Merge lp:~thomas-voss/trust-store/fix-1518883 into lp:trust-store/15.04
- fix-1518883
- Merge into 15.04
Proposed by
Thomas Voß
Status: | Merged |
---|---|
Approved by: | Alberto Mardegan |
Approved revision: | 139 |
Merged at revision: | 138 |
Proposed branch: | lp:~thomas-voss/trust-store/fix-1518883 |
Merge into: | lp:trust-store/15.04 |
Diff against target: |
439 lines (+291/-18) 10 files modified
po/de.po (+5/-5) po/ne.po (+31/-0) po/sr.po (+5/-5) src/CMakeLists.txt (+3/-0) src/core/trust/daemon.cpp (+6/-1) src/core/trust/mir/agent.cpp (+0/-7) src/core/trust/privilege_escalation_prevention_agent.cpp (+52/-0) src/core/trust/privilege_escalation_prevention_agent.h (+63/-0) tests/CMakeLists.txt (+20/-0) tests/privilege_escalation_prevention_agent_test.cpp (+106/-0) |
To merge this branch: | bzr merge lp:~thomas-voss/trust-store/fix-1518883 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Alberto Mardegan (community) | Approve | ||
PS Jenkins bot | continuous-integration | Pending | |
Review via email: mp+278416@code.launchpad.net |
This proposal supersedes a proposal from 2015-11-23.
Commit message
Introduce a trust::
Description of the change
Introduce a trust::
To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote : Posted in a previous version of this proposal | # |
review:
Approve
(continuous-integration)
- 139. By Thomas Voß
-
Remove obsolote check in mir::Agent.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'po/de.po' | |||
2 | --- po/de.po 2015-09-03 05:40:47 +0000 | |||
3 | +++ po/de.po 2015-11-27 12:18:10 +0000 | |||
4 | @@ -6,20 +6,20 @@ | |||
5 | 6 | "Project-Id-Version: trust-store\n" | 6 | "Project-Id-Version: trust-store\n" |
6 | 7 | "Report-Msgid-Bugs-To: \n" | 7 | "Report-Msgid-Bugs-To: \n" |
7 | 8 | "POT-Creation-Date: 2015-08-20 13:41-0400\n" | 8 | "POT-Creation-Date: 2015-08-20 13:41-0400\n" |
10 | 9 | "PO-Revision-Date: 2015-09-02 16:46+0000\n" | 9 | "PO-Revision-Date: 2015-11-07 21:39+0000\n" |
11 | 10 | "Last-Translator: Tobias Bannert <Unknown>\n" | 10 | "Last-Translator: Niklas Wenzel <nikwen.developer@gmail.com>\n" |
12 | 11 | "Language-Team: \n" | 11 | "Language-Team: \n" |
13 | 12 | "MIME-Version: 1.0\n" | 12 | "MIME-Version: 1.0\n" |
14 | 13 | "Content-Type: text/plain; charset=UTF-8\n" | 13 | "Content-Type: text/plain; charset=UTF-8\n" |
15 | 14 | "Content-Transfer-Encoding: 8bit\n" | 14 | "Content-Transfer-Encoding: 8bit\n" |
18 | 15 | "X-Launchpad-Export-Date: 2015-09-03 05:40+0000\n" | 15 | "X-Launchpad-Export-Date: 2015-11-08 05:46+0000\n" |
19 | 16 | "X-Generator: Launchpad (build 17706)\n" | 16 | "X-Generator: Launchpad (build 17838)\n" |
20 | 17 | "Language: de\n" | 17 | "Language: de\n" |
21 | 18 | 18 | ||
22 | 19 | #: /tmp/trust-store-i18n/src/core/trust/daemon.cpp:265 | 19 | #: /tmp/trust-store-i18n/src/core/trust/daemon.cpp:265 |
23 | 20 | #, boost-format | 20 | #, boost-format |
24 | 21 | msgid "Application %1% is trying to access" | 21 | msgid "Application %1% is trying to access" |
26 | 22 | msgstr "Anwendung %1% versucht zugreifen" | 22 | msgstr "Anwendung »%1%« versucht, zuzugreifen auf" |
27 | 23 | 23 | ||
28 | 24 | #: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:42 | 24 | #: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:42 |
