus connection
+ ctx.allowAccessFrom("System::Privileged", "rwx"); // for piping
+ ctx.allowAccessTo("System", "w");
+ ctx.allowAccessTo("System::Privileged", "rwx"); // for GDB and piping
+ ctx.allowAccessTo("System::Run", "x");
+ ctx.allowAccessTo("System::Shared", "rwx"); // for GDB
+ ctx.allowAccessTo("User", "r"); // for /usr/lib/debug access
+ ctx.apply(peerCredentials.uid(), peerCredentials.gid());
+ pipe.claimChildEp();
+
+ auto conn = createDBusConnection(requestedName);
+ pipe.post();
+ pipe.wait();
+}
+
+typedef std::function<void(DBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials)> DBusAssertionFn;
+
+void dbusTestTemplate(DBusAssertionFn assertion) {
+ std::string requestedName = "tests.dbus.cynara";
const ProcessCredentials peerCredentials;
SynchronizationPipe pipe;
- pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
- std::cref(peerCredentials)));
+ pid_t pid = runInChild(std::bind(dbusServer, std::ref(pipe), std::cref(requestedName),
+ std::cref(peerCredentials)));
pipe.claimParentEp();
pipe.wait();
- int sock = UDSHelpers::createClient(&sockaddr);
- SockUniquePtr sockPtr(&sock);
- pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock);
- RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
- << "; expected = " << expectedPid);
+ auto conn = createDBusConnection("");
+ assertion(std::move(conn), pid, requestedName, peerCredentials);
+ pipe.post();
+}
+
+
+RUNNER_TEST_GROUP_INIT(cynara_creds_dbus)
+
+void testDbusClientPid(cynara_client_creds method = CLIENT_METHOD_PID) {
+ dbusTestTemplate([method] (DBusConnectionPtr conn, pid_t pid, const std::string &requestedName,
+ const ProcessCredentials &) {
+ CStringPtr clientPidStr(CynaraHelperCredentials::dbusGetClient(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ pid_t clientPid = std::stoi(clientPidStr.get());
+ RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
+ << "; expected = " << pid);
+ });
+}
+
+void testDbusClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
+ dbusTestTemplate([method] (DBusConnectionPtr conn, pid_t, const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr label(CynaraHelperCredentials::dbusGetClient(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
+ "Labels don't match ret = " << label.get()
+ << "; expected = " << peerCredentials.label());
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd01_dbus_credentials_client_pid)
+{
+ testDbusClientPid();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccd02_dbus_credentials_client_smack)
+{
+ testDbusClientSmack();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccd03_dbus_credentials_client_default)
+{
+ auto method = getClientDefaultMethod();
+ switch(method) {
+ case CLIENT_METHOD_SMACK:
+ testDbusClientSmack(CLIENT_METHOD_DEFAULT);
+ break;
+ case CLIENT_METHOD_PID:
+ testDbusClientPid(CLIENT_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_client_method returned unexpected value "
+ << method);
+ }
+}
+
+void testDbusUserUid(cynara_user_creds method = USER_METHOD_UID) {
+ dbusTestTemplate([method] (DBusConnectionPtr conn, pid_t, const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr uidStr(CynaraHelperCredentials::dbusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ uid_t uid = std::stoul(uidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
+ << "; expected = "<< peerCredentials.uid());
+ });
+}
+
+void testDbusUserGid(cynara_user_creds method = USER_METHOD_GID) {
+ // Acquiring gid from dbus connection is not yet implemented for cynara helpers
+ dbusTestTemplate([method] (DBusConnectionPtr conn, pid_t, const std::string &requestedName,
+ const ProcessCredentials &) {
+ CStringPtr gidStr(CynaraHelperCredentials::dbusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_METHOD_NOT_SUPPORTED));
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd04_dbus_credentials_user_uid)
+{
+ testDbusUserUid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd05_dbus_credentials_user_gid)
