2 * QEMU PAM authorization object tests
4 * Copyright (c) 2018 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "qapi/error.h"
23 #include "qemu/module.h"
24 #include "authz/pamacct.h"
26 #include <security/pam_appl.h>
31 * These three functions are exported by libpam.so.
33 * By defining them again here, our impls are resolved
34 * by the linker instead of those in libpam.so
36 * The test suite is thus isolated from the host system
37 * PAM setup, so we can do predictable test scenarios
40 pam_start(const char *service_name
, const char *user
,
41 const struct pam_conv
*pam_conversation
,
45 if (!g_str_equal(service_name
, "qemu-vnc")) {
49 if (g_str_equal(user
, "fred")) {
53 *pamh
= (pam_handle_t
*)0xbadeaffe;
59 pam_acct_mgmt(pam_handle_t
*pamh
, int flags
)
70 pam_end(pam_handle_t
*pamh
, int status
)
76 static void test_authz_unknown_service(void)
78 Error
*local_err
= NULL
;
79 QAuthZPAM
*auth
= qauthz_pam_new("auth0",
80 "qemu-does-not-exist",
83 g_assert_nonnull(auth
);
85 g_assert_false(qauthz_is_allowed(QAUTHZ(auth
), "fred", &local_err
));
87 error_free_or_abort(&local_err
);
88 object_unparent(OBJECT(auth
));
92 static void test_authz_good_user(void)
94 QAuthZPAM
*auth
= qauthz_pam_new("auth0",
98 g_assert_nonnull(auth
);
100 g_assert_true(qauthz_is_allowed(QAUTHZ(auth
), "fred", &error_abort
));
102 object_unparent(OBJECT(auth
));
106 static void test_authz_bad_user(void)
108 Error
*local_err
= NULL
;
109 QAuthZPAM
*auth
= qauthz_pam_new("auth0",
113 g_assert_nonnull(auth
);
115 g_assert_false(qauthz_is_allowed(QAUTHZ(auth
), "bob", &local_err
));
117 error_free_or_abort(&local_err
);
118 object_unparent(OBJECT(auth
));
122 int main(int argc
, char **argv
)
124 g_test_init(&argc
, &argv
, NULL
);
126 module_call_init(MODULE_INIT_QOM
);
128 g_test_add_func("/auth/pam/unknown-service", test_authz_unknown_service
);
129 g_test_add_func("/auth/pam/good-user", test_authz_good_user
);
130 g_test_add_func("/auth/pam/bad-user", test_authz_bad_user
);