29 | 25 | msgid "Deny" | 25 | msgid "Deny" |
30 | 26 | 26 | ||
31 | === added file 'po/ne.po' | |||
32 | --- po/ne.po 1970-01-01 00:00:00 +0000 | |||
33 | +++ po/ne.po 2015-11-27 12:18:10 +0000 | |||
34 | @@ -0,0 +1,31 @@ | |||
35 | 1 | # Nepali translation for trust-store | ||
36 | 2 | # Copyright (c) 2015 Rosetta Contributors and Canonical Ltd 2015 | ||
37 | 3 | # This file is distributed under the same license as the trust-store package. | ||
38 | 4 | # FIRST AUTHOR <EMAIL@ADDRESS>, 2015. | ||
39 | 5 | # | ||
40 | 6 | msgid "" | ||
41 | 7 | msgstr "" | ||
42 | 8 | "Project-Id-Version: trust-store\n" | ||
43 | 9 | "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n" | ||
44 | 10 | "POT-Creation-Date: 2015-08-20 13:41-0400\n" | ||
45 | 11 | "PO-Revision-Date: 2015-11-04 15:47+0000\n" | ||
46 | 12 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | ||
47 | 13 | "Language-Team: Nepali <ne@li.org>\n" | ||
48 | 14 | "MIME-Version: 1.0\n" | ||
49 | 15 | "Content-Type: text/plain; charset=UTF-8\n" | ||
50 | 16 | "Content-Transfer-Encoding: 8bit\n" | ||
51 | 17 | "X-Launchpad-Export-Date: 2015-11-05 05:46+0000\n" | ||
52 | 18 | "X-Generator: Launchpad (build 17838)\n" | ||
53 | 19 | |||
54 | 20 | #: /tmp/trust-store-i18n/src/core/trust/daemon.cpp:265 | ||
55 | 21 | #, boost-format | ||
56 | 22 | msgid "Application %1% is trying to access" | ||
57 | 23 | msgstr "" | ||
58 | 24 | |||
59 | 25 | #: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:42 | ||
60 | 26 | msgid "Deny" | ||
61 | 27 | msgstr "" | ||
62 | 28 | |||
63 | 29 | #: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:49 | ||
64 | 30 | msgid "Allow" | ||
65 | 31 | msgstr "" | ||
66 | 0 | 32 | ||
67 | === modified file 'po/sr.po' | |||
68 | --- po/sr.po 2015-08-22 05:53:55 +0000 | |||
69 | +++ po/sr.po 2015-11-27 12:18:10 +0000 | |||
70 | @@ -8,19 +8,19 @@ | |||
71 | 8 | "Project-Id-Version: trust-store\n" | 8 | "Project-Id-Version: trust-store\n" |
72 | 9 | "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n" | 9 | "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n" |
73 | 10 | "POT-Creation-Date: 2015-08-20 13:41-0400\n" | 10 | "POT-Creation-Date: 2015-08-20 13:41-0400\n" |
76 | 11 | "PO-Revision-Date: 2014-11-07 04:09+0000\n" | 11 | "PO-Revision-Date: 2015-10-26 21:49+0000\n" |
77 | 12 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | 12 | "Last-Translator: Данило Шеган <Unknown>\n" |
78 | 13 | "Language-Team: Serbian <sr@li.org>\n" | 13 | "Language-Team: Serbian <sr@li.org>\n" |
79 | 14 | "MIME-Version: 1.0\n" | 14 | "MIME-Version: 1.0\n" |
80 | 15 | "Content-Type: text/plain; charset=UTF-8\n" | 15 | "Content-Type: text/plain; charset=UTF-8\n" |
81 | 16 | "Content-Transfer-Encoding: 8bit\n" | 16 | "Content-Transfer-Encoding: 8bit\n" |
84 | 17 | "X-Launchpad-Export-Date: 2015-08-22 05:53+0000\n" | 17 | "X-Launchpad-Export-Date: 2015-10-28 05:56+0000\n" |
85 | 18 | "X-Generator: Launchpad (build 17690)\n" | 18 | "X-Generator: Launchpad (build 17833)\n" |
86 | 19 | 19 | ||
87 | 20 | #: /tmp/trust-store-i18n/src/core/trust/daemon.cpp:265 | 20 | #: /tmp/trust-store-i18n/src/core/trust/daemon.cpp:265 |
88 | 21 | #, boost-format | 21 | #, boost-format |
