1 /* 2 * QEMU list file authorization object tests 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "authz/list.h" 24 25 static void test_authz_default_deny(void) 26 { 27 QAuthZList *auth = qauthz_list_new("auth0", 28 QAUTHZ_LIST_POLICY_DENY, 29 &error_abort); 30 31 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 32 33 object_unparent(OBJECT(auth)); 34 } 35 36 static void test_authz_default_allow(void) 37 { 38 QAuthZList *auth = qauthz_list_new("auth0", 39 QAUTHZ_LIST_POLICY_ALLOW, 40 &error_abort); 41 42 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 43 44 object_unparent(OBJECT(auth)); 45 } 46 47 static void test_authz_explicit_deny(void) 48 { 49 QAuthZList *auth = qauthz_list_new("auth0", 50 QAUTHZ_LIST_POLICY_ALLOW, 51 &error_abort); 52 53 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY, 54 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 55 56 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 57 58 object_unparent(OBJECT(auth)); 59 } 60 61 static void test_authz_explicit_allow(void) 62 { 63 QAuthZList *auth = qauthz_list_new("auth0", 64 QAUTHZ_LIST_POLICY_DENY, 65 &error_abort); 66 67 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, 68 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 69 70 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 71 72 object_unparent(OBJECT(auth)); 73 } 74 75 76 static void test_authz_complex(void) 77 { 78 QAuthZList *auth = qauthz_list_new("auth0", 79 QAUTHZ_LIST_POLICY_DENY, 80 &error_abort); 81 82 qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, 83 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 84 qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW, 85 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 86 qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY, 87 QAUTHZ_LIST_FORMAT_EXACT, &error_abort); 88 qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW, 89 QAUTHZ_LIST_FORMAT_GLOB, &error_abort); 90 91 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 92 g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); 93 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 94 g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); 95 96 object_unparent(OBJECT(auth)); 97 } 98 99 static void test_authz_add_remove(void) 100 { 101 QAuthZList *auth = qauthz_list_new("auth0", 102 QAUTHZ_LIST_POLICY_ALLOW, 103 &error_abort); 104 105 g_assert_cmpint(qauthz_list_append_rule(auth, "fred", 106 QAUTHZ_LIST_POLICY_ALLOW, 107 QAUTHZ_LIST_FORMAT_EXACT, 108 &error_abort), 109 ==, 0); 110 g_assert_cmpint(qauthz_list_append_rule(auth, "bob", 111 QAUTHZ_LIST_POLICY_ALLOW, 112 QAUTHZ_LIST_FORMAT_EXACT, 113 &error_abort), 114 ==, 1); 115 g_assert_cmpint(qauthz_list_append_rule(auth, "dan", 116 QAUTHZ_LIST_POLICY_DENY, 117 QAUTHZ_LIST_FORMAT_EXACT, 118 &error_abort), 119 ==, 2); 120 g_assert_cmpint(qauthz_list_append_rule(auth, "frank", 121 QAUTHZ_LIST_POLICY_DENY, 122 QAUTHZ_LIST_FORMAT_EXACT, 123 &error_abort), 124 ==, 3); 125 126 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 127 128 g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"), 129 ==, 2); 130 131 g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 132 133 g_assert_cmpint(qauthz_list_insert_rule(auth, "dan", 134 QAUTHZ_LIST_POLICY_DENY, 135 QAUTHZ_LIST_FORMAT_EXACT, 136 2, 137 &error_abort), 138 ==, 2); 139 140 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 141 142 object_unparent(OBJECT(auth)); 143 } 144 145 int main(int argc, char **argv) 146 { 147 g_test_init(&argc, &argv, NULL); 148 149 module_call_init(MODULE_INIT_QOM); 150 151 g_test_add_func("/auth/list/default/deny", test_authz_default_deny); 152 g_test_add_func("/auth/list/default/allow", test_authz_default_allow); 153 g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); 154 g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); 155 g_test_add_func("/auth/list/complex", test_authz_complex); 156 g_test_add_func("/auth/list/add-remove", test_authz_add_remove); 157 158 return g_test_run(); 159 } 160