1*c8c99887SDaniel P. Berrange /* 2*c8c99887SDaniel P. Berrange * QEMU list file authorization object tests 3*c8c99887SDaniel P. Berrange * 4*c8c99887SDaniel P. Berrange * Copyright (c) 2018 Red Hat, Inc. 5*c8c99887SDaniel P. Berrange * 6*c8c99887SDaniel P. Berrange * This library is free software; you can redistribute it and/or 7*c8c99887SDaniel P. Berrange * modify it under the terms of the GNU Lesser General Public 8*c8c99887SDaniel P. Berrange * License as published by the Free Software Foundation; either 9*c8c99887SDaniel P. Berrange * version 2 of the License, or (at your option) any later version. 10*c8c99887SDaniel P. Berrange * 11*c8c99887SDaniel P. Berrange * This library is distributed in the hope that it will be useful, 12*c8c99887SDaniel P. Berrange * but WITHOUT ANY WARRANTY; without even the implied warranty of 13*c8c99887SDaniel P. Berrange * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14*c8c99887SDaniel P. Berrange * Lesser General Public License for more details. 15*c8c99887SDaniel P. Berrange * 16*c8c99887SDaniel P. Berrange * You should have received a copy of the GNU Lesser General Public 17*c8c99887SDaniel P. Berrange * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18*c8c99887SDaniel P. Berrange * 19*c8c99887SDaniel P. Berrange */ 20*c8c99887SDaniel P. Berrange 21*c8c99887SDaniel P. Berrange #include "qemu/osdep.h" 22*c8c99887SDaniel P. Berrange 23*c8c99887SDaniel P. Berrange #include "authz/list.h" 24*c8c99887SDaniel P. Berrange 25*c8c99887SDaniel P. Berrange static void test_authz_default_deny(void) 26*c8c99887SDaniel P. Berrange { 27*c8c99887SDaniel P. Berrange QAuthZList *auth = qauthz_list_new("auth0", 28*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_DENY, 29*c8c99887SDaniel P. Berrange &error_abort); 30*c8c99887SDaniel P. Berrange 31*c8c99887SDaniel P. Berrange g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 32*c8c99887SDaniel P. Berrange 33*c8c99887SDaniel P. Berrange object_unparent(OBJECT(auth)); 34*c8c99887SDaniel P. Berrange } 35*c8c99887SDaniel P. Berrange 36*c8c99887SDaniel P. Berrange static void test_authz_default_allow(void) 37*c8c99887SDaniel P. Berrange { 38*c8c99887SDaniel P. Berrange QAuthZList *auth = qauthz_list_new("auth0", 39*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_ALLOW, 40*c8c99887SDaniel P. Berrange &error_abort); 41*c8c99887SDaniel P. Berrange 42*c8c99887SDaniel P. Berrange g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 43*c8c99887SDaniel P. Berrange 44*c8c99887SDaniel P. Berrange object_unparent(OBJECT(auth)); 45*c8c99887SDaniel P. Berrange } 46*c8c99887SDaniel P. Berrange 47*c8c99887SDaniel P. Berrange static void test_authz_explicit_deny(void) 48*c8c99887SDaniel P. Berrange { 49*c8c99887SDaniel P. Berrange QAuthZList *auth = qauthz_list_new("auth0", 50*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_ALLOW, 51*c8c99887SDaniel P. Berrange &error_abort); 52*c8c99887SDaniel P. Berrange 53*c8c99887SDaniel P. Berrange qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY, 54*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 55*c8c99887SDaniel P. Berrange 56*c8c99887SDaniel P. Berrange g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 57*c8c99887SDaniel P. Berrange 58*c8c99887SDaniel P. Berrange object_unparent(OBJECT(auth)); 59*c8c99887SDaniel P. Berrange } 60*c8c99887SDaniel P. Berrange 61*c8c99887SDaniel P. Berrange static void test_authz_explicit_allow(void) 62*c8c99887SDaniel P. Berrange { 63*c8c99887SDaniel P. Berrange QAuthZList *auth = qauthz_list_new("auth0", 64*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_DENY, 65*c8c99887SDaniel P. Berrange &error_abort); 66*c8c99887SDaniel P. Berrange 67*c8c99887SDaniel P. Berrange qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, 68*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 69*c8c99887SDaniel P. Berrange 70*c8c99887SDaniel P. Berrange g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 71*c8c99887SDaniel P. Berrange 72*c8c99887SDaniel P. Berrange object_unparent(OBJECT(auth)); 73*c8c99887SDaniel P. Berrange } 74*c8c99887SDaniel P. Berrange 75*c8c99887SDaniel P. Berrange 76*c8c99887SDaniel P. Berrange static void test_authz_complex(void) 77*c8c99887SDaniel P. Berrange { 78*c8c99887SDaniel P. Berrange QAuthZList *auth = qauthz_list_new("auth0", 79*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_DENY, 80*c8c99887SDaniel P. Berrange &error_abort); 81*c8c99887SDaniel P. Berrange 82*c8c99887SDaniel P. Berrange qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, 