89 | 22 | msgid "Application %1% is trying to access" | 22 | msgid "Application %1% is trying to access" |
91 | 23 | msgstr "" | 23 | msgstr "Програм %1% покушава да приступи" |
92 | 24 | 24 | ||
93 | 25 | #: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:42 | 25 | #: /tmp/trust-store-i18n/src/core/trust/mir/prompt_main.qml:42 |
94 | 26 | msgid "Deny" | 26 | msgid "Deny" |
95 | 27 | 27 | ||
96 | === modified file 'src/CMakeLists.txt' | |||
97 | --- src/CMakeLists.txt 2015-08-31 13:16:20 +0000 | |||
98 | +++ src/CMakeLists.txt 2015-11-27 12:18:10 +0000 | |||
99 | @@ -43,6 +43,9 @@ | |||
100 | 43 | core/trust/app_id_formatting_trust_agent.h | 43 | core/trust/app_id_formatting_trust_agent.h |
101 | 44 | core/trust/app_id_formatting_trust_agent.cpp | 44 | core/trust/app_id_formatting_trust_agent.cpp |
102 | 45 | 45 | ||
103 | 46 | # An agent implementation preventing privilege escalation attacks. | ||
104 | 47 | core/trust/privilege_escalation_prevention_agent.cpp | ||
105 | 48 | |||
106 | 46 | # An agent-implementation that allows for selectively whitelisting app ids | 49 | # An agent-implementation that allows for selectively whitelisting app ids |
107 | 47 | core/trust/white_listing_agent.cpp | 50 | core/trust/white_listing_agent.cpp |
108 | 48 | # An agent-implementation using a store instance to cache user replies. | 51 | # An agent-implementation using a store instance to cache user replies. |
109 | 49 | 52 | ||
110 | === modified file 'src/core/trust/daemon.cpp' | |||
111 | --- src/core/trust/daemon.cpp 2015-08-31 14:00:41 +0000 | |||
112 | +++ src/core/trust/daemon.cpp 2015-11-27 12:18:10 +0000 | |||
113 | @@ -22,6 +22,7 @@ | |||
114 | 22 | #include <core/trust/cached_agent.h> | 22 | #include <core/trust/cached_agent.h> |
115 | 23 | #include <core/trust/expose.h> | 23 | #include <core/trust/expose.h> |
116 | 24 | #include <core/trust/i18n.h> | 24 | #include <core/trust/i18n.h> |
117 | 25 | #include <core/trust/privilege_escalation_prevention_agent.h> | ||
118 | 25 | #include <core/trust/store.h> | 26 | #include <core/trust/store.h> |
119 | 26 | #include <core/trust/white_listing_agent.h> | 27 | #include <core/trust/white_listing_agent.h> |
120 | 27 | 28 | ||
121 | @@ -375,6 +376,10 @@ | |||
122 | 375 | }, cached_agent); | 376 | }, cached_agent); |
123 | 376 | 377 | ||
124 | 377 | auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(whitelisting_agent); | 378 | auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(whitelisting_agent); |
125 | 379 | |||
126 | 380 | auto privilege_escalation_prevention_agent = std::make_shared<core::trust::PrivilegeEscalationPreventionAgent>( | ||
127 | 381 | core::trust::PrivilegeEscalationPreventionAgent::default_user_id_functor(), | ||
128 | 382 | formatting_agent); | ||
129 | 378 | 383 | ||
130 | 379 | auto remote_agent = remote_agent_factory(service_name, formatting_agent, dict); | 384 | auto remote_agent = remote_agent_factory(service_name, formatting_agent, dict); |
131 | 380 | 385 | ||
132 | @@ -382,7 +387,7 @@ | |||
133 | 382 | { | 387 | { |
134 | 383 | service_name, | 388 | service_name, |
135 | 384 | bus_from_name(vm[Parameters::StoreBus::name].as<std::string>()), | 389 | bus_from_name(vm[Parameters::StoreBus::name].as<std::string>()), |