+{
+ testDbusUserGid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd06_dbus_credentials_user_default) {
+ auto method = getUserDefaultMethod();
+ switch(method) {
+ case USER_METHOD_UID:
+ testDbusUserUid(USER_METHOD_DEFAULT);
+ break;
+ case USER_METHOD_GID:
+ testDbusUserGid(USER_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_user_method returned unexpected value "
+ << method);
+ }
+}
+
+RUNNER_TEST_SMACK(tccd07_dbus_credentials_pid) {
+ dbusTestTemplate([] (DBusConnectionPtr conn, pid_t expectedPid,
+ const std::string &requestedName, const ProcessCredentials &) {
+ auto helperPid = CynaraHelperCredentials::dbusGetPid(std::move(conn),
+ requestedName.c_str(), CYNARA_API_SUCCESS);
+ RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
+ << "; expected = " << expectedPid);
+ });
+}
+
+void testDbusCredsDefault(int expectedResult, char **pClientBuff,
+ char **pUserBuff, pid_t *pPidCred)
+{
+ // reset variables if set by previous test cases
+ if (pClientBuff != nullptr) *pClientBuff = nullptr;
+ if (pUserBuff != nullptr) *pUserBuff = nullptr;
+ if (pPidCred != nullptr) *pPidCred = -1;
+
+ dbusTestTemplate([&] (DBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ cynara_user_creds userMethod = getUserDefaultMethod();
+ cynara_client_creds clientMethod = getClientDefaultMethod();
+
+ // exception override
+ if (expectedResult == CYNARA_API_SUCCESS && userMethod == USER_METHOD_GID) {
+ expectedResult = CYNARA_API_METHOD_NOT_SUPPORTED;
+ }
+
+ int ret = cynara_creds_dbus_get_default(conn.get(), requestedName.c_str(),
+ pClientBuff, pUserBuff, pPidCred);
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_dbus_get_default returned unexpected result: " << ret <<
+ "; expected: " << expectedResult);
+
+ if (ret != CYNARA_API_SUCCESS) {
+ return;
+ }
+
+ if (pClientBuff != nullptr) {
+ switch (clientMethod) {
+ case CLIENT_METHOD_SMACK:
+ RUNNER_ASSERT_MSG(*pClientBuff == peerCredentials.label(),
+ "Client labels don't match, ret = "
+ << *pClientBuff << "; expected = "
+ << peerCredentials.label());
+ free(*pClientBuff);
+ break;
+ case CLIENT_METHOD_PID:
+ RUNNER_ASSERT_MSG(*pClientBuff == std::to_string(pid),
+ "PIDs don't match, ret = "
+ << *pClientBuff << "; expected = " << pid);
+ free(*pClientBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pUserBuff != nullptr) {
+ switch (userMethod) {
+ case USER_METHOD_UID:
+ RUNNER_ASSERT_MSG(*pUserBuff == std::to_string(peerCredentials.uid()),
+ "UIDs don't match, ret = "
+ << *pUserBuff
+ << "; expected = " << peerCredentials.uid());
+ free(*pUserBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pPidCred != nullptr) {
+ RUNNER_ASSERT_MSG(*pPidCred == pid, "PIDs don't match, ret = "
+ << *pPidCred
+ << "; expected = " << pid);
+ }
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd08_dbus_credentials_default_positive_all)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, &userBuff, &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd09_dbus_credentials_default_positive_partial_single)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, nullptr, nullptr);
+ testDbusCredsDefault(CYNARA_API_SUCCESS, nullptr, &userBuff, nullptr);
+ testDbusCredsDefault(CYNARA_API_SUCCESS, nullptr, nullptr, &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd10_dbus_credentials_default_positive_partial_double)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCredsDefault(CYNARA_API_SUCCESS, nullptr, &userBuff, &pidCred);
+ testDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, nullptr, &pidCred);
+ testDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, &userBuff, nullptr);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd11_dbus_credentials_default_negative_incomplete)
+{
+ testDbusCredsDefault(CYNARA_API_INVALID_PARAM, nullptr, nullptr, nullptr);
+}
+
+void testDbusCreds(int expectedResult,
