secret-attributes: improve validation of attributes table

Attributes table that are built by the library itself contain
the xdg:schema meta-attribute. Additionally,
secrets with a SECRET_SCHEMA_COMPAT_NETWORK schema might also have
libgnomekeyring specific meta-attributes (prefixed 'gkr'). During
validation, ensure that the former is consistent with the name
of the schema and ignore the latter.

Add tests for these changes

https://bugzilla.gnome.org/show_bug.cgi?id=694107

diff --git a/libsecret/secret-attributes.c b/libsecret/secret-attributes.c
index 00372e7..80dd28d 100644 (file)
--- a/libsecret/secret-attributes.c
+++ b/libsecret/secret-attributes.c
@@ -212,6 +212,22 @@ _secret_attributes_validate (const SecretSchema *schema,
        while (g_hash_table_iter_next (&iter, (gpointer *)&key, (gpointer *)&value)) {
                any = TRUE;
 
+               /* If the 'xdg:schema' meta-attribute is present,
+                  ensure that it is consistent with the schema
+                  name. */
+               if (g_str_equal (key, "xdg:schema")) {
+                       if (!g_str_equal (value, schema->name)) {
+                               g_critical ("%s: xdg:schema value %s differs from schema %s:",
+                                           pretty_function, value, schema->name);
+                               return FALSE;
+                       }
+                       continue;
+               }
+
+               /* Pass through libgnomekeyring specific attributes */
+               if (g_str_has_prefix (key, "gkr:"))
+                       continue;
+
                /* Find the attribute */
                attribute = NULL;
                for (i = 0; i < G_N_ELEMENTS (schema->attributes); i++) {

diff --git a/libsecret/tests/test-attributes.c b/libsecret/tests/test-attributes.c
index 0d66932..da26189 100644 (file)
--- a/libsecret/tests/test-attributes.c
+++ b/libsecret/tests/test-attributes.c
@@ -16,6 +16,7 @@
 #include "config.h"
 
 #include "secret-attributes.h"
+#include "secret-private.h"
 
 #include "egg/egg-testing.h"
 
@@ -123,6 +124,59 @@ test_build_bad_type (void)
        g_test_trap_assert_stderr ("*invalid type*");
 }
 
+static void
+test_validate_schema (void)
+{
+       GHashTable *attributes;
+       gboolean ret;
+
+       attributes = g_hash_table_new (g_str_hash, g_str_equal);
+       g_hash_table_replace (attributes, "number", "1");
+       g_hash_table_replace (attributes, "string", "test");
+       g_hash_table_replace (attributes, "xdg:schema", "org.mock.Schema");
+
+       ret = _secret_attributes_validate (&MOCK_SCHEMA, attributes, G_STRFUNC, TRUE);
+       g_assert (ret == TRUE);
+
+       g_hash_table_unref (attributes);
+}
+
+static void
+test_validate_schema_bad (void)
+{
+       GHashTable *attributes;
+       gboolean ret;
+
+       attributes = g_hash_table_new (g_str_hash, g_str_equal);
+       g_hash_table_replace (attributes, "number", "1");
+       g_hash_table_replace (attributes, "string", "test");
+       g_hash_table_replace (attributes, "xdg:schema", "mismatched.Schema");
+
+       if (g_test_trap_fork (0, G_TEST_TRAP_SILENCE_STDERR)) {
+               ret = _secret_attributes_validate (&MOCK_SCHEMA, attributes, G_STRFUNC, TRUE);
+               g_assert (ret == FALSE);
+       }
+
+       g_hash_table_unref (attributes);
+}
+
+static void
+test_validate_libgnomekeyring (void)
+{
+       GHashTable *attributes;
+       gboolean ret;
+
+       attributes = g_hash_table_new (g_str_hash, g_str_equal);
+       g_hash_table_replace (attributes, "number", "1");
+       g_hash_table_replace (attributes, "string", "test");
+       g_hash_table_replace (attributes, "gkr:compat", "blah-dee-blah");
+
+       ret = _secret_attributes_validate (&MOCK_SCHEMA, attributes, G_STRFUNC, TRUE);
+       g_assert (ret == TRUE);
+
+       g_hash_table_unref (attributes);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -138,5 +192,9 @@ main (int argc, char **argv)
        g_test_add_func ("/attributes/build-non-utf8-string", test_build_non_utf8_string);
        g_test_add_func ("/attributes/build-bad-type", test_build_bad_type);
 
+       g_test_add_func ("/attributes/validate-schema", test_validate_schema);
+       g_test_add_func ("/attributes/validate-schema-bad", test_validate_schema_bad);
+       g_test_add_func ("/attributes/validate-libgnomekeyring", test_validate_libgnomekeyring);
+
        return g_test_run ();
 }