137 | 385 | {local_store, formatting_agent}, | 390 | {local_store, privilege_escalation_prevention_agent}, |
138 | 386 | {remote_agent} | 391 | {remote_agent} |
139 | 387 | }; | 392 | }; |
140 | 388 | } | 393 | } |
141 | 389 | 394 | ||
142 | === modified file 'src/core/trust/mir/agent.cpp' | |||
143 | --- src/core/trust/mir/agent.cpp 2015-08-31 13:16:20 +0000 | |||
144 | +++ src/core/trust/mir/agent.cpp 2015-11-27 12:18:10 +0000 | |||
145 | @@ -236,13 +236,6 @@ | |||
146 | 236 | // From core::trust::Agent: | 236 | // From core::trust::Agent: |
147 | 237 | core::trust::Request::Answer mir::Agent::authenticate_request_with_parameters(const core::trust::Agent::RequestParameters& parameters) | 237 | core::trust::Request::Answer mir::Agent::authenticate_request_with_parameters(const core::trust::Agent::RequestParameters& parameters) |
148 | 238 | { | 238 | { |
149 | 239 | // We assume that the agent implementation runs under the same user id as | ||
150 | 240 | // the requesting app to prevent from cross-user attacks. | ||
151 | 241 | if (core::trust::Uid{::getuid()} != parameters.application.uid) throw std::logic_error | ||
152 | 242 | { | ||
153 | 243 | "mir::Agent::prompt_user_for_request: current user id does not match requesting app's user id" | ||
154 | 244 | }; | ||
155 | 245 | |||
156 | 246 | // We initialize our callback context with an invalid child-process for setup | 239 | // We initialize our callback context with an invalid child-process for setup |
157 | 247 | // purposes. Later on, once we have acquired a pre-authenticated fd for the | 240 | // purposes. Later on, once we have acquired a pre-authenticated fd for the |
158 | 248 | // prompt provider, we exec the actual provider in a child process and replace the | 241 | // prompt provider, we exec the actual provider in a child process and replace the |
159 | 249 | 242 | ||
160 | === added file 'src/core/trust/privilege_escalation_prevention_agent.cpp' | |||
161 | --- src/core/trust/privilege_escalation_prevention_agent.cpp 1970-01-01 00:00:00 +0000 | |||
162 | +++ src/core/trust/privilege_escalation_prevention_agent.cpp 2015-11-27 12:18:10 +0000 | |||
163 | @@ -0,0 +1,52 @@ | |||
164 | 1 | /* | ||
165 | 2 | * Copyright © 2015 Canonical Ltd. | ||
166 | 3 | * | ||
167 | 4 | * This program is free software: you can redistribute it and/or modify it | ||
168 | 5 | * under the terms of the GNU Lesser General Public License version 3, | ||
169 | 6 | * as published by the Free Software Foundation. | ||
170 | 7 | * | ||
171 | 8 | * This program is distributed in the hope that it will be useful, | ||
172 | 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
173 | 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
174 | 11 | * GNU Lesser General Public License for more details. | ||
175 | 12 | * | ||
176 | 13 | * You should have received a copy of the GNU Lesser General Public License | ||
177 | 14 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
178 | 15 | * | ||
179 | 16 | * Authored by: Thomas Voß <thomas.voss@canonical.com> | ||
180 | 17 | */ | ||
181 | 18 | |||
182 | 19 | #include <core/trust/privilege_escalation_prevention_agent.h> | ||
183 | 20 | |||
184 | 21 | #include <unistd.h> | ||
185 | 22 | #include <sys/types.h> | ||
186 | 23 | |||
