diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2013-01-16 09:04:58 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2013-01-16 11:39:03 +0100 |
| commit | e1e308bc4564f596bde5cd4c96b75d3b8c672e95 (patch) | |
| tree | a3aafe7b01d1e14f27a9a47afcf95bf08b47c818 | |
| parent | fb8f3fac70ecfcc2b8612dbf71308cbea39ca789 (diff) | |
Remove support for UNO_AC* bootstrap variables
...they had effectively never been used.
Change-Id: I514f2b844661e144cef758eb3ce7c4607ffad635
| -rw-r--r-- | cppuhelper/source/component_context.cxx | 9 | ||||
| -rw-r--r-- | cppuhelper/source/defaultbootstrap.cxx | 2 | ||||
| -rw-r--r-- | cppuhelper/source/servicefactory.cxx | 135 | ||||
| -rw-r--r-- | cppuhelper/source/servicefactory_detail.hxx | 5 | ||||
| -rw-r--r-- | stoc/source/security/access_controller.cxx | 4 | ||||
| -rw-r--r-- | stoc/source/security/file_policy.cxx | 5 | ||||
| -rw-r--r-- | stoc/test/security/makefile.mk | 49 | ||||
| -rw-r--r-- | stoc/test/security/test_security.cxx | 515 | ||||
| -rw-r--r-- | stoc/test/security/test_security.ini | 24 | ||||
| -rw-r--r-- | stoc/test/security/test_security.policy | 37 | ||||
| -rw-r--r-- | stoc/test/security/test_security_singleuser.ini | 24 |
11 files changed, 14 insertions, 795 deletions
diff --git a/cppuhelper/source/component_context.cxx b/cppuhelper/source/component_context.cxx index c168aa2a32b7..18e150c528ca 100644 --- a/cppuhelper/source/component_context.cxx +++ b/cppuhelper/source/component_context.cxx @@ -59,7 +59,6 @@ #define SMGR_SINGLETON "/singletons/com.sun.star.lang.theServiceManager" #define TDMGR_SINGLETON "/singletons/com.sun.star.reflection.theTypeDescriptionManager" #define AC_SINGLETON "/singletons/com.sun.star.security.theAccessController" -#define AC_POLICY "/singletons/com.sun.star.security.thePolicy" #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) @@ -694,7 +693,7 @@ void ComponentContext::disposing() ::fprintf( stderr, "> disposing context %p\n", this ); #endif - Reference< lang::XComponent > xTDMgr, xAC, xPolicy; // to be disposed separately + Reference< lang::XComponent > xTDMgr, xAC; // to be disposed separately // dispose all context objects t_map::const_iterator iPos( m_map.begin() ); @@ -731,10 +730,6 @@ void ComponentContext::disposing() { xAC = xComp; } - else if ( iPos->first == AC_POLICY ) - { - xPolicy = xComp; - } else // dispose immediately { xComp->dispose(); @@ -748,8 +743,6 @@ void ComponentContext::disposing() m_xSMgr.clear(); // dispose ac try_dispose( xAC ); - // dispose policy - try_dispose( xPolicy ); // dispose tdmgr; revokes callback from cppu runtime try_dispose( xTDMgr ); diff --git a/cppuhelper/source/defaultbootstrap.cxx b/cppuhelper/source/defaultbootstrap.cxx index d4863b323c73..9b214847b4a5 100644 --- a/cppuhelper/source/defaultbootstrap.cxx +++ b/cppuhelper/source/defaultbootstrap.cxx @@ -115,7 +115,7 @@ cppu::defaultBootstrap_InitialComponentContext(rtl::OUString const & iniUri) "/singletons/" + i->first, css::uno::makeAny(i->second[0]->info->name), true)); } - cppu::add_access_control_entries(&context_values, bs); + cppu::add_access_control_entries(&context_values); assert(!context_values.empty()); css::uno::Reference< css::uno::XComponentContext > context( createComponentContext( diff --git a/cppuhelper/source/servicefactory.cxx b/cppuhelper/source/servicefactory.cxx index 268ddaa990b4..b52148744515 100644 --- a/cppuhelper/source/servicefactory.cxx +++ b/cppuhelper/source/servicefactory.cxx @@ -40,151 +40,22 @@ using namespace ::com::sun::star::uno; namespace cppu { -/** bootstrap variables: - - UNO_AC=<mode> [mandatory] - -- mode := { on, off, dynamic-only, single-user, single-default-user } - UNO_AC_SERVICE=<service_name> [optional] - -- override ac singleton service name - UNO_AC_SINGLEUSER=<user-id|nothing> [optional] - -- run with this user id or with default user policy (<nothing>) - set UNO_AC=single-[default-]user - UNO_AC_USERCACHE_SIZE=<cache_size> - -- number of user permission sets to be cached - - UNO_AC_POLICYSERVICE=<service_name> [optional] - -- override policy singleton service name - UNO_AC_POLICYFILE=<file_url> [optional] - -- read policy out of simple