diff options
author | Thomas Haller <thaller@redhat.com> | 2015-05-19 10:24:37 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2015-05-19 10:24:37 +0200 |
commit | 046115b58885e6cc8694ae04b8e5bb4f2bd093bf (patch) | |
tree | 0a011cf46a38ba31d192f8e1baff9ef81b28efdb | |
parent | 9b11276d75d4a1451f22e85324e9ba58ad2103c4 (diff) | |
parent | 9ac4d88ff70e3a4c49c58091d388b1544116bce3 (diff) | |
download | NetworkManager-046115b58885e6cc8694ae04b8e5bb4f2bd093bf.tar.gz |
core: merge branch 'th/keyfile-owner-check-bgo701112'
Renable checking owner of keyfile files but disable that
behavior for tests.
For that, add a nm_utils_get_testing() function to core to detect
whether the code is running as part of a test.
https://bugzilla.gnome.org/show_bug.cgi?id=701112
-rw-r--r-- | include/nm-test-utils.h | 9 | ||||
-rw-r--r-- | src/NetworkManagerUtils.c | 54 | ||||
-rw-r--r-- | src/NetworkManagerUtils.h | 20 | ||||
-rw-r--r-- | src/nm-dbus-manager.c | 3 | ||||
-rw-r--r-- | src/settings/plugins/keyfile/reader.c | 15 | ||||
-rw-r--r-- | src/settings/plugins/keyfile/tests/test-keyfile.c | 1 |
6 files changed, 97 insertions, 5 deletions
diff --git a/include/nm-test-utils.h b/include/nm-test-utils.h index 94040c12c3..c61e8f85fe 100644 --- a/include/nm-test-utils.h +++ b/include/nm-test-utils.h @@ -96,6 +96,10 @@ #include "nm-glib-compat.h" #include "gsystem-local-alloc.h" +#ifdef __NETWORKMANAGER_LOGGING_H__ +/* We are running tests under src/ */ +#include "NetworkManagerUtils.h" +#endif /* Analog to EXIT_SUCCESS and EXIT_FAILURE. */ #define EXIT_SKIP (77) @@ -258,6 +262,11 @@ __nmtst_init (int *argc, char ***argv, gboolean assert_logging, const char *log_ g_assert (!argc || (g_strv_length (*argv) == *argc)); g_assert (!assert_logging || (!log_level && !log_domains)); +#ifdef __NETWORKMANAGER_UTILS_H__ + if (!nm_utils_get_testing_initialized ()) + _nm_utils_set_testing (_NM_UTILS_TEST_GENERAL); +#endif + if (argc) __nmtst_internal.orig_argv = g_strdupv (*argv); diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c index afcb88b84b..904b4cdc79 100644 --- a/src/NetworkManagerUtils.c +++ b/src/NetworkManagerUtils.c @@ -59,6 +59,60 @@ #define CLOCK_BOOTTIME 7 #endif +G_STATIC_ASSERT (sizeof (NMUtilsTestFlags) <= sizeof (int)); +int _nm_utils_testing = 0; + +gboolean +nm_utils_get_testing_initialized () +{ + NMUtilsTestFlags flags; + + flags = (NMUtilsTestFlags) _nm_utils_testing; + if (flags == NM_UTILS_TEST_NONE) + flags = (NMUtilsTestFlags) g_atomic_int_get (&_nm_utils_testing); + return flags != NM_UTILS_TEST_NONE; +} + +NMUtilsTestFlags +nm_utils_get_testing () +{ + NMUtilsTestFlags flags; + + flags = (NMUtilsTestFlags) _nm_utils_testing; + if (flags != NM_UTILS_TEST_NONE) { + /* Flags already initialized. Return them. */ + return flags & NM_UTILS_TEST_ALL; + } + + /* Accessing nm_utils_get_testing() causes us to set the flags to initialized. + * Detecting running tests also based on g_test_initialized(). */ + flags = _NM_UTILS_TEST_INITIALIZED; + if (g_test_initialized ()) + flags |= _NM_UTILS_TEST_GENERAL; + + if (g_atomic_int_compare_and_exchange (&_nm_utils_testing, 0, (int) flags)) { + /* Done. We set it. */ + return flags & NM_UTILS_TEST_ALL; + } + /* It changed in the meantime (??). Re-read the value. */ + return ((NMUtilsTestFlags) _nm_utils_testing) & NM_UTILS_TEST_ALL; +} + +void +_nm_utils_set_testing (NMUtilsTestFlags flags) +{ + g_assert (!NM_FLAGS_ANY (flags, ~NM_UTILS_TEST_ALL)); + + /* mask out everything except ALL, and always set GENERAL. */ + flags = (flags & NM_UTILS_TEST_ALL) | (_NM_UTILS_TEST_GENERAL | _NM_UTILS_TEST_INITIALIZED); + + if (!g_atomic_int_compare_and_exchange (&_nm_utils_testing, 0, (int) flags)) { + /* We only allow setting _nm_utils_set_testing() once, before fetching the + * value with nm_utils_get_testing(). */ + g_return_if_reached (); + } +} + /* * nm_ethernet_address_is_valid: * @addr: pointer to a binary or ASCII Ethernet address diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h index fe88a7201b..8749d32135 100644 --- a/src/NetworkManagerUtils.h +++ b/src/NetworkManagerUtils.h @@ -189,4 +189,24 @@ void nm_utils_array_remove_at_indexes (GArray *array, const guint *indexes_to_de void nm_utils_setpgid (gpointer unused); +typedef enum { + NM_UTILS_TEST_NONE = 0, + + /* Internal flag, marking that either nm_utils_get_testing() or _nm_utils_set_testing() was called. */ + _NM_UTILS_TEST_INITIALIZED = (1LL << 0), + + /* Indicate that test mode is enabled in general. Explicitly calling _nm_utils_set_testing() will always set this flag. */ + _NM_UTILS_TEST_GENERAL = (1LL << 1), + + /* Don't check the owner of keyfiles during testing. */ + NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK = (1LL << 2), + + _NM_UTILS_TEST_LAST, + NM_UTILS_TEST_ALL = (((_NM_UTILS_TEST_LAST - 1) << 1) - 1) & ~(_NM_UTILS_TEST_INITIALIZED), +} NMUtilsTestFlags; + +gboolean nm_utils_get_testing_initialized (void); +NMUtilsTestFlags nm_utils_get_testing (void); +void _nm_utils_set_testing (NMUtilsTestFlags flags); + #endif /* __NETWORKMANAGER_UTILS_H__ */ diff --git a/src/nm-dbus-manager.c b/src/nm-dbus-manager.c index b367b82812..b8b5325671 100644 --- a/src/nm-dbus-manager.c +++ b/src/nm-dbus-manager.c @@ -36,6 +36,7 @@ #include <dbus/dbus-glib-lowlevel.h> #include <string.h> #include "nm-logging.h" +#include "NetworkManagerUtils.h" #define PRIV_SOCK_PATH NMRUNDIR "/private" #define PRIV_SOCK_TAG "private" @@ -491,7 +492,7 @@ private_server_setup (NMDBusManager *self) NMDBusManagerPrivate *priv = NM_DBUS_MANAGER_GET_PRIVATE (self); /* Skip this step if this is just a test program */ - if (g_test_initialized ()) + if (nm_utils_get_testing ()) return; /* Set up our main private DBus socket */ diff --git a/src/settings/plugins/keyfile/reader.c b/src/settings/plugins/keyfile/reader.c index a149e06d93..bd08c17d04 100644 --- a/src/settings/plugins/keyfile/reader.c +++ b/src/settings/plugins/keyfile/reader.c @@ -27,6 +27,7 @@ #include "nm-logging.h" #include "nm-keyfile-internal.h" +#include "NetworkManagerUtils.h" static const char * _fmt_warn (const char *group, NMSetting *setting, const char *property_name, const char *message, char **out_message) @@ -90,7 +91,6 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error) { GKeyFile *key_file; struct stat statbuf; - gboolean bad_permissions; NMConnection *connection = NULL; GError *verify_error = NULL; @@ -100,15 +100,22 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error) return NULL; } - bad_permissions = statbuf.st_mode & 0077; - - if (bad_permissions) { + if (statbuf.st_mode & 0077) { g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, "File permissions (%o) were insecure", statbuf.st_mode); return NULL; } + if (!NM_FLAGS_HAS (nm_utils_get_testing (), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) { + if (statbuf.st_uid != 0) { + g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, + "File owner (%o) is insecure", + statbuf.st_mode); + return NULL; + } + } + key_file = g_key_file_new (); if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error)) goto out; diff --git a/src/settings/plugins/keyfile/tests/test-keyfile.c b/src/settings/plugins/keyfile/tests/test-keyfile.c index ab9081621e..28e9eb447f 100644 --- a/src/settings/plugins/keyfile/tests/test-keyfile.c +++ b/src/settings/plugins/keyfile/tests/test-keyfile.c @@ -3632,6 +3632,7 @@ NMTST_DEFINE (); int main (int argc, char **argv) { + _nm_utils_set_testing (NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK); nmtst_init_assert_logging (&argc, &argv, "INFO", "DEFAULT"); /* The tests */ |