+ const cynara_client_creds *pClientMethod, char **pClientBuff,
+ const cynara_user_creds *pUserMethod, char **pUserBuff,
+ pid_t *pPidCred)
+{
+ // reset variables if set by previous test cases
+ if (pClientBuff != nullptr) *pClientBuff = nullptr;
+ if (pUserBuff != nullptr) *pUserBuff = nullptr;
+ if (pPidCred != nullptr) *pPidCred = -1;
+
+ dbusTestTemplate([&] (DBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+
+ int ret = cynara_creds_dbus_get(conn.get(), requestedName.c_str(),
+ pClientMethod, pClientBuff,
+ pUserMethod, pUserBuff, pPidCred);
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_dbus_get returned unexpected result: " << ret <<
+ "; expected: " << expectedResult);
+
+ if (ret != CYNARA_API_SUCCESS) {
+ return;
+ }
+
+ if (pClientBuff != nullptr && pClientMethod != nullptr) {
+ switch (*pClientMethod) {
+ case CLIENT_METHOD_SMACK:
+ RUNNER_ASSERT_MSG(*pClientBuff == peerCredentials.label(),
+ "Client labels don't match, ret = "
+ << *pClientBuff << "; expected = "
+ << peerCredentials.label());
+ free(*pClientBuff);
+ break;
+ case CLIENT_METHOD_PID:
+ RUNNER_ASSERT_MSG(*pClientBuff == std::to_string(pid),
+ "PIDs don't match, ret = "
+ << *pClientBuff << "; expected = " << pid);
+ free(*pClientBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pUserBuff != nullptr && pUserMethod != nullptr) {
+ switch (*pUserMethod) {
+ case USER_METHOD_UID:
+ RUNNER_ASSERT_MSG(*pUserBuff == std::to_string(peerCredentials.uid()),
+ "UIDs don't match, ret = "
+ << *pUserBuff
+ << "; expected = " << peerCredentials.uid());
+ free(*pUserBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pPidCred != nullptr) {
+ RUNNER_ASSERT_MSG(*pPidCred == pid, "PIDs don't match, ret = "
+ << *pPidCred
+ << "; expected = " << pid);
+ }
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd12_dbus_credentials_positive_all)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+
+ testDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ &G_USER_METHOD_GID, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_GID, &userBuff, &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd13_dbus_credentials_positive_partial_single)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_DEFAULT, nullptr,
+ nullptr);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ nullptr, nullptr,
+ nullptr);
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ &G_USER_METHOD_DEFAULT, &userBuff,
+ nullptr);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, &userBuff,
+ nullptr);
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, nullptr,
+ &pidCred);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ nullptr, nullptr,
+ &pidCred);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ nullptr, nullptr,
+ &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd14_dbus_credentials_positive_partial_double)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_DEFAULT, nullptr, &pidCred);
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ nullptr, nullptr, &pidCred);
+
+ testDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, nullptr);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd14_dbus_credentials_negative_incomplete)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, &clientBuff,
+ &G_USER_METHOD_UID, nullptr, &pidCred);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, &clientBuff,
+ nullptr, nullptr, &pidCred);
+
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ nullptr, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ nullptr, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, nullptr,
+ nullptr, &userBuff, &pidCred);
+
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ &G_USER_METHOD_UID, nullptr, nullptr);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ nullptr, nullptr, nullptr);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, nullptr, nullptr);
+ testDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, nullptr,
