xref: /qemu/tests/unit/test-authz-listfile.c (revision da668aa15b99150a8595c491aee00d5d2426aaf9) 
155d86984SDaniel P. Berrangé /*
255d86984SDaniel P. Berrangé  * QEMU list authorization object tests
355d86984SDaniel P. Berrangé  *
455d86984SDaniel P. Berrangé  * Copyright (c) 2018 Red Hat, Inc.
555d86984SDaniel P. Berrangé  *
655d86984SDaniel P. Berrangé  * This library is free software; you can redistribute it and/or
755d86984SDaniel P. Berrangé  * modify it under the terms of the GNU Lesser General Public
855d86984SDaniel P. Berrangé  * License as published by the Free Software Foundation; either
9*036a80cdSChetan Pant  * version 2.1 of the License, or (at your option) any later version.
1055d86984SDaniel P. Berrangé  *
1155d86984SDaniel P. Berrangé  * This library is distributed in the hope that it will be useful,
1255d86984SDaniel P. Berrangé  * but WITHOUT ANY WARRANTY; without even the implied warranty of
1355d86984SDaniel P. Berrangé  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
1455d86984SDaniel P. Berrangé  * Lesser General Public License for more details.
1555d86984SDaniel P. Berrangé  *
1655d86984SDaniel P. Berrangé  * You should have received a copy of the GNU Lesser General Public
1755d86984SDaniel P. Berrangé  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
1855d86984SDaniel P. Berrangé  *
1955d86984SDaniel P. Berrangé  */
2055d86984SDaniel P. Berrangé 
2155d86984SDaniel P. Berrangé #include "qemu/osdep.h"
2255d86984SDaniel P. Berrangé #include "qemu/main-loop.h"
230b8fa32fSMarkus Armbruster #include "qemu/module.h"
2455d86984SDaniel P. Berrangé #include "authz/listfile.h"
2555d86984SDaniel P. Berrangé 
2655d86984SDaniel P. Berrangé static char *workdir;
2755d86984SDaniel P. Berrangé 
qemu_authz_listfile_test_save(const gchar * name,const gchar * cfg)2855d86984SDaniel P. Berrangé static gchar *qemu_authz_listfile_test_save(const gchar *name,
2955d86984SDaniel P. Berrangé                                             const gchar *cfg)
3055d86984SDaniel P. Berrangé {
3155d86984SDaniel P. Berrangé     gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir);
3255d86984SDaniel P. Berrangé     GError *gerr = NULL;
3355d86984SDaniel P. Berrangé 
3455d86984SDaniel P. Berrangé     if (!g_file_set_contents(path, cfg, -1, &gerr)) {
3555d86984SDaniel P. Berrangé         g_printerr("Unable to save config %s: %s\n",
3655d86984SDaniel P. Berrangé                    path, gerr->message);
3755d86984SDaniel P. Berrangé         g_error_free(gerr);
3855d86984SDaniel P. Berrangé         g_free(path);
3955d86984SDaniel P. Berrangé         rmdir(workdir);
4055d86984SDaniel P. Berrangé         abort();
4155d86984SDaniel P. Berrangé     }
4255d86984SDaniel P. Berrangé 
4355d86984SDaniel P. Berrangé     return path;
4455d86984SDaniel P. Berrangé }
4555d86984SDaniel P. Berrangé 
test_authz_default_deny(void)4655d86984SDaniel P. Berrangé static void test_authz_default_deny(void)
4755d86984SDaniel P. Berrangé {
4855d86984SDaniel P. Berrangé     gchar *file = qemu_authz_listfile_test_save(
4955d86984SDaniel P. Berrangé         "default-deny.cfg",
5055d86984SDaniel P. Berrangé         "{ \"policy\": \"deny\" }");
5155d86984SDaniel P. Berrangé     Error *local_err = NULL;
5255d86984SDaniel P. Berrangé 
5355d86984SDaniel P. Berrangé     QAuthZListFile *auth = qauthz_list_file_new("auth0",
5455d86984SDaniel P. Berrangé                                                 file, false,
5555d86984SDaniel P. Berrangé                                                 &local_err);
5655d86984SDaniel P. Berrangé     unlink(file);
5755d86984SDaniel P. Berrangé     g_free(file);
5855d86984SDaniel P. Berrangé     g_assert(local_err == NULL);
5955d86984SDaniel P. Berrangé     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
6055d86984SDaniel P. Berrangé 
6155d86984SDaniel P. Berrangé     object_unparent(OBJECT(auth));
6255d86984SDaniel P. Berrangé }
6355d86984SDaniel P. Berrangé 
test_authz_default_allow(void)6455d86984SDaniel P. Berrangé static void test_authz_default_allow(void)