text file -*/ -void add_access_control_entries( - ::std::vector< ContextEntry_Init > * values, - Bootstrap const & bootstrap ) +void add_access_control_entries( ::std::vector< ContextEntry_Init > * values ) SAL_THROW( (Exception) ) { ContextEntry_Init entry; ::std::vector< ContextEntry_Init > & context_values = *values; - OUString ac_policy; - if (bootstrap.getFrom( OUSTR("UNO_AC_POLICYSERVICE"), ac_policy )) - { - // overridden service name - // - policy singleton - entry.bLateInitService = true; - entry.name = OUSTR("/singletons/com.sun.star.security.thePolicy"); - entry.value <<= ac_policy; - context_values.push_back( entry ); - } - else if (bootstrap.getFrom( OUSTR("UNO_AC_POLICYFILE"), ac_policy )) - { - // check for file policy - // - file policy prop: file-name - if (0 != ac_policy.compareToAscii( - RTL_CONSTASCII_STRINGPARAM("file:///") )) - { - // no file url - OUString baseDir; - if ( ::osl_getProcessWorkingDir( &baseDir.pData ) - != osl_Process_E_None ) - { - OSL_ASSERT( false ); - } - OUString fileURL; - if ( ::osl_getAbsoluteFileURL( - baseDir.pData, ac_policy.pData, &fileURL.pData ) - != osl_File_E_None ) - { - OSL_ASSERT( false ); - } - ac_policy = fileURL; - } - - entry.bLateInitService = false; - entry.name = - OUSTR("/implementations/com.sun.star.security.comp.stoc.FilePolicy/" - "file-name"); - entry.value <<= ac_policy; - context_values.push_back( entry ); - // - policy singleton - entry.bLateInitService = true; - entry.name = OUSTR("/singletons/com.sun.star.security.thePolicy"); - entry.value <<= OUSTR("com.sun.star.security.comp.stoc.FilePolicy"); - context_values.push_back( entry ); - } // else policy singleton comes from storage - - OUString ac_mode; - if (! bootstrap.getFrom( OUSTR("UNO_AC"), ac_mode )) - { - ac_mode = OUSTR("off"); // default - } - OUString ac_user; - if (bootstrap.getFrom( OUSTR("UNO_AC_SINGLEUSER"), ac_user )) - { - // ac in single-user mode - if (!ac_user.isEmpty()) - { - // - ac prop: single-user-id - entry.bLateInitService = false; - entry.name = - OUSTR("/services/com.sun.star.security.AccessController/" - "single-user-id"); - entry.value <<= ac_user; - context_values.push_back( entry ); - if ( ac_mode != "single-user" ) - { - throw SecurityException( - OUSTR("set UNO_AC=single-user " - "if you set UNO_AC_SINGLEUSER=<user-id>!"), - Reference< XInterface >() ); - } - } - else - { - if ( ac_mode != "single-default-user" ) - { - throw SecurityException( - OUSTR("set UNO_AC=single-default-user " - "if you set UNO_AC_SINGLEUSER=<nothing>!"), - Reference< XInterface >() ); - } - } - } - - OUString ac_service; - if (! bootstrap.getFrom( OUSTR("UNO_AC_SERVICE"), ac_service )) - { - // override service name - ac_service = OUSTR("com.sun.star.security.AccessController"); // default -// ac = OUSTR("com.sun.star.security.comp.stoc.AccessController"); - } - - // - ac prop: user-cache-size - OUString ac_cache; - if (bootstrap.getFrom( OUSTR("UNO_AC_USERCACHE_SIZE"), ac_cache )) - { - // ac cache size - sal_Int32 n = ac_cache.toInt32(); - if (0 < n) - { - entry.bLateInitService = false; - entry.name = - OUSTR("/services/com.sun.star.security.AccessController/" - "user-cache-size"); - entry.value <<= n; - context_values.push_back( entry ); - } - } - // - ac prop: mode // { "off", "on", "dynamic-only", "single-user", "single-default-user" } entry.bLateInitService = false; entry.name = OUSTR("/services/com.sun.star.security.AccessController/mode"); - entry.value <<= ac_mode; + entry.value <<= OUSTR("off"); context_values.push_back( entry ); // - ac singleton entry.bLateInitService = true; entry.name = OUSTR("/singletons/com.sun.star.security.theAccessController"); - entry.value <<= ac_service; + entry.value <<= OUSTR("com.sun.star.security.AccessController"); context_values.push_back( entry ); } diff --git a/cppuhelper/source/servicefactory_detail.hxx b/cppuhelper/source/servicefactory_detail.hxx index 09c3997a2ed9..d1e8a376bcaf 100644 --- a/cppuhelper/source/servicefactory_detail.hxx +++ b/cppuhelper/source/servicefactory_detail.hxx @@ -28,13 +28,10 @@ #include "sal/types.h" namespace cppu { struct ContextEntry_Init; } -namespace rtl { class