+ nullptr, nullptr, nullptr);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccd14_dbus_credentials_negative_incorrect)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_LOW, &clientBuff,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_HIGH, &clientBuff,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ &G_USER_METHOD_LOW, &userBuff, &pidCred);
+ testDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ &G_USER_METHOD_HIGH, &userBuff, &pidCred);
+}
+
+
+//===============================GDBUS======================================
+
+GDBusConnectionPtr createGDBusConnection() {
+ GDBusConnection *conn = g_bus_get_sync(G_BUS_TYPE_SYSTEM, NULL, NULL);
+
+ return GDBusConnectionPtr(conn, [] (GDBusConnection *conn) {
+ g_object_unref(G_OBJECT(conn));
+ });
+}
+
+
+typedef std::function<void(GDBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials)> GDBusAssertionFn;
+
+void gdbusTestTemplate(GDBusAssertionFn assertion) {
+ std::string requestedName = "tests.dbus.cynara";
+ const ProcessCredentials peerCredentials;
+
+ SynchronizationPipe pipe;
+ pid_t pid = runInChild(std::bind(dbusServer, std::ref(pipe), std::cref(requestedName),
+ std::cref(peerCredentials)));
+
+ pipe.claimParentEp();
+ pipe.wait();
+
+ auto conn = createGDBusConnection();
+ assertion(std::move(conn), pid, requestedName, peerCredentials);
+ pipe.post();
+}
+
+
+RUNNER_TEST_GROUP_INIT(cynara_creds_gdbus)
+
+void testGdbusClientPid(cynara_client_creds method = CLIENT_METHOD_PID) {
+ gdbusTestTemplate([method] (GDBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &) {
+ GStringPtr clientPidStr(CynaraHelperCredentials::gdbusGetClient(std::move(conn),
+ requestedName.c_str(), method));
+ pid_t clientPid = std::stoi(clientPidStr.get());
+ RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
+ << "; expected = " << pid);
+ });
+}
+
+void testGdbusClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
+ gdbusTestTemplate([method] (GDBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ GStringPtr label(CynaraHelperCredentials::gdbusGetClient(std::move(conn),
+ requestedName.c_str(), method));
+ RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
+ "Labels don't match ret = " << label.get()
+ << "; expected = " << peerCredentials.label());
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd01_gdbus_credentials_client_pid)
+{
+ testGdbusClientPid();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccgd02_gdbus_credentials_client_smack)
+{
+ testGdbusClientSmack();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccgd03_gdbus_credentials_client_default)
+{
+ auto method = getClientDefaultMethod();
+ switch(method) {
+ case CLIENT_METHOD_SMACK:
+ testGdbusClientSmack(CLIENT_METHOD_DEFAULT);
+ break;
+ case CLIENT_METHOD_PID:
+ testGdbusClientPid(CLIENT_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_client_method returned unexpected value "
+ << method);
+ }
+}
+
+void testGdbusUserUid(cynara_user_creds method = USER_METHOD_UID) {
+ gdbusTestTemplate([method] (GDBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ GStringPtr uidStr(CynaraHelperCredentials::gdbusGetUser(std::move(conn),
+ requestedName.c_str(), method));
+ uid_t uid = std::stoul(uidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
+ << "; expected = "<< peerCredentials.uid());
+ });
+}
+
+void testGdbusUserGid(cynara_user_creds method = USER_METHOD_GID) {
+ // Getting gid for gdbus connection is not yet implemented in cynara helpers
+ gdbusTestTemplate([method] (GDBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &) {
+ GStringPtr gidStr(CynaraHelperCredentials::gdbusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_METHOD_NOT_SUPPORTED));
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd04_gdbus_credentials_user_uid)
+{
+ testGdbusUserUid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd05_gdbus_credentials_user_gid)
+{
