xref: /openbmc/qemu/tests/unit/test-authz-list.c (revision 51204c2f) 
1*da668aa1SThomas Huth /*
2*da668aa1SThomas Huth  * QEMU list file authorization object tests
3*da668aa1SThomas Huth  *
4*da668aa1SThomas Huth  * Copyright (c) 2018 Red Hat, Inc.
5*da668aa1SThomas Huth  *
6*da668aa1SThomas Huth  * This library is free software; you can redistribute it and/or
7*da668aa1SThomas Huth  * modify it under the terms of the GNU Lesser General Public
8*da668aa1SThomas Huth  * License as published by the Free Software Foundation; either
9*da668aa1SThomas Huth  * version 2.1 of the License, or (at your option) any later version.
10*da668aa1SThomas Huth  *
11*da668aa1SThomas Huth  * This library is distributed in the hope that it will be useful,
12*da668aa1SThomas Huth  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13*da668aa1SThomas Huth  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14*da668aa1SThomas Huth  * Lesser General Public License for more details.
15*da668aa1SThomas Huth  *
16*da668aa1SThomas Huth  * You should have received a copy of the GNU Lesser General Public
17*da668aa1SThomas Huth  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18*da668aa1SThomas Huth  *
19*da668aa1SThomas Huth  */
20*da668aa1SThomas Huth 
21*da668aa1SThomas Huth #include "qemu/osdep.h"
22*da668aa1SThomas Huth 
23*da668aa1SThomas Huth #include "authz/list.h"
24*da668aa1SThomas Huth #include "qemu/module.h"
25*da668aa1SThomas Huth 
test_authz_default_deny(void)26*da668aa1SThomas Huth static void test_authz_default_deny(void)
27*da668aa1SThomas Huth {
28*da668aa1SThomas Huth     QAuthZList *auth = qauthz_list_new("auth0",
29*da668aa1SThomas Huth                                        QAUTHZ_LIST_POLICY_DENY,
30*da668aa1SThomas Huth                                        &error_abort);
31*da668aa1SThomas Huth 
32*da668aa1SThomas Huth     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
33*da668aa1SThomas Huth 
34*da668aa1SThomas Huth     object_unparent(OBJECT(auth));
35*da668aa1SThomas Huth }
36*da668aa1SThomas Huth 
test_authz_default_allow(void)37*da668aa1SThomas Huth static void test_authz_default_allow(void)
38*da668aa1SThomas Huth {
39*da668aa1SThomas Huth     QAuthZList *auth = qauthz_list_new("auth0",
40*da668aa1SThomas Huth                                        QAUTHZ_LIST_POLICY_ALLOW,
41*da668aa1SThomas Huth                                        &error_abort);
42*da668aa1SThomas Huth 
43*da668aa1SThomas Huth     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
44*da668aa1SThomas Huth 
45*da668aa1SThomas Huth     object_unparent(OBJECT(auth));
46*da668aa1SThomas Huth }
47*da668aa1SThomas Huth 
test_authz_explicit_deny(void)48*da668aa1SThomas Huth static void test_authz_explicit_deny(void)
49*da668aa1SThomas Huth {
50*da668aa1SThomas Huth     QAuthZList *auth = qauthz_list_new("auth0",
51*da668aa1SThomas Huth                                        QAUTHZ_LIST_POLICY_ALLOW,
52*da668aa1SThomas Huth                                        &error_abort);
53*da668aa1SThomas Huth 
54*da668aa1SThomas Huth     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
55*da668aa1SThomas Huth                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
56*da668aa1SThomas Huth 
57*da668aa1SThomas Huth     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
58*da668aa1SThomas Huth 
59*da668aa1SThomas Huth     object_unparent(OBJECT(auth));
60*da668aa1SThomas Huth }
61*da668aa1SThomas Huth 
test_authz_explicit_allow(void)62*da668aa1SThomas Huth static void test_authz_explicit_allow(void)
63*da668aa1SThomas Huth {
64*da668aa1SThomas Huth     QAuthZList *auth = qauthz_list_new("auth0",
65*da668aa1SThomas Huth                                        QAUTHZ_LIST_POLICY_DENY,
66*da668aa1SThomas Huth                                        &error_abort);
67*da668aa1SThomas Huth 
68*da668aa1SThomas Huth     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
69*da668aa1SThomas Huth                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
70*da668aa1SThomas Huth 
71*da668aa1SThomas Huth     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
72*da668aa1SThomas Huth 
73*da668aa1SThomas Huth     object_unparent(OBJECT(auth));
74*da668aa1SThomas Huth }
75*da668aa1SThomas Huth 
76*da668aa1SThomas Huth 
test_authz_complex(void)77*da668aa1SThomas Huth static void test_authz_complex(void)
78*da668aa1SThomas Huth {
79*da668aa1SThomas Huth     QAuthZList *auth = qauthz_list_new("auth0",
80*da668aa1SThomas Huth                                        QAUTHZ_LIST_POLICY_DENY,
81*da668aa1SThomas Huth                                        &error_abort);
82*da668aa1SThomas Huth 
83*da668aa1SThomas Huth     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
84*da668aa1SThomas Huth                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
85*da668aa1SThomas Huth     qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
86*da668aa1SThomas Huth                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
