]>
Commit | Line | Data |
---|---|---|
c8c99887 DB |
1 | /* |
2 | * QEMU list file authorization object tests | |
3 | * | |
4 | * Copyright (c) 2018 Red Hat, Inc. | |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
18 | * | |
19 | */ | |
20 | ||
21 | #include "qemu/osdep.h" | |
22 | ||
23 | #include "authz/list.h" | |
24 | ||
25 | static void test_authz_default_deny(void) | |
26 | { | |
27 | QAuthZList *auth = qauthz_list_new("auth0", | |
28 | QAUTHZ_LIST_POLICY_DENY, | |
29 | &error_abort); | |
30 | ||
31 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
32 | ||
33 | object_unparent(OBJECT(auth)); | |
34 | } | |
35 | ||
36 | static void test_authz_default_allow(void) | |
37 | { | |
38 | QAuthZList *auth = qauthz_list_new("auth0", | |
39 | QAUTHZ_LIST_POLICY_ALLOW, | |
40 | &error_abort); | |
41 | ||
42 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
43 | ||
44 | object_unparent(OBJECT(auth)); | |
45 | } | |
46 | ||
47 | static void test_authz_explicit_deny(void) | |
48 | { | |
49 | QAuthZList *auth = qauthz_list_new("auth0", | |
50 | QAUTHZ_LIST_POLICY_ALLOW, | |
51 | &error_abort); | |
52 | ||
53 | qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY, | |
54 | QAUTHZ_LIST_FORMAT_EXACT, &error_abort); | |
55 | ||
56 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
57 | ||
58 | object_unparent(OBJECT(auth)); | |
59 | } | |
60 | ||
61 | static void test_authz_explicit_allow(void) | |
62 | { | |
63 | QAuthZList *auth = qauthz_list_new("auth0", | |
64 | QAUTHZ_LIST_POLICY_DENY, | |
65 | &error_abort); | |
66 | ||
67 | qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, | |
68 | QAUTHZ_LIST_FORMAT_EXACT, &error_abort); | |
69 | ||
70 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
71 | ||
72 | object_unparent(OBJECT(auth)); | |
73 | } | |
74 | ||
75 | ||
76 | static void test_authz_complex(void) | |
77 | { | |
78 | QAuthZList *auth = qauthz_list_new("auth0", | |
79 | QAUTHZ_LIST_POLICY_DENY, | |
80 | &error_abort); | |
81 | ||
82 | qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW, | |
83 | QAUTHZ_LIST_FORMAT_EXACT, &error_abort); | |
84 | qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW, | |
85 | QAUTHZ_LIST_FORMAT_EXACT, &error_abort); | |
86 | qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY, | |
87 | QAUTHZ_LIST_FORMAT_EXACT, &error_abort); | |
88 | qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW, | |
89 | QAUTHZ_LIST_FORMAT_GLOB, &error_abort); | |
90 | ||
91 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
92 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); | |
93 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); | |
94 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); | |
95 | ||
96 | object_unparent(OBJECT(auth)); | |
97 | } | |
98 | ||
99 | static void test_authz_add_remove(void) | |
100 | { | |
101 | QAuthZList *auth = qauthz_list_new("auth0", | |
102 | QAUTHZ_LIST_POLICY_ALLOW, | |
103 | &error_abort); | |
104 | ||
105 | g_assert_cmpint(qauthz_list_append_rule(auth, "fred", | |
106 | QAUTHZ_LIST_POLICY_ALLOW, | |
107 | QAUTHZ_LIST_FORMAT_EXACT, | |
108 | &error_abort), | |
109 | ==, 0); | |
110 | g_assert_cmpint(qauthz_list_append_rule(auth, "bob", | |
111 | QAUTHZ_LIST_POLICY_ALLOW, | |
112 | QAUTHZ_LIST_FORMAT_EXACT, | |
113 | &error_abort), | |
114 | ==, 1); | |
115 | g_assert_cmpint(qauthz_list_append_rule(auth, "dan", | |
116 | QAUTHZ_LIST_POLICY_DENY, | |
117 | QAUTHZ_LIST_FORMAT_EXACT, | