core: merge branch 'th/keyfile-owner-check-bgo701112'

Renable checking owner of keyfile files but disable that behavior for tests. For that, add a nm_utils_get_testing() function to core to detect whether the code is running as part of a test. https://bugzilla.gnome.org/show_bug.cgi?id=701112
author: Thomas Haller <thaller@redhat.com> 2015-05-19 10:24:37 +0200
committer: Thomas Haller <thaller@redhat.com> 2015-05-19 10:24:37 +0200
commit: 046115b58885e6cc8694ae04b8e5bb4f2bd093bf (patch)
tree: 0a011cf46a38ba31d192f8e1baff9ef81b28efdb
parent: 9b11276d75d4a1451f22e85324e9ba58ad2103c4 (diff)
parent: 9ac4d88ff70e3a4c49c58091d388b1544116bce3 (diff)
download: NetworkManager-046115b58885e6cc8694ae04b8e5bb4f2bd093bf.tar.gz
6 files changed, 97 insertions, 5 deletions
diff --git a/include/nm-test-utils.h b/include/nm-test-utils.h
index 94040c12c3..c61e8f85fe 100644
--- a/include/nm-test-utils.h
+++ b/include/nm-test-utils.h
@@ -96,6 +96,10 @@
 #include "nm-glib-compat.h"
 #include "gsystem-local-alloc.h"
 
+#ifdef __NETWORKMANAGER_LOGGING_H__
+/* We are running tests under src/ */
+#include "NetworkManagerUtils.h"
+#endif
 
 /* Analog to EXIT_SUCCESS and EXIT_FAILURE. */
 #define EXIT_SKIP (77)
@@ -258,6 +262,11 @@ __nmtst_init (int *argc, char ***argv, gboolean assert_logging, const char *log_
 	g_assert (!argc || (g_strv_length (*argv) == *argc));
 	g_assert (!assert_logging || (!log_level && !log_domains));
 
+#ifdef __NETWORKMANAGER_UTILS_H__
+	if (!nm_utils_get_testing_initialized ())
+		_nm_utils_set_testing (_NM_UTILS_TEST_GENERAL);
+#endif
+
 	if (argc)
 		__nmtst_internal.orig_argv = g_strdupv (*argv);
 
diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c
index afcb88b84b..904b4cdc79 100644
--- a/src/NetworkManagerUtils.c
+++ b/src/NetworkManagerUtils.c
@@ -59,6 +59,60 @@
 #define CLOCK_BOOTTIME 7
 #endif
 
+G_STATIC_ASSERT (sizeof (NMUtilsTestFlags) <= sizeof (int));
+int _nm_utils_testing = 0;
+
+gboolean
+nm_utils_get_testing_initialized ()
+{
+	NMUtilsTestFlags flags;
+
+	flags = (NMUtilsTestFlags) _nm_utils_testing;
+	if (flags == NM_UTILS_TEST_NONE)
+		flags = (NMUtilsTestFlags) g_atomic_int_get (&_nm_utils_testing);
+	return flags != NM_UTILS_TEST_NONE;
+}
+
+NMUtilsTestFlags
+nm_utils_get_testing ()
+{
+	NMUtilsTestFlags flags;
+
+	flags = (NMUtilsTestFlags) _nm_utils_testing;
+	if (flags != NM_UTILS_TEST_NONE) {
+		/* Flags already initialized. Return them. */
+		return flags & NM_UTILS_TEST_ALL;
+	}
+
+	/* Accessing nm_utils_get_testing() causes us to set the flags to initialized.
+	 * Detecting running tests also based on g_test_initialized(). */
+	flags = _NM_UTILS_TEST_INITIALIZED;
+	if (g_test_initialized ())
+		flags |= _NM_UTILS_TEST_GENERAL;
+
+	if (g_atomic_int_compare_and_exchange (&_nm_utils_testing, 0, (int) flags)) {
+		/* Done. We set it. */
+		return flags & NM_UTILS_TEST_ALL;
+	}
+	/* It changed in the meantime (??). Re-read the value. */
+	return ((NMUtilsTestFlags) _nm_utils_testing) & NM_UTILS_TEST_ALL;
+}
+
+void
+_nm_utils_set_testing (NMUtilsTestFlags flags)
+{
+	g_assert (!NM_FLAGS_ANY (flags, ~NM_UTILS_TEST_ALL));
+
+	/* mask out everything except ALL, and always set GENERAL. */
+	flags = (flags & NM_UTILS_TEST_ALL) | (_NM_UTILS_TEST_GENERAL | _NM_UTILS_TEST_INITIALIZED);
+
+	if (!g_atomic_int_compare_and_exchange (&_nm_utils_testing, 0, (int) flags)) {
+		/* We only allow setting _nm_utils_set_testing() once, before fetching the
+		 * value with nm_utils_get_testing(). */
+		g_return_if_reached ();
+	}
+}
+
 /*
  * nm_ethernet_address_is_valid:
  * @addr: pointer to a binary or ASCII Ethernet address
diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h
index fe88a7201b..8749d32135 100644
--- a/src/NetworkManagerUtils.h
+++ b/src/NetworkManagerUtils.h
@@ -189,4 +189,24 @@ void nm_utils_array_remove_at_indexes (GArray *array, const guint *indexes_to_de
 
 void nm_utils_setpgid (gpointer unused);
 