83*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 84*c8c99887SDaniel P. Berrange qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW, 85*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 86*c8c99887SDaniel P. Berrange qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY, 87*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 88*c8c99887SDaniel P. Berrange qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW, 89*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_GLOB, &error_abort); 90*c8c99887SDaniel P. Berrange 91*c8c99887SDaniel P. Berrange g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 92*c8c99887SDaniel P. Berrange g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); 93*c8c99887SDaniel P. Berrange g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 94*c8c99887SDaniel P. Berrange g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); 95*c8c99887SDaniel P. Berrange 96*c8c99887SDaniel P. Berrange object_unparent(OBJECT(auth)); 97*c8c99887SDaniel P. Berrange } 98*c8c99887SDaniel P. Berrange 99*c8c99887SDaniel P. Berrange static void test_authz_add_remove(void) 100*c8c99887SDaniel P. Berrange { 101*c8c99887SDaniel P. Berrange QAuthZList *auth = qauthz_list_new("auth0", 102*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_ALLOW, 103*c8c99887SDaniel P. Berrange &error_abort); 104*c8c99887SDaniel P. Berrange 105*c8c99887SDaniel P. Berrange g_assert_cmpint(qauthz_list_append_rule(auth, "fred", 106*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_ALLOW, 107*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, 108*c8c99887SDaniel P. Berrange &error_abort), 109*c8c99887SDaniel P. Berrange ==, 0); 110*c8c99887SDaniel P. Berrange g_assert_cmpint(qauthz_list_append_rule(auth, "bob", 111*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_ALLOW, 112*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, 113*c8c99887SDaniel P. Berrange &error_abort), 114*c8c99887SDaniel P. Berrange ==, 1); 115*c8c99887SDaniel P. Berrange g_assert_cmpint(qauthz_list_append_rule(auth, "dan", 116*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_DENY, 117*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, 118*c8c99887SDaniel P. Berrange &error_abort), 119*c8c99887SDaniel P. Berrange ==, 2); 120*c8c99887SDaniel P. Berrange g_assert_cmpint(qauthz_list_append_rule(auth, "frank", 121*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_DENY, 122*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, 123*c8c99887SDaniel P. Berrange &error_abort), 124*c8c99887SDaniel P. Berrange ==, 3); 125*c8c99887SDaniel P. Berrange 126*c8c99887SDaniel P. Berrange g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 127*c8c99887SDaniel P. Berrange 128*c8c99887SDaniel P. Berrange g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"), 129*c8c99887SDaniel P. Berrange ==, 2); 130*c8c99887SDaniel P. Berrange 131*c8c99887SDaniel P. Berrange g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 132*c8c99887SDaniel P. Berrange 133*c8c99887SDaniel P. Berrange g_assert_cmpint(qauthz_list_insert_rule(auth, "dan", 134*c8c99887SDaniel P. Berrange QAUTHZ_LIST_POLICY_DENY, 135*c8c99887SDaniel P. Berrange QAUTHZ_LIST_FORMAT_EXACT, 136*c8c99887SDaniel P. Berrange 2, 137*c8c99887SDaniel P. Berrange &error_abort), 138*c8c99887SDaniel P. Berrange ==, 2); 139*c8c99887SDaniel P. Berrange 140*c8c99887SDaniel P. Berrange g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 141*c8c99887SDaniel P. Berrange 142*c8c99887SDaniel P. Berrange object_unparent(OBJECT(auth)); 143*c8c99887SDaniel P. Berrange } 144*c8c99887SDaniel P. Berrange 145*c8c99887SDaniel P. Berrange int main(int argc, char **argv) 146*c8c99887SDaniel P. Berrange { 147*c8c99887SDaniel P. Berrange g_test_init(&argc, &argv, NULL); 148*c8c99887SDaniel P. Berrange 149*c8c99887SDaniel P. Berrange module_call_init(MODULE_INIT_QOM); 150*c8c99887SDaniel P. Berrange 151*c8c99887SDaniel P. Berrange g_test_add_func("/auth/list/default/deny", test_authz_default_deny); 152*c8c99887SDaniel P. Berrange g_test_add_func("/auth/list/default/allow", test_authz_default_allow); 153*c8c99887SDaniel P. Berrange g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); 154*c8c99887SDaniel P. Berrange g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); 155*c8c99887SDaniel P. Berrange g_test_add_func("/auth/list/complex", test_authz_complex); 156*c8c99887SDaniel P. Berrange g_test_add_func("/auth/list/add-remove", test_authz_add_remove); 157*c8c99887SDaniel P. Berrange 158*c8c99887SDaniel P. Berrange return g_test_run(); 159*c8c99887SDaniel P. Berrange } 160