Bootstrap; } namespace cppu { -void add_access_control_entries( - std::vector< cppu::ContextEntry_Init > * values, - rtl::Bootstrap const & bootstrap) +void add_access_control_entries(std::vector< cppu::ContextEntry_Init > * values) SAL_THROW((com::sun::star::uno::Exception)); } diff --git a/stoc/source/security/access_controller.cxx b/stoc/source/security/access_controller.cxx index ae72ae89ac3c..09ffc70cfb32 100644 --- a/stoc/source/security/access_controller.cxx +++ b/stoc/source/security/access_controller.cxx @@ -472,6 +472,10 @@ AccessController::AccessController( Reference< XComponentContext > const & xComp { g_moduleCount.modCnt.acquire( &g_moduleCount.modCnt ); + // The .../mode value had originally been set in + // cppu::add_access_control_entries (cppuhelper/source/servicefactory.cxx) + // to something other than "off" depending on various UNO_AC* bootstrap + // variables that are no longer supported, so this is mostly dead code now: OUString mode; if (m_xComponentContext->getValueByName( OUSTR("/services/" SERVICE_NAME "/mode") ) >>= mode) { diff --git a/stoc/source/security/file_policy.cxx b/stoc/source/security/file_policy.cxx index 78647766a2ff..d7fa8c4899d6 100644 --- a/stoc/source/security/file_policy.cxx +++ b/stoc/source/security/file_policy.cxx @@ -438,7 +438,10 @@ PolicyReader::~PolicyReader() void FilePolicy::refresh() throw (RuntimeException) { - // read out file + // read out file (the .../file-name value had originally been set in + // cppu::add_access_control_entries (cppuhelper/source/servicefactory.cxx) + // depending on various UNO_AC* bootstrap variables that are no longer + // supported, so this is effectively dead code): OUString fileName; m_xComponentContext->getValueByName( OUSTR("/implementations/" IMPL_NAME "/file-name") ) >>= fileName; diff --git a/stoc/test/security/makefile.mk b/stoc/test/security/makefile.mk deleted file mode 100644 index c71f91bac5e9..000000000000 --- a/stoc/test/security/makefile.mk +++ /dev/null @@ -1,49 +0,0 @@ -# -# This file is part of the LibreOffice project. -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This file incorporates work covered by the following license notice: -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed -# with this work for additional information regarding copyright -# ownership. The ASF licenses this file to you under the Apache -# License, Version 2.0 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.apache.org/licenses/LICENSE-2.0 . -# -PRJ=..$/.. - -PRJNAME=stoc -TARGET=test_security -TARGETTYPE=CUI -LIBTARGET=NO -ENABLE_EXCEPTIONS=TRUE - -# --- Settings ----------------------------------------------------- - -.INCLUDE : settings.mk - -# --- Application 1 ------------------------------------------------ -APP1TARGET= $(TARGET) -APP1OBJS= $(OBJ)$/test_security.obj - -APP1STDLIBS= \ - $(CPPULIB) \ - $(CPPUHELPERLIB) \ - $(SALHELPERLIB) \ - $(SALLIB) - -.IF "$(OS)"=="WNT" -APP1STDLIBS+= -# $(LIBCIMT) $(LIBCMT) -.ENDIF - - -# --- Target ------------------------------------------------ - -.INCLUDE : target.mk - diff --git a/stoc/test/security/test_security.cxx b/stoc/test/security/test_security.cxx deleted file mode 100644 index a094b21e2402..000000000000 --- a/stoc/test/security/test_security.cxx +++ /dev/null @@ -1,515 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * This file is part of the LibreOffice project. - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * This file incorporates work covered by the following license notice: - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed - * with this work for additional information regarding copyright - * ownership. The ASF licenses this file to you under the Apache - * License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.apache.org/licenses/LICENSE-2.0 . - */ - - -#include <stdio.h> - -#include <sal/main.h> -#include <osl/diagnose.h> -#include <osl/socket.hxx> -#include <rtl/string.hxx> -#include <rtl/ustrbuf.hxx> -#include <uno/current_context.hxx> - -#include <cppuhelper/implbase1.hxx> -#include <cppuhelper/bootstrap.hxx> -#include <cppuhelper/access_control.hxx> - -#include <com/sun/star/lang/XComponent.hpp> -#include <com/sun/star/uno/XCurrentContext.hpp> - -#include <com/sun/star/io/FilePermission.hpp> - -#define USER_CREDS "access-control.user-credentials" -#define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) - - -using namespace ::osl; -using namespace ::rtl; -using namespace ::cppu; -using namespace ::com::sun::star; -using namespace ::com::sun::star::uno; - -//-------------------------------------------------------------------------------------------------- -static OUString localhost( OUString const & addition ) SAL_THROW(()) -{ - static OUString ip; - if (! ip.getLength()) - { - // dns lookup - SocketAddr addr; - SocketAddr::resolveHostname( OUSTR("localhost"), addr ); - ::oslSocketResult rc = ::osl_getDottedInetAddrOfSocketAddr( addr.getHandle(), &ip.pData ); - if (::osl_Socket_Ok != rc) - fprintf(stdout, "### cannot resolve localhost!" ); - } - OUStringBuffer buf( 48 ); - buf.append( ip ); - buf.append( addition ); - return buf.makeStringAndClear(); -} - -//-------------------------------------------------------------------------------------------------- -static inline void dispose( Reference< XInterface > const & x ) - SAL_THROW( (RuntimeException) ) -{ - Reference< lang::XComponent > xComp( x, UNO_QUERY ); - if (xComp.is()) - { - xComp->dispose(); - } -} -//================================================================================================== -class user_CurrentContext - : public ImplHelper1< XCurrentContext > -{ - oslInterlockedCount m_refcount; - - Reference< XCurrentContext > m_xDelegate; - Any m_userId; - -public: - inline user_CurrentContext( - Reference< XCurrentContext > const & xDelegate, - OUString const & userId ) - SAL_THROW(()) - : m_refcount( 0 ) - , m_xDelegate( xDelegate ) - , m_userId( makeAny( userId ) ) - {} - - // XInterface impl - virtual void SAL_CALL acquire() - throw (); - virtual void SAL_CALL release() - throw (); - - // XCurrentContext impl - virtual Any SAL_CALL getValueByName( OUString const & name ) - throw (RuntimeException); -}; -//__________________________________________________________________________________________________ -void user_CurrentContext::acquire() - throw () -{ - ::osl_atomic_increment( &m_refcount ); -} -//__________________________________________________________________________________________________ -void user_CurrentContext::release() - throw () -{ - if (! ::osl_atomic_decrement( &m_refcount )) - { - delete this; - } -} -//__________________________________________________________________________________________________ -Any user_CurrentContext::getValueByName( OUString const & name ) - throw (RuntimeException) -{ - if ( name == USER_CREDS ".id" ) - { - return m_userId; - } - else if (m_xDelegate.is()) - { - return m_xDelegate->getValueByName( name ); - } - else - { - return Any(); - } -} - -// prepends line number -#define CHECK( check, negative_test ) \ -{ \ - try \ - { \ - if (negative_test) \ - { \ - bool thrown = true; \ - try \ - { \ - check; \ - thrown = false; \ - } \ - catch (RuntimeException &) \ - { \ - } \ - if (! thrown) \ - { \ - throw RuntimeException( \ - OUSTR("expected RuntimeException upon check!"), Reference< XInterface >() ); \ - } \ - } \ - else \ - { \ - check; \ - } \ - } \ - catch (const RuntimeException & exc) \ - { \ - OUStringBuffer buf( 64 ); \ - buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("[line ") ); \ - buf.append( (sal_Int32)__LINE__ ); \ - buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("] ") ); \ - buf.append( exc.Message ); \ - throw RuntimeException( buf.makeStringAndClear(), Reference< XInterface >() ); \ - } \ -} - -/* -grant -{ -permission com.sun.star.io.FilePermission "file:///usr/bin/ *", "read"; -permission com.sun.star.io.FilePermission "file:///tmp/-", "read,write"; -permission com.sun.star.io.FilePermission "file:///etc/profile", "read"; - -permission com.sun.star.security.RuntimePermission "DEF"; - -permission com.sun.star.connection.SocketPermission "127.0.0.1:-1023", "resolve, connect, listen"; -permission com.sun.star.connection.SocketPermission "localhost:1024-", "accept, connect, listen, resolve,"; -permission com.sun.star.connection.SocketPermission "*.sun.com:1024-", "resolve"; -}; -*/ -static void check_defaults_pos( AccessControl & ac, bool invert = false ) -{ - // positive tests - CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("read") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///tmp/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///tmp/path/path/bla"), OUSTR("write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile"), OUSTR("read") ), invert ); - CHECK( ac.checkRuntimePermission( OUSTR("DEF") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("localhost:1024"), OUSTR("connect") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("localhost:65535"), OUSTR("resolve") ), invert ); - CHECK( ac.checkSocketPermission( localhost(OUSTR(":2048")), OUSTR("accept,listen") ), invert ); - CHECK( ac.checkSocketPermission( localhost(OUSTR(":1024-")), OUSTR("accept,connect,listen,resolve") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("localhost:-1023"), OUSTR("resolve,listen,connect") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("jl-1036.germany.sun.com:1024-"), OUSTR("resolve") ), invert ); -} -static void check_defaults_neg( AccessControl & ac, bool invert = false ) -{ - // negative tests - CHECK( ac.checkFilePermission( OUSTR("file:///usr/tmp"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("write") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("execute") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///tmp"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///tmp/"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///tm"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile"), OUSTR("write") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///etc/blabla"), OUSTR("read,write,execute") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/root"), OUSTR("read,write,execute") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("read,write,execute") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("delete") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUString() ), !invert ); - CHECK( ac.checkRuntimePermission( OUSTR("ROOT") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("localhost:1023"), OUSTR("accept") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("localhost:123-"), OUSTR("accept") ), !invert ); - CHECK( ac.checkSocketPermission( localhost(OUSTR(":-1023")), OUSTR("accept") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("localhost:-1023"), OUSTR("accept,resolve") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("sun.com:1024-"), OUSTR("resolve") ), !invert ); -} - -/* -grant user "dbo" -{ -permission com.sun.star.io.FilePermission "file:///home/dbo/-", "read,write"; -permission com.sun.star.io.FilePermission "-", "read,write"; -permission com.sun.star.io.FilePermission "file:///usr/local/dbo/ *", "read"; - -permission com.sun.star.security.RuntimePermission "DBO"; - -permission com.sun.star.connection.SocketPermission "dbo-1:1024-", "listen"; -permission com.sun.star.connection.SocketPermission "dbo-11081:-1023", "resolve"; -permission com.sun.star.connection.SocketPermission "dbo-11081:18", "listen"; -permission com.sun.star.connection.SocketPermission "dbo-11081:20-24", "listen"; -permission com.sun.star.connection.SocketPermission "dbo-11081", "connect"; -}; -*/ -static void check_dbo_pos( AccessControl & ac, bool invert = false ) -{ - check_defaults_pos( ac, invert ); - // positive tests - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/*"), OUSTR("read") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/bla"), OUSTR("read") ), invert ); - CHECK( ac.checkRuntimePermission( OUSTR("DBO") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-1:1024-"), OUSTR("listen") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-1:2048-3122"), OUSTR("listen") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-1:2048-"), OUSTR("listen") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:-1023"), OUSTR("resolve") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:20-1023"), OUSTR("resolve") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:18"), OUSTR("listen") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:20-24"), OUSTR("listen") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:22"), OUSTR("listen") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081"), OUSTR("connect") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:22"), OUSTR("connect") ), invert ); -} -static void check_dbo_neg( AccessControl & ac, bool invert = false ) -{ - check_defaults_neg( ac, invert ); - // negative tests - CHECK( ac.checkFilePermission( OUSTR("file:///home/-"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("write") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read,write") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read,execute") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/-"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkRuntimePermission( OUSTR("JBU") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081"), OUSTR("listen") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:22"), OUSTR("accept") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("jbu-11096:22"), OUSTR("resolve") ), !invert ); -} - -/* -grant user "jbu" -{ -permission com.sun.star.io.FilePermission "file:///home/jbu/-", "read,write"; -permission com.sun.star.io.FilePermission "*", "read,write"; - -permission com.sun.star.security.RuntimePermission "JBU"; - -permission com.sun.star.connection.SocketPermission "jbu-11096","resolve"; -}; -*/ -static void check_jbu_pos( AccessControl & ac, bool invert = false ) -{ - check_defaults_pos( ac, invert ); - // positive tests - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/path/bla"), OUSTR("read,write") ), invert ); - CHECK( ac.checkRuntimePermission( OUSTR("JBU") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("jbu-11096"), OUSTR("resolve") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("jbu-11096:20-24"), OUSTR("resolve") ), invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081.germany.sun.com:2048"), OUSTR("resolve") ), invert ); -} -static void check_jbu_neg( AccessControl & ac, bool invert = false ) -{ - check_defaults_neg( ac, invert ); - // negative tests - CHECK( ac.checkFilePermission( OUSTR("file:///home/-"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("write") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/-"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/path/bla"), OUSTR("read") ), !invert ); - CHECK( ac.checkRuntimePermission( OUSTR("DBO") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("jbu-11096:20-24"), OUSTR("accept") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081"), OUSTR("connect") ), !invert ); - CHECK( ac.checkSocketPermission( OUSTR("dbo-11081.germany.sun.com"), OUSTR("connect") ), !invert ); -} - -/* -grant principal "root" -{ -permission com.sun.star.security.AllPermission; -}; -*/ -//================================================================================================== -static void check_root_pos( AccessControl & ac, bool invert = false ) -{ - check_defaults_pos( ac, invert ); - check_defaults_neg( ac, !invert ); - check_dbo_pos( ac, invert ); - check_dbo_neg( ac, !invert ); - check_jbu_pos( ac, invert ); - check_jbu_neg( ac, !invert ); - // some more root positive - CHECK( ac.checkFilePermission( OUSTR("file:///etc/blabla"), OUSTR("read,write,execute") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///home/root"), OUSTR("read,write,execute") ), invert ); - CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("read,write,execute") ), invert ); - CHECK( ac.checkRuntimePermission( OUSTR("ROOT") ), invert ); -} - -//================================================================================================== -class acc_Restr - : public WeakImplHelper1< security::XAccessControlContext > -{ - Any m_perm; - -public: - inline acc_Restr( Any const & perm = Any() ) SAL_THROW(()) - : m_perm( perm ) - {} - - // XAccessControlContext impl - virtual void SAL_CALL checkPermission( Any const & perm ) - throw (RuntimeException); -}; -//__________________________________________________________________________________________________ -void acc_Restr::checkPermission( Any const & perm ) - throw (RuntimeException) -{ - if (perm != m_perm) - { - throw