tests/test-authz-list.c

   1 /*
   2  * QEMU list file authorization object tests
   3  *
   4  * Copyright (c) 2018 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #include "qemu/osdep.h"
  22
  23 #include "authz/list.h"
  24 #include "qemu/module.h"
  25
  26 static void test_authz_default_deny(void)
  27 {
  28     QAuthZList *auth = qauthz_list_new("auth0",
  29                                        QAUTHZ_LIST_POLICY_DENY,
  30                                        &error_abort);
  31
  32     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  33
  34     object_unparent(OBJECT(auth));
  35 }
  36
  37 static void test_authz_default_allow(void)
  38 {
  39     QAuthZList *auth = qauthz_list_new("auth0",
  40                                        QAUTHZ_LIST_POLICY_ALLOW,
  41                                        &error_abort);
  42
  43     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  44
  45     object_unparent(OBJECT(auth));
  46 }
  47
  48 static void test_authz_explicit_deny(void)
  49 {
  50     QAuthZList *auth = qauthz_list_new("auth0",
  51                                        QAUTHZ_LIST_POLICY_ALLOW,
  52                                        &error_abort);
  53
  54     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
  55                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  56
  57     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  58
  59     object_unparent(OBJECT(auth));
  60 }
  61
  62 static void test_authz_explicit_allow(void)
  63 {
  64     QAuthZList *auth = qauthz_list_new("auth0",
  65                                        QAUTHZ_LIST_POLICY_DENY,
  66                                        &error_abort);
  67
  68     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
  69                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  70
  71     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  72
  73     object_unparent(OBJECT(auth));
  74 }
  75
  76
  77 static void test_authz_complex(void)
  78 {
  79     QAuthZList *auth = qauthz_list_new("auth0",
  80                                        QAUTHZ_LIST_POLICY_DENY,
  81                                        &error_abort);
  82
  83     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
  84                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  85     qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
  86                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  87     qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
  88                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
  89     qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
  90                             QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
  91
  92     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
  93     g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
  94     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
  95     g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
  96
  97     object_unparent(OBJECT(auth));
  98 }
  99
 100 static void test_authz_add_remove(void)
 101 {
 102     QAuthZList *auth = qauthz_list_new("auth0",
 103                                        QAUTHZ_LIST_POLICY_ALLOW,
 104                                        &error_abort);
 105
 106     g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
 107                                             QAUTHZ_LIST_POLICY_ALLOW,
 108                                             QAUTHZ_LIST_FORMAT_EXACT,
 109                                             &error_abort),
 110                     ==, 0);
 111     g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
 112                                             QAUTHZ_LIST_POLICY_ALLOW,
 113                                             QAUTHZ_LIST_FORMAT_EXACT,
 114                                             &error_abort),
 115                     ==, 1);
 116     g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
 117                                             QAUTHZ_LIST_POLICY_DENY,
 118                                             QAUTHZ_LIST_FORMAT_EXACT,
 119                                             &error_abort),
 120                     ==, 2);
 121     g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
 122                                             QAUTHZ_LIST_POLICY_DENY,
 123                                             QAUTHZ_LIST_FORMAT_EXACT,
 124                                             &error_abort),
 125                     ==, 3);
 126
 127     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
 128
 129     g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
 130                     ==, 2);
 131
 132     g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
 133
 134     g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
 135                                             QAUTHZ_LIST_POLICY_DENY,
 136                                             QAUTHZ_LIST_FORMAT_EXACT,
 137                                             2,
 138                                             &error_abort),
 139                     ==, 2);
 140
 141     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
 142
 143     object_unparent(OBJECT(auth));
 144 }
 145
 146 int main(int argc, char **argv)
 147 {
 148     g_test_init(&argc, &argv, NULL);
 149
 150     module_call_init(MODULE_INIT_QOM);
 151
 152     g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
 153     g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
 154     g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
 155     g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
 156     g_test_add_func("/auth/list/complex", test_authz_complex);
 157     g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
 158
 159     return g_test_run();
 160 }