187 | 24 | core::trust::PrivilegeEscalationPreventionAgent::Error::Error() : std::runtime_error{"Potential privilege escalation attack detected."} | ||
188 | 25 | { | ||
189 | 26 | } | ||
190 | 27 | |||
191 | 28 | core::trust::PrivilegeEscalationPreventionAgent::UserIdFunctor core::trust::PrivilegeEscalationPreventionAgent::default_user_id_functor() | ||
192 | 29 | { | ||
193 | 30 | return []() | ||
194 | 31 | { | ||
195 | 32 | return core::trust::Uid{::getuid()}; | ||
196 | 33 | }; | ||
197 | 34 | } | ||
198 | 35 | |||
199 | 36 | core::trust::PrivilegeEscalationPreventionAgent::PrivilegeEscalationPreventionAgent( | ||
200 | 37 | const UserIdFunctor& uid_functor, | ||
201 | 38 | const std::shared_ptr<core::trust::Agent>& impl) | ||
202 | 39 | : uid_functor{uid_functor}, | ||
203 | 40 | impl{impl} | ||
204 | 41 | { | ||
205 | 42 | if (not impl) throw std::runtime_error | ||
206 | 43 | { | ||
207 | 44 | "Missing agent implementation." | ||
208 | 45 | }; | ||
209 | 46 | } | ||
210 | 47 | |||
211 | 48 | core::trust::Request::Answer core::trust::PrivilegeEscalationPreventionAgent::authenticate_request_with_parameters(const core::trust::Agent::RequestParameters& parameters) | ||
212 | 49 | { | ||
213 | 50 | if (uid_functor() != parameters.application.uid) throw Error{}; | ||
214 | 51 | return impl->authenticate_request_with_parameters(parameters); | ||
215 | 52 | } | ||
216 | 0 | 53 | ||
217 | === added file 'src/core/trust/privilege_escalation_prevention_agent.h' | |||
218 | --- src/core/trust/privilege_escalation_prevention_agent.h 1970-01-01 00:00:00 +0000 | |||
219 | +++ src/core/trust/privilege_escalation_prevention_agent.h 2015-11-27 12:18:10 +0000 | |||
220 | @@ -0,0 +1,63 @@ | |||
221 | 1 | /* | ||
222 | 2 | * Copyright © 2015 Canonical Ltd. | ||
223 | 3 | * | ||
224 | 4 | * This program is free software: you can redistribute it and/or modify it | ||
225 | 5 | * under the terms of the GNU Lesser General Public License version 3, | ||
226 | 6 | * as published by the Free Software Foundation. | ||
227 | 7 | * | ||
228 | 8 | * This program is distributed in the hope that it will be useful, | ||
229 | 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
230 | 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
231 | 11 | * GNU Lesser General Public License for more details. | ||
232 | 12 | * | ||
233 | 13 | * You should have received a copy of the GNU Lesser General Public License | ||
234 | 14 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
235 | 15 | * | ||
236 | 16 | * Authored by: Thomas Voß <thomas.voss@canonical.com> | ||
237 | 17 | */ | ||
238 | 18 | |||
239 | 19 | #ifndef CORE_TRUST_PRIVILEGE_ESCALATION_PREVENTION_AGENT_H_ | ||
240 | 20 | #define CORE_TRUST_PRIVILEGE_ESCALATION_PREVENTION_AGENT_H_ | ||
241 | 21 | |||
242 | 22 | #include <core/trust/agent.h> | ||
243 | 23 | |||
244 | 24 | #include <stdexcept> | ||
245 | 25 | |||
246 | 26 | namespace core | ||
247 | 27 | { | ||
248 | 28 | namespace trust | ||
249 | 29 | { | ||
250 | 30 | // A PrivilegeEscalationPreventionAgent ensures that requests originating from an application | ||
251 | 31 | // running under a different user than the current one are rejected immediately, thereby preventing | ||
252 | 32 | // from privilege escalation issues. | ||