security::AccessControlException( - OUSTR("dyn violation!"), Reference< XInterface >(), perm ); - } -} - -typedef void (* t_action)( AccessControl &, Any const & arg ); - -//================================================================================================== -class Action - : public WeakImplHelper1< security::XAction > -{ - t_action m_action; - AccessControl & m_ac; - Any m_arg; - -public: - inline Action( t_action action, AccessControl & ac, Any const & arg = Any() ) SAL_THROW(()) - : m_action( action ) - , m_ac( ac ) - , m_arg( arg ) - {} - - // XAction impl - virtual Any SAL_CALL run() - throw (Exception); -}; -//__________________________________________________________________________________________________ -Any Action::run() - throw (Exception) -{ - (*m_action)( m_ac, m_arg ); - return Any(); -} - -//================================================================================================== -// static void restr_file_permissions( AccessControl & ac ) -// { -// // running in dbo's domain -// /* permission com.sun.star.io.FilePermission "file:///home/dbo/-", ",,read , write "; */ -// CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write,execute") ), true ); -// CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), false ); -// } -//================================================================================================== -static void all_dbo_permissions( AccessControl & ac, Any const & ) -{ - check_dbo_pos( ac ); - check_dbo_neg( ac ); -} -//================================================================================================== -static void no_permissions( AccessControl & ac, Any const & arg ) -{ - check_dbo_pos( ac, true ); - check_dbo_neg( ac ); - // set privs to old dbo restr - Reference< security::XAccessControlContext > xContext; - OSL_VERIFY( arg >>= xContext ); - ac->doPrivileged( - new Action( all_dbo_permissions, ac ), - xContext ); -} -//================================================================================================== -static void check_dbo_dynamic( AccessControl & ac ) -{ - Any arg( makeAny( ac->getContext() ) ); - ac->doRestricted( - new Action( no_permissions, ac, arg ), - new acc_Restr() ); -} - -SAL_IMPLEMENT_MAIN() -{ - try - { - // single-user test - Reference< XComponentContext > xContext( defaultBootstrap_InitialComponentContext( - OUSTR("../../test/security/test_security_singleuser.ini") ) ); - { - ::fprintf( stderr, "[security test] single-user checking dbo..." ); - AccessControl ac( xContext ); - check_dbo_pos( ac ); - check_dbo_neg( ac ); - check_dbo_dynamic( ac ); - ::fprintf( stderr, "dbo checked.\n" ); - } - - // multi-user test - dispose( xContext ); - xContext = defaultBootstrap_InitialComponentContext( - OUSTR("../../test/security/test_security.ini") ); // UNO_AC=on - AccessControl ac( xContext ); - - { - // set up dbo current context - ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("dbo") ) ); - ::fprintf( stderr, "[security test] multi-user checking dbo..." ); - check_dbo_pos( ac ); - check_dbo_neg( ac ); - check_dbo_dynamic( ac ); - ::fprintf( stderr, "dbo checked.\n" ); - } - { - // set up jbu current context - ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("jbu") ) ); - ::fprintf( stderr, "[security test] multi-user checking jbu..." ); - check_jbu_pos( ac ); - check_jbu_neg( ac ); - ::fprintf( stderr, "jbu checked.\n" ); - } - { - // set up root current context - ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("root") ) ); - ::fprintf( stderr, "[security test] multi-user checking root..." ); - check_root_pos( ac ); - ::fprintf( stderr, "root checked.\n" ); - } - { - // set up unknown guest user current context => default permissions - ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("guest") ) ); - ::fprintf( stderr, "[security test] multi-user checking guest..." ); - check_defaults_pos( ac ); - check_defaults_neg( ac ); - ::fprintf( stderr, "guest checked.\n" ); - } - - dispose( xContext ); - ::fprintf( stderr, "security test succeeded.\n" ); - return 0; - } - catch (const Exception & exc) - { - OString str( OUStringToOString( exc.Message, RTL_TEXTENCODING_ASCII_US ) ); - ::fprintf( stderr, "[security test] error: %s!