+ testGdbusUserGid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd06_gdbus_credentials_user_default) {
+ auto method = getUserDefaultMethod();
+ switch(method) {
+ case USER_METHOD_UID:
+ testGdbusUserUid(USER_METHOD_DEFAULT);
+ break;
+ case USER_METHOD_GID:
+ testGdbusUserGid(USER_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_user_method returned unexpected value "
+ << method);
+ }
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd07_gdbus_credentials_pid) {
+ gdbusTestTemplate([] (GDBusConnectionPtr conn, pid_t expectedPid,
+ const std::string &requestedName, const ProcessCredentials &) {
+ auto helperPid = CynaraHelperCredentials::gdbusGetPid(std::move(conn),
+ requestedName.c_str());
+ RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
+ << "; expected = " << expectedPid);
+ });
+}
+
+void testGDbusCredsDefault(int expectedResult, char **pClientBuff,
+ char **pUserBuff, pid_t *pPidCred)
+{
+ // reset variables if set by previous test cases
+ if (pClientBuff != nullptr) *pClientBuff = nullptr;
+ if (pUserBuff != nullptr) *pUserBuff = nullptr;
+ if (pPidCred != nullptr) *pPidCred = -1;
+
+ gdbusTestTemplate([&] (GDBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ cynara_user_creds userMethod = getUserDefaultMethod();
+ cynara_client_creds clientMethod = getClientDefaultMethod();
+
+ // exception override
+ if (expectedResult == CYNARA_API_SUCCESS && userMethod == USER_METHOD_GID) {
+ expectedResult = CYNARA_API_METHOD_NOT_SUPPORTED;
+ }
+
+ int ret = cynara_creds_gdbus_get_default(conn.get(), requestedName.c_str(),
+ pClientBuff, pUserBuff, pPidCred);
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_gdbus_get_default returned unexpected result: " << ret <<
+ "; expected: " << expectedResult);
+
+ if (ret != CYNARA_API_SUCCESS) {
+ return;
+ }
+
+ if (pClientBuff != nullptr) {
+ switch (clientMethod) {
+ case CLIENT_METHOD_SMACK:
+ RUNNER_ASSERT_MSG(*pClientBuff == peerCredentials.label(),
+ "Client labels don't match, ret = "
+ << *pClientBuff << "; expected = "
+ << peerCredentials.label());
+ g_free(*pClientBuff);
+ break;
+ case CLIENT_METHOD_PID:
+ RUNNER_ASSERT_MSG(*pClientBuff == std::to_string(pid),
+ "PIDs don't match, ret = "
+ << *pClientBuff << "; expected = " << pid);
+ g_free(*pClientBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pUserBuff != nullptr) {
+ switch (userMethod) {
+ case USER_METHOD_UID:
+ RUNNER_ASSERT_MSG(*pUserBuff == std::to_string(peerCredentials.uid()),
+ "UIDs don't match, ret = "
+ << *pUserBuff
+ << "; expected = " << peerCredentials.uid());
+ g_free(*pUserBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pPidCred != nullptr) {
+ RUNNER_ASSERT_MSG(*pPidCred == pid, "PIDs don't match, ret = "
+ << *pPidCred
+ << "; expected = " << pid);
+ }
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd08_gdbus_credentials_default_positive_all)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, &userBuff, &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd09_gdbus_credentials_default_positive_partial_single)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, nullptr, nullptr);
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, nullptr, &userBuff, nullptr);
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, nullptr, nullptr, &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd10_gdbus_credentials_default_positive_partial_double)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, nullptr, &userBuff, &pidCred);
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, nullptr, &pidCred);
+ testGDbusCredsDefault(CYNARA_API_SUCCESS, &clientBuff, &userBuff, nullptr);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd11_gdbus_credentials_default_negative_incomplete)
+{
+ testGDbusCredsDefault(CYNARA_API_INVALID_PARAM, nullptr, nullptr, nullptr);
+}
+
+void testGDbusCreds(int expectedResult,
+ const cynara_client_creds *pClientMethod, char **pClientBuff,
