1 /************************************************************** 2 * 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * 20 *************************************************************/ 21 22 23 24 // MARKER(update_precomp.py): autogen include statement, do not remove 25 #include "precompiled_stoc.hxx" 26 27 #include <stdio.h> 28 29 #include <sal/main.h> 30 #include <osl/diagnose.h> 31 #include <osl/socket.hxx> 32 #include <rtl/string.hxx> 33 #include <rtl/ustrbuf.hxx> 34 #include <uno/current_context.hxx> 35 36 #include <cppuhelper/implbase1.hxx> 37 #include <cppuhelper/bootstrap.hxx> 38 #include <cppuhelper/access_control.hxx> 39 40 #include <com/sun/star/lang/XComponent.hpp> 41 #include <com/sun/star/uno/XCurrentContext.hpp> 42 43 #include <com/sun/star/io/FilePermission.hpp> 44 45 #define USER_CREDS "access-control.user-credentials" 46 #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) 47 48 49 using namespace ::osl; 50 using namespace ::rtl; 51 using namespace ::cppu; 52 using namespace ::com::sun::star; 53 using namespace ::com::sun::star::uno; 54 55 //-------------------------------------------------------------------------------------------------- 56 static OUString localhost( OUString const & addition ) SAL_THROW( () ) 57 { 58 static OUString ip; 59 if (! ip.getLength()) 60 { 61 // dns lookup 62 SocketAddr addr; 63 SocketAddr::resolveHostname( OUSTR("localhost"), addr ); 64 ::oslSocketResult rc = ::osl_getDottedInetAddrOfSocketAddr( addr.getHandle(), &ip.pData ); 65 if (::osl_Socket_Ok != rc) 66 fprintf(stdout, "### cannot resolve localhost!" ); 67 } 68 OUStringBuffer buf( 48 ); 69 buf.append( ip ); 70 buf.append( addition ); 71 return buf.makeStringAndClear(); 72 } 73 74 //-------------------------------------------------------------------------------------------------- 75 static inline void dispose( Reference< XInterface > const & x ) 76 SAL_THROW( (RuntimeException) ) 77 { 78 Reference< lang::XComponent > xComp( x, UNO_QUERY ); 79 if (xComp.is()) 80 { 81 xComp->dispose(); 82 } 83 } 84 //================================================================================================== 85 class user_CurrentContext 86 : public ImplHelper1< XCurrentContext > 87 { 88 oslInterlockedCount m_refcount; 89 90 Reference< XCurrentContext > m_xDelegate; 91 Any m_userId; 92 93 public: 94 inline user_CurrentContext( 95 Reference< XCurrentContext > const & xDelegate, 96 OUString const & userId ) 97 SAL_THROW( () ) 98 : m_refcount( 0 ) 99 , m_xDelegate( xDelegate ) 100 , m_userId( makeAny( userId ) ) 101 {} 102 103 // XInterface impl 104 virtual void SAL_CALL acquire() 105 throw (); 106 virtual void SAL_CALL release() 107 throw (); 108 109 // XCurrentContext impl 110 virtual Any SAL_CALL getValueByName( OUString const & name ) 111 throw (RuntimeException); 112 }; 113 //__________________________________________________________________________________________________ 114 void user_CurrentContext::acquire() 115 throw () 116 { 117 ::osl_incrementInterlockedCount( &m_refcount ); 118 } 119 //__________________________________________________________________________________________________ 120 void user_CurrentContext::release() 121 throw () 122 { 123 if (! ::osl_decrementInterlockedCount( &m_refcount )) 124 { 125 delete this; 126 } 127 } 128 //__________________________________________________________________________________________________ 129 Any user_CurrentContext::getValueByName( OUString const & name ) 130 throw (RuntimeException) 131 { 132 if (name.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM(USER_CREDS ".id") )) 133 { 134 return m_userId; 135 } 136 else if (m_xDelegate.is()) 137 { 138 return m_xDelegate->getValueByName( name ); 139 } 140 else 141 { 142 return Any(); 143 } 144 } 145 146 // prepends line number 147 #define CHECK( check, negative_test ) \ 148 { \ 149 try \ 150 { \ 151 if (negative_test) \ 152 { \ 153 bool thrown = true; \ 154 try \ 155 { \ 156 check; \ 157 thrown = false; \ 158 } \ 159 catch (RuntimeException &) \ 160 { \ 161 } \ 162 if (! thrown) \ 163 { \ 164 throw RuntimeException( \ 165 OUSTR("expected RuntimeException upon check!"), Reference< XInterface >() ); \ 166 } \ 167 } \ 168 else \ 169 { \ 