tests/test-authz-list.c

   1 /*
   2  * QEMU list file authorization object tests
   3  *
   4  * Copyright (c) 2018 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #include "qemu/osdep.h"
  22
  23 #include "authz/list.h"
  24
  25 static void test_authz_default_deny(void)
  26 {
  27     QAuthZList *auth = qauthz_list_new("auth0",
  28                                        QAUTHZ_LIST_POLICY_DENY,
  29                                        &error_abort);
  30
  31     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  32
  33     object_unparent(OBJECT(auth));
  34 }
  35
  36 static void test_authz_default_allow(void)
  37 {
  38     QAuthZList *auth = qauthz_list_new("auth0",
  39                                        QAUTHZ_LIST_POLICY_ALLOW,
  40                                        &error_abort);
  41
  42     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  43
  44     object_unparent(OBJECT(auth));
  45 }
  46
  47 static void test_authz_explicit_deny(void)
  48 {
  49     QAuthZList *auth = qauthz_list_new("auth0",
  50                                        QAUTHZ_LIST_POLICY_ALLOW,
  51                                        &error_abort);
  52
  53     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
  54                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  55
  56     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  57
  58     object_unparent(OBJECT(auth));
  59 }
  60
  61 static void test_authz_explicit_allow(void)
  62 {
  63     QAuthZList *auth = qauthz_list_new("auth0",
  64                                        QAUTHZ_LIST_POLICY_DENY,
  65                                        &error_abort);
  66
  67     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
  68                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  69
  70     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  71
  72     object_unparent(OBJECT(auth));
  73 }
  74
  75
  76 static void test_authz_complex(void)
  77 {
  78     QAuthZList *auth = qauthz_list_new("auth0",
  79                                        QAUTHZ_LIST_POLICY_DENY,
  80                                        &error_abort);
  81
  82     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
  83                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  84     qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
  85                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  86     qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
  87                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  88     qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
  89                             QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
  90
  91     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  92     g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
  93     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
  94     g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
  95
  96     object_unparent(OBJECT(auth));
  97 }
  98
  99 static void test_authz_add_remove(void)
 100 {
 101     QAuthZList *auth = qauthz_list_new("auth0",
 102                                        QAUTHZ_LIST_POLICY_ALLOW,
 103                                        &error_abort);
 104
 105     g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
 106                                             QAUTHZ_LIST_POLICY_ALLOW,
 107                                             QAUTHZ_LIST_FORMAT_EXACT,
 108                                             &error_abort),
 109                     ==, 0);
 110     g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
 111                                             QAUTHZ_LIST_POLICY_ALLOW,
 112                                             QAUTHZ_LIST_FORMAT_EXACT,
 113                                             &error_abort),
 114                     ==, 1);
 115     g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
 116                                             QAUTHZ_LIST_POLICY_DENY,
 117                                             QAUTHZ_LIST_FORMAT_EXACT,
 118                                             &error_abort),
 119                     ==, 2);
 120     g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
 121                                             QAUTHZ_LIST_POLICY_DENY,
 122                                             QAUTHZ_LIST_FORMAT_EXACT,
 123                                             &error_abort),
 124                     ==, 3);
 125
 126     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
 127
 128     g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
 129                     ==, 2);
 130
 131     g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
 132
 133     g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
 134                                             QAUTHZ_LIST_POLICY_DENY,
 135                                             QAUTHZ_LIST_FORMAT_EXACT,
 136                                             2,
 137                                             &error_abort),
 138                     ==, 2);
 139
 140     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
 141
 142     object_unparent(OBJECT(auth));
 143 }
 144
 145 int main(int argc, char **argv)
 146 {
 147     g_test_init(&argc, &argv, NULL);
 148
 149     module_call_init(MODULE_INIT_QOM);
 150
 151     g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
 152     g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
 153     g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
 154     g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
 155     g_test_add_func("/auth/list/complex", test_authz_complex);
 156     g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
 157
 158     return g_test_run();
 159 }