Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(95)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: session_manager_unittest.cc

Issue 3493012: Security patches: RestartJob ignores pid, argv[0]; kill runs as child UID (Closed) Base URL: http://git.chromium.org/git/login_manager.git
Patch Set: added comments, using -1 as suid in setresuid() calls Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « session_manager_service.cc ('k') | system_utils.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "login_manager/session_manager_service.h" 5 #include "login_manager/session_manager_service.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <gtest/gtest.h> 8 #include <gtest/gtest.h>
9 #include <signal.h> 9 #include <signal.h>
10 #include <unistd.h> 10 #include <unistd.h>
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 static char kFakeEmail[]; 100 static char kFakeEmail[];
101 static char kPropName[]; 101 static char kPropName[];
102 static char kPropValue[]; 102 static char kPropValue[];
103 103
104 // Creates the manager with the jobs. Mocks the file checker. 104 // Creates the manager with the jobs. Mocks the file checker.
105 // The second job can be NULL. 105 // The second job can be NULL.
106 void InitManager(MockChildJob* job1, MockChildJob* job2) { 106 void InitManager(MockChildJob* job1, MockChildJob* job2) {
107 std::vector<ChildJobInterface*> jobs; 107 std::vector<ChildJobInterface*> jobs;
108 EXPECT_CALL(*job1, GetName()) 108 EXPECT_CALL(*job1, GetName())
109 .WillRepeatedly(Return(std::string("job1"))); 109 .WillRepeatedly(Return(std::string("job1")));
110 EXPECT_CALL(*job1, IsDesiredUidSet())
111 .WillRepeatedly(Return(false));
110 jobs.push_back(job1); 112 jobs.push_back(job1);
111 if (job2) { 113 if (job2) {
112 EXPECT_CALL(*job2, GetName()) 114 EXPECT_CALL(*job2, GetName())
113 .WillRepeatedly(Return(std::string("job2"))); 115 .WillRepeatedly(Return(std::string("job2")));
116 EXPECT_CALL(*job2, IsDesiredUidSet())
117 .WillRepeatedly(Return(false));
114 jobs.push_back(job2); 118 jobs.push_back(job2);
115 } 119 }
116 manager_ = new SessionManagerService(jobs); 120 manager_ = new SessionManagerService(jobs);
117 manager_->set_file_checker(file_checker_); 121 manager_->set_file_checker(file_checker_);
118 manager_->test_api().set_exit_on_child_done(true); 122 manager_->test_api().set_exit_on_child_done(true);
119 manager_->test_api().set_prefstore(store_); 123 manager_->test_api().set_prefstore(store_);
120 } 124 }
121 125
122 void MockUtils() { 126 void MockUtils() {
123 manager_->test_api().set_systemutils(utils_.release()); 127 manager_->test_api().set_systemutils(utils_.release());
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after
349 353
350 SimpleRunManager(); 354 SimpleRunManager();
351 } 355 }
352 356
353 static const pid_t kDummyPid = 4; 357 static const pid_t kDummyPid = 4;
354 TEST_F(SessionManagerTest, SessionNotStartedCleanupTest) { 358 TEST_F(SessionManagerTest, SessionNotStartedCleanupTest) {
355 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER); 359 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER);
356 manager_->test_api().set_child_pid(0, kDummyPid); 360 manager_->test_api().set_child_pid(0, kDummyPid);
357 361
358 int timeout = 3; 362 int timeout = 3;
359 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, SIGKILL)) 363 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, getuid(), SIGKILL))
360 .WillOnce(Return(0)); 364 .WillOnce(Return(0));
361 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout)) 365 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout))
362 .WillOnce(Return(true)); 366 .WillOnce(Return(true));
363 MockUtils(); 367 MockUtils();
364 368
365 manager_->test_api().CleanupChildren(timeout); 369 manager_->test_api().CleanupChildren(timeout);
366 } 370 }
367 371
368 TEST_F(SessionManagerTest, SessionNotStartedSlowKillCleanupTest) { 372 TEST_F(SessionManagerTest, SessionNotStartedSlowKillCleanupTest) {
369 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER); 373 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER);
370 manager_->test_api().set_child_pid(0, kDummyPid); 374 manager_->test_api().set_child_pid(0, kDummyPid);
371 375
372 int timeout = 3; 376 int timeout = 3;
373 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, SIGKILL)) 377 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, getuid(), SIGKILL))
374 .WillOnce(Return(0)); 378 .WillOnce(Return(0));
375 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout)) 379 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout))
376 .WillOnce(Return(false)); 380 .WillOnce(Return(false));
377 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, SIGABRT)) 381 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, getuid(), SIGABRT))
378 .WillOnce(Return(0)); 382 .WillOnce(Return(0));
379 MockUtils(); 383 MockUtils();
380 384
381 manager_->test_api().CleanupChildren(timeout); 385 manager_->test_api().CleanupChildren(timeout);
382 } 386 }
383 387
384 TEST_F(SessionManagerTest, SessionStartedCleanupTest) { 388 TEST_F(SessionManagerTest, SessionStartedCleanupTest) {
385 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER); 389 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER);
386 manager_->test_api().set_child_pid(0, kDummyPid); 390 manager_->test_api().set_child_pid(0, kDummyPid);
387 391
388 gboolean out; 392 gboolean out;
389 gchar email[] = "user@somewhere"; 393 gchar email[] = "user@somewhere";
390 gchar nothing[] = ""; 394 gchar nothing[] = "";
391 int timeout = 3; 395 int timeout = 3;
392 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, SIGTERM)) 396 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, getuid(), SIGTERM))
393 .WillOnce(Return(0)); 397 .WillOnce(Return(0));
394 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout)) 398 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout))
395 .WillOnce(Return(true)); 399 .WillOnce(Return(true));
396 MockUtils(); 400 MockUtils();
397 401
398 std::string email_string(email); 402 std::string email_string(email);
399 EXPECT_CALL(*job, StartSession(email_string)) 403 EXPECT_CALL(*job, StartSession(email_string))
400 .Times(1); 404 .Times(1);
401 405
402 manager_->StartSession(email, nothing, &out, NULL); 406 manager_->StartSession(email, nothing, &out, NULL);
403 manager_->test_api().CleanupChildren(timeout); 407 manager_->test_api().CleanupChildren(timeout);
404 } 408 }
405 409
406 TEST_F(SessionManagerTest, SessionStartedSlowKillCleanupTest) { 410 TEST_F(SessionManagerTest, SessionStartedSlowKillCleanupTest) {
407 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER); 411 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER);
408 SessionManagerService::TestApi test_api = manager_->test_api(); 412 SessionManagerService::TestApi test_api = manager_->test_api();
409 test_api.set_child_pid(0, kDummyPid); 413 test_api.set_child_pid(0, kDummyPid);
410 414
411 int timeout = 3; 415 int timeout = 3;
412 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, SIGTERM)) 416 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, getuid(), SIGTERM))
413 .WillOnce(Return(0)); 417 .WillOnce(Return(0));
414 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout)) 418 EXPECT_CALL(*(utils_.get()), ChildIsGone(kDummyPid, timeout))
415 .WillOnce(Return(false)); 419 .WillOnce(Return(false));
416 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, SIGABRT)) 420 EXPECT_CALL(*(utils_.get()), kill(kDummyPid, getuid(), SIGABRT))
417 .WillOnce(Return(0)); 421 .WillOnce(Return(0));
418 MockUtils(); 422 MockUtils();
419 423
420 gboolean out; 424 gboolean out;
421 gchar email[] = "user@somewhere"; 425 gchar email[] = "user@somewhere";
422 gchar nothing[] = ""; 426 gchar nothing[] = "";
423 427
424 std::string email_string(email); 428 std::string email_string(email);
425 EXPECT_CALL(*job, StartSession(email_string)) 429 EXPECT_CALL(*job, StartSession(email_string))
426 .Times(1); 430 .Times(1);
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after
968 GError* error = NULL; 972 GError* error = NULL;
969 EXPECT_EQ(FALSE, manager_->RestartJob(pid, arguments, &out, &error)); 973 EXPECT_EQ(FALSE, manager_->RestartJob(pid, arguments, &out, &error));