+ const cynara_user_creds *pUserMethod, char **pUserBuff,
+ pid_t *pPidCred)
+{
+ // reset variables if set by previous test cases
+ if (pClientBuff != nullptr) *pClientBuff = nullptr;
+ if (pUserBuff != nullptr) *pUserBuff = nullptr;
+ if (pPidCred != nullptr) *pPidCred = -1;
+
+ gdbusTestTemplate([&] (GDBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+
+ int ret = cynara_creds_gdbus_get(conn.get(), requestedName.c_str(),
+ pClientMethod, pClientBuff,
+ pUserMethod, pUserBuff, pPidCred);
+
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_gdbus_get returned unexpected result: " << ret <<
+ "; expected: " << expectedResult);
+
+ if (ret != CYNARA_API_SUCCESS) {
+ return;
+ }
+
+ if (pClientBuff != nullptr && pClientMethod != nullptr) {
+ switch (*pClientMethod) {
+ case CLIENT_METHOD_SMACK:
+ RUNNER_ASSERT_MSG(*pClientBuff == peerCredentials.label(),
+ "Client labels don't match, ret = "
+ << *pClientBuff << "; expected = "
+ << peerCredentials.label());
+ g_free(*pClientBuff);
+ break;
+ case CLIENT_METHOD_PID:
+ RUNNER_ASSERT_MSG(*pClientBuff == std::to_string(pid),
+ "PIDs don't match, ret = "
+ << *pClientBuff << "; expected = " << pid);
+ g_free(*pClientBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pUserBuff != nullptr && pUserMethod != nullptr) {
+ switch (*pUserMethod) {
+ case USER_METHOD_UID:
+ RUNNER_ASSERT_MSG(*pUserBuff == std::to_string(peerCredentials.uid()),
+ "UIDs don't match, ret = "
+ << *pUserBuff
+ << "; expected = " << peerCredentials.uid());
+ g_free(*pUserBuff);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (pPidCred != nullptr) {
+ RUNNER_ASSERT_MSG(*pPidCred == pid, "PIDs don't match, ret = "
+ << *pPidCred
+ << "; expected = " << pid);
+ }
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd12_gdbus_credentials_positive_all)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+
+ testGDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ &G_USER_METHOD_GID, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_GID, &userBuff, &pidCred);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd13_gdbus_credentials_positive_partial_single)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_DEFAULT, nullptr,
+ nullptr);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ nullptr, nullptr,
+ nullptr);
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ &G_USER_METHOD_DEFAULT, &userBuff,
+ nullptr);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, &userBuff,
+ nullptr);
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, nullptr,
+ &pidCred);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ nullptr, nullptr,
+ &pidCred);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ nullptr, nullptr,
+ &pidCred);
+ }
+
+RUNNER_MULTIPROCESS_TEST(tccgd14_gdbus_credentials_positive_partial_double)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_PID, &clientBuff,
+ &G_USER_METHOD_DEFAULT, nullptr, &pidCred);
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ nullptr, nullptr, &pidCred);
+
+ testGDbusCreds(CYNARA_API_SUCCESS,
+ &G_CLIENT_METHOD_SMACK, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, nullptr);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd14_gdbus_credentials_negative_incomplete)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, &clientBuff,
+ &G_USER_METHOD_UID, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, &clientBuff,
+ &G_USER_METHOD_UID, nullptr, &pidCred);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, &clientBuff,
+ nullptr, nullptr, &pidCred);
+
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ nullptr, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ nullptr, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, nullptr,
+ nullptr, &userBuff, &pidCred);
+
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ &G_USER_METHOD_UID, nullptr, nullptr);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ &G_CLIENT_METHOD_DEFAULT, nullptr,
