Disallow API calls for template subsessions

Change-Id: I959d06a2d7a84bbaf22a95e5d3d7f9ef8ac832b4

diff --git a/src/library/src/lib.c b/src/library/src/lib.c
index dea0785c81b5ab04b7ff9ed95b20930738fbec0e..eb108ad4a59efb2a9d9bcbdcabe6da6d429628d7 100644 (file)
--- a/src/library/src/lib.c
+++ b/src/library/src/lib.c
@@ -179,6 +179,12 @@ static int is_not_correct_name(const char *user_id) {
        return FALSE;
 }
 
+static bool is_reserved_name(const subsession_user_t subsession)
+{
+       return !strcmp(subsession, "__template_fixed__")
+           || !strcmp(subsession, "__template_reg__");
+}
+
 static gboolean error_on_bad_user_id(const char *user_id) {
        return (
                is_user_id_null(user_id)
@@ -637,6 +643,9 @@ EXPORT_API int subsession_add_user(int session_uid, const subsession_user_t user
                user_id_is_not_valid(user))
        )
 
+       if (is_reserved_name(user))
+               return SUBSESSION_ERROR_INVALID_PARAMETER;
+
        return_with_log_error_result_(method_call_async(dbus_method_call.AddUser, g_variant_new("(is)", session_uid, user), cb, user_data))
 }
 
@@ -648,6 +657,9 @@ EXPORT_API int subsession_add_user_fixed_size(int session_uid, const subsession_
                session_fixed_size_invalid_size(size_limit_kB)))
        )
 
+       if (is_reserved_name(user))
+               return SUBSESSION_ERROR_INVALID_PARAMETER;
+
        return_with_log_error_result_(method_call_async(dbus_method_call.AddUserFixedSize, g_variant_new("(isu)", session_uid, user, size_limit_kB), cb, user_data))
 }
 
@@ -658,6 +670,9 @@ EXPORT_API int subsession_remove_user(int session_uid, const subsession_user_t u
                user_id_is_not_valid(user))
        )
 
+       if (is_reserved_name(user))
+               return SUBSESSION_ERROR_INVALID_PARAMETER;
+
        return_with_log_error_result_(method_call_async(dbus_method_call.RemoveUser, g_variant_new("(is)", session_uid, user), cb, user_data))
 }
 
@@ -668,6 +683,9 @@ EXPORT_API int subsession_switch_user(int session_uid, const subsession_user_t n
                session_uid_is_not_valid(session_uid))
        )
 
+       if (is_reserved_name(next_user))
+               return SUBSESSION_ERROR_INVALID_PARAMETER;
+
        return_with_log_error_result_(method_call_async(dbus_method_call.SwitchUser, g_variant_new("(is)", session_uid, next_user), cb, user_data))
 }
 

diff --git a/src/service/src/globals.hpp b/src/service/src/globals.hpp
index 9f8f3769ff31c94e2b8653e1c1201a14c9aec519..bedc4583adb483ecbe43d9a2e6b94c38b5e014ca 100644 (file)
--- a/src/service/src/globals.hpp
+++ b/src/service/src/globals.hpp
@@ -22,6 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE. */
 
+#include "dir_backend_fixed_size.hpp"
+#include "dir_backend_regular_dir.hpp"
+
 #include <chrono>
 #include <exception>
 #include <stdexcept>
@@ -57,6 +60,12 @@ inline bool check_subsession_id_valid(const std::string_view subsession_id)
        return true;
 }
 
+inline bool check_subsession_id_restricted(const std::string_view subsession_id)
+{
+       return DirBackendAddFixedSize{0}.TemplateName() == subsession_id
+           || DirBackendAddRegularDir{}.TemplateName() == subsession_id;
+}
+
 inline bool check_uid_valid(int uid)
 {
        return uid > 0;

diff --git a/src/service/src/main_context.hpp b/src/service/src/main_context.hpp
index 25f13be78179394f8938e8f9e88c9b0be6ee393a..ea8d88edcf7dfd470f553a8bbafe825936c084db 100644 (file)
--- a/src/service/src/main_context.hpp
+++ b/src/service/src/main_context.hpp
@@ -185,6 +185,12 @@ struct sessiond_context {
                        return true;
                }
 
