2 * QEMU list authorization object tests
4 * Copyright (c) 2018 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "qemu/main-loop.h"
23 #include "authz/listfile.h"
27 static gchar
*qemu_authz_listfile_test_save(const gchar
*name
,
30 gchar
*path
= g_strdup_printf("%s/default-deny.cfg", workdir
);
33 if (!g_file_set_contents(path
, cfg
, -1, &gerr
)) {
34 g_printerr("Unable to save config %s: %s\n",
45 static void test_authz_default_deny(void)
47 gchar
*file
= qemu_authz_listfile_test_save(
49 "{ \"policy\": \"deny\" }");
50 Error
*local_err
= NULL
;
52 QAuthZListFile
*auth
= qauthz_list_file_new("auth0",
57 g_assert(local_err
== NULL
);
58 g_assert(!qauthz_is_allowed(QAUTHZ(auth
), "fred", &error_abort
));
60 object_unparent(OBJECT(auth
));
63 static void test_authz_default_allow(void)
65 gchar
*file
= qemu_authz_listfile_test_save(
67 "{ \"policy\": \"allow\" }");
68 Error
*local_err
= NULL
;
70 QAuthZListFile
*auth
= qauthz_list_file_new("auth0",
75 g_assert(local_err
== NULL
);
76 g_assert(qauthz_is_allowed(QAUTHZ(auth
), "fred", &error_abort
));
78 object_unparent(OBJECT(auth
));
81 static void test_authz_explicit_deny(void)
83 gchar
*file
= qemu_authz_listfile_test_save(
86 " { \"match\": \"fred\","
87 " \"policy\": \"deny\","
88 " \"format\": \"exact\" } ],"
89 " \"policy\": \"allow\" }");
90 Error
*local_err
= NULL
;
92 QAuthZListFile
*auth
= qauthz_list_file_new("auth0",
97 g_assert(local_err
== NULL
);
99 g_assert(!qauthz_is_allowed(QAUTHZ(auth
), "fred", &error_abort
));
101 object_unparent(OBJECT(auth
));
104 static void test_authz_explicit_allow(void)
106 gchar
*file
= qemu_authz_listfile_test_save(
107 "explicit-allow.cfg",
109 " { \"match\": \"fred\","
110 " \"policy\": \"allow\","
111 " \"format\": \"exact\" } ],"
112 " \"policy\": \"deny\" }");
113 Error
*local_err
= NULL
;
115 QAuthZListFile
*auth
= qauthz_list_file_new("auth0",
120 g_assert(local_err
== NULL
);
122 g_assert(qauthz_is_allowed(QAUTHZ(auth
), "fred", &error_abort
));
124 object_unparent(OBJECT(auth
));
128 static void test_authz_complex(void)
130 gchar
*file
= qemu_authz_listfile_test_save(
133 " { \"match\": \"fred\","
134 " \"policy\": \"allow\","
135 " \"format\": \"exact\" },"
136 " { \"match\": \"bob\","
137 " \"policy\": \"allow\","
138 " \"format\": \"exact\" },"
139 " { \"match\": \"dan\","
140 " \"policy\": \"deny\","
141 " \"format\": \"exact\" },"
142 " { \"match\": \"dan*\","
143 " \"policy\": \"allow\","
144 " \"format\": \"glob\" } ],"
145 " \"policy\": \"deny\" }");
147 Error
*local_err
= NULL
;
149 QAuthZListFile
*auth
= qauthz_list_file_new("auth0",
154 g_assert(local_err
== NULL
);
156 g_assert(qauthz_is_allowed(QAUTHZ(auth
), "fred", &error_abort
));
157 g_assert(qauthz_is_allowed(QAUTHZ(auth
), "bob", &error_abort
));
158 g_assert(!qauthz_is_allowed(QAUTHZ(auth
), "dan", &error_abort
));
159 g_assert(qauthz_is_allowed(QAUTHZ(auth
), "danb", &error_abort
));
161 object_unparent(OBJECT(auth
));
165 int main(int argc
, char **argv
)
170 g_test_init(&argc
, &argv
, NULL
);
172 module_call_init(MODULE_INIT_QOM
);
174 workdir
= g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX",
177 g_printerr("Unable to create temporary dir: %s\n",
183 g_test_add_func("/auth/list/default/deny", test_authz_default_deny
);
184 g_test_add_func("/auth/list/default/allow", test_authz_default_allow
);
185 g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny
);
186 g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow
);
187 g_test_add_func("/auth/list/complex", test_authz_complex
);