1 /* 2 * QEMU list authorization object tests 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qemu/main-loop.h" 23 #include "authz/listfile.h" 24 25 static char *workdir; 26 27 static gchar *qemu_authz_listfile_test_save(const gchar *name, 28 const gchar *cfg) 29 { 30 gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir); 31 GError *gerr = NULL; 32 33 if (!g_file_set_contents(path, cfg, -1, &gerr)) { 34 g_printerr("Unable to save config %s: %s\n", 35 path, gerr->message); 36 g_error_free(gerr); 37 g_free(path); 38 rmdir(workdir); 39 abort(); 40 } 41 42 return path; 43 } 44 45 static void test_authz_default_deny(void) 46 { 47 gchar *file = qemu_authz_listfile_test_save( 48 "default-deny.cfg", 49 "{ \"policy\": \"deny\" }"); 50 Error *local_err = NULL; 51 52 QAuthZListFile *auth = qauthz_list_file_new("auth0", 53 file, false, 54 &local_err); 55 unlink(file); 56 g_free(file); 57 g_assert(local_err == NULL); 58 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 59 60 object_unparent(OBJECT(auth)); 61 } 62 63 static void test_authz_default_allow(void) 64 { 65 gchar *file = qemu_authz_listfile_test_save( 66 "default-allow.cfg", 67 "{ \"policy\": \"allow\" }"); 68 Error *local_err = NULL; 69 70 QAuthZListFile *auth = qauthz_list_file_new("auth0", 71 file, false, 72 &local_err); 73 unlink(file); 74 g_free(file); 75 g_assert(local_err == NULL); 76 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 77 78 object_unparent(OBJECT(auth)); 79 } 80 81 static void test_authz_explicit_deny(void) 82 { 83 gchar *file = qemu_authz_listfile_test_save( 84 "explicit-deny.cfg", 85 "{ \"rules\": [ " 86 " { \"match\": \"fred\"," 87 " \"policy\": \"deny\"," 88 " \"format\": \"exact\" } ]," 89 " \"policy\": \"allow\" }"); 90 Error *local_err = NULL; 91 92 QAuthZListFile *auth = qauthz_list_file_new("auth0", 93 file, false, 94 &local_err); 95 unlink(file); 96 g_free(file); 97 g_assert(local_err == NULL); 98 99 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 100 101 object_unparent(OBJECT(auth)); 102 } 103 104 static void test_authz_explicit_allow(void) 105 { 106 gchar *file = qemu_authz_listfile_test_save( 107 "explicit-allow.cfg", 108 "{ \"rules\": [ " 109 " { \"match\": \"fred\"," 110 " \"policy\": \"allow\"," 111 " \"format\": \"exact\" } ]," 112 " \"policy\": \"deny\" }"); 113 Error *local_err = NULL; 114 115 QAuthZListFile *auth = qauthz_list_file_new("auth0", 116 file, false, 117 &local_err); 118 unlink(file); 119 g_free(file); 120 g_assert(local_err == NULL); 121 122 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 123 124 object_unparent(OBJECT(auth)); 125 } 126 127 128 static void test_authz_complex(void) 129 { 130 gchar *file = qemu_authz_listfile_test_save( 131 "complex.cfg", 132 "{ \"rules\": [ " 133 " { \"match\": \"fred\"," 134 " \"policy\": \"allow\"," 135 " \"format\": \"exact\" }," 136 " { \"match\": \"bob\"," 137 " \"policy\": \"allow\"," 138 " \"format\": \"exact\" }," 139 " { \"match\": \"dan\"," 140 " \"policy\": \"deny\"," 141 " \"format\": \"exact\" }," 142 " { \"match\": \"dan*\"," 143 " \"policy\": \"allow\"," 144 " \"format\": \"glob\" } ]," 145 " \"policy\": \"deny\" }"); 146 147 Error *local_err = NULL; 148 149 QAuthZListFile *auth = qauthz_list_file_new("auth0", 150 file, false, 151 &local_err); 152 unlink(file); 153 g_free(file); 154 g_assert(local_err == NULL); 155 156 g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); 157 g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); 158 g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); 159 g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); 160 161 object_unparent(OBJECT(auth)); 162 } 163 164 165 int main(int argc, char **argv) 166 { 167 int ret; 168 GError *gerr = NULL; 169 170 g_test_init(&argc, &argv, NULL); 171 172 module_call_init(MODULE_INIT_QOM); 173 174 workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX", 175 &gerr); 176 if (!workdir) { 177 g_printerr("Unable to create temporary dir: %s\n", 178 gerr->message); 179 g_error_free(gerr); 180 abort(); 181 } 182 183 g_test_add_func("/auth/list/default/deny", test_authz_default_deny); 184 g_test_add_func("/auth/list/default/allow", test_authz_default_allow); 185 g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); 186 g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); 187 g_test_add_func("/auth/list/complex", test_authz_complex); 188 189 ret = g_test_run(); 190 191 rmdir(workdir); 192 g_free(workdir); 193 194 return ret; 195 } 196