5 files changed, 135 insertions, 27 deletions

diff --git a/test/polkitbackend/Makefile.am b/test/polkitbackend/Makefile.am
index 8067232..c611b5b 100644
--- a/test/polkitbackend/Makefile.am
+++ b/test/polkitbackend/Makefile.am
@@ -3,8 +3,8 @@ NULL =
 
 INCLUDES =                                              	\
 	-I$(top_builddir)/src                           	\
-	-I$(top_builddir)/test                          	\
 	-I$(top_srcdir)/src                             	\
+	-I$(top_srcdir)/test                             	\
 	-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"       	\
 	-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\"       	\
 	-DPACKAGE_DATA_DIR=\""$(datadir)"\"             	\
diff --git a/test/polkitbackend/data/authstore1/10-test/com.example.pkla b/test/polkitbackend/data/authstore1/10-test/com.example.pkla
deleted file mode 100644
index e716465..0000000
--- a/test/polkitbackend/data/authstore1/10-test/com.example.pkla
+++ /dev/null
@@ -1,6 +0,0 @@
-[Normal Staff Permissions]
-Identity=unix-group:users;unix-user:root
-Action=com.example.awesomeproduct.*
-ResultAny=no
-ResultInactive=auth_self
-ResultActive=yes
diff --git a/test/polkitbackend/data/authstore2/10-test/com.example.pkla b/test/polkitbackend/data/authstore2/10-test/com.example.pkla
deleted file mode 100644
index f013c5b..0000000
--- a/test/polkitbackend/data/authstore2/10-test/com.example.pkla
+++ /dev/null
@@ -1,6 +0,0 @@
-[Super Secret Project Permissions]
-Identity=unix-user:root
-Action=com.example.restrictedproduct.*
-ResultAny=no
-ResultInactive=no
-ResultActive=auth_self
diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c
index f76ea41..617c254 100644
--- a/test/polkitbackend/polkitbackendlocalauthoritytest.c
+++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c
@@ -25,9 +25,9 @@
 #include <polkit/polkit.h>
 #include <polkitbackend/polkitbackendlocalauthority.h>
 
-#define TEST_CONFIG_PATH "./data/config"
-#define TEST_AUTH_PATH1 "./data/authstore1"
-#define TEST_AUTH_PATH2 "./data/authstore2"
+#define TEST_CONFIG_PATH "etc/polkit-1/localauthority.conf.d"
+#define TEST_AUTH_PATH1 "etc/polkit-1/localauthority"
+#define TEST_AUTH_PATH2 "var/lib/polkit-1/localauthority"
 
 /* Test helper types */
 
@@ -93,21 +93,96 @@ test_check_authorization_sync (const void *_ctx)
   g_object_unref (out_details);
 }
 
+static void
+test_get_admin_identities (void)
+{
+  /* Note: The implementation for get_admin_identities is called
+   * get_admin_auth_identities in PolkitBackendLocalAuthority */
+
+  PolkitBackendLocalAuthority *authority = create_authority ();
+
+  /* Setup required arguments, but none of their values matter */
+  PolkitSubject *caller = polkit_unix_session_new ("caller-session");
+  g_assert (caller);
+
+  PolkitSubject *subject = polkit_unix_session_new ("subject-session");;
+  g_assert (subject);
+
+  GError *error = NULL;
+  PolkitIdentity *user_for_subject = polkit_identity_from_string ("unix-user:root", &error);
+  g_assert_no_error (error);
+  g_assert (user_for_subject);
+
+  PolkitDetails *details = polkit_details_new ();
+  g_assert (details);
+
+  /* Get the list of PolkitUnixUser objects who are admins */
+  GList *result;
+  result = polkit_backend_interactive_authority_get_admin_identities (
+      POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority),
+      caller,
+      subject,
+      user_for_subject,
+      "com.example.doesntmatter",
+      details);
+
+  guint result_len = g_list_length (result);
+  g_assert_cmpint (result_len, >, 0);
+
+  /* Test against each of the admins in the following list */
+  const gchar *expect_admins [] = {
+    "unix-user:root",
+    "unix-user:jane",
+    "unix-user:sally",
+    "unix-user:henry",
+    NULL,
+  };
+
+  unsigned int i;
+  for (i = 0; expect_admins[i] != NULL; i++)
+  {
+    g_assert_cmpint (i, <, result_len);
+
+    PolkitIdentity *test_identity = POLKIT_IDENTITY (g_list_nth_data (result, i));
+    g_assert (test_identity);
+
+    gchar *test_identity_str = polkit_identity_to_string (test_identity);
+    g_assert_cmpstr (expect_admins[i], ==, test_identity_str);
+  }
+}
+
 
 /* Factory for mock local authority. */
 static PolkitBackendLocalAuthority *
 create_authority (void)
 {
-  return g_object_new (
+  gchar *config_path = polkit_test_get_data_path (TEST_CONFIG_PATH);
+  gchar *auth_path1 = polkit_test_get_data_path (TEST_AUTH_PATH1);
+  gchar *auth_path2 = polkit_test_get_data_path (TEST_AUTH_PATH2);
+  gchar *auth_paths = g_strconcat (auth_path1, ";", auth_path2, NULL);
+
+  g_assert (config_path);
+  g_assert (auth_path1);
+  g_assert (auth_path2);
+  g_assert (auth_paths);
+  
+  PolkitBackendLocalAuthority *authority = g_object_new (
       POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY,
-      "config-path", TEST_CONFIG_PATH,
-      "auth-store-paths", TEST_AUTH_PATH1 ";" TEST_AUTH_PATH2,
+      "config-path", config_path,
+      "auth-store-paths", auth_paths,
       NULL);
+  
+  g_free (config_path);
+  g_free (auth_path1);
+  g_free (auth_path2);
+  g_free (auth_paths);
+  return authority;
 }
 