970 EXPECT_EQ(CHROMEOS_LOGIN_ERROR_UNKNOWN_PID, error->code); 974 EXPECT_EQ(CHROMEOS_LOGIN_ERROR_UNKNOWN_PID, error->code);
971 EXPECT_EQ(FALSE, out); 975 EXPECT_EQ(FALSE, out);
972 } 976 }
973 977
974 TEST_F(SessionManagerTest, RestartJob) { 978 TEST_F(SessionManagerTest, RestartJob) {
975 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER); 979 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER);
976 SessionManagerService::TestApi test_api = manager_->test_api(); 980 SessionManagerService::TestApi test_api = manager_->test_api();
977 test_api.set_child_pid(0, kDummyPid); 981 test_api.set_child_pid(0, kDummyPid);
978 EXPECT_CALL(*(utils_.get()), kill(-kDummyPid, SIGKILL)) 982 EXPECT_CALL(*(utils_.get()), kill(-kDummyPid, getuid(), SIGKILL))
979 .WillOnce(Return(0)); 983 .WillOnce(Return(0));
980 MockUtils(); 984 MockUtils();
981 985
986 EXPECT_CALL(*job, GetName())
987 .WillRepeatedly(Return(std::string("chrome")));
982 EXPECT_CALL(*job, SetArguments("dummy")) 988 EXPECT_CALL(*job, SetArguments("dummy"))
983 .Times(1); 989 .Times(1);
984 EXPECT_CALL(*job, RecordTime()) 990 EXPECT_CALL(*job, RecordTime())
985 .Times(1); 991 .Times(1);
986 std::string email_string(""); 992 std::string email_string("");
987 EXPECT_CALL(*job, StartSession(email_string)) 993 EXPECT_CALL(*job, StartSession(email_string))
988 .Times(1); 994 .Times(1);
989 ON_CALL(*job, Run()) 995 ON_CALL(*job, Run())
990 .WillByDefault(Invoke(CleanExit)); 996 .WillByDefault(Invoke(CleanExit));
991 997
992 gboolean out; 998 gboolean out;
993 gint pid = kDummyPid; 999 gint pid = kDummyPid;
994 gchar arguments[] = "dummy"; 1000 gchar arguments[] = "dummy";
995 GError* error = NULL; 1001 GError* error = NULL;
996 EXPECT_EQ(TRUE, manager_->RestartJob(pid, arguments, &out, &error)); 1002 EXPECT_EQ(TRUE, manager_->RestartJob(pid, arguments, &out, &error));
997 EXPECT_EQ(TRUE, out); 1003 EXPECT_EQ(TRUE, out);
998 } 1004 }
999 1005
1006 TEST_F(SessionManagerTest, RestartJobWrongPid) {
1007 MockChildJob* job = CreateTrivialMockJob(MAYBE_NEVER);
1008 SessionManagerService::TestApi test_api = manager_->test_api();
1009 test_api.set_child_pid(0, kDummyPid);
1010
1011 gboolean out;
1012 gint pid = kDummyPid;
1013 gchar arguments[] = "dummy";
1014 GError* error = NULL;
1015 EXPECT_EQ(FALSE, manager_->RestartJob(pid, arguments, &out, &error));
1016 EXPECT_EQ(FALSE, out);
1017 }
1018
1000 TEST(SessionManagerTestStatic, EmailAddressTest) { 1019 TEST(SessionManagerTestStatic, EmailAddressTest) {
1001 const char valid[] = "user@somewhere"; 1020 const char valid[] = "user@somewhere";
1002 EXPECT_TRUE(login_manager::SessionManagerService::ValidateEmail(valid)); 1021 EXPECT_TRUE(login_manager::SessionManagerService::ValidateEmail(valid));
1003 } 1022 }
1004 1023
1005 TEST(SessionManagerTestStatic, EmailAddressNonAsciiTest) { 1024 TEST(SessionManagerTestStatic, EmailAddressNonAsciiTest) {
1006 char invalid[4] = "a@m"; 1025 char invalid[4] = "a@m";
1007 invalid[2] = 254; 1026 invalid[2] = 254;
1008 EXPECT_FALSE(login_manager::SessionManagerService::ValidateEmail(invalid)); 1027 EXPECT_FALSE(login_manager::SessionManagerService::ValidateEmail(invalid));
1009 } 1028 }
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
1057 } 1076 }
1058 1077
1059 TEST(SessionManagerTestStatic, GetArgLists3_InitialDashes) { 1078 TEST(SessionManagerTestStatic, GetArgLists3_InitialDashes) {
1060 const char* c_args[] = {"--", "a", "b", "c", NULL}; 1079 const char* c_args[] = {"--", "a", "b", "c", NULL};
1061 std::vector<std::vector<std::string> > arg_lists = GetArgs(c_args); 1080 std::vector<std::vector<std::string> > arg_lists = GetArgs(c_args);
1062 EXPECT_EQ(1, arg_lists.size()); 1081 EXPECT_EQ(1, arg_lists.size());
1063 EXPECT_EQ(3, arg_lists[0].size()); 1082 EXPECT_EQ(3, arg_lists[0].size());
1064 } 1083 }
1065 1084
1066 } // namespace login_manager 1085 } // namespace login_manager
OLDNEW
« no previous file with comments | « session_manager_service.cc ('k') | system_utils.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698