\n", str.getStr() ); - return 1; - } -} - -/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/stoc/test/security/test_security.ini b/stoc/test/security/test_security.ini deleted file mode 100644 index 037ff00c780e..000000000000 --- a/stoc/test/security/test_security.ini +++ /dev/null @@ -1,24 +0,0 @@ -# -# This file is part of the LibreOffice project. -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This file incorporates work covered by the following license notice: -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed -# with this work for additional information regarding copyright -# ownership. The ASF licenses this file to you under the Apache -# License, Version 2.0 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.apache.org/licenses/LICENSE-2.0 . -# - -UNO_TYPES=stoctest.rdb -UNO_SERVICES=stoctest.rdb -UNO_WRITERDB=stoctest.rdb -UNO_AC=on -UNO_AC_POLICYFILE=../../test/security/test_security.policy -UNO_AC_USERCACHE_SIZE=2 diff --git a/stoc/test/security/test_security.policy b/stoc/test/security/test_security.policy deleted file mode 100644 index 93c2571f7122..000000000000 --- a/stoc/test/security/test_security.policy +++ /dev/null @@ -1,37 +0,0 @@ -/** dbo - permissions -*/ -grant user "dbo"{ - permission com.sun.star.io.FilePermission "file:///home/dbo/-", ",,read , write "; - permission com.sun.star.io.FilePermission "-", "read ,write"; - permission com.sun.star.connection.SocketPermission "dbo-1:1024-", "listen"; - permission com.sun.star.security.RuntimePermission "DBO"; - permission com.sun.star.connection.SocketPermission "dbo-11081:-1023", "resolve"; - permission com.sun.star.connection.SocketPermission "dbo-11081:18", "listen"; - permission com.sun.star.connection.SocketPermission "dbo-11081:20-24", "listen"; - permission com.sun.star.connection.SocketPermission "dbo-11081", "connect"; - permission com.sun.star.io.FilePermission "file:///usr/local/dbo/*" , "read ";}; -grant user "jbu" { -permission com.sun.star.security.RuntimePermission "JBU"; -permission com.sun.star.io.FilePermission "file:///home/jbu/-" ,"read,write,"; -/*jbu resolve*/permission com.sun.star.connection.SocketPermission "jbu-11096","resolve"; - permission com.sun.star.io.FilePermission "*",",read,write";}; grant user "root"{permission com.sun.star.security.AllPermission;}; - -// granted to anyone - grant -{ - // read out this file - permission com.sun.star.io.FilePermission "../../test/security/test_security.policy", - "read"; - - permission com.sun.star.security.RuntimePermission "DEF"; - permission com.sun.star.io.FilePermission "file:///usr/bin/*", "read"; - permission com.sun.star.io.FilePermission "file:///usr/bin/*", "read"; - permission com.sun.star.io.FilePermission "file:///tmp/-", "read, write"; - permission com.sun.star.io.FilePermission "file:///etc/profile", "read,,"; - permission com.sun.star.connection.SocketPermission "127.0.0.1:-1023", "resolve, connect, listen"; - permission com.sun.star.connection.SocketPermission "localhost:1024-", "accept, connect, listen, resolve,"; - permission com.sun.star.connection.SocketPermission "*.sun.com:1024-", "resolve"; - } ; - -# eof
\ No newline at end of file diff --git a/stoc/test/security/test_security_singleuser.ini b/stoc/test/security/test_security_singleuser.ini deleted file mode 100644 index 018b5985d544..000000000000 --- a/stoc/test/security/test_security_singleuser.ini +++ /dev/null @@ -1,24 +0,0 @@ -# -# This file is part of the LibreOffice project. -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This file incorporates work covered by the following license notice: -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed -# with this work for additional information regarding copyright -# ownership. The ASF licenses this file to you under the Apache -# License, Version 2.0 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.apache.org/licenses/LICENSE-2.0 . -# - -UNO_TYPES=stoctest.rdb -UNO_SERVICES=stoctest.rdb -UNO_WRITERDB=stoctest.rdb -UNO_AC=single-user -UNO_AC_SINGLEUSER=dbo -UNO_AC_POLICYFILE=../../test/security/test_security.policy |