+ nullptr, nullptr, nullptr);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, nullptr,
+ &G_USER_METHOD_DEFAULT, nullptr, nullptr);
+ testGDbusCreds(CYNARA_API_INVALID_PARAM,
+ nullptr, nullptr,
+ nullptr, nullptr, nullptr);
+}
+
+RUNNER_MULTIPROCESS_TEST(tccgd14_gdbus_credentials_negative_incorrect)
+{
+ char *clientBuff = nullptr;
+ char *userBuff = nullptr;
+ pid_t pidCred = -1;
+
+ testGDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_LOW, &clientBuff,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_HIGH, &clientBuff,
+ &G_USER_METHOD_DEFAULT, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ &G_USER_METHOD_LOW, &userBuff, &pidCred);
+ testGDbusCreds(CYNARA_API_METHOD_NOT_SUPPORTED,
+ &G_CLIENT_METHOD_DEFAULT, &clientBuff,
+ &G_USER_METHOD_HIGH, &userBuff, &pidCred);
+}
+
+
+//================================SdBus===============================================
+
+SdBusConnectionPtr createSdBusConnection(const std::string &requestedName) {
+ sd_bus *bus = NULL;
+
+ int r = sd_bus_default_system(&bus);
+ RUNNER_ASSERT_MSG(r >= 0, "Failed to connect do system bus: %s" << strerror(-r));
+
+ if (requestedName.empty() == false) {
+ r = sd_bus_request_name(bus, requestedName.c_str(), SD_BUS_NAME_REPLACE_EXISTING);
+ RUNNER_ASSERT_MSG(r >= 0, "Error in sd_bus_request_name");
+ }
+
+ SdBusConnectionPtr ret(bus, [] (sd_bus *busConnection) {
+ sd_bus_unref(busConnection);
+ });
+
+ return ret;
+}
+
+typedef std::function<void(SdBusConnectionPtr conn, pid_t pid, const std::string &requestedName,
+ const ProcessCredentials &peerCredentials)> SdBusAssertionFn;
+
+void sdBusTestTemplate(SdBusAssertionFn assertion) {
+ std::string requestedName = "tests.dbus.cynara";
+ const ProcessCredentials peerCredentials;
+
+ SynchronizationPipe pipe;
+ pid_t pid = runInChild(std::bind(dbusServer, std::ref(pipe), std::cref(requestedName),
+ std::cref(peerCredentials)));
+
+ pipe.claimParentEp();
+ pipe.wait();
+
+ auto conn = createSdBusConnection("");
+ assertion(std::move(conn), pid, requestedName, peerCredentials);
+ pipe.post();
+}
+
+
+RUNNER_TEST_GROUP_INIT(cynara_creds_sd_bus)
+
+void testSdBusClientPid(cynara_client_creds method = CLIENT_METHOD_PID) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &) {
+ CStringPtr clientPidStr(CynaraHelperCredentials::sdBusGetClient(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ pid_t clientPid = std::stoi(clientPidStr.get());
+ RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
+ << "; expected = " << pid);
+ });
+}
+
+void testSdBusClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr label(CynaraHelperCredentials::sdBusGetClient(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
+ "Labels don't match ret = " << label.get()
+ << "; expected = " << peerCredentials.label());
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd01_sd_bus_credentials_client_pid)
+{
+ testSdBusClientPid();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccsd02_sd_bus_credentials_client_smack)
+{
+ testSdBusClientSmack();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccsd03_sd_bus_credentials_client_default)
+{
+ auto method = getClientDefaultMethod();
+ switch(method) {
+ case CLIENT_METHOD_SMACK:
+ testSdBusClientSmack(CLIENT_METHOD_DEFAULT);
+ break;
+ case CLIENT_METHOD_PID:
+ testSdBusClientPid(CLIENT_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_client_method returned unexpected value "
+ << method);
+ }
+}
+
+void testSdBusUserUid(cynara_user_creds method = USER_METHOD_UID) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr uidStr(CynaraHelperCredentials::sdBusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ uid_t uid = std::stoul(uidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
+ << "; expected = "<< peerCredentials.uid());
+ });
+}
+