6555d86984SDaniel P. Berrangé {
6655d86984SDaniel P. Berrangé     gchar *file = qemu_authz_listfile_test_save(
6755d86984SDaniel P. Berrangé         "default-allow.cfg",
6855d86984SDaniel P. Berrangé         "{ \"policy\": \"allow\" }");
6955d86984SDaniel P. Berrangé     Error *local_err = NULL;
7055d86984SDaniel P. Berrangé 
7155d86984SDaniel P. Berrangé     QAuthZListFile *auth = qauthz_list_file_new("auth0",
7255d86984SDaniel P. Berrangé                                                 file, false,
7355d86984SDaniel P. Berrangé                                                 &local_err);
7455d86984SDaniel P. Berrangé     unlink(file);
7555d86984SDaniel P. Berrangé     g_free(file);
7655d86984SDaniel P. Berrangé     g_assert(local_err == NULL);
7755d86984SDaniel P. Berrangé     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
7855d86984SDaniel P. Berrangé 
7955d86984SDaniel P. Berrangé     object_unparent(OBJECT(auth));
8055d86984SDaniel P. Berrangé }
8155d86984SDaniel P. Berrangé 
test_authz_explicit_deny(void)8255d86984SDaniel P. Berrangé static void test_authz_explicit_deny(void)
8355d86984SDaniel P. Berrangé {
8455d86984SDaniel P. Berrangé     gchar *file = qemu_authz_listfile_test_save(
8555d86984SDaniel P. Berrangé         "explicit-deny.cfg",
8655d86984SDaniel P. Berrangé         "{ \"rules\": [ "
8755d86984SDaniel P. Berrangé         "    { \"match\": \"fred\","
8855d86984SDaniel P. Berrangé         "      \"policy\": \"deny\","
8955d86984SDaniel P. Berrangé         "      \"format\": \"exact\" } ],"
9055d86984SDaniel P. Berrangé         "  \"policy\": \"allow\" }");
9155d86984SDaniel P. Berrangé     Error *local_err = NULL;
9255d86984SDaniel P. Berrangé 
9355d86984SDaniel P. Berrangé     QAuthZListFile *auth = qauthz_list_file_new("auth0",
9455d86984SDaniel P. Berrangé                                                 file, false,
9555d86984SDaniel P. Berrangé                                                 &local_err);
9655d86984SDaniel P. Berrangé     unlink(file);
9755d86984SDaniel P. Berrangé     g_free(file);
9855d86984SDaniel P. Berrangé     g_assert(local_err == NULL);
9955d86984SDaniel P. Berrangé 
10055d86984SDaniel P. Berrangé     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
10155d86984SDaniel P. Berrangé 
10255d86984SDaniel P. Berrangé     object_unparent(OBJECT(auth));
10355d86984SDaniel P. Berrangé }
10455d86984SDaniel P. Berrangé 
test_authz_explicit_allow(void)10555d86984SDaniel P. Berrangé static void test_authz_explicit_allow(void)
10655d86984SDaniel P. Berrangé {
10755d86984SDaniel P. Berrangé     gchar *file = qemu_authz_listfile_test_save(
10855d86984SDaniel P. Berrangé         "explicit-allow.cfg",
10955d86984SDaniel P. Berrangé         "{ \"rules\": [ "
11055d86984SDaniel P. Berrangé         "    { \"match\": \"fred\","
11155d86984SDaniel P. Berrangé         "      \"policy\": \"allow\","
11255d86984SDaniel P. Berrangé         "      \"format\": \"exact\" } ],"
11355d86984SDaniel P. Berrangé         "  \"policy\": \"deny\" }");
11455d86984SDaniel P. Berrangé     Error *local_err = NULL;
11555d86984SDaniel P. Berrangé 
11655d86984SDaniel P. Berrangé     QAuthZListFile *auth = qauthz_list_file_new("auth0",
11755d86984SDaniel P. Berrangé                                                 file, false,
11855d86984SDaniel P. Berrangé                                                 &local_err);
11955d86984SDaniel P. Berrangé     unlink(file);
12055d86984SDaniel P. Berrangé     g_free(file);
12155d86984SDaniel P. Berrangé     g_assert(local_err == NULL);
12255d86984SDaniel P. Berrangé 
12355d86984SDaniel P. Berrangé     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
12455d86984SDaniel P. Berrangé 
12555d86984SDaniel P. Berrangé     object_unparent(OBJECT(auth));
12655d86984SDaniel P. Berrangé }
12755d86984SDaniel P. Berrangé 
12855d86984SDaniel P. Berrangé 
test_authz_complex(void)12955d86984SDaniel P. Berrangé static void test_authz_complex(void)
13055d86984SDaniel P. Berrangé {
