1*55d86984SDaniel P. Berrangé /* 2*55d86984SDaniel P. Berrangé * QEMU list authorization object tests 3*55d86984SDaniel P. Berrangé * 4*55d86984SDaniel P. Berrangé * Copyright (c) 2018 Red Hat, Inc. 5*55d86984SDaniel P. Berrangé * 6*55d86984SDaniel P. Berrangé * This library is free software; you can redistribute it and/or 7*55d86984SDaniel P. Berrangé * modify it under the terms of the GNU Lesser General Public 8*55d86984SDaniel P. Berrangé * License as published by the Free Software Foundation; either 9*55d86984SDaniel P. Berrangé * version 2 of the License, or (at your option) any later version. 10*55d86984SDaniel P. Berrangé * 11*55d86984SDaniel P. Berrangé * This library is distributed in the hope that it will be useful, 12*55d86984SDaniel P. Berrangé * but WITHOUT ANY WARRANTY; without even the implied warranty of 13*55d86984SDaniel P. Berrangé * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14*55d86984SDaniel P. Berrangé * Lesser General Public License for more details. 15*55d86984SDaniel P. Berrangé * 16*55d86984SDaniel P. Berrangé * You should have received a copy of the GNU Lesser General Public 17*55d86984SDaniel P. Berrangé * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18*55d86984SDaniel P. Berrangé * 19*55d86984SDaniel P. Berrangé */ 20*55d86984SDaniel P. Berrangé 21*55d86984SDaniel P. Berrangé #include "qemu/osdep.h" 22*55d86984SDaniel P. Berrangé #include "qemu/main-loop.h" 23*55d86984SDaniel P. Berrangé #include "authz/listfile.h" 24*55d86984SDaniel P. Berrangé 25*55d86984SDaniel P. Berrangé static char *workdir; 26*55d86984SDaniel P. Berrangé 27*55d86984SDaniel P. Berrangé static gchar *qemu_authz_listfile_test_save(const gchar *name, 28*55d86984SDaniel P. Berrangé const gchar *cfg) 29*55d86984SDaniel P. Berrangé { 30*55d86984SDaniel P. Berrangé gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir); 31*55d86984SDaniel P. Berrangé GError *gerr = NULL; 32*55d86984SDaniel P. Berrangé 33*55d86984SDaniel P. Berrangé if (!g_file_set_contents(path, cfg, -1, &gerr)) { 34*55d86984SDaniel P. Berrangé g_printerr("Unable to save config %s: %s\n", 35*55d86984SDaniel P. Berrangé path, gerr->message); 36*55d86984SDaniel P. Berrangé g_error_free(gerr); 37*55d86984SDaniel P. Berrangé g_free(path); 38*55d86984SDaniel P. Berrangé rmdir(workdir); 39*55d86984SDaniel P. Berrangé abort(); 40*55d86984SDaniel P. Berrangé } 41*55d86984SDaniel P. Berrangé 42*55d86984SDaniel P. Berrangé return path; 43*55d86984SDaniel P. Berrangé } 44*55d86984SDaniel P. Berrangé 45*55d86984SDaniel P. Berrangé static void test_authz_default_deny(void) 46*55d86984SDaniel P. Berrangé { 47*55d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 48*55d86984SDaniel P. Berrangé "default-deny.cfg", 49*55d86984SDaniel P. Berrangé "{ \"policy\": \"deny\" }"); 50*55d86984SDaniel P. Berrangé Error *local_err = NULL; 51*55d86984SDaniel P. Berrangé 52*55d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 53*55d86984SDaniel P. Berrangé file, false, 54*55d86984SDaniel P. Berrangé &local_err); 55*55d86984SDaniel P. Berrangé unlink(file); 56*55d86984SDaniel P. Berrangé g_free(file); 57*55d86984SDaniel P. Berrangé g_assert(local_err == NULL); 58*55d86984SDaniel P. Berrangé g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 59*55d86984SDaniel P. Berrangé 60*55d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 61*55d86984SDaniel P. Berrangé } 62*55d86984SDaniel P. Berrangé 63*55d86984SDaniel P. Berrangé static void test_authz_default_allow(void) 64*55d86984SDaniel P. Berrangé { 65*55d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 66*55d86984SDaniel P. Berrangé "default-allow.cfg", 67*55d86984SDaniel P. Berrangé "{ \"policy\": \"allow\" }"); 68*55d86984SDaniel P. Berrangé Error *local_err = NULL; 69*55d86984SDaniel P. Berrangé 70*55d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 71*55d86984SDaniel P. Berrangé file, false, 72*55d86984SDaniel P. Berrangé &local_err); 73*55d86984SDaniel P. Berrangé unlink(file); 74*55d86984SDaniel P. Berrangé g_free(file); 75*55d86984SDaniel P. Berrangé g_assert(local_err == NULL); 76*55d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 77*55d86984SDaniel P. Berrangé 78*55d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 79*55d86984SDaniel P. Berrangé } 80*55d86984SDaniel P. Berrangé 81*55d86984SDaniel P. Berrangé static void test_authz_explicit_deny(void) 82*55d86984SDaniel P. Berrangé { 83*55d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 84*55d86984SDaniel P. Berrangé "explicit-deny.cfg", 85*55d86984SDaniel P. Berrangé "{ \"rules\": [ " 86*55d86984SDaniel P. Berrangé " { \"match\": \"fred\"," 87*55d86984SDaniel P. Berrangé " \"policy\": \"deny\"," 88*55d86984SDaniel P. Berrangé " \"format\": \"exact\" } ]," 89*55d86984SDaniel P. Berrangé " \"policy\": \"allow\" }"); 90*55d86984SDaniel P. Berrangé Error *local_err = NULL; 91*55d86984SDaniel P. Berrangé 92*55d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 93*55d86984SDaniel P. Berrangé file, false, 94*55d86984SDaniel P. Berrangé &local_err); 95*55d86984SDaniel P. Berrangé unlink(file); 96*55d86984SDaniel P. Berrangé g_free(file); 97*55d86984SDaniel P. Berrangé g_assert(local_err == NULL); 98*55d86984SDaniel P. Berrangé 99*55d86984SDaniel P. Berrangé g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 100*55d86984SDaniel P. Berrangé 101*55d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 102*55d86984SDaniel P. Berrangé } 103*55d86984SDaniel P. Berrangé 104*55d86984SDaniel P. Berrangé static void test_authz_explicit_allow(void) 105*55d86984SDaniel P. Berrangé { 106*55d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 107*55d86984SDaniel P. Berrangé "explicit-allow.cfg", 108*55d86984SDaniel P. Berrangé "{ \"rules\": [ " 109*55d86984SDaniel P. Berrangé " { \"match\": \"fred\"," 110*55d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 111*55d86984SDaniel P. Berrangé " \"format\": \"exact\" } ]," 112*55d86984SDaniel P. Berrangé " \"policy\": \"deny\" }"); 113*55d86984SDaniel P. Berrangé Error *local_err = NULL; 114*55d86984SDaniel P. Berrangé 115*55d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 116*55d86984SDaniel P. Berrangé file, false, 117*55d86984SDaniel P. Berrangé &local_err); 118*55d86984SDaniel P. Berrangé unlink(file); 119*55d86984SDaniel P. Berrangé g_free(file); 120*55d86984SDaniel P. Berrangé g_assert(local_err == NULL); 121*55d86984SDaniel P. Berrangé 122*55d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 123*55d86984SDaniel P. Berrangé 124*55d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 125*55d86984SDaniel P. Berrangé } 126*55d86984SDaniel P. Berrangé 127*55d86984SDaniel P. Berrangé 128*55d86984SDaniel P. Berrangé static void test_authz_complex(void) 129*55d86984SDaniel P. Berrangé { 130*55d86984SDaniel P. Berrangé gchar *file = qemu_authz_listfile_test_save( 131*55d86984SDaniel P. Berrangé "complex.cfg", 132*55d86984SDaniel P. Berrangé "{ \"rules\": [ " 133*55d86984SDaniel P. Berrangé " { \"match\": \"fred\"," 134*55d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 135*55d86984SDaniel P. Berrangé " \"format\": \"exact\" }," 136*55d86984SDaniel P. Berrangé " { \"match\": \"bob\"," 137*55d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 138*55d86984SDaniel P. Berrangé " \"format\": \"exact\" }," 139*55d86984SDaniel P. Berrangé " { \"match\": \"dan\"," 140*55d86984SDaniel P. Berrangé " \"policy\": \"deny\"," 141*55d86984SDaniel P. Berrangé " \"format\": \"exact\" }," 142*55d86984SDaniel P. Berrangé " { \"match\": \"dan*\"," 143*55d86984SDaniel P. Berrangé " \"policy\": \"allow\"," 144*55d86984SDaniel P. Berrangé " \"format\": \"glob\" } ]," 145*55d86984SDaniel P. Berrangé " \"policy\": \"deny\" }"); 146*55d86984SDaniel P. Berrangé 147*55d86984SDaniel P. Berrangé Error *local_err = NULL; 148*55d86984SDaniel P. Berrangé 149*55d86984SDaniel P. Berrangé QAuthZListFile *auth = qauthz_list_file_new("auth0", 150*55d86984SDaniel P. Berrangé file, false, 151*55d86984SDaniel P. Berrangé &local_err); 152*55d86984SDaniel P. Berrangé unlink(file); 153*55d86984SDaniel P. Berrangé g_free(file); 154*55d86984SDaniel P. Berrangé g_assert(local_err == NULL); 155*55d86984SDaniel P. Berrangé 156*55d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 157*55d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); 158*55d86984SDaniel P. Berrangé g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 159*55d86984SDaniel P. Berrangé g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); 160*55d86984SDaniel P. Berrangé 161*55d86984SDaniel P. Berrangé object_unparent(OBJECT(auth)); 162*55d86984SDaniel P. Berrangé } 163*55d86984SDaniel P. Berrangé 164*55d86984SDaniel P. Berrangé 165*55d86984SDaniel P. Berrangé int main(int argc, char **argv) 166*55d86984SDaniel P. Berrangé { 167*55d86984SDaniel P. Berrangé int ret; 168*55d86984SDaniel P. Berrangé GError *gerr = NULL; 169*55d86984SDaniel P. Berrangé 170*55d86984SDaniel P. Berrangé g_test_init(&argc, &argv, NULL); 171*55d86984SDaniel P. Berrangé 172*55d86984SDaniel P. Berrangé module_call_init(MODULE_INIT_QOM); 173*55d86984SDaniel P. Berrangé 174*55d86984SDaniel P. Berrangé workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX", 175*55d86984SDaniel P. Berrangé &gerr); 176*55d86984SDaniel P. Berrangé if (!workdir) { 177*55d86984SDaniel P. Berrangé g_printerr("Unable to create temporary dir: %s\n", 178*55d86984SDaniel P. Berrangé gerr->message); 179*55d86984SDaniel P. Berrangé g_error_free(gerr); 180*55d86984SDaniel P. Berrangé abort(); 181*55d86984SDaniel P. Berrangé } 182*55d86984SDaniel P. Berrangé 183*55d86984SDaniel P. Berrangé g_test_add_func("/auth/list/default/deny", test_authz_default_deny); 184*55d86984SDaniel P. Berrangé g_test_add_func("/auth/list/default/allow", test_authz_default_allow); 185*55d86984SDaniel P. Berrangé g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); 186*55d86984SDaniel P. Berrangé g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); 187*55d86984SDaniel P. Berrangé g_test_add_func("/auth/list/complex", test_authz_complex); 188*55d86984SDaniel P. Berrangé 189*55d86984SDaniel P. Berrangé ret = g_test_run(); 190*55d86984SDaniel P. Berrangé 191*55d86984SDaniel P. Berrangé rmdir(workdir); 192*55d86984SDaniel P. Berrangé g_free(workdir); 193*55d86984SDaniel P. Berrangé 194*55d86984SDaniel P. Berrangé return ret; 195*55d86984SDaniel P. Berrangé } 196