 
 /* Variations of the check_authorization_sync */
 struct auth_context check_authorization_test_data [] = {
+  /* Test root, john, and jane on action awesomeproduct.foo (all users are ok) */
   {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.foo",
       POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
       POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
@@ -117,12 +192,41 @@ struct auth_context check_authorization_test_data [] = {
   {"unix-user:root", FALSE, FALSE, "com.example.awesomeproduct.foo",
       POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
       POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED},
+  {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.foo",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
+  {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.foo",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
+
+  /* Test root, john, and jane on action restrictedproduct.foo (only root is ok) */
   {"unix-user:root", TRUE, TRUE, "com.example.restrictedproduct.foo",
       POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
       POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED},
+  {"unix-user:john", TRUE, TRUE, "com.example.restrictedproduct.foo",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
+  {"unix-user:jane", TRUE, TRUE, "com.example.restrictedproduct.foo",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
+
+  /* Test root against some missing actions */
   {"unix-user:root", TRUE, TRUE, "com.example.missingproduct.foo",
       POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
       POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
+
+  /* Test root, john, and jane against action awesomeproduct.bar
+   * which uses "unix-netgroup:baz" for auth (john and jane are OK, root is not) */
+  {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.bar",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN},
+  {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.bar",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
+  {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar",
+      POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN,
+      POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED},
+
   {NULL},
 };
 
@@ -135,7 +239,7 @@ add_check_authorization_tests (void) {
     struct auth_context *ctx = &check_authorization_test_data[i];
     gchar *test_name = g_strdup_printf (
         "/PolkitBackendLocalAuthority/check_authorization_sync_%d", i);
-    g_test_add_data_func(test_name, ctx, test_check_authorization_sync);
+    g_test_add_data_func (test_name, ctx, test_check_authorization_sync);
   }
 };
 
@@ -154,5 +258,7 @@ main (int argc, char *argv[])
       POLKIT_BACKEND_TYPE_AUTHORITY);
 
   add_check_authorization_tests ();
+  g_test_add_func ("/PolkitBackendLocalAuthority/get_admin_identities", test_get_admin_identities);
+
   return g_test_run ();
 };
diff --git a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c
index 617acf9..945e163 100644
--- a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c
+++ b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c
@@ -25,16 +25,23 @@
 #include <polkit/polkit.h>
 #include <polkitbackend/polkitbackendlocalauthorizationstore.h>
 
-#define DATA_DIR "./data/authstore1/10-test"
+#define DATA_DIR "etc/polkit-1/localauthority/10-test"
 #define DATA_EXT ".pkla"
 
 static void
 test_new (void)
 {
   PolkitBackendLocalAuthorizationStore *store;
+  gchar *data_dir_path;
   GFile *data_dir;
 
-  data_dir = g_file_new_for_path (DATA_DIR);
+  data_dir_path = polkit_test_get_data_path (DATA_DIR);
+  g_assert (data_dir_path);
+
+  data_dir = g_file_new_for_path (data_dir_path);
+  g_assert (data_dir);
+
+  g_free (data_dir_path);
 
   store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT);
   g_assert (store);
@@ -44,6 +51,7 @@ test_new (void)
 static void
 test_lookup (void)
 {
+  gchar *data_dir_path;
   GFile *data_dir;
   PolkitBackendLocalAuthorizationStore *store;
   GError *error = NULL;
@@ -54,8 +62,14 @@ test_lookup (void)
   PolkitImplicitAuthorization ret_active;
   PolkitDetails *details;
 
+  // Get auth store path
+  data_dir_path = polkit_test_get_data_path (DATA_DIR);
+  g_assert (data_dir_path);
+
+  data_dir = g_file_new_for_path (data_dir_path);
+  g_assert (data_dir);
+  
   // Create the auth store
-  data_dir = g_file_new_for_path (DATA_DIR);
   store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT);
   g_assert (store);
 
@@ -63,7 +77,7 @@ test_lookup (void)
   details = polkit_details_new ();
 
   // Create an identity to query with
-  identity = polkit_identity_from_string("unix-group:users", &error);
+  identity = polkit_identity_from_string ("unix-group:users", &error);
   g_assert (identity);
   g_assert_no_error (error);
 
@@ -71,7 +85,7 @@ test_lookup (void)
   ok = polkit_backend_local_authorization_store_lookup (
       store,
       identity,
-      "com.example.awesomeproduct.dofoo",
+      "com.example.awesomeproduct.foo",
       details,
       &ret_any,
       &ret_inactive,
@@ -83,7 +97,7 @@ test_lookup (void)
   g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active));
 
   // Create another identity to query with
-  identity = polkit_identity_from_string("unix-user:root", &error);
+  identity = polkit_identity_from_string ("unix-user:root", &error);
   g_assert (identity);
   g_assert_no_error (error);
 
@@ -91,7 +105,7 @@ test_lookup (void)
   ok = polkit_backend_local_authorization_store_lookup (
       store,
       identity,
-      "com.example.awesomeproduct.dofoo",
+      "com.example.awesomeproduct.foo",
       details,
       &ret_any,
       &ret_inactive,