Commit 98ae1149 authored by Simon McVittie's avatar Simon McVittie

Add a test for uid-controlled permissions

This is technical debt from mitigating CVE-2014-8148, which should
really have had a regression test at the time.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88810
Reviewed-by: Philip Withnall
parent 6a49ced2
......@@ -162,6 +162,7 @@ installable_tests += \
test-relay \
test-syntax \
test-syslog \
test-uid-permissions \
$(NULL)
installable_manual_tests += \
manual-authz \
......@@ -240,6 +241,15 @@ test_syntax_LDADD = \
$(GLIB_LIBS) \
$(NULL)
test_uid_permissions_SOURCES = \
uid-permissions.c \
$(NULL)
test_uid_permissions_CPPFLAGS = $(testutils_shared_if_possible_cppflags)
test_uid_permissions_LDADD = \
$(testutils_shared_if_possible_libs) \
$(GLIB_LIBS) \
$(NULL)
if DBUS_ENABLE_MODULAR_TESTS
TESTS += $(installable_tests)
installcheck_tests += $(installable_tests)
......@@ -276,6 +286,7 @@ in_data = \
data/valid-config-files/debug-allow-all.conf.in \
data/valid-config-files/finite-timeout.conf.in \
data/valid-config-files/incoming-limit.conf.in \
data/valid-config-files/multi-user.conf.in \
data/invalid-service-files-system/org.freedesktop.DBus.TestSuiteNoExec.service.in \
data/invalid-service-files-system/org.freedesktop.DBus.TestSuiteNoService.service.in \
data/invalid-service-files-system/org.freedesktop.DBus.TestSuiteNoUser.service.in \
......
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<listen>@TEST_LISTEN@</listen>
<policy context="default">
<allow send_interface="*"/>
<allow receive_interface="*"/>
<allow own="*"/>
<allow user="*"/>
</policy>
<!-- avoid allowing service activation since we are allowing everyone in -->
<servicehelper>/bin/false</servicehelper>
</busconfig>
......@@ -299,6 +299,88 @@ test_connect_to_bus (TestMainContext *ctx,
return conn;
}
DBusConnection *
test_connect_to_bus_as_user (TestMainContext *ctx,
const char *address,
TestUser user)
{
/* For now we only do tests like this on Linux, because I don't know how
* safe this use of setresuid() is on other platforms */
#if defined(HAVE_GETRESUID) && defined(HAVE_SETRESUID) && defined(__linux__)
uid_t ruid, euid, suid;
const struct passwd *pwd;
DBusConnection *conn;
const char *username;
switch (user)
{
case TEST_USER_ME:
return test_connect_to_bus (ctx, address);
case TEST_USER_ROOT:
username = "root";
break;
case TEST_USER_MESSAGEBUS:
username = DBUS_USER;
break;
case TEST_USER_OTHER:
username = DBUS_TEST_USER;
break;
default:
g_return_val_if_reached (NULL);
}
if (getresuid (&ruid, &euid, &suid) != 0)
g_error ("getresuid: %s", g_strerror (errno));
if (ruid != 0 || euid != 0 || suid != 0)
{
g_message ("SKIP: not uid 0 (ruid=%ld euid=%ld suid=%ld)",
(unsigned long) ruid, (unsigned long) euid, (unsigned long) suid);
return NULL;
}
pwd = getpwnam (username);
if (pwd == NULL)
{
g_message ("SKIP: getpwnam(\"%s\"): %s", username, g_strerror (errno));
return NULL;
}
/* Impersonate the desired user while we connect to the bus.
* This should work, because we're root. */
if (setresuid (pwd->pw_uid, pwd->pw_uid, 0) != 0)
g_error ("setresuid(%ld, (same), 0): %s",
(unsigned long) pwd->pw_uid, g_strerror (errno));
conn = test_connect_to_bus (ctx, address);
/* go back to our saved uid */
if (setresuid (0, 0, 0) != 0)
g_error ("setresuid(0, 0, 0): %s", g_strerror (errno));
return conn;
#else
switch (user)
{
case TEST_USER_ME:
return test_connect_to_bus (ctx, address);
default:
g_message ("SKIP: setresuid() not available, or unsure about "
"credentials-passing semantics on this platform");
return NULL;
}
#endif
}
void
test_kill_pid (GPid pid)
{
......
......@@ -74,6 +74,9 @@ gchar *test_get_dbus_daemon (const gchar *config_file,
DBusConnection *test_connect_to_bus (TestMainContext *ctx,
const gchar *address);
DBusConnection *test_connect_to_bus_as_user (TestMainContext *ctx,
const char *address,
TestUser user);
void test_kill_pid (GPid pid);
......
