From 0e85f07781f8eab9670e06cee32b38657e3b62ce Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Thu, 24 May 2012 14:51:46 -0400 Subject: Combine action and details parameters This also removes the ability to change detail parameters which is actually a good thing. If we later need a way to change the authentication message, we can always add something like polkit.addAuthenticationMessageRule() so the user can register a function returning a string. Signed-off-by: David Zeuthen --- test/data/etc/polkit-1/rules.d/10-testing.rules | 83 +++++++++++++-------- test/data/etc/polkit-1/rules.d/15-testing.rules | 19 ++--- .../usr/share/polkit-1/rules.d/10-testing.rules | 12 ++- .../usr/share/polkit-1/rules.d/20-testing.rules | 22 +++--- test/polkitbackend/test-polkitbackendjsauthority.c | 85 ++++++++++++++++------ 5 files changed, 139 insertions(+), 82 deletions(-) (limited to 'test') diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules index 1dba38a..4a17f8c 100644 --- a/test/data/etc/polkit-1/rules.d/10-testing.rules +++ b/test/data/etc/polkit-1/rules.d/10-testing.rules @@ -4,55 +4,75 @@ /* NOTE: this is the /etc/polkit-1/rules.d version of 10-testing.rules */ -polkit.addAdminRule(function(action, subject, details) { - if (action == "net.company.action1") { +// --------------------------------------------------------------------- +// admin rules + +polkit.addAdminRule(function(action, subject) { + if (action.id == "net.company.action1") { return ["unix-group:admin"]; } }); -polkit.addAdminRule(function(action, subject, details) { - if (action == "net.company.action2") { +polkit.addAdminRule(function(action, subject) { + if (action.id == "net.company.action2") { return ["unix-group:users"]; } }); -polkit.addAdminRule(function(action, subject, details) { - if (action == "net.company.action3") { +polkit.addAdminRule(function(action, subject) { + if (action.id == "net.company.action3") { return ["unix-netgroup:foo"]; } }); // Fallback -polkit.addAdminRule(function(action, subject, details) { +polkit.addAdminRule(function(action, subject) { return ["unix-group:admin", "unix-user:root"]; }); // ----- -polkit.addRule(function(action, subject, details) { - if (action == "net.company.productA.action0") { +// --------------------------------------------------------------------- +// basics + +polkit.addRule(function(action, subject) { + if (action.id == "net.company.productA.action0") { return "auth_admin"; } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.productA.action1") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.productA.action1") { return "auth_self"; } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order0") { - details["test_detail"] = "a"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order0") { return "yes"; } }); +// --------------------------------------------------------------------- +// variables + +polkit.addRule(function(action, subject) { + if (action.id == "net.company.group.variables") { + if (action.lookup("foo") == "1") + return "yes"; + else if (action.lookup("foo") == "2") + return "auth_self"; + else + return "auth_admin"; + } +}); + + // --------------------------------------------------------------------- // group membership -polkit.addRule(function(action, subject, details) { - if (action == "net.company.group.only_group_users") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.group.only_group_users") { if (subject.isInGroup("users")) return "yes"; else @@ -63,8 +83,8 @@ polkit.addRule(function(action, subject, details) { // --------------------------------------------------------------------- // netgroup membership -polkit.addRule(function(action, subject, details) { - if (action == "net.company.group.only_netgroup_users") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.group.only_netgroup_users") { if (subject.isInNetGroup("foo")) return "yes"; else @@ -75,8 +95,8 @@ polkit.addRule(function(action, subject, details) { // --------------------------------------------------------------------- // spawning -polkit.addRule(function(action, subject, details) { - if (action == "net.company.spawning.non_existing_helper") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.spawning.non_existing_helper") { try { polkit.spawn(["/path/to/non/existing/helper"]); return "no"; @@ -86,8 +106,8 @@ polkit.addRule(function(action, subject, details) { } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.spawning.successful_helper") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.spawning.successful_helper") { try { polkit.spawn(["/bin/true"]); return "yes"; @@ -97,8 +117,8 @@ polkit.addRule(function(action, subject, details) { } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.spawning.failing_helper") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.spawning.failing_helper") { try { polkit.spawn(["/bin/false"]); return "no"; @@ -108,8 +128,8 @@ polkit.addRule(function(action, subject, details) { } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.spawning.helper_with_output") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.spawning.helper_with_output") { try { var out = polkit.spawn(["echo", "-n", "-e", "Hello\nWorld"]); if (out == "Hello\nWorld") @@ -122,8 +142,8 @@ polkit.addRule(function(action, subject, details) { } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.spawning.helper_timeout") { +polkit.addRule(function(action, subject) { + if (action.id == "net.company.spawning.helper_timeout") { try { polkit.spawn(["sleep", "20"]); return "no"; @@ -135,8 +155,11 @@ polkit.addRule(function(action, subject, details) { } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.run_away_script") { +// --------------------------------------------------------------------- +// runaway scripts + +polkit.addRule(function(action, subject) { + if (action.id == "net.company.run_away_script") { try { // The following code will never terminate so the runaway // script killer will step in after 15 seconds and throw diff --git a/test/data/etc/polkit-1/rules.d/15-testing.rules b/test/data/etc/polkit-1/rules.d/15-testing.rules index 9968aa7..b64d731 100644 --- a/test/data/etc/polkit-1/rules.d/15-testing.rules +++ b/test/data/etc/polkit-1/rules.d/15-testing.rules @@ -2,23 +2,20 @@ /* see test/polkitbackend/test-polkitbackendjsauthority.c */ -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order0") { - details["test_detail"] = "c"; - return "yes"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order0") { + return "no"; // earlier rule should win } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order1") { - details["test_detail"] = "c"; - return "yes"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order1") { + return "no"; // earlier rule should win } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order2") { - details["test_detail"] = "c"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order2") { return "yes"; } }); diff --git a/test/data/usr/share/polkit-1/rules.d/10-testing.rules b/test/data/usr/share/polkit-1/rules.d/10-testing.rules index 48c4957..c60e262 100644 --- a/test/data/usr/share/polkit-1/rules.d/10-testing.rules +++ b/test/data/usr/share/polkit-1/rules.d/10-testing.rules @@ -4,16 +4,14 @@ /* NOTE: this is the /usr/share/polkit-1/rules.d version of 10-testing.rules */ -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order0") { - details["test_detail"] = "c"; - return "yes"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order0") { + return "no"; // earlier rule should win } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order1") { - details["test_detail"] = "b"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order1") { return "yes"; } }); diff --git a/test/data/usr/share/polkit-1/rules.d/20-testing.rules b/test/data/usr/share/polkit-1/rules.d/20-testing.rules index 16dd039..5c5bb2c 100644 --- a/test/data/usr/share/polkit-1/rules.d/20-testing.rules +++ b/test/data/usr/share/polkit-1/rules.d/20-testing.rules @@ -2,24 +2,20 @@ /* see test/polkitbackend/test-polkitbackendjsauthority.c */ -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order0") { - polkit.log("blabla"); - details["test_detail"] = "d"; - return "yes"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order0") { + return "no"; // earlier rule should win } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order1") { - details["test_detail"] = "d"; - return "yes"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order1") { + return "no"; // earlier rule should win } }); -polkit.addRule(function(action, subject, details) { - if (action == "net.company.order2") { - details["test_detail"] = "d"; - return "yes"; +polkit.addRule(function(action, subject) { + if (action.id == "net.company.order2") { + return "no"; // earlier rule should win } }); diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c index 728b433..0a5d0e8 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -24,6 +24,8 @@ #include "glib.h" #include +#include + #include #include #include @@ -156,8 +158,8 @@ struct RulesTestCase const gchar *test_name; const gchar *action_id; const gchar *identity; + const gchar *vars; PolkitImplicitAuthorization expected_result; - const gchar *expected_detail; }; static const RulesTestCase rules_test_cases[] = { @@ -166,15 +168,15 @@ static const RulesTestCase rules_test_cases[] = { "basic0", "net.company.productA.action0", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED, - NULL }, { "basic1", "net.company.productA.action1", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED, - NULL }, /* Ordering tests ... we have four rules files, check they are @@ -192,24 +194,47 @@ static const RulesTestCase rules_test_cases[] = { "order0", "net.company.order0", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - "a" }, { /* defined in file b, c, d - should pick file b */ "order1", "net.company.order1", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - "b" }, { /* defined in file c, d - should pick file c */ "order2", "net.company.order2", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - "c" + }, + + /* variables */ + { + "variables1", + "net.company.group.variables", + "unix-user:root", + "foo=1", + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, + }, + { + "variables2", + "net.company.group.variables", + "unix-user:root", + "foo=2", + POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED, + }, + { + "variables3", + "net.company.group.variables", + "unix-user:root", + NULL, + POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED, }, /* check group membership */ @@ -218,16 +243,16 @@ static const RulesTestCase rules_test_cases[] = { "group_membership_with_member", "net.company.group.only_group_users", "unix-user:john", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, { /* sally is not a member of group 'users', see test/etc/group */ "group_membership_with_non_member", "net.company.group.only_group_users", "unix-user:sally", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - NULL }, /* check netgroup membership */ @@ -236,16 +261,16 @@ static const RulesTestCase rules_test_cases[] = { "netgroup_membership_with_member", "net.company.group.only_netgroup_users", "unix-user:john", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, { /* sally is not a member of netgroup 'foo', see test/etc/netgroup */ "netgroup_membership_with_non_member", "net.company.group.only_netgroup_users", "unix-user:sally", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - NULL }, /* spawning */ @@ -253,43 +278,45 @@ static const RulesTestCase rules_test_cases[] = { "spawning_non_existing_helper", "net.company.spawning.non_existing_helper", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, { "spawning_successful_helper", "net.company.spawning.successful_helper", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, { "spawning_failing_helper", "net.company.spawning.failing_helper", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, { "spawning_helper_with_output", "net.company.spawning.helper_with_output", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, { - "runaway_script", - "net.company.run_away_script", + "spawning_helper_timeout", + "net.company.spawning.helper_timeout", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, + + /* runaway scripts */ { - "spawning_helper_timeout", - "net.company.spawning.helper_timeout", + "runaway_script", + "net.company.run_away_script", "unix-user:root", + NULL, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - NULL }, }; @@ -316,6 +343,23 @@ rules_test_func (gconstpointer user_data) details = polkit_details_new (); + if (tc->vars != NULL) + { + gchar *s; + const gchar *key; + const gchar *value; + + s = g_strdup (tc->vars); + key = s; + value = strchr (key, '='); + g_assert (value != NULL); + *((gchar *) value) = '\0'; + value += 1; + + polkit_details_insert (details, key, value); + g_free (s); + } + result = polkit_backend_interactive_authority_check_authorization_sync (POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), caller, subject, @@ -326,7 +370,6 @@ rules_test_func (gconstpointer user_data) details, POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN); g_assert_cmpint (result, ==, tc->expected_result); - g_assert_cmpstr (polkit_details_lookup (details, "test_detail"), ==, tc->expected_detail); g_clear_object (&user_for_subject); g_clear_object (&subject); -- cgit v1.2.3