colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

keyfile: readd owner check of files (bgo #701112)

Browse Source 
Commit 5dc4be54e6 dropped the
owner check for keyfiles to allow running `make check` as root.
Re-add it, but disable the check for tests.

https://bugzilla.gnome.org/show_bug.cgi?id=701112
This commit is contained in:
Thomas Haller
2015-01-14 13:04:54 +01:00
parent b9d8dc050a
commit d4dd9ba3cf
3 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/NetworkManagerUtils.h
View File

@@ -198,6 +198,9 @@ typedef enum {
/* Indicate that test mode is enabled in general. Explicitly calling _nm_utils_set_testing() will always set this flag. */ /* Indicate that test mode is enabled in general. Explicitly calling _nm_utils_set_testing() will always set this flag. */
_NM_UTILS_TEST_GENERAL = (1LL << 1), _NM_UTILS_TEST_GENERAL = (1LL << 1),
/* Don't check the owner of keyfiles during testing. */
NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK = (1LL << 2),
_NM_UTILS_TEST_LAST, _NM_UTILS_TEST_LAST,
NM_UTILS_TEST_ALL = (((_NM_UTILS_TEST_LAST - 1) << 1) - 1) & ~(_NM_UTILS_TEST_INITIALIZED), NM_UTILS_TEST_ALL = (((_NM_UTILS_TEST_LAST - 1) << 1) - 1) & ~(_NM_UTILS_TEST_INITIALIZED),
} NMUtilsTestFlags; } NMUtilsTestFlags;

15
src/settings/plugins/keyfile/reader.c
View File

@@ -27,6 +27,7 @@
#include "nm-logging.h" #include "nm-logging.h"
#include "nm-keyfile-internal.h" #include "nm-keyfile-internal.h"
#include "NetworkManagerUtils.h"
static const char * static const char *
_fmt_warn (const char *group, NMSetting *setting, const char *property_name, const char *message, char **out_message) _fmt_warn (const char *group, NMSetting *setting, const char *property_name, const char *message, char **out_message)
@@ -90,7 +91,6 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error)
{ {
GKeyFile *key_file; GKeyFile *key_file;
struct stat statbuf; struct stat statbuf;
gboolean bad_permissions;
NMConnection *connection = NULL; NMConnection *connection = NULL;
GError *verify_error = NULL; GError *verify_error = NULL;
@@ -100,15 +100,22 @@ nm_keyfile_plugin_connection_from_file (const char *filename, GError **error)
return NULL; return NULL;
} }
bad_permissions = statbuf.st_mode & 0077; if (statbuf.st_mode & 0077) {
if (bad_permissions) {
g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
"File permissions (%o) were insecure", "File permissions (%o) were insecure",
statbuf.st_mode); statbuf.st_mode);
return NULL; return NULL;
} }
if (!NM_FLAGS_HAS (nm_utils_get_testing (), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) {
if (statbuf.st_uid != 0) {
g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
"File owner (%o) is insecure",
statbuf.st_mode);
return NULL;
}
}
key_file = g_key_file_new (); key_file = g_key_file_new ();
if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error)) if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error))
goto out; goto out;

1
src/settings/plugins/keyfile/tests/test-keyfile.c
View File

@@ -3632,6 +3632,7 @@ NMTST_DEFINE ();
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
_nm_utils_set_testing (NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK);
nmtst_init_assert_logging (&argc, &argv, "INFO", "DEFAULT"); nmtst_init_assert_logging (&argc, &argv, "INFO", "DEFAULT");
/* The tests */ /* The tests */