/* Integration tests for the dbus-daemon's uid-based hardening
*
* Author: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Copyright © 2010-2011 Nokia Corporation
* Copyright © 2015 Collabora Ltd.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <config.h>
#include "test-utils-glib.h"
typedef struct {
gboolean skip;
TestMainContext *ctx;
DBusError e;
GError *ge;
GPid daemon_pid;
DBusConnection *conn;
} Fixture;
typedef struct {
const char *config_file;
TestUser user;
gboolean expect_success;
} Config;
static void
setup (Fixture *f,
gconstpointer context)
{
const Config *config = context;
gchar *address;
f->ctx = test_main_context_get ();
f->ge = NULL;
dbus_error_init (&f->e);
address = test_get_dbus_daemon (config ? config->config_file : NULL,
TEST_USER_MESSAGEBUS,
&f->daemon_pid);
if (address == NULL)
{
f->skip = TRUE;
return;
}
f->conn = test_connect_to_bus_as_user (f->ctx, address,
config ? config->user : TEST_USER_ME);
if (f->conn == NULL)
f->skip = TRUE;
g_free (address);
}
static void
test_uae (Fixture *f,
gconstpointer context)
{
const Config *config = context;
DBusMessage *m;
DBusPendingCall *pc;
DBusMessageIter args_iter;
DBusMessageIter arr_iter;
if (f->skip)
return;
m = dbus_message_new_method_call (DBUS_SERVICE_DBUS,
DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, "UpdateActivationEnvironment");
if (m == NULL)
g_error ("OOM");
dbus_message_iter_init_append (m, &args_iter);
/* Append an empty a{ss} (string => string dictionary). */
if (!dbus_message_iter_open_container (&args_iter, DBUS_TYPE_ARRAY,
"{ss}", &arr_iter) ||
!dbus_message_iter_close_container (&args_iter, &arr_iter))
g_error ("OOM");
if (!dbus_connection_send_with_reply (f->conn, m, &pc,
DBUS_TIMEOUT_USE_DEFAULT) ||
pc == NULL)
g_error ("OOM");
dbus_message_unref (m);
m = NULL;
if (dbus_pending_call_get_completed (pc))
test_pending_call_store_reply (pc, &m);
else if (!dbus_pending_call_set_notify (pc, test_pending_call_store_reply,
&m, NULL))
g_error ("OOM");
while (m == NULL)
test_main_context_iterate (f->ctx, TRUE);
if (config->expect_success)
{
/* it succeeds */
g_assert_cmpint (dbus_message_get_type (m), ==,
DBUS_MESSAGE_TYPE_METHOD_RETURN);
}
else
{
/* it fails, yielding an error message with one string argument */
g_assert_cmpint (dbus_message_get_type (m), ==, DBUS_MESSAGE_TYPE_ERROR);
g_assert_cmpstr (dbus_message_get_error_name (m), ==,
DBUS_ERROR_ACCESS_DENIED);
g_assert_cmpstr (dbus_message_get_signature (m), ==, "s");
}
dbus_message_unref (m);
}
static void
teardown (Fixture *f,
gconstpointer context G_GNUC_UNUSED)
{
dbus_error_free (&f->e);
g_clear_error (&f->ge);
if (f->conn != NULL)
{
dbus_connection_close (f->conn);
dbus_connection_unref (f->conn);
f->conn = NULL;
}
if (f->daemon_pid != 0)
{
test_kill_pid (f->daemon_pid);
g_spawn_close_pid (f->daemon_pid);
f->daemon_pid = 0;
}
test_main_context_unref (f->ctx);
}
static Config root_fail_config = {
"valid-config-files/multi-user.conf",
TEST_USER_ROOT,
FALSE
};
static Config messagebus_ok_config = {
"valid-config-files/multi-user.conf",
TEST_USER_MESSAGEBUS,
TRUE
};
static Config other_fail_config = {
"valid-config-files/multi-user.conf",
TEST_USER_OTHER,
FALSE
};
int
main (int argc,
char **argv)
{
g_test_init (&argc, &argv, NULL);
g_test_bug_base ("https://bugs.freedesktop.org/show_bug.cgi?id=");
g_test_add ("/uid-permissions/uae/root", Fixture, &root_fail_config,
setup, test_uae, teardown);
g_test_add ("/uid-permissions/uae/messagebus", Fixture, &messagebus_ok_config,
setup, test_uae, teardown);
g_test_add ("/uid-permissions/uae/other", Fixture, &other_fail_config,
setup, test_uae, teardown);
return g_test_run ();
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment