tests/viridentitytest.c

   1 /*
   2  * Copyright (C) 2013, 2014 Red Hat, Inc.
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library;  If not, see
  16  * <http://www.gnu.org/licenses/>.
  17  */
  18
  19 #include <config.h>
  20
  21
  22 #if WITH_SELINUX
  23 # include <selinux/selinux.h>
  24 #endif
  25
  26 #include "testutils.h"
  27
  28 #include "viridentity.h"
  29 #include "virerror.h"
  30 #include "viralloc.h"
  31 #include "virlog.h"
  32
  33 #include "virlockspace.h"
  34
  35 #define VIR_FROM_THIS VIR_FROM_NONE
  36
  37 VIR_LOG_INIT("tests.identitytest");
  38
  39 static int testIdentityAttrs(const void *data ATTRIBUTE_UNUSED)
  40 {
  41     int ret = -1;
  42     virIdentityPtr ident;
  43     const char *val;
  44
  45     if (!(ident = virIdentityNew()))
  46         goto cleanup;
  47
  48     if (virIdentitySetAttr(ident,
  49                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
  50                            "fred") < 0)
  51         goto cleanup;
  52
  53     if (virIdentityGetAttr(ident,
  54                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
  55                            &val) < 0)
  56         goto cleanup;
  57
  58     if (STRNEQ_NULLABLE(val, "fred")) {
  59         VIR_DEBUG("Expected 'fred' got '%s'", NULLSTR(val));
  60         goto cleanup;
  61     }
  62
  63     if (virIdentityGetAttr(ident,
  64                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
  65                            &val) < 0)
  66         goto cleanup;
  67
  68     if (val != NULL) {
  69         VIR_DEBUG("Unexpected groupname attribute");
  70         goto cleanup;
  71     }
  72
  73     if (virIdentitySetAttr(ident,
  74                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
  75                            "joe") != -1) {
  76         VIR_DEBUG("Unexpectedly overwrote attribute");
  77         goto cleanup;
  78     }
  79
  80     if (virIdentityGetAttr(ident,
  81                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
  82                            &val) < 0)
  83         goto cleanup;
  84
  85     if (STRNEQ_NULLABLE(val, "fred")) {
  86         VIR_DEBUG("Expected 'fred' got '%s'", NULLSTR(val));
  87         goto cleanup;
  88     }
  89
  90     ret = 0;
  91  cleanup:
  92     virObjectUnref(ident);
  93     return ret;
  94 }
  95
  96
  97 static int testIdentityEqual(const void *data ATTRIBUTE_UNUSED)
  98 {
  99     int ret = -1;
 100     virIdentityPtr identa = NULL;
 101     virIdentityPtr identb = NULL;
 102
 103     if (!(identa = virIdentityNew()))
 104         goto cleanup;
 105     if (!(identb = virIdentityNew()))
 106         goto cleanup;
 107
 108     if (!virIdentityIsEqual(identa, identb)) {
 109         VIR_DEBUG("Empty identities were not equal");
 110         goto cleanup;
 111     }
 112
 113     if (virIdentitySetAttr(identa,
 114                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
 115                            "fred") < 0)
 116         goto cleanup;
 117
 118     if (virIdentityIsEqual(identa, identb)) {
 119         VIR_DEBUG("Mis-matched identities should not be equal");
 120         goto cleanup;
 121     }
 122
 123     if (virIdentitySetAttr(identb,
 124                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
 125                            "fred") < 0)
 126         goto cleanup;
 127
 128     if (!virIdentityIsEqual(identa, identb)) {
 129         VIR_DEBUG("Matched identities were not equal");
 130         goto cleanup;
 131     }
 132
 133     if (virIdentitySetAttr(identa,
 134                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
 135                            "flintstone") < 0)
 136         goto cleanup;
 137     if (virIdentitySetAttr(identb,
 138                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
 139                            "flintstone") < 0)
 140         goto cleanup;
 141
 142     if (!virIdentityIsEqual(identa, identb)) {
 143         VIR_DEBUG("Matched identities were not equal");
 144         goto cleanup;
 145     }
 146
 147     if (virIdentitySetAttr(identb,
 148                            VIR_IDENTITY_ATTR_SASL_USER_NAME,
 149                            "fred@FLINTSTONE.COM") < 0)
 150         goto cleanup;
 151
 152     if (virIdentityIsEqual(identa, identb)) {
 153         VIR_DEBUG("Mis-matched identities should not be equal");
 154         goto cleanup;
 155     }
 156
 157     ret = 0;
 158  cleanup:
 159     virObjectUnref(identa);
 160     virObjectUnref(identb);
 161     return ret;
 162 }
 163
 164 static int testIdentityGetSystem(const void *data)
 165 {
 166     const char *context = data;
 167     int ret = -1;
 168     virIdentityPtr ident = NULL;
 169     const char *val;
 170
 171 #if !WITH_SELINUX
 172     if (context) {
 173         VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
 174         ret = EXIT_AM_SKIP;
 175         goto cleanup;
 176     }
 177 #endif
 178
 179     if (!(ident = virIdentityGetSystem())) {
 180         VIR_DEBUG("Unable to get system identity");
 181         goto cleanup;
 182     }
 183
 184     if (virIdentityGetAttr(ident,
 185                            VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
 186                            &val) < 0)
 187         goto cleanup;
 188
 189     if (STRNEQ_NULLABLE(val, context)) {
 190         VIR_DEBUG("Unexpected SELinux context attribute");
 191         goto cleanup;
 192     }
 193
 194     ret = 0;
 195  cleanup:
 196     virObjectUnref(ident);
 197     return ret;
 198 }
 199
 200 static int testSetFakeSELinuxContext(const void *data ATTRIBUTE_UNUSED)
 201 {
 202 #if WITH_SELINUX
 203     return setcon_raw((security_context_t)data);
 204 #else
 205     VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
 206     return EXIT_AM_SKIP;
 207 #endif
 208 }
 209
 210 static int testDisableFakeSELinux(const void *data ATTRIBUTE_UNUSED)
 211 {
 212 #if WITH_SELINUX
 213     return security_disable();
 214 #else
 215     VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
 216     return EXIT_AM_SKIP;
 217 #endif
 218 }
 219
 220 static int
 221 mymain(void)
 222 {
 223     const char *context = "unconfined_u:unconfined_r:unconfined_t:s0";
 224     int ret = 0;
 225
 226     if (virTestRun("Identity attributes ", testIdentityAttrs, NULL) < 0)
 227         ret = -1;
 228     if (virTestRun("Identity equality ", testIdentityEqual, NULL) < 0)
 229         ret = -1;
 230     if (virTestRun("Setting fake SELinux context ", testSetFakeSELinuxContext, context) < 0)
 231         ret = -1;
 232     if (virTestRun("System identity (fake SELinux enabled) ", testIdentityGetSystem, context) < 0)
 233         ret = -1;
 234     if (virTestRun("Disabling fake SELinux ", testDisableFakeSELinux, NULL) < 0)
 235         ret = -1;
 236     if (virTestRun("System identity (fake SELinux disabled) ", testIdentityGetSystem, NULL) < 0)
 237         ret = -1;
 238
 239     return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
 240 }
 241
 242 #if WITH_SELINUX
 243 VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/libsecurityselinuxhelper.so")
 244 #else
 245 VIR_TEST_MAIN(mymain)
 246 #endif