253 | 33 | class CORE_TRUST_DLL_PUBLIC PrivilegeEscalationPreventionAgent : public core::trust::Agent | ||
254 | 34 | { | ||
255 | 35 | public: | ||
256 | 36 | // An Error is thrown if a potential privilege escalation attack has been detected. | ||
257 | 37 | struct Error : public std::runtime_error | ||
258 | 38 | { | ||
259 | 39 | // Error creates an instance, providing details about the escalation issue. | ||
260 | 40 | Error(); | ||
261 | 41 | }; | ||
262 | 42 | |||
263 | 43 | // A UserIdFunctor queries the user id under which the current process runs. | ||
264 | 44 | typedef std::function<Uid()> UserIdFunctor; | ||
265 | 45 | |||
266 | 46 | // default_user_id_functor returns a UserIdFunctor querying the current user id from the system. | ||
267 | 47 | static UserIdFunctor default_user_id_functor(); | ||
268 | 48 | |||
269 | 49 | // PrivilegeEscalationPreventionAgent creates a new instance that queries the current user, | ||
270 | 50 | // forwarding valid requests to impl. | ||
271 | 51 | PrivilegeEscalationPreventionAgent(const UserIdFunctor& uid_functor, const std::shared_ptr<Agent>& impl); | ||
272 | 52 | |||
273 | 53 | // From core::trust::Agent | ||
274 | 54 | Request::Answer authenticate_request_with_parameters(const RequestParameters& parameters) override; | ||
275 | 55 | |||
276 | 56 | private: | ||
277 | 57 | UserIdFunctor uid_functor; | ||
278 | 58 | std::shared_ptr<Agent> impl; | ||
279 | 59 | }; | ||
280 | 60 | } | ||
281 | 61 | } | ||
282 | 62 | |||
283 | 63 | #endif // CORE_TRUST_PRIVILEGE_ESCALATION_PREVENTION_AGENT_H_ | ||
284 | 0 | 64 | ||
285 | === modified file 'tests/CMakeLists.txt' | |||
286 | --- tests/CMakeLists.txt 2014-11-14 12:17:24 +0000 | |||
287 | +++ tests/CMakeLists.txt 2015-11-27 12:18:10 +0000 | |||
288 | @@ -59,6 +59,11 @@ | |||
289 | 59 | ) | 59 | ) |
290 | 60 | 60 | ||
291 | 61 | add_executable( | 61 | add_executable( |
292 | 62 | privilege_escalation_prevention_agent_test | ||
293 | 63 | privilege_escalation_prevention_agent_test.cpp | ||
294 | 64 | ) | ||
295 | 65 | |||
296 | 66 | add_executable( | ||
297 | 62 | cached_agent_test | 67 | cached_agent_test |
298 | 63 | cached_agent_test.cpp | 68 | cached_agent_test.cpp |
299 | 64 | ) | 69 | ) |
300 | @@ -166,6 +171,20 @@ | |||
301 | 166 | ) | 171 | ) |
302 | 167 | 172 | ||
303 | 168 | target_link_libraries( | 173 | target_link_libraries( |
304 | 174 | privilege_escalation_prevention_agent_test | ||
305 | 175 | |||
306 | 176 | trust-store | ||
307 | 177 | |||
308 | 178 | gmock | ||
309 | 179 | |||
310 | 180 | gtest | ||
311 | 181 | gtest_main | ||
312 | 182 | |||
313 | 183 | ${PROCESS_CPP_LIBRARIES} | ||
314 | 184 | ) | ||
315 | 185 | |||
316 | 186 | |||
317 | 187 | target_link_libraries( | ||
318 | 169 | cached_agent_test | 188 | cached_agent_test |
319 | 170 | 189 | ||
320 | 171 | trust-store | 190 | trust-store |
321 | @@ -226,6 +245,7 @@ | |||
322 | 226 | add_test(app_id_formatting_trust_agent_test ${CMAKE_CURRENT_BINARY_DIR}/app_id_formatting_trust_agent_test) | 245 | add_test(app_id_formatting_trust_agent_test ${CMAKE_CURRENT_BINARY_DIR}/app_id_formatting_trust_agent_test) |
323 | 227 | add_test(cached_agent_test ${CMAKE_CURRENT_BINARY_DIR}/cached_agent_test) | 246 | add_test(cached_agent_test ${CMAKE_CURRENT_BINARY_DIR}/cached_agent_test) |
