1 /* 2 * QEMU list file authorization object tests 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "authz/list.h" 24 #include "qemu/module.h" 25 26 static void test_authz_default_deny(void) 27 { 28 QAuthZList *auth = qauthz_list_new("auth0", 29 QAUTHZ_LIST_POLICY_DENY, 30 &error_abort); 31 32 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 33 34 object_unparent(OBJECT(auth)); 35 } 36 37 static void test_authz_default_allow(void) 38 { 39 QAuthZList *auth = qauthz_list_new("auth0", 40 QAUTHZ_LIST_POLICY_ALLOW, 41 &error_abort); 42 43 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 44 45 object_unparent(OBJECT(auth)); 46 } 47 48 static void test_authz_explicit_deny(void) 49 { 50 QAuthZList *auth = qauthz_list_new("auth0", 51 QAUTHZ_LIST_POLICY_ALLOW, 52 &error_abort); 53 54 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY, 55 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 56 57 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 58 59 object_unparent(OBJECT(auth)); 60 } 61 62 static void test_authz_explicit_allow(void) 63 { 64 QAuthZList *auth = qauthz_list_new("auth0", 65 QAUTHZ_LIST_POLICY_DENY, 66 &error_abort); 67 68 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, 69 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 70 71 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 72 73 object_unparent(OBJECT(auth)); 74 } 75 76 77 static void test_authz_complex(void) 78 { 79 QAuthZList *auth = qauthz_list_new("auth0", 80 QAUTHZ_LIST_POLICY_DENY, 81 &error_abort); 82 83 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, 84 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 85 qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW, 86 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 87 qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY, 88 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 89 qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW, 90 QAUTHZ_LIST_FORMAT_GLOB, &error_abort); 91 92 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 93 g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); 94 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 95 g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); 96 97 object_unparent(OBJECT(auth)); 98 } 99 100 static void test_authz_add_remove(void) 101 { 102 QAuthZList *auth = qauthz_list_new("auth0", 103 QAUTHZ_LIST_POLICY_ALLOW, 104 &error_abort); 105 106 g_assert_cmpint(qauthz_list_append_rule(auth, "fred", 107 QAUTHZ_LIST_POLICY_ALLOW, 108 QAUTHZ_LIST_FORMAT_EXACT, 109 &error_abort), 110 ==, 0); 111 g_assert_cmpint(qauthz_list_append_rule(auth, "bob", 112 QAUTHZ_LIST_POLICY_ALLOW, 113 QAUTHZ_LIST_FORMAT_EXACT, 114 &error_abort), 115 ==, 1); 116 g_assert_cmpint(qauthz_list_append_rule(auth, "dan", 117 QAUTHZ_LIST_POLICY_DENY, 118 QAUTHZ_LIST_FORMAT_EXACT, 119 &error_abort), 120 ==, 2); 121 g_assert_cmpint(qauthz_list_append_rule(auth, "frank", 122 QAUTHZ_LIST_POLICY_DENY, 123 QAUTHZ_LIST_FORMAT_EXACT, 124 &error_abort), 125 ==, 3); 126 127 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 128 129 g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"), 130 ==, 2); 131 132 g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 133 134 g_assert_cmpint(qauthz_list_insert_rule(auth, "dan", 135 QAUTHZ_LIST_POLICY_DENY, 136 QAUTHZ_LIST_FORMAT_EXACT, 137 2, 138 &error_abort), 139 ==, 2); 140 141 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 142 143 object_unparent(OBJECT(auth)); 144 } 145 146 int main(int argc, char **argv) 147 { 148 g_test_init(&argc, &argv, NULL); 149 150 module_call_init(MODULE_INIT_QOM); 151 152 g_test_add_func("/auth/list/default/deny", test_authz_default_deny); 153 g_test_add_func("/auth/list/default/allow", test_authz_default_allow); 154 g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); 155 g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); 156 g_test_add_func("/auth/list/complex", test_authz_complex); 157 g_test_add_func("/auth/list/add-remove", test_authz_add_remove); 158 159 return g_test_run(); 160 } 161