Add experimental authority backend using JavaScript rule files

Signed-off-by: David Zeuthen <davidz@redhat.com>
author: David Zeuthen <davidz@redhat.com> 2012-05-17 23:27:58 -0400
committer: David Zeuthen <davidz@redhat.com> 2012-05-17 23:27:58 -0400
commit: aeb2b50a7b0ed1411df81790231cd902d6e76e56 (patch)
tree: 38ca6a4d28e4b29b29aa6d32b4d71d4b64b2512e /test
parent: 4e98a5af1a731c919021638047ab7f12490d8306 (diff)
download: polkit-aeb2b50a7b0ed1411df81790231cd902d6e76e56.tar.gz
3 files changed, 189 insertions, 0 deletions
diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
new file mode 100644
index 0000000..adf4f16
--- /dev/null
+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
@@ -0,0 +1,32 @@
+/* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */
+
+polkit.addAdministratorRule(function(action, subject) {
+    return ["unix-group:admin", "unix-user:root"];
+});
+
+polkit.addAdministratorRule(function(action, subject) {
+    if (action == "net.company.action1") {
+        return ["unix-group:admin"];
+    }
+    return null;
+});
+
+polkit.addAdministratorRule(function(action, subject) {
+    if (action == "net.company.action2") {
+        return ["unix-group:users"];
+    }
+    return null;
+});
+
+// -----
+
+polkit.addAuthorizationRule(function(action, subject) {
+    return "auth_admin";
+});
+
+polkit.addAuthorizationRule(function(action, subject) {
+    if (action == "org.freedesktop.policykit.exec") {
+        return "auth_admin";
+    }
+    return null;
+});
diff --git a/test/polkitbackend/Makefile.am b/test/polkitbackend/Makefile.am
index c611b5b..46706d3 100644
--- a/test/polkitbackend/Makefile.am
+++ b/test/polkitbackend/Makefile.am
@@ -39,8 +39,12 @@ polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizati
 TEST_PROGS += polkitbackendlocalauthoritytest
 polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
 
+TEST_PROGS += polkitbackendjsauthoritytest
+polkitbackendjsauthoritytest_SOURCES = test-polkitbackendjsauthority.c
+
 # ----------------------------------------------------------------------------------------------------
 
+noinst_PROGRAMS = $(TEST_PROGS)
 check_PROGRAMS = $(TEST_PROGS)
 TESTS = $(TEST_PROGS)
 
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
new file mode 100644
index 0000000..c5015ff
--- /dev/null
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright (C) 2011 Google Inc.
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ *         David Zeuthen <davidz@redhat.com>
+ */
+
+#include "glib.h"
+
+#include <polkit/polkit.h>
+#include <polkitbackend/polkitbackendjsauthority.h>
+#include <polkittesthelper.h>
+
+/* Test helper types */
+
+static PolkitBackendJsAuthority *get_authority (void);
+
+static PolkitBackendJsAuthority *
+get_authority (void)
+{
+  gchar *rules_dir;
+  PolkitBackendJsAuthority *authority;
+
+  rules_dir = polkit_test_get_data_path ("etc/polkit-1/rules.d");
+  g_assert (rules_dir != NULL);
+
+  authority = g_object_new (POLKIT_BACKEND_TYPE_JS_AUTHORITY,
+                            "rules-dir", rules_dir,
+                            NULL);
+  g_free (rules_dir);
+  return authority;
+}
+
+
+static void
+test_get_admin_identities_for_action_id (const gchar         *action_id,
+                                         const gchar *const *expected_admins)
+{
+  PolkitBackendJsAuthority *authority = NULL;
+  PolkitSubject *caller = NULL;
+  PolkitSubject *subject = NULL;
+  PolkitIdentity *user_for_subject = NULL;
+  PolkitDetails *details = NULL;
+  GError *error = NULL;
+  GList *admin_identities = NULL;
+  GList *l;
+  guint n;
+
+  authority = get_authority ();
+
+  caller = polkit_unix_process_new (getpid ());
+  subject = polkit_unix_process_new (getpid ());
+  user_for_subject = polkit_identity_from_string ("unix-user:root", &error);
+  g_assert_no_error (error);
+
+  details = polkit_details_new ();
+
+  /* Get the list of PolkitUnixUser objects who are admins */
+  admin_identities = polkit_backend_interactive_authority_get_admin_identities (POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority),
+                                                                                caller,
+                                                                                subject,
+                                                                                user_for_subject,
+                                                                                action_id,
+                                                                                details);
+  for (l = admin_identities, n = 0; l != NULL; l = l->next, n++)
+    {
+      PolkitIdentity *test_identity = POLKIT_IDENTITY (l->data);
+      gchar *s;
+
+      g_assert (expected_admins[n] != NULL);
+
+      s = polkit_identity_to_string (test_identity);
+      g_assert_cmpstr (expected_admins[n], ==, s);
+      g_free (s);
+    }
+  g_assert (expected_admins[n] == NULL);
+
+  g_list_free_full (admin_identities, g_object_unref);
+  g_clear_object (&user_for_subject);
+  g_clear_object (&subject);
+  g_clear_object (&caller);
+  g_clear_object (&authority);
+}
+
+static void
+test_get_admin_identities (void)
+{
+  struct {
+    const gchar *action_id;
+    const gchar *expected_admins[5];
+  } test_cases[] = {
+    {
+      "com.example.doesntmatter",
+      {
+        "unix-group:admin",
+        "unix-user:root"
+      }
+    },
+    {
+      "net.company.action1",
+      {
+        "unix-group:admin"
+      }
+    },
+    {
+      "net.company.action2",
+      {
+        "unix-group:users"
+      }
+    },
+  };
+  guint n;
+
+  for (n = 0; n < G_N_ELEMENTS (test_cases); n++)
+    {
+      test_get_admin_identities_for_action_id (test_cases[n].action_id,
+                                               test_cases[n].expected_admins);
+    }
+}
+
+
+int
+main (int argc, char *argv[])
+{
+  GIOExtensionPoint *ep;
+
+  g_type_init ();
+  g_test_init (&argc, &argv, NULL);
+  //polkit_test_redirect_logs ();
+
+  ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME);
+  g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY);
+
+  g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities);
+
+  return g_test_run ();
+};
author	David Zeuthen <davidz@redhat.com>	2012-05-17 23:27:58 -0400
committer	David Zeuthen <davidz@redhat.com>	2012-05-17 23:27:58 -0400
commit	aeb2b50a7b0ed1411df81790231cd902d6e76e56 (patch)
tree	38ca6a4d28e4b29b29aa6d32b4d71d4b64b2512e /test
parent	4e98a5af1a731c919021638047ab7f12490d8306 (diff)
download	polkit-aeb2b50a7b0ed1411df81790231cd902d6e76e56.tar.gz