1 /*
2 * QEMU list file authorization object tests
3 *
4 * Copyright (c) 2018 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #include "qemu/osdep.h"
22
23 #include "authz/list.h"
24 #include "qemu/module.h"
25
test_authz_default_deny(void)26 static void test_authz_default_deny(void)
27 {
28 QAuthZList *auth = qauthz_list_new("auth0",
29 QAUTHZ_LIST_POLICY_DENY,
30 &error_abort);
31
32 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
33
34 object_unparent(OBJECT(auth));
35 }
36
test_authz_default_allow(void)37 static void test_authz_default_allow(void)
38 {
39 QAuthZList *auth = qauthz_list_new("auth0",
40 QAUTHZ_LIST_POLICY_ALLOW,
41 &error_abort);
42
43 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
44
45 object_unparent(OBJECT(auth));
46 }
47
test_authz_explicit_deny(void)48 static void test_authz_explicit_deny(void)
49 {
50 QAuthZList *auth = qauthz_list_new("auth0",
51 QAUTHZ_LIST_POLICY_ALLOW,
52 &error_abort);
53
54 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
55 QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
56
57 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
58
59 object_unparent(OBJECT(auth));
60 }
61
test_authz_explicit_allow(void)62 static void test_authz_explicit_allow(void)
63 {
64 QAuthZList *auth = qauthz_list_new("auth0",
65 QAUTHZ_LIST_POLICY_DENY,
66 &error_abort);
67
68 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
69 QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
70
71 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
72
73 object_unparent(OBJECT(auth));
74 }
75
76
test_authz_complex(void)77 static void test_authz_complex(void)
78 {
79 QAuthZList *auth = qauthz_list_new("auth0",
80 QAUTHZ_LIST_POLICY_DENY,
81 &error_abort);
82
83 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
84 QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
85 qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
86 QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
87 qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
88 QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
89 qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
90 QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
91
92 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
93 g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
94 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
95 g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
96
97 object_unparent(OBJECT(auth));
98 }
99
test_authz_add_remove(void)100 static void test_authz_add_remove(void)
101 {
102 QAuthZList *auth = qauthz_list_new("auth0",
103 QAUTHZ_LIST_POLICY_ALLOW,
104 &error_abort);
105
106 g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
107 QAUTHZ_LIST_POLICY_ALLOW,
108 QAUTHZ_LIST_FORMAT_EXACT,
109 &error_abort),
110 ==, 0);
111 g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
112 QAUTHZ_LIST_POLICY_ALLOW,
113 QAUTHZ_LIST_FORMAT_EXACT,
114 &error_abort),
115 ==, 1);
116 g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
117 QAUTHZ_LIST_POLICY_DENY,
118 QAUTHZ_LIST_FORMAT_EXACT,
119 &error_abort),
120 ==, 2);
121 g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
122 QAUTHZ_LIST_POLICY_DENY,
123 QAUTHZ_LIST_FORMAT_EXACT,
124 &error_abort),
125 ==, 3);
126
127 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
128
129 g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
130 ==, 2);
131
132 g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
133
134 g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
135 QAUTHZ_LIST_POLICY_DENY,
136 QAUTHZ_LIST_FORMAT_EXACT,
137 2,
138 &error_abort),
139 ==, 2);
140
141 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
142
143 object_unparent(OBJECT(auth));
144 }
145
main(int argc,char ** argv)146 int main(int argc, char **argv)
147 {
148 g_test_init(&argc, &argv, NULL);
149
150 module_call_init(MODULE_INIT_QOM);
151
152 g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
153 g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
154 g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
155 g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
156 g_test_add_func("/auth/list/complex", test_authz_complex);
157 g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
158
159 return g_test_run();
160 }
161