324 | 228 | add_test(white_listing_agent_test ${CMAKE_CURRENT_BINARY_DIR}/white_listing_agent_test) | 247 | add_test(white_listing_agent_test ${CMAKE_CURRENT_BINARY_DIR}/white_listing_agent_test) |
325 | 248 | add_test(privilege_escalation_prevention_agent_test ${CMAKE_CURRENT_BINARY_DIR}/privilege_escalation_prevention_agent_test) | ||
326 | 229 | # TODO(tvoss) Re-enable daemon tests once CI issues are resolved. | 249 | # TODO(tvoss) Re-enable daemon tests once CI issues are resolved. |
327 | 230 | # add_test(daemon_test ${CMAKE_CURRENT_BINARY_DIR}/daemon_test) | 250 | # add_test(daemon_test ${CMAKE_CURRENT_BINARY_DIR}/daemon_test) |
328 | 231 | add_test(dbus_test ${CMAKE_CURRENT_BINARY_DIR}/dbus_test) | 251 | add_test(dbus_test ${CMAKE_CURRENT_BINARY_DIR}/dbus_test) |
329 | 232 | 252 | ||
330 | === added file 'tests/privilege_escalation_prevention_agent_test.cpp' | |||
331 | --- tests/privilege_escalation_prevention_agent_test.cpp 1970-01-01 00:00:00 +0000 | |||
332 | +++ tests/privilege_escalation_prevention_agent_test.cpp 2015-11-27 12:18:10 +0000 | |||
333 | @@ -0,0 +1,106 @@ | |||
334 | 1 | /* | ||
335 | 2 | * Copyright © 2015 Canonical Ltd. | ||
336 | 3 | * | ||
337 | 4 | * This program is free software: you can redistribute it and/or modify it | ||
338 | 5 | * under the terms of the GNU Lesser General Public License version 3, | ||
339 | 6 | * as published by the Free Software Foundation. | ||
340 | 7 | * | ||
341 | 8 | * This program is distributed in the hope that it will be useful, | ||
342 | 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
343 | 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
344 | 11 | * GNU Lesser General Public License for more details. | ||
345 | 12 | * | ||
346 | 13 | * You should have received a copy of the GNU Lesser General Public License | ||
347 | 14 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
348 | 15 | * | ||
349 | 16 | * Authored by: Thomas Voß <thomas.voss@canonical.com> | ||
350 | 17 | */ | ||
351 | 18 | |||
352 | 19 | #include <core/trust/privilege_escalation_prevention_agent.h> | ||
353 | 20 | |||
354 | 21 | #include "mock_agent.h" | ||
355 | 22 | #include "the.h" | ||
356 | 23 | |||
357 | 24 | #include <gmock/gmock.h> | ||
358 | 25 | |||
359 | 26 | namespace | ||
360 | 27 | { | ||
361 | 28 | std::shared_ptr<testing::NiceMock<MockAgent>> a_mocked_agent() | ||
362 | 29 | { | ||
363 | 30 | return std::make_shared<testing::NiceMock<MockAgent>>(); | ||
364 | 31 | } | ||
365 | 32 | |||
366 | 33 | struct MockUserIdFunctor | ||
367 | 34 | { | ||
368 | 35 | core::trust::PrivilegeEscalationPreventionAgent::UserIdFunctor to_functional() | ||
369 | 36 | { | ||
370 | 37 | return [this]() | ||
371 | 38 | { | ||
372 | 39 | return get_uid(); | ||
373 | 40 | }; | ||
374 | 41 | } | ||
375 | 42 | |||
376 | 43 | MOCK_METHOD0(get_uid, core::trust::Uid()); | ||
377 | 44 | }; | ||
378 | 45 | } | ||
379 | 46 | |||
380 | 47 | TEST(PrivilegeEscalationPreventionAgent, ctor_throws_for_null_agent) | ||
381 | 48 | { | ||
382 | 49 | EXPECT_ANY_THROW(core::trust::PrivilegeEscalationPreventionAgent | ||
383 | 50 | ( | ||
384 | 51 | core::trust::PrivilegeEscalationPreventionAgent::default_user_id_functor(), | ||