170 check; \ 171 } \ 172 } \ 173 catch (RuntimeException & exc) \ 174 { \ 175 OUStringBuffer buf( 64 ); \ 176 buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("[line ") ); \ 177 buf.append( (sal_Int32)__LINE__ ); \ 178 buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("] ") ); \ 179 buf.append( exc.Message ); \ 180 throw RuntimeException( buf.makeStringAndClear(), Reference< XInterface >() ); \ 181 } \ 182 } 183 184 /* 185 grant 186 { 187 permission com.sun.star.io.FilePermission "file:///usr/bin/ *", "read"; 188 permission com.sun.star.io.FilePermission "file:///tmp/-", "read,write"; 189 permission com.sun.star.io.FilePermission "file:///etc/profile", "read"; 190 191 permission com.sun.star.security.RuntimePermission "DEF"; 192 193 permission com.sun.star.connection.SocketPermission "127.0.0.1:-1023", "resolve, connect, listen"; 194 permission com.sun.star.connection.SocketPermission "localhost:1024-", "accept, connect, listen, resolve,"; 195 permission com.sun.star.connection.SocketPermission "*.sun.com:1024-", "resolve"; 196 }; 197 */ 198 static void check_defaults_pos( AccessControl & ac, bool invert = false ) 199 { 200 // positive tests 201 CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("read") ), invert ); 202 CHECK( ac.checkFilePermission( OUSTR("file:///tmp/bla"), OUSTR("read,write") ), invert ); 203 CHECK( ac.checkFilePermission( OUSTR("file:///tmp/path/path/bla"), OUSTR("write") ), invert ); 204 CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile"), OUSTR("read") ), invert ); 205 CHECK( ac.checkRuntimePermission( OUSTR("DEF") ), invert ); 206 CHECK( ac.checkSocketPermission( OUSTR("localhost:1024"), OUSTR("connect") ), invert ); 207 CHECK( ac.checkSocketPermission( OUSTR("localhost:65535"), OUSTR("resolve") ), invert ); 208 CHECK( ac.checkSocketPermission( localhost(OUSTR(":2048")), OUSTR("accept,listen") ), invert ); 209 CHECK( ac.checkSocketPermission( localhost(OUSTR(":1024-")), OUSTR("accept,connect,listen,resolve") ), invert ); 210 CHECK( ac.checkSocketPermission( OUSTR("localhost:-1023"), OUSTR("resolve,listen,connect") ), invert ); 211 CHECK( ac.checkSocketPermission( OUSTR("jl-1036.germany.sun.com:1024-"), OUSTR("resolve") ), invert ); 212 } 213 static void check_defaults_neg( AccessControl & ac, bool invert = false ) 214 { 215 // negative tests 216 CHECK( ac.checkFilePermission( OUSTR("file:///usr/tmp"), OUSTR("read") ), !invert ); 217 CHECK( ac.checkFilePermission( OUSTR("file:///"), OUSTR("read") ), !invert ); 218 CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin"), OUSTR("read") ), !invert ); 219 CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("write") ), !invert ); 220 CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("execute") ), !invert ); 221 CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/path/bla"), OUSTR("read") ), !invert ); 222 CHECK( ac.checkFilePermission( OUSTR("file:///tmp"), OUSTR("read") ), !invert ); 223 CHECK( ac.checkFilePermission( OUSTR("file:///tmp/"), OUSTR("read") ), !invert ); 224 CHECK( ac.checkFilePermission( OUSTR("file:///tm"), OUSTR("read") ), !invert ); 225 CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile"), OUSTR("write") ), !invert ); 226 CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile/bla"), OUSTR("read") ), !invert ); 227 CHECK( ac.checkFilePermission( OUSTR("file:///etc/blabla"), OUSTR("read,write,execute") ), !invert ); 228 CHECK( ac.checkFilePermission( OUSTR("file:///home/root"), OUSTR("read,write,execute") ), !invert ); 229 CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("read,write,execute") ), !invert ); 230 CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("delete") ), !invert ); 231 CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUString() ), !invert ); 232 CHECK( ac.checkRuntimePermission( OUSTR("ROOT") ), !invert ); 233 CHECK( ac.checkSocketPermission( OUSTR("localhost:1023"), OUSTR("accept") ), !invert ); 234 CHECK( ac.checkSocketPermission( OUSTR("localhost:123-"), OUSTR("accept") ), !invert ); 235 CHECK( ac.checkSocketPermission( localhost(OUSTR(":-1023")), OUSTR("accept") ), !invert ); 236 CHECK( ac.checkSocketPermission( OUSTR("localhost:-1023"), OUSTR("accept,resolve") ), !invert ); 237 CHECK( ac.checkSocketPermission( OUSTR("sun.com:1024-"), OUSTR("resolve") ), !invert ); 238 } 239 240 /* 241 grant user "dbo" 242 { 243 permission com.sun.star.io.FilePermission "file:///home/dbo/-", "read,write"; 244 permission com.sun.star.io.FilePermission "-", "read,write"; 245 permission com.sun.star.io.FilePermission "file:///usr/local/dbo/ *", "read"; 246 247 permission com.sun.star.security.RuntimePermission "DBO"; 248 249 permission com.sun.star.connection.SocketPermission "dbo-1:1024-", "listen"; 250 permission com.sun.star.connection.SocketPermission "dbo-11081:-1023", "resolve"; 251 permission com.sun.star.connection.SocketPermission "dbo-11081:18", "listen"; 252 permission com.sun.star.connection.SocketPermission "dbo-11081:20-24", "listen"; 253 permission com.sun.star.connection.SocketPermission "dbo-11081", "connect"; 254 }; 255 */ 256 static void check_dbo_pos( AccessControl & ac, bool invert = false ) 257 { 258 check_defaults_pos( ac, invert ); 259 // positive tests 260 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read") ), invert ); 261 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("write") ), invert ); 262 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), invert ); 263 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/bla"), OUSTR("read,write") ), invert ); 264 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read,write") ), invert ); 265 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/*"), OUSTR("read") ), invert ); 266 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/bla"), OUSTR("read") ), invert ); 267 CHECK( ac.checkRuntimePermission( OUSTR("DBO") ), invert ); 268 CHECK( ac.checkSocketPermission( OUSTR("dbo-1:1024-"), OUSTR("listen") ), invert ); 269 CHECK( ac.checkSocketPermission( OUSTR("dbo-1:2048-3122"), OUSTR("listen") ), invert ); 270 CHECK( ac.checkSocketPermission( OUSTR("dbo-1:2048-"), OUSTR("listen") ), invert ); 271 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:-1023"), OUSTR("resolve") ), invert ); 272 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:20-1023"), OUSTR("resolve") ), invert ); 273 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:18"), OUSTR("listen") ), invert ); 274 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:20-24"), OUSTR("listen") ), invert ); 275 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:22"), OUSTR("listen") ), invert ); 276 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081"), OUSTR("connect") ), invert ); 277 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:22"), OUSTR("connect") ), invert ); 278 } 279 static void check_dbo_neg( AccessControl & ac, bool invert = false ) 280 { 281 check_defaults_neg( ac, invert ); 282 // negative tests 283 CHECK( ac.checkFilePermission( OUSTR("file:///home/-"), OUSTR("read") ), !invert ); 284 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read") ), !invert ); 285 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("write") ), !invert ); 286 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read,write") ), !invert ); 287 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/bla"), OUSTR("read") ), !invert ); 288 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read,execute") ), !invert ); 289 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/-"), OUSTR("read") ), !invert ); 290 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/bla"), OUSTR("read") ), !invert ); 291 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/path/bla"), OUSTR("read") ), !invert ); 292 CHECK( ac.checkRuntimePermission( OUSTR("JBU") ), !invert ); 293 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081"), OUSTR("listen") ), !invert ); 294 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081:22"), OUSTR("accept") ), !invert ); 295 CHECK( ac.checkSocketPermission( OUSTR("jbu-11096:22"), OUSTR("resolve") ), !invert ); 296 } 297 298 /* 299 grant user "jbu" 300 { 301 permission com.sun.star.io.FilePermission "file:///home/jbu/-", "read,write"; 302 permission com.sun.star.io.FilePermission "*", "read,write"; 303 304 permission com.sun.star.security.RuntimePermission "JBU"; 305 306 permission com.sun.star.connection.SocketPermission "jbu-11096","resolve"; 307 }; 308 */ 309 static void check_jbu_pos( AccessControl & ac, bool invert = false ) 310 { 311 check_defaults_pos( ac, invert ); 312 // positive tests 313 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read") ), invert ); 314 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("write") ), invert ); 315 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read,write") ), invert ); 316 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/bla"), OUSTR("read,write") ), invert ); 317 CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/path/bla"), OUSTR("read,write") ), invert ); 318 CHECK( ac.checkRuntimePermission( OUSTR("JBU") ), invert ); 319 CHECK( ac.checkSocketPermission( OUSTR("jbu-11096"), OUSTR("resolve") ), invert ); 320 CHECK( ac.checkSocketPermission( OUSTR("jbu-11096:20-24"), OUSTR("resolve") ), invert ); 321 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081.germany.sun.com:2048"), OUSTR("resolve") ), invert ); 322 } 323 static void check_jbu_neg( AccessControl & ac, bool invert = false ) 324 { 325 check_defaults_neg( ac, invert ); 326 // negative tests 327 CHECK( ac.checkFilePermission( OUSTR("file:///home/-"), OUSTR("read") ), !invert ); 328 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/bla"), OUSTR("read") ), !invert ); 329 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read") ), !invert ); 330 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read") ), !invert ); 331 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("write") ), !invert ); 332 CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), !invert ); 333 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/-"), OUSTR("read") ), !invert ); 334 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/bla"), OUSTR("read") ), !invert ); 335 CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/path/bla"), OUSTR("read") ), !invert ); 336 CHECK( ac.checkRuntimePermission( OUSTR("DBO") ), !invert ); 337 CHECK( ac.checkSocketPermission( OUSTR("jbu-11096:20-24"), OUSTR("accept") ), !invert ); 338 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081"), OUSTR("connect") ), !invert ); 339 CHECK( ac.checkSocketPermission( OUSTR("dbo-11081.germany.sun.com"), OUSTR("connect") ), !invert ); 340 } 341 342 /* 343 grant principal "root" 344 { 345 permission com.sun.star.security.AllPermission; 346 }; 347 */ 348 //================================================================================================== 349 static void check_root_pos( AccessControl & ac, bool invert = false ) 350 { 351 check_defaults_pos( ac, invert ); 352 check_defaults_neg( ac, !invert ); 353 check_dbo_pos( ac, invert ); 354 check_dbo_neg( ac, !invert ); 355 check_jbu_pos( ac, invert ); 356 check_jbu_neg( ac, !invert ); 357 // some more root positive 358 CHECK( ac.checkFilePermission( OUSTR("file:///etc/blabla"), OUSTR("read,write,execute") ), invert ); 359 CHECK( ac.checkFilePermission( OUSTR("file:///home/root"), OUSTR("read,write,execute") ), invert ); 360 CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("read,write,execute") ), invert ); 361 CHECK( ac.checkRuntimePermission( OUSTR("ROOT") ), invert ); 362 } 363 364 //================================================================================================== 365 class acc_Restr 366 : public WeakImplHelper1< security::XAccessControlContext > 367 { 368 Any m_perm; 369 370 public: 371 inline acc_Restr( Any const & perm = Any() ) SAL_THROW( () ) 372 : m_perm( perm ) 373 {} 374 375 // XAccessControlContext impl 376 virtual void SAL_CALL checkPermission( Any const & perm ) 377 throw (RuntimeException); 378 }; 379 //__________________________________________________________________________________________________ 380 void acc_Restr::checkPermission( Any const & perm ) 381 throw (RuntimeException) 382 { 383 if (perm != m_perm) 384 { 385 throw security::AccessControlException( 386 OUSTR("dyn violation!"), Reference< XInterface >(), perm ); 387 } 388 } 389 390 typedef void (* t_action)( AccessControl &, Any const & arg ); 391 392 //================================================================================================== 393 class Action 394 : public WeakImplHelper1< security::XAction > 395 { 396 t_action m_action; 397 AccessControl & m_ac; 398 Any m_arg; 399 400 public: 401 inline Action( t_action action, AccessControl & ac, Any const & arg = Any() ) SAL_THROW( () ) 402 : m_action( action ) 403 , m_ac( ac ) 404 , m_arg( arg ) 405 {} 406 407 // XAction impl 408 virtual Any SAL_CALL run() 409 throw (Exception); 410 }; 411 //__________________________________________________________________________________________________ 412 Any Action::run() 413 throw (Exception) 414 { 415 (*m_action)( m_ac, m_arg ); 416 return Any(); 417 } 418 419 //================================================================================================== 420 // static void restr_file_permissions( AccessControl & ac ) 421 // { 422 // // running in dbo's domain 423 // /* permission com.sun.star.io.FilePermission "file:///home/dbo/-", ",,read , write "; */ 424 // CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write,execute") ), true ); 425 // CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), false ); 426 // } 427 //================================================================================================== 428 static void all_dbo_permissions( AccessControl & ac, Any const & ) 429 { 430 check_dbo_pos( ac ); 431 check_dbo_neg( ac ); 432 } 433 //================================================================================================== 434 static void no_permissions( AccessControl & ac, Any const & arg ) 435 { 436 check_dbo_pos( ac, true ); 437 check_dbo_neg( ac ); 438 // set privs to old dbo restr 439 Reference< security::XAccessControlContext > xContext; 440 OSL_VERIFY( arg >>= xContext ); 441 ac->doPrivileged( 442 new Action( all_dbo_permissions, ac ), 443 xContext ); 444 } 445 //================================================================================================== 446 static void check_dbo_dynamic( AccessControl & ac ) 447 { 448 Any arg( makeAny( ac->getContext() ) ); 449 ac->doRestricted( 450 new Action( no_permissions, ac, arg ), 451 new acc_Restr() ); 452 } 453 454 SAL_IMPLEMENT_MAIN() 455 { 456 try 457 { 458 // single-user test 459 Reference< XComponentContext > xContext( defaultBootstrap_InitialComponentContext( 460 OUSTR("../../test/security/test_security_singleuser.ini") ) ); 461 { 462 ::fprintf( stderr, "[security test] single-user checking dbo..." ); 463 AccessControl ac( xContext ); 464 check_dbo_pos( ac ); 465 check_dbo_neg( ac ); 466 check_dbo_dynamic( ac ); 467 ::fprintf( stderr, "dbo checked.\n" ); 468 } 469 470 // multi-user test 471 dispose( xContext ); 472 xContext = defaultBootstrap_InitialComponentContext( 473 OUSTR("../../test/security/test_security.ini") ); // UNO_AC=on 474 AccessControl ac( xContext ); 475 476 { 477 // set up dbo current context 478 ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("dbo") ) ); 479 ::fprintf( stderr, "[security test] multi-user checking dbo..." ); 480 check_dbo_pos( ac ); 481 check_dbo_neg( ac ); 482 check_dbo_dynamic( ac ); 483 ::fprintf( stderr, "dbo checked.\n" ); 484 } 485 { 486 // set up jbu current context 487 ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("jbu") ) ); 488 ::fprintf( stderr, "[security test] multi-user checking jbu..." ); 489 check_jbu_pos( ac ); 490 check_jbu_neg( ac ); 491 ::fprintf( stderr, "jbu checked.\n" ); 492 } 493 { 494 // set up root current context 495 ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("root") ) ); 496 ::fprintf( stderr, "[security test] multi-user checking root..." ); 497 check_root_pos( ac ); 498 ::fprintf( stderr, "root checked.\n" ); 499 } 500 { 501 // set up unknown guest user current context => default permissions 502 ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("guest") ) ); 503 ::fprintf( stderr, "[security test] multi-user checking guest..." ); 504 check_defaults_pos( ac ); 505 check_defaults_neg( ac ); 506 ::fprintf( stderr, "guest checked.\n" ); 507 } 508 509 dispose( xContext ); 510 ::fprintf( stderr, "security test succeeded.\n" ); 511 return 0; 512 } 513 catch (Exception & exc) 514 { 515 OString str( OUStringToOString( exc.Message, RTL_TEXTENCODING_ASCII_US ) ); 516 ::fprintf( stderr, "[security test] error: %s!\n", str.getStr() ); 517 return 1; 518 } 519 } 520