+typedef enum {
+	NM_UTILS_TEST_NONE                              = 0,
+
+	/* Internal flag, marking that either nm_utils_get_testing() or _nm_utils_set_testing() was called. */
+	_NM_UTILS_TEST_INITIALIZED                      = (1LL << 0),
+
+	/* Indicate that test mode is enabled in general. Explicitly calling _nm_utils_set_testing() will always set this flag. */
+	_NM_UTILS_TEST_GENERAL                          = (1LL << 1),
+
+	/* Don't check the owner of keyfiles during testing. */
+	NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK            = (1LL << 2),
+
+	_NM_UTILS_TEST_LAST,
+	NM_UTILS_TEST_ALL                               = (((_NM_UTILS_TEST_LAST - 1) << 1) - 1) & ~(_NM_UTILS_TEST_INITIALIZED),
+} NMUtilsTestFlags;
+
+gboolean nm_utils_get_testing_initialized (void);
+NMUtilsTestFlags nm_utils_get_testing (void);
+void _nm_utils_set_testing (NMUtilsTestFlags flags);
+
 #endif /* __NETWORKMANAGER_UTILS_H__ */
diff --git a/src/nm-dbus-manager.c b/src/nm-dbus-manager.c
index b367b82812..b8b5325671 100644
--- a/src/nm-dbus-manager.c
+++ b/src/nm-dbus-manager.c
@@ -36,6 +36,7 @@
 #include <dbus/dbus-glib-lowlevel.h>
 #include <string.h>
 #include "nm-logging.h"
+#include "NetworkManagerUtils.h"
 
 #define PRIV_SOCK_PATH NMRUNDIR "/private"
 #define PRIV_SOCK_TAG  "private"
@@ -491,7 +492,7 @@ private_server_setup (NMDBusManager *self)
 	NMDBusManagerPrivate *priv = NM_DBUS_MANAGER_GET_PRIVATE (self);
 
 	/* Skip this step if this is just a test program */
-	if (g_test_initialized ())
+	if (nm_utils_get_testing ())
 		return;
 
 	/* Set up our main private DBus socket */
diff --git a/src/settings/plugins/keyfile/reader.c b/src/settings/plugins/keyfile/reader.c
index a149e06d93..bd08c17d04 100644
--- a/src/settings/plugins/keyfile/reader.c
+++ b/src/settings/plugins/keyfile/reader.c
@@ -27,6 +27,7 @@
 
 #include "nm-logging.h"
 #include "nm-keyfile-internal.h"
+#include "NetworkManagerUtils.h"
 
 static const char *
 _fmt_warn (const char *group, NMSetting *setting, const char *property_name, const char *message, char **out_message)
@@ -90,7 +91,6 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error)
 {
 	GKeyFile *key_file;
 	struct stat statbuf;
-	gboolean bad_permissions;
 	NMConnection *connection = NULL;
 	GError *verify_error = NULL;
 
@@ -100,15 +100,22 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error)
 		return NULL;
 	}
 
-	bad_permissions = statbuf.st_mode & 0077;
-
-	if (bad_permissions) {
+	if (statbuf.st_mode & 0077) {
 		g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
 		             "File permissions (%o) were insecure",
 		             statbuf.st_mode);
 		return NULL;
 	}
 
+	if (!NM_FLAGS_HAS (nm_utils_get_testing (), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) {
+		if (statbuf.st_uid != 0) {
+			g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
+			             "File owner (%o) is insecure",
+			             statbuf.st_mode);
+			return NULL;
+		}
+	}
+
 	key_file = g_key_file_new ();
 	if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error))
 		goto out;
diff --git a/src/settings/plugins/keyfile/tests/test-keyfile.c b/src/settings/plugins/keyfile/tests/test-keyfile.c
index ab9081621e..28e9eb447f 100644
--- a/src/settings/plugins/keyfile/tests/test-keyfile.c
+++ b/src/settings/plugins/keyfile/tests/test-keyfile.c
@@ -3632,6 +3632,7 @@ NMTST_DEFINE ();
 
 int main (int argc, char **argv)
 {
+	_nm_utils_set_testing (NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK);
 	nmtst_init_assert_logging (&argc, &argv, "INFO", "DEFAULT");
 
 	/* The tests */
author	Thomas Haller <thaller@redhat.com>	2015-05-19 10:24:37 +0200
committer	Thomas Haller <thaller@redhat.com>	2015-05-19 10:24:37 +0200
commit	046115b58885e6cc8694ae04b8e5bb4f2bd093bf (patch)
tree	0a011cf46a38ba31d192f8e1baff9ef81b28efdb
parent	9b11276d75d4a1451f22e85324e9ba58ad2103c4 (diff)
parent	9ac4d88ff70e3a4c49c58091d388b1544116bce3 (diff)
download	NetworkManager-046115b58885e6cc8694ae04b8e5bb4f2bd093bf.tar.gz