385 | 52 | std::shared_ptr<core::trust::Agent>() | ||
386 | 53 | )); | ||
387 | 54 | } | ||
388 | 55 | |||
389 | 56 | TEST(PrivilegeEscalationPreventionAgent, queries_user_id_for_incoming_request_and_dispatches_to_impl_if_no_privilege_escalation_detected) | ||
390 | 57 | { | ||
391 | 58 | using namespace ::testing; | ||
392 | 59 | |||
393 | 60 | auto mock_agent = a_mocked_agent(); | ||
394 | 61 | |||
395 | 62 | auto params = the::default_request_parameters_for_testing(); | ||
396 | 63 | params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"}; | ||
397 | 64 | |||
398 | 65 | MockUserIdFunctor uif; | ||
399 | 66 | EXPECT_CALL(uif, get_uid()) | ||
400 | 67 | .Times(1) | ||
401 | 68 | .WillRepeatedly(Return(params.application.uid)); | ||
402 | 69 | |||
403 | 70 | EXPECT_CALL(*mock_agent, authenticate_request_with_parameters(params)) | ||
404 | 71 | .Times(1) | ||
405 | 72 | .WillRepeatedly(Return(core::trust::Request::Answer::denied)); | ||
406 | 73 | |||
407 | 74 | core::trust::PrivilegeEscalationPreventionAgent agent{uif.to_functional(), mock_agent}; | ||
408 | 75 | |||
409 | 76 | EXPECT_EQ(core::trust::Request::Answer::denied, | ||
410 | 77 | agent.authenticate_request_with_parameters(params)); | ||
411 | 78 | } | ||
412 | 79 | |||
413 | 80 | TEST(PrivilegeEscalationPreventionAgent, invokes_user_id_functor_for_incoming_request_and_throws_if_privilege_escalation_detected) | ||
414 | 81 | { | ||
415 | 82 | using namespace ::testing; | ||
416 | 83 | |||
417 | 84 | auto mock_agent = a_mocked_agent(); | ||
418 | 85 | |||
419 | 86 | auto params = the::default_request_parameters_for_testing(); | ||
420 | 87 | params.application.id = params.application.id + std::string{"_app"} + std::string{"_1.2.3"}; | ||
421 | 88 | |||
422 | 89 | MockUserIdFunctor uif; | ||
423 | 90 | EXPECT_CALL(uif, get_uid()) | ||
424 | 91 | .Times(1) | ||
425 | 92 | .WillRepeatedly(Return(core::trust::Uid{12})); | ||
426 | 93 | |||
427 | 94 | EXPECT_CALL(*mock_agent, authenticate_request_with_parameters(params)) | ||
428 | 95 | .Times(0); | ||
429 | 96 | |||
430 | 97 | core::trust::PrivilegeEscalationPreventionAgent agent{uif.to_functional(), mock_agent}; | ||
431 | 98 | |||
432 | 99 | EXPECT_THROW(agent.authenticate_request_with_parameters(params), core::trust::PrivilegeEscalationPreventionAgent::Error); | ||
433 | 100 | } | ||
434 | 101 | |||
435 | 102 | TEST(PrivilegeEscalationPreventionAgentDefaultUserIdFunctor, returns_current_user_id) | ||
436 | 103 | { | ||
437 | 104 | auto f = core::trust::PrivilegeEscalationPreventionAgent::default_user_id_functor(); | ||
438 | 105 | EXPECT_EQ(core::trust::Uid(::getuid()), f()); | ||
439 | 106 | } |
PASSED: Continuous integration, rev:138 jenkins. qa.ubuntu. com/job/ trust-store- ci/106/ jenkins. qa.ubuntu. com/job/ trust-store- vivid-amd64- ci/27 jenkins. qa.ubuntu. com/job/ trust-store- vivid-armhf- ci/27 jenkins. qa.ubuntu. com/job/ trust-store- vivid-armhf- ci/27/artifact/ work/output/ *zip*/output. zip jenkins. qa.ubuntu. com/job/ trust-store- vivid-i386- ci/27
http://
Executed test runs:
SUCCESS: http://
SUCCESS: http://
deb: http://
SUCCESS: http://
Click here to trigger a rebuild: s-jenkins. ubuntu- ci:8080/ job/trust- store-ci/ 106/rebuild
http://