155d86984SDaniel P. Berrangé /* 255d86984SDaniel P. Berrangé * QEMU list authorization object tests 355d86984SDaniel P. Berrangé * 455d86984SDaniel P. Berrangé * Copyright (c) 2018 Red Hat, Inc. 555d86984SDaniel P. Berrangé * 655d86984SDaniel P. Berrangé * This library is free software; you can redistribute it and/or 755d86984SDaniel P. Berrangé * modify it under the terms of the GNU Lesser General Public 855d86984SDaniel P. Berrangé * License as published by the Free Software Foundation; either 9*036a80cdSChetan Pant * version 2.1 of the License, or (at your option) any later version. 1055d86984SDaniel P. Berrangé * 1155d86984SDaniel P. Berrangé * This library is distributed in the hope that it will be useful, 1255d86984SDaniel P. Berrangé * but WITHOUT ANY WARRANTY; without even the implied warranty of 1355d86984SDaniel P. Berrangé * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 1455d86984SDaniel P. Berrangé * Lesser General Public License for more details. 1555d86984SDaniel P. Berrangé * 1655d86984SDaniel P. Berrangé * You should have received a copy of the GNU Lesser General Public 1755d86984SDaniel P. Berrangé * License along with this library; if not, see <http://www.gnu.org/licenses/>. 1855d86984SDaniel P. Berrangé * 1955d86984SDaniel P. Berrangé */ 2055d86984SDaniel P. Berrangé 2155d86984SDaniel P. Berrangé #include "qemu/osdep.h" 2255d86984SDaniel P. Berrangé #include "qemu/main-loop.h" 230b8fa32fSMarkus Armbruster #include "qemu/module.h" 2455d86984SDaniel P. Berrangé #include "authz/listfile.h" 2555d86984SDaniel P. Berrangé 2655d86984SDaniel P. Berrangé static char *workdir; 2755d86984SDaniel P. Berrangé 2855d86984SDaniel P. Berrangé static gchar *qemu_authz_listfile_test_save(const gchar *name, 2955d86984SDaniel P. Berrangé const gchar *cfg) 3055d86984SDaniel P. Berrangé { 3155d86984SDaniel P. Berrangé gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir); 3255d86984SDaniel P. Berrangé GError *gerr = NULL; 3355d86984SDaniel P. Berrangé 3455d86984SDaniel P. Berrangé if (!g_file_set_contents(path, cfg, -1, &gerr)) { 3555d86984SDaniel P. Berrangé g_printerr("Unable to save config %s: %s\n", 3655d86984SDaniel P. Berrangé path, gerr->message); 3755d86984SDaniel P. Berrangé g_error_free(gerr); 3855d86984SDaniel P. Berrangé g_free(path); 3955d86984SDaniel P. Berrangé rmdir(workdir); 4055d86984SDaniel P. Berrangé abort(); 4155d86984SDaniel P. Berrangé } 4255d86984SDaniel P. Berrangé 4355d86984SDaniel P. Berrangé return path; 4455d86984SDaniel P. Berrangé } 4555d86984SDaniel P. Berrangé 4655d86984SDaniel P. Berrangé static void test_authz_default_deny(void) 4755d86984SDaniel P. Berrangé { 4855d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 4955d86984SDaniel P. Berrangé "default-deny.cfg", 5055d86984SDaniel P. Berrangé "{ \"policy\": \"deny\" }"); 5155d86984SDaniel P. Berrangé Error *local_err = NULL; 5255d86984SDaniel P. Berrangé 5355d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 5455d86984SDaniel P. Berrangé file, false, 5555d86984SDaniel P. Berrangé &local_err); 5655d86984SDaniel P. Berrangé unlink(file); 5755d86984SDaniel P. Berrangé g_free(file); 5855d86984SDaniel P. Berrangé g_assert(local_err == NULL); 5955d86984SDaniel P. Berrangé g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 6055d86984SDaniel P. Berrangé 6155d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 6255d86984SDaniel P. Berrangé } 6355d86984SDaniel P. Berrangé 6455d86984SDaniel P. Berrangé static void test_authz_default_allow(void) 6555d86984SDaniel P. Berrangé { 6655d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 6755d86984SDaniel P. Berrangé "default-allow.cfg", 6855d86984SDaniel P. Berrangé "{ \"policy\": \"allow\" }"); 6955d86984SDaniel P. Berrangé Error *local_err = NULL; 7055d86984SDaniel P. Berrangé 7155d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 7255d86984SDaniel P. Berrangé file, false, 7355d86984SDaniel P. Berrangé &local_err); 7455d86984SDaniel P. Berrangé unlink(file); 7555d86984SDaniel P. Berrangé g_free(file); 7655d86984SDaniel P. Berrangé g_assert(local_err == NULL); 7755d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 7855d86984SDaniel P. Berrangé 7955d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 8055d86984SDaniel P. Berrangé } 8155d86984SDaniel P. Berrangé 8255d86984SDaniel P. Berrangé static void test_authz_explicit_deny(void) 8355d86984SDaniel P. Berrangé { 8455d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 8555d86984SDaniel P. Berrangé "explicit-deny.cfg", 8655d86984SDaniel P. Berrangé "{ \"rules\": [ " 8755d86984SDaniel P. Berrangé " { \"match\": \"fred\"," 8855d86984SDaniel P. Berrangé " \"policy\": \"deny\"," 8955d86984SDaniel P. Berrangé " \"format\": \"exact\" } ]," 9055d86984SDaniel P. Berrangé " \"policy\": \"allow\" }"); 9155d86984SDaniel P. Berrangé Error *local_err = NULL; 9255d86984SDaniel P. Berrangé 9355d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 9455d86984SDaniel P. Berrangé file, false, 9555d86984SDaniel P. Berrangé &local_err); 9655d86984SDaniel P. Berrangé unlink(file); 9755d86984SDaniel P. Berrangé g_free(file); 9855d86984SDaniel P. Berrangé g_assert(local_err == NULL); 9955d86984SDaniel P. Berrangé 10055d86984SDaniel P. Berrangé g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 10155d86984SDaniel P. Berrangé 10255d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 10355d86984SDaniel P. Berrangé } 10455d86984SDaniel P. Berrangé 10555d86984SDaniel P. Berrangé static void test_authz_explicit_allow(void) 10655d86984SDaniel P. Berrangé { 10755d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 10855d86984SDaniel P. Berrangé "explicit-allow.cfg", 10955d86984SDaniel P. Berrangé "{ \"rules\": [ " 11055d86984SDaniel P. Berrangé " { \"match\": \"fred\"," 11155d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 11255d86984SDaniel P. Berrangé " \"format\": \"exact\" } ]," 11355d86984SDaniel P. Berrangé " \"policy\": \"deny\" }"); 11455d86984SDaniel P. Berrangé Error *local_err = NULL; 11555d86984SDaniel P. Berrangé 11655d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 11755d86984SDaniel P. Berrangé file, false, 11855d86984SDaniel P. Berrangé &local_err); 11955d86984SDaniel P. Berrangé unlink(file); 12055d86984SDaniel P. Berrangé g_free(file); 12155d86984SDaniel P. Berrangé g_assert(local_err == NULL); 12255d86984SDaniel P. Berrangé 12355d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 12455d86984SDaniel P. Berrangé 12555d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 12655d86984SDaniel P. Berrangé } 12755d86984SDaniel P. Berrangé 12855d86984SDaniel P. Berrangé 12955d86984SDaniel P. Berrangé static void test_authz_complex(void) 13055d86984SDaniel P. Berrangé { 13155d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 13255d86984SDaniel P. Berrangé "complex.cfg", 13355d86984SDaniel P. Berrangé "{ \"rules\": [ " 13455d86984SDaniel P. Berrangé " { \"match\": \"fred\"," 13555d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 13655d86984SDaniel P. Berrangé " \"format\": \"exact\" }," 13755d86984SDaniel P. Berrangé " { \"match\": \"bob\"," 13855d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 13955d86984SDaniel P. Berrangé " \"format\": \"exact\" }," 14055d86984SDaniel P. Berrangé " { \"match\": \"dan\"," 14155d86984SDaniel P. Berrangé " \"policy\": \"deny\"," 14255d86984SDaniel P. Berrangé " \"format\": \"exact\" }," 14355d86984SDaniel P. Berrangé " { \"match\": \"dan*\"," 14455d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 14555d86984SDaniel P. Berrangé " \"format\": \"glob\" } ]," 14655d86984SDaniel P. Berrangé " \"policy\": \"deny\" }"); 14755d86984SDaniel P. Berrangé 14855d86984SDaniel P. Berrangé Error *local_err = NULL; 14955d86984SDaniel P. Berrangé 15055d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 15155d86984SDaniel P. Berrangé file, false, 15255d86984SDaniel P. Berrangé &local_err); 15355d86984SDaniel P. Berrangé unlink(file); 15455d86984SDaniel P. Berrangé g_free(file); 15555d86984SDaniel P. Berrangé g_assert(local_err == NULL); 15655d86984SDaniel P. Berrangé 15755d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 15855d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); 15955d86984SDaniel P. Berrangé g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 16055d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); 16155d86984SDaniel P. Berrangé 16255d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 16355d86984SDaniel P. Berrangé } 16455d86984SDaniel P. Berrangé 16555d86984SDaniel P. Berrangé 16655d86984SDaniel P. Berrangé int main(int argc, char **argv) 16755d86984SDaniel P. Berrangé { 16855d86984SDaniel P. Berrangé int ret; 16955d86984SDaniel P. Berrangé GError *gerr = NULL; 17055d86984SDaniel P. Berrangé 17155d86984SDaniel P. Berrangé g_test_init(&argc, &argv, NULL); 17255d86984SDaniel P. Berrangé 17355d86984SDaniel P. Berrangé module_call_init(MODULE_INIT_QOM); 17455d86984SDaniel P. Berrangé 17555d86984SDaniel P. Berrangé workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX", 17655d86984SDaniel P. Berrangé &gerr); 17755d86984SDaniel P. Berrangé if (!workdir) { 17855d86984SDaniel P. Berrangé g_printerr("Unable to create temporary dir: %s\n", 17955d86984SDaniel P. Berrangé gerr->message); 18055d86984SDaniel P. Berrangé g_error_free(gerr); 18155d86984SDaniel P. Berrangé abort(); 18255d86984SDaniel P. Berrangé } 18355d86984SDaniel P. Berrangé 18455d86984SDaniel P. Berrangé g_test_add_func("/auth/list/default/deny", test_authz_default_deny); 18555d86984SDaniel P. Berrangé g_test_add_func("/auth/list/default/allow", test_authz_default_allow); 18655d86984SDaniel P. Berrangé g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); 18755d86984SDaniel P. Berrangé g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); 18855d86984SDaniel P. Berrangé g_test_add_func("/auth/list/complex", test_authz_complex); 18955d86984SDaniel P. Berrangé 19055d86984SDaniel P. Berrangé ret = g_test_run(); 19155d86984SDaniel P. Berrangé 19255d86984SDaniel P. Berrangé rmdir(workdir); 19355d86984SDaniel P. Berrangé g_free(workdir); 19455d86984SDaniel P. Berrangé 19555d86984SDaniel P. Berrangé return ret; 19655d86984SDaniel P. Berrangé } 197