87*da668aa1SThomas Huth     qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
88*da668aa1SThomas Huth                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
89*da668aa1SThomas Huth     qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
90*da668aa1SThomas Huth                             QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
91*da668aa1SThomas Huth 
92*da668aa1SThomas Huth     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
93*da668aa1SThomas Huth     g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
94*da668aa1SThomas Huth     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
95*da668aa1SThomas Huth     g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
96*da668aa1SThomas Huth 
97*da668aa1SThomas Huth     object_unparent(OBJECT(auth));
98*da668aa1SThomas Huth }
99*da668aa1SThomas Huth 
test_authz_add_remove(void)100*da668aa1SThomas Huth static void test_authz_add_remove(void)
101*da668aa1SThomas Huth {
102*da668aa1SThomas Huth     QAuthZList *auth = qauthz_list_new("auth0",
103*da668aa1SThomas Huth                                        QAUTHZ_LIST_POLICY_ALLOW,
104*da668aa1SThomas Huth                                        &error_abort);
105*da668aa1SThomas Huth 
106*da668aa1SThomas Huth     g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
107*da668aa1SThomas Huth                                             QAUTHZ_LIST_POLICY_ALLOW,
108*da668aa1SThomas Huth                                             QAUTHZ_LIST_FORMAT_EXACT,
109*da668aa1SThomas Huth                                             &error_abort),
110*da668aa1SThomas Huth                     ==, 0);
111*da668aa1SThomas Huth     g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
112*da668aa1SThomas Huth                                             QAUTHZ_LIST_POLICY_ALLOW,
113*da668aa1SThomas Huth                                             QAUTHZ_LIST_FORMAT_EXACT,
114*da668aa1SThomas Huth                                             &error_abort),
115*da668aa1SThomas Huth                     ==, 1);
116*da668aa1SThomas Huth     g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
117*da668aa1SThomas Huth                                             QAUTHZ_LIST_POLICY_DENY,
118*da668aa1SThomas Huth                                             QAUTHZ_LIST_FORMAT_EXACT,
119*da668aa1SThomas Huth                                             &error_abort),
120*da668aa1SThomas Huth                     ==, 2);
121*da668aa1SThomas Huth     g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
122*da668aa1SThomas Huth                                             QAUTHZ_LIST_POLICY_DENY,
123*da668aa1SThomas Huth                                             QAUTHZ_LIST_FORMAT_EXACT,
124*da668aa1SThomas Huth                                             &error_abort),
125*da668aa1SThomas Huth                     ==, 3);
126*da668aa1SThomas Huth 
127*da668aa1SThomas Huth     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
128*da668aa1SThomas Huth 
129*da668aa1SThomas Huth     g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
130*da668aa1SThomas Huth                     ==, 2);
131*da668aa1SThomas Huth 
132*da668aa1SThomas Huth     g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
133*da668aa1SThomas Huth 
134*da668aa1SThomas Huth     g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
135*da668aa1SThomas Huth                                             QAUTHZ_LIST_POLICY_DENY,
136*da668aa1SThomas Huth                                             QAUTHZ_LIST_FORMAT_EXACT,
137*da668aa1SThomas Huth                                             2,
138*da668aa1SThomas Huth                                             &error_abort),
139*da668aa1SThomas Huth                     ==, 2);
140*da668aa1SThomas Huth 
141*da668aa1SThomas Huth     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
142*da668aa1SThomas Huth 
143*da668aa1SThomas Huth     object_unparent(OBJECT(auth));
144*da668aa1SThomas Huth }
145*da668aa1SThomas Huth 
main(int argc,char ** argv)146*da668aa1SThomas Huth int main(int argc, char **argv)
147*da668aa1SThomas Huth {
148*da668aa1SThomas Huth     g_test_init(&argc, &argv, NULL);
149*da668aa1SThomas Huth 
150*da668aa1SThomas Huth     module_call_init(MODULE_INIT_QOM);
151*da668aa1SThomas Huth 
152*da668aa1SThomas Huth     g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
153*da668aa1SThomas Huth     g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
154*da668aa1SThomas Huth     g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
155*da668aa1SThomas Huth     g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
156*da668aa1SThomas Huth     g_test_add_func("/auth/list/complex", test_authz_complex);
157*da668aa1SThomas Huth     g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
158*da668aa1SThomas Huth 
159*da668aa1SThomas Huth     return g_test_run();
160*da668aa1SThomas Huth }
161