+               if (check_subsession_id_restricted(subsession_id)) {
+                       g_dbus_method_invocation_return_dbus_error(invocation,
+                               get_dbus_error_mapping(SUBSESSION_ERROR_INVALID_PARAMETER), "Reserved subsession_id");
+                       return true;
+               }
+
                return false;
        }
 
@@ -363,7 +369,7 @@ struct sessiond_context {
                }
 
                // N.B. Switch to user "" (empty string) is possible and it means no subsession is currently active
-               if (next_subsession_id != SUBSESSION_INITIAL_SID && !check_subsession_id_valid(next_subsession_id)) {
+               if (next_subsession_id != SUBSESSION_INITIAL_SID && (!check_subsession_id_valid(next_subsession_id) || check_subsession_id_restricted(next_subsession_id))) {
                        g_dbus_method_invocation_return_dbus_error(invocation,
                                get_dbus_error_mapping(SUBSESSION_ERROR_INVALID_PARAMETER), "Incorrect subsession_id passed");
                        return;

diff --git a/tests/api_tests/test_api_add_remove_user_err.cpp b/tests/api_tests/test_api_add_remove_user_err.cpp
index dc2e744af44483fbb7b0dca50dde550c40727be4..aa86ed3a18a6abe64bb4bad5741bbdcdfa61026b 100644 (file)
--- a/tests/api_tests/test_api_add_remove_user_err.cpp
+++ b/tests/api_tests/test_api_add_remove_user_err.cpp
@@ -9,7 +9,7 @@
 #include "test_hlp.hpp"
 
 
-const int  action_items = 44;
+const int  action_items = 50;
 
 TEST(subsession_add_remove_test, FailAtAddRemoveUser) {
        using ud_t = ud_data_t<std::array<api_call_res_t, action_items>>;
@@ -17,6 +17,46 @@ TEST(subsession_add_remove_test, FailAtAddRemoveUser) {
        ud_t ud_data = { .loop = g_main_loop_new(NULL, FALSE),
                .results = std::array<api_call_res_t, action_items>  {
 
+                       // Cannot add templates names (2 reserved names x 2 request backends, both names block both backends)
+                       api_call_res_t{ .call_result = std::move(subsession_add_user_l<subsession_5001>( TestBadUserStr::fixed_size_template)),
+                                                       .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .desc = "Check if add  [ " + std::string(TestBadUserStr::fixed_size_template) + " ] returns error (regular dir backend)",
+                                                       .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .cb_desc = "Check if add [ " + std::string(TestBadUserStr::fixed_size_template) + " ] callback returns error (regular dir backend)", },
+
+                       api_call_res_t{ .call_result = std::move(subsession_add_user_l<subsession_5001>( TestBadUserStr::regular_dir_template)),
+                                                       .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .desc = "Check if add  [ " + std::string(TestBadUserStr::regular_dir_template) + " ] returns error (regular dir backend)",
+                                                       .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .cb_desc = "Check if add [ " + std::string(TestBadUserStr::regular_dir_template) + " ] callback returns error (regular dir backend)", },
+
+
+                       api_call_res_t{ .call_result = std::move(subsession_add_user_fixed_size_l<subsession_5001>( TestBadUserStr::fixed_size_template, 10*1024)),
+                                                       .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .desc = "Check if add  [ " + std::string(TestBadUserStr::fixed_size_template) + " ] returns error (fixed size backend)",
+                                                       .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .cb_desc = "Check if add [ " + std::string(TestBadUserStr::fixed_size_template) + " ] callback returns error (fixed size backend)", },
+
+                       api_call_res_t{ .call_result = std::move(subsession_add_user_fixed_size_l<subsession_5001>( TestBadUserStr::regular_dir_template, 10*1024)),
+                                                       .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .desc = "Check if add  [ " + std::string(TestBadUserStr::regular_dir_template) + " ] returns error (fixed size backend)",
+                                                       .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .cb_desc = "Check if add [ " + std::string(TestBadUserStr::regular_dir_template) + " ] callback returns error (fixed size backend)", },
+
+                       // Cannot remove templates either
+                       api_call_res_t{ .call_result = std::move(subsession_remove_user_l<subsession_5001>( TestBadUserStr::regular_dir_template)),
+                                                       .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .desc = "Check if remove [ " + std::string(TestBadUserStr::regular_dir_template) + " ] returns error",
+                                                       .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .cb_desc = "Check if remove [ " + std::string(TestBadUserStr::regular_dir_template) + " ] callback returns error", },
+                       api_call_res_t{ .call_result = std::move(subsession_remove_user_l<subsession_5001>(TestBadUserStr::fixed_size_template)),
+                                                       .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .desc = "Check if remove [ " + std::string(TestBadUserStr::fixed_size_template) + " ] returns error",
+                                                       .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                                                       .cb_desc = "Check if remove [ " + std::string(TestBadUserStr::fixed_size_template) + " ] callback returns error", },
+
+
+                       // Misc
                        api_call_res_t{ .call_result = std::move(subsession_add_user_l<subsession_5001>( TestBadUserStr::bad_user_1)),
                                                        .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
                                                        .desc = "Check if add  [ " + std::string(TestBadUserStr::bad_user_1) + " ] returns error (regular dir backend)",