13155d86984SDaniel P. Berrangé     gchar *file = qemu_authz_listfile_test_save(
13255d86984SDaniel P. Berrangé         "complex.cfg",
13355d86984SDaniel P. Berrangé         "{ \"rules\": [ "
13455d86984SDaniel P. Berrangé         "    { \"match\": \"fred\","
13555d86984SDaniel P. Berrangé         "      \"policy\": \"allow\","
13655d86984SDaniel P. Berrangé         "      \"format\": \"exact\" },"
13755d86984SDaniel P. Berrangé         "    { \"match\": \"bob\","
13855d86984SDaniel P. Berrangé         "      \"policy\": \"allow\","
13955d86984SDaniel P. Berrangé         "      \"format\": \"exact\" },"
14055d86984SDaniel P. Berrangé         "    { \"match\": \"dan\","
14155d86984SDaniel P. Berrangé         "      \"policy\": \"deny\","
14255d86984SDaniel P. Berrangé         "      \"format\": \"exact\" },"
14355d86984SDaniel P. Berrangé         "    { \"match\": \"dan*\","
14455d86984SDaniel P. Berrangé         "      \"policy\": \"allow\","
14555d86984SDaniel P. Berrangé         "      \"format\": \"glob\" } ],"
14655d86984SDaniel P. Berrangé         "  \"policy\": \"deny\" }");
14755d86984SDaniel P. Berrangé 
14855d86984SDaniel P. Berrangé     Error *local_err = NULL;
14955d86984SDaniel P. Berrangé 
15055d86984SDaniel P. Berrangé     QAuthZListFile *auth = qauthz_list_file_new("auth0",
15155d86984SDaniel P. Berrangé                                                 file, false,
15255d86984SDaniel P. Berrangé                                                 &local_err);
15355d86984SDaniel P. Berrangé     unlink(file);
15455d86984SDaniel P. Berrangé     g_free(file);
15555d86984SDaniel P. Berrangé     g_assert(local_err == NULL);
15655d86984SDaniel P. Berrangé 
15755d86984SDaniel P. Berrangé     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
15855d86984SDaniel P. Berrangé     g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
15955d86984SDaniel P. Berrangé     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
16055d86984SDaniel P. Berrangé     g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
16155d86984SDaniel P. Berrangé 
16255d86984SDaniel P. Berrangé     object_unparent(OBJECT(auth));
16355d86984SDaniel P. Berrangé }
16455d86984SDaniel P. Berrangé 
16555d86984SDaniel P. Berrangé 
main(int argc,char ** argv)16655d86984SDaniel P. Berrangé int main(int argc, char **argv)
16755d86984SDaniel P. Berrangé {
16855d86984SDaniel P. Berrangé     int ret;
16955d86984SDaniel P. Berrangé     GError *gerr = NULL;
17055d86984SDaniel P. Berrangé 
17155d86984SDaniel P. Berrangé     g_test_init(&argc, &argv, NULL);
17255d86984SDaniel P. Berrangé 
17355d86984SDaniel P. Berrangé     module_call_init(MODULE_INIT_QOM);
17455d86984SDaniel P. Berrangé 
17555d86984SDaniel P. Berrangé     workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX",
17655d86984SDaniel P. Berrangé                              &gerr);
17755d86984SDaniel P. Berrangé     if (!workdir) {
17855d86984SDaniel P. Berrangé         g_printerr("Unable to create temporary dir: %s\n",
17955d86984SDaniel P. Berrangé                    gerr->message);
18055d86984SDaniel P. Berrangé         g_error_free(gerr);
18155d86984SDaniel P. Berrangé         abort();
18255d86984SDaniel P. Berrangé     }
18355d86984SDaniel P. Berrangé 
18455d86984SDaniel P. Berrangé     g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
18555d86984SDaniel P. Berrangé     g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
18655d86984SDaniel P. Berrangé     g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
18755d86984SDaniel P. Berrangé     g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
18855d86984SDaniel P. Berrangé     g_test_add_func("/auth/list/complex", test_authz_complex);
18955d86984SDaniel P. Berrangé 
19055d86984SDaniel P. Berrangé     ret = g_test_run();
19155d86984SDaniel P. Berrangé 
19255d86984SDaniel P. Berrangé     rmdir(workdir);
19355d86984SDaniel P. Berrangé     g_free(workdir);
19455d86984SDaniel P. Berrangé 
19555d86984SDaniel P. Berrangé     return ret;
19655d86984SDaniel P. Berrangé }
197