xref: /openbmc/qemu/tests/unit/test-authz-list.c (revision ee2e67da)
1 /*
2  * QEMU list file authorization object tests
3  *
4  * Copyright (c) 2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #include "qemu/osdep.h"
22 
23 #include "authz/list.h"
24 #include "qemu/module.h"
25 
26 static void test_authz_default_deny(void)
27 {
28     QAuthZList *auth = qauthz_list_new("auth0",
29                                        QAUTHZ_LIST_POLICY_DENY,
30                                        &error_abort);
31 
32     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
33 
34     object_unparent(OBJECT(auth));
35 }
36 
37 static void test_authz_default_allow(void)
38 {
39     QAuthZList *auth = qauthz_list_new("auth0",
40                                        QAUTHZ_LIST_POLICY_ALLOW,
41                                        &error_abort);
42 
43     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
44 
45     object_unparent(OBJECT(auth));
46 }
47 
48 static void test_authz_explicit_deny(void)
49 {
50     QAuthZList *auth = qauthz_list_new("auth0",
51                                        QAUTHZ_LIST_POLICY_ALLOW,
52                                        &error_abort);
53 
54     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
55                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
56 
57     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
58 
59     object_unparent(OBJECT(auth));
60 }
61 
62 static void test_authz_explicit_allow(void)
63 {
64     QAuthZList *auth = qauthz_list_new("auth0",
65                                        QAUTHZ_LIST_POLICY_DENY,
66                                        &error_abort);
67 
68     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
69                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
70 
71     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
72 
73     object_unparent(OBJECT(auth));
74 }
75 
76 
77 static void test_authz_complex(void)
78 {
79     QAuthZList *auth = qauthz_list_new("auth0",
80                                        QAUTHZ_LIST_POLICY_DENY,
81                                        &error_abort);
82 
83     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
84                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
85     qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
86                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
87     qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
88                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
89     qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
90                             QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
91 
92     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
93     g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
94     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
95     g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
96 
97     object_unparent(OBJECT(auth));
98 }
99 
100 static void test_authz_add_remove(void)
101 {
102     QAuthZList *auth = qauthz_list_new("auth0",
103                                        QAUTHZ_LIST_POLICY_ALLOW,
104                                        &error_abort);
105 
106     g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
107                                             QAUTHZ_LIST_POLICY_ALLOW,
108                                             QAUTHZ_LIST_FORMAT_EXACT,
109                                             &error_abort),
110                     ==, 0);
111     g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
112                                             QAUTHZ_LIST_POLICY_ALLOW,
113                                             QAUTHZ_LIST_FORMAT_EXACT,
114                                             &error_abort),
115                     ==, 1);
116     g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
117                                             QAUTHZ_LIST_POLICY_DENY,
118                                             QAUTHZ_LIST_FORMAT_EXACT,
119                                             &error_abort),
120                     ==, 2);
121     g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
122                                             QAUTHZ_LIST_POLICY_DENY,
123                                             QAUTHZ_LIST_FORMAT_EXACT,
124                                             &error_abort),
125                     ==, 3);
126 
127     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
128 
129     g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
130                     ==, 2);
131 
132     g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
133 
134     g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
135                                             QAUTHZ_LIST_POLICY_DENY,
136                                             QAUTHZ_LIST_FORMAT_EXACT,
137                                             2,
138                                             &error_abort),
139                     ==, 2);
140 
141     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
142 
143     object_unparent(OBJECT(auth));
144 }
145 
146 int main(int argc, char **argv)
147 {
148     g_test_init(&argc, &argv, NULL);
149 
150     module_call_init(MODULE_INIT_QOM);
151 
152     g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
153     g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
154     g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
155     g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
156     g_test_add_func("/auth/list/complex", test_authz_complex);
157     g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
158 
159     return g_test_run();
160 }
161