diff --git a/tests/api_tests/test_api_switchuser_err.cpp b/tests/api_tests/test_api_switchuser_err.cpp
index 0ca6bd7f7b20689426a88ba4d468d8af02baecfe..24966532bc655931a410f3820858ea68245a52e3 100644 (file)
--- a/tests/api_tests/test_api_switchuser_err.cpp
+++ b/tests/api_tests/test_api_switchuser_err.cpp
@@ -6,7 +6,7 @@
 #include "test_hlp.hpp"
 
 
-const int action_items = 12;
+const int action_items = 14;
 
 TEST(subsession_switch_user_test, FailAtSwitchUser) {
 
@@ -85,6 +85,19 @@ TEST(subsession_switch_user_test, FailAtSwitchUser) {
                                .desc = "Check if switch to   [ " + std::string(TestUserStr::user_2) + " ] returns no error",
                                .cb_expected = SUBSESSION_ERROR_NONE,
                                .cb_desc = "Check if switch to [" + std::string(TestUserStr::user_2) + " ] callback returns no error", },
+
+                       // Cannot switch into templates
+                       api_call_res_t{ .call_result = std::move(subsession_switch_user_l<subsession_5001>( TestBadUserStr::fixed_size_template)),
+                               .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                               .desc = "Check if switch to template [ " + std::string(TestBadUserStr::fixed_size_template) + " ] returns error",
+                               .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                               .cb_desc = "Check if switch to template [ " + std::string(TestBadUserStr::fixed_size_template) + " ] callback returns error", },
+
+                       api_call_res_t{ .call_result = std::move(subsession_switch_user_l<subsession_5001>( TestBadUserStr::regular_dir_template)),
+                               .expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                               .desc = "Check if switch to template [ " + std::string(TestBadUserStr::regular_dir_template) + " ] returns error",
+                               .cb_expected = SUBSESSION_ERROR_INVALID_PARAMETER,
+                               .cb_desc = "Check if switch to template [ " + std::string(TestBadUserStr::regular_dir_template) + " ] callback returns error", },
                }
        };
 

diff --git a/tests/api_tests/test_hlp.hpp b/tests/api_tests/test_hlp.hpp
index bd714f372797aad31e751558061f0cd47d49d2f8..9c0ac667dd7229200a2bcb4c5dd0674bcf1a632e 100644 (file)
--- a/tests/api_tests/test_hlp.hpp
+++ b/tests/api_tests/test_hlp.hpp
@@ -46,6 +46,9 @@ namespace TestBadUserStr {
        //Below filled  subsession_user_t array without '\0' (null) terminator, use only for testing.
        [[maybe_unused]]  static subsession_user_t bad_user_20 = {'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6',
        '7','8','9','0'};
+
+       [[maybe_unused]]  static subsession_user_t  fixed_size_template = "__template_fixed__";
+       [[maybe_unused]]  static subsession_user_t regular_dir_template = "__template_reg__";
 };
 
 static constexpr int MAGIC_ADD     = 111;