2007-06-09 Havoc Pennington <hp@redhat.com>

* dbus/dbus-string.c (_dbus_string_pop_line): fix this not to think an empty line is the end of the file. Also, fix some whitespace. * dbus/dbus-string-util.c: add more tests for _dbus_string_pop_line() revealing that it thinks an empty line is the end of the file, which broke dbus-auth-script.c so it didn't really run the scripts * dbus/dbus-auth.c: add ANONYMOUS mechanism * dbus/dbus-auth-script.c (_dbus_auth_script_run): fix to detect an empty/no-op auth script; add commands to check that we have or don't have the expected credentials
author: Havoc Pennington <hp@redhat.com> 2007-06-10 04:54:45 +0000
committer: Havoc Pennington <hp@redhat.com> 2007-06-10 04:54:45 +0000
commit: a789b7b38cb4f4540a41444cbd64bf7ada2d60d2 (patch)
tree: db5164def7f5d19266bc4ebfb4ce740f269d79e2 /dbus/dbus-auth-script.c
parent: 7be5fd95cdccdca28937804f32ca8b1308887d09 (diff)
1 files changed, 35 insertions, 6 deletions
diff --git a/dbus/dbus-auth-script.c b/dbus/dbus-auth-script.c
index 5aa17d4b..dd864ca5 100644
--- a/dbus/dbus-auth-script.c
+++ b/dbus/dbus-auth-script.c
@@ -218,10 +218,8 @@ auth_set_unix_credentials(DBusAuth  *auth,
 
   credentials = _dbus_credentials_new ();
   if (credentials == NULL)
-    {
-      _dbus_warn ("no memory\n");
-      return;
-    }
+    _dbus_assert_not_reached ("no memory");
+
   if (uid != DBUS_UID_UNSET)
     _dbus_credentials_add_unix_uid (credentials, uid);
   if (pid != DBUS_PID_UNSET)
@@ -288,11 +286,14 @@ _dbus_auth_script_run (const DBusString *filename)
 
   state = DBUS_AUTH_STATE_NEED_DISCONNECT;
   line_no = 0;
+
  next_iteration:
   while (_dbus_string_pop_line (&file, &line))
     {      
       line_no += 1;
 
+      /* _dbus_warn ("%s\n", _dbus_string_get_const_data (&line)); */
+      
       _dbus_string_delete_leading_blanks (&line);
 
       if (auth != NULL)
@@ -659,6 +660,30 @@ _dbus_auth_script_run (const DBusString *filename)
             }
         }
       else if (_dbus_string_starts_with_c_str (&line,
+                                               "EXPECT_HAVE_NO_CREDENTIALS"))
+        {
+          DBusCredentials *authorized_identity;
+          
+          authorized_identity = _dbus_auth_get_identity (auth);
+          if (!_dbus_credentials_are_empty (authorized_identity))
+            {
+              _dbus_warn ("Expected anonymous login or failed login, but some credentials were authorized\n");
+              goto out;
+            }
+        }
+      else if (_dbus_string_starts_with_c_str (&line,
+                                               "EXPECT_HAVE_SOME_CREDENTIALS"))
+        {
+          DBusCredentials *authorized_identity;
+          
+          authorized_identity = _dbus_auth_get_identity (auth);
+          if (_dbus_credentials_are_empty (authorized_identity))
+            {
+              _dbus_warn ("Expected to have some credentials, but we don't\n");
+              goto out;
+            }
+        }
+      else if (_dbus_string_starts_with_c_str (&line,
                                                "EXPECT"))
         {
           DBusString expected;
@@ -708,8 +733,12 @@ _dbus_auth_script_run (const DBusString *filename)
       }
     }
 
-  if (auth != NULL &&
-      state == DBUS_AUTH_STATE_AUTHENTICATED)
+  if (auth == NULL)
+    {
+      _dbus_warn ("Auth script is bogus, did not even have CLIENT or SERVER\n");
+      goto out;
+    }
+  else if (state == DBUS_AUTH_STATE_AUTHENTICATED)
     {
       const DBusString *unused;
author	Havoc Pennington <hp@redhat.com>	2007-06-10 04:54:45 +0000
committer	Havoc Pennington <hp@redhat.com>	2007-06-10 04:54:45 +0000
commit	a789b7b38cb4f4540a41444cbd64bf7ada2d60d2 (patch)
tree	db5164def7f5d19266bc4ebfb4ce740f269d79e2 /dbus/dbus-auth-script.c
parent	7be5fd95cdccdca28937804f32ca8b1308887d09 (diff)