glib2.0/gio/tests/gdbus-sasl.c

335 lines
9.8 KiB
C

/*
* Copyright 2019-2022 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.1-or-later
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
#include <errno.h>
#include <locale.h>
#include <stdlib.h>
#include <string.h>
#include <glib.h>
#include <glib/gstdio.h>
#include <gio/gio.h>
/* For G_CREDENTIALS_*_SUPPORTED */
#include <gio/gcredentialsprivate.h>
static const char * const explicit_external_initial_response_fail[] =
{
"EXTERNAL with incorrect initial response",
"C:AUTH EXTERNAL <wrong-uid>",
"S:REJECTED.*$",
NULL
};
static const char * const explicit_external_fail[] =
{
"EXTERNAL without initial response, failing to authenticate",
"C:AUTH EXTERNAL",
"S:DATA$",
"C:DATA <wrong-uid>",
"S:REJECTED.*$",
NULL
};
#if defined(G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED) || defined(G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED)
static const char * const explicit_external_initial_response[] =
{
"EXTERNAL with initial response",
/* This is what most older D-Bus libraries do. */
"C:AUTH EXTERNAL <uid>", /* I claim to be <uid> */
"S:OK [0-9a-f]+$",
NULL
};
static const char * const explicit_external[] =
{
"EXTERNAL without initial response",
/* In theory this is equally valid, although many D-Bus libraries
* probably don't support it correctly. */
"C:AUTH EXTERNAL", /* Start EXTERNAL, no initial response */
"S:DATA$", /* Who are you? */
"C:DATA <uid>", /* I claim to be <uid> */
"S:OK [0-9a-f]+$",
NULL
};
static const char * const implicit_external[] =
{
"EXTERNAL with empty authorization identity",
/* This is what sd-bus does. */
"C:AUTH EXTERNAL", /* Start EXTERNAL, no initial response */
"S:DATA$", /* Who are you? */
"C:DATA", /* I'm whoever the kernel says I am */
"S:OK [0-9a-f]+$",
NULL
};
static const char * const implicit_external_space[] =
{
"EXTERNAL with empty authorization identity and whitespace",
/* GDBus used to represent empty data blocks like this, although it
* isn't interoperable to do so (in particular sd-bus would reject this). */
"C:AUTH EXTERNAL", /* Start EXTERNAL, no initial response */
"S:DATA$", /* Who are you? */
"C:DATA ", /* I'm whoever the kernel says I am */
"S:OK [0-9a-f]+$",
NULL
};
#endif
static const char * const * const handshakes[] =
{
explicit_external_initial_response_fail,
explicit_external_fail,
#if defined(G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED) || defined(G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED)
explicit_external_initial_response,
explicit_external,
implicit_external,
implicit_external_space,
#endif
};
static void
encode_uid (guint uid,
GString *dest)
{
gchar *str = g_strdup_printf ("%u", uid);
gchar *p;
g_string_assign (dest, "");
for (p = str; *p != '\0'; p++)
g_string_append_printf (dest, "%02x", (unsigned char) *p);
g_free (str);
}
typedef struct
{
GCond cond;
GMutex mutex;
GDBusServerFlags server_flags;
GMainContext *ctx;
GMainLoop *loop;
gchar *guid;
gchar *listenable_address;
gboolean ready;
} ServerInfo;
static gboolean
idle_in_server_thread_cb (gpointer user_data)
{
ServerInfo *info = user_data;
g_mutex_lock (&info->mutex);
info->ready = TRUE;
g_cond_broadcast (&info->cond);
g_mutex_unlock (&info->mutex);
return G_SOURCE_REMOVE;
}
static gpointer
server_thread_cb (gpointer user_data)
{
GDBusServer *server = NULL;
GError *error = NULL;
GSource *source;
ServerInfo *info = user_data;
g_main_context_push_thread_default (info->ctx);
server = g_dbus_server_new_sync (info->listenable_address,
info->server_flags,
info->guid,
NULL,
NULL,
&error);
g_assert_no_error (error);
g_assert_nonnull (server);
g_dbus_server_start (server);
/* Tell the main thread when the server is ready to accept connections */
source = g_idle_source_new ();
g_source_set_callback (source, idle_in_server_thread_cb, info, NULL);
g_source_attach (source, info->ctx);
g_source_unref (source);
g_main_loop_run (info->loop);
g_main_context_pop_thread_default (info->ctx);
g_dbus_server_stop (server);
g_clear_object (&server);
return NULL;
}
static void
test_sasl_server (void)
{
GError *error = NULL;
GSocketAddress *addr = NULL;
GString *buf = g_string_new ("");
GString *encoded_uid = g_string_new ("");
GString *encoded_wrong_uid = g_string_new ("");
GThread *server_thread = NULL;
ServerInfo info =
{
.server_flags = G_DBUS_SERVER_FLAGS_RUN_IN_THREAD,
};
gchar *escaped = NULL;
gchar *path = NULL;
gchar *tmpdir = NULL;
gsize i;
tmpdir = g_dir_make_tmp ("gdbus-server-auth-XXXXXX", &error);
g_assert_no_error (error);
escaped = g_dbus_address_escape_value (tmpdir);
path = g_build_filename (tmpdir, "socket", NULL);
g_cond_init (&info.cond);
g_mutex_init (&info.mutex);
info.ctx = g_main_context_new ();
info.guid = g_dbus_generate_guid ();
info.listenable_address = g_strdup_printf ("unix:path=%s/socket", escaped);
info.loop = g_main_loop_new (info.ctx, FALSE);
info.ready = FALSE;
server_thread = g_thread_new ("GDBusServer", server_thread_cb, &info);
g_mutex_lock (&info.mutex);
while (!info.ready)
g_cond_wait (&info.cond, &info.mutex);
g_mutex_unlock (&info.mutex);
addr = g_unix_socket_address_new (path);
encode_uid (geteuid (), encoded_uid);
encode_uid (geteuid () == 0 ? 65534 : 0, encoded_wrong_uid);
for (i = 0; i < G_N_ELEMENTS (handshakes); i++)
{
const char * const *handshake = handshakes[i];
GSocketClient *client;
GSocketConnection *conn;
GUnixConnection *conn_unix; /* unowned */
GInputStream *istream; /* unowned */
GDataInputStream *istream_data;
GOutputStream *ostream; /* unowned */
GError *error = NULL;
gsize j;
g_test_message ("New handshake: %s", handshake[0]);
client = g_socket_client_new ();
conn = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (addr),
NULL, &error);
g_assert_no_error (error);
g_assert_true (G_IS_UNIX_CONNECTION (conn));
conn_unix = G_UNIX_CONNECTION (conn);
istream = g_io_stream_get_input_stream (G_IO_STREAM (conn));
ostream = g_io_stream_get_output_stream (G_IO_STREAM (conn));
istream_data = g_data_input_stream_new (istream);
g_data_input_stream_set_newline_type (istream_data, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
g_unix_connection_send_credentials (conn_unix, NULL, &error);
g_assert_no_error (error);
for (j = 1; handshake[j] != NULL; j++)
{
if (j % 2 == 1)
{
/* client to server */
const char *line = handshake[j];
g_assert_cmpint (line[0], ==, 'C');
g_assert_cmpint (line[1], ==, ':');
g_string_assign (buf, line + 2);
g_string_replace (buf, "<uid>", encoded_uid->str, 0);
g_string_replace (buf, "<wrong-uid>", encoded_wrong_uid->str, 0);
g_test_message ("C:“%s”", buf->str);
g_string_append (buf, "\r\n");
g_output_stream_write_all (ostream, buf->str, buf->len, NULL, NULL, &error);
g_assert_no_error (error);
}
else
{
/* server to client */
const char *pattern = handshake[j];
char *line;
gsize len;
g_assert_cmpint (pattern[0], ==, 'S');
g_assert_cmpint (pattern[1], ==, ':');
g_test_message ("Expect: /^%s/", pattern + 2);
line = g_data_input_stream_read_line (istream_data, &len, NULL, &error);
g_assert_no_error (error);
g_test_message ("S:“%s”", line);
g_assert_cmpuint (len, ==, strlen (line));
if (!g_regex_match_simple (pattern + 2, line,
G_REGEX_ANCHORED,
G_REGEX_MATCH_ANCHORED))
g_error ("Expected /^%s/, got “%s”", pattern + 2, line);
g_free (line);
}
}
g_object_unref (istream_data);
g_object_unref (conn);
g_object_unref (client);
}
g_main_loop_quit (info.loop);
g_thread_join (server_thread);
if (tmpdir != NULL)
g_assert_no_errno (g_rmdir (tmpdir));
g_clear_pointer (&info.ctx, g_main_context_unref);
g_clear_pointer (&info.loop, g_main_loop_unref);
g_clear_object (&addr);
g_string_free (buf, TRUE);
g_string_free (encoded_uid, TRUE);
g_string_free (encoded_wrong_uid, TRUE);
g_free (escaped);
g_free (info.guid);
g_free (info.listenable_address);
g_free (path);
g_free (tmpdir);
g_cond_clear (&info.cond);
g_mutex_clear (&info.mutex);
}
int
main (int argc,
char *argv[])
{
setlocale (LC_ALL, "");
g_test_init (&argc, &argv, G_TEST_OPTION_ISOLATE_DIRS, NULL);
g_test_add_func ("/gdbus/sasl/server", test_sasl_server);
return g_test_run();
}