+void testSdBusUserGid(cynara_user_creds method = USER_METHOD_GID) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr gidStr(CynaraHelperCredentials::sdBusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ gid_t gid = std::stoul(gidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
+ << "; expected = "<< peerCredentials.gid());
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd04_sd_bus_credentials_user_uid)
+{
+ testSdBusUserUid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd05_sd_bus_credentials_user_gid)
+{
+ testSdBusUserGid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd06_sd_bus_credentials_user_default)
+{
+ auto method = getUserDefaultMethod();
+ switch(method) {
+ case USER_METHOD_UID:
+ testSdBusUserUid(USER_METHOD_DEFAULT);
+ break;
+ case USER_METHOD_GID:
+ testSdBusUserGid(USER_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_user_method returned unexpected value "
+ << method);
+ }
+}
+
+RUNNER_TEST_SMACK(tccd07_sd_bus_credentials_pid) {
+ sdBusTestTemplate([] (SdBusConnectionPtr conn, pid_t expectedPid,
+ const std::string &requestedName, const ProcessCredentials &) {
+ auto helperPid = CynaraHelperCredentials::sdBusGetPid(std::move(conn),
+ requestedName.c_str(), CYNARA_API_SUCCESS);
+ RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
+ << "; expected = " << expectedPid);
+ });
+}
+
+
+RUNNER_TEST_GROUP_INIT(cynara_creds_self)
+
+void testCredsClientSelf(cynara_client_creds method, const std::string &expected) {
+ char *client;
+ int ret = cynara_creds_self_get_client(method, &client);
+ CStringPtr clientPtr(client);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, "cynara_creds_self_get_client failed with " << ret);
+ RUNNER_ASSERT_MSG(expected == client, "expected client doesn't match, expected: " << expected
+ << ", got : " << client);
+}
+
+void testCredsUserSelf(cynara_user_creds method, const std::string &expected) {
+ char *user;
+ int ret = cynara_creds_self_get_user(method, &user);
+ CStringPtr clientPtr(user);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, "cynara_creds_self_get_user failed with " << ret);
+ RUNNER_ASSERT_MSG(expected == user, "expected user doesn't match, expected: " << expected
+ << ", got : " << user);
+}
+
+void testSelfClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
+ std::string label = "test-label";
+ ScopedProcessLabel spl(label, false);
+ testCredsClientSelf(method, label);
+}
+
+void testSelfClientPid(cynara_client_creds method = CLIENT_METHOD_PID) {
+ pid_t pid = getpid();
+ testCredsClientSelf(method, std::to_string(pid));
+}
+
+void testSelfUserUid(cynara_user_creds method = USER_METHOD_UID) {
+ uid_t uid = getuid();
+ testCredsUserSelf(method, std::to_string(uid));
+}
+
+void testSelfUserGid(cynara_user_creds method = USER_METHOD_GID) {
+ gid_t gid = getgid();
+ testCredsUserSelf(method, std::to_string(gid));
+}
+
+RUNNER_CHILD_TEST_SMACK(tccsl01_self_credentials_client_smack) {
+ testSelfClientSmack();
+}
+
+RUNNER_CHILD_TEST_SMACK(tccsl02_self_credentials_client_pid) {
+ testSelfClientPid();
+}
+
+RUNNER_CHILD_TEST_SMACK(tccsl03_self_credentials_user_uid) {
+ testSelfUserUid();
+}
+
+RUNNER_CHILD_TEST_SMACK(tccsl04_self_credentials_user_gid) {
+ testSelfUserGid();
+}
+
+RUNNER_CHILD_TEST_SMACK(tccsl05_self_credentials_client_default) {
+ auto method = getClientDefaultMethod();
+ switch(method) {
+ case CLIENT_METHOD_SMACK:
+ testSelfClientSmack(CLIENT_METHOD_DEFAULT);
+ break;
+ case CLIENT_METHOD_PID:
+ testSelfClientPid(CLIENT_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_client_method returned unexpected value " << method);
+ }
+}
+
+RUNNER_CHILD_TEST_SMACK(tccsl06_self_credentials_user_default) {
+ auto method = getUserDefaultMethod();
+ switch(method) {
+ case USER_METHOD_UID:
+ testSelfUserUid(USER_METHOD_DEFAULT);
+ break;
+ case USER_METHOD_GID:
+ testSelfUserGid(USER_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_user_method returned unexpected value " << method);
+ }
}
projects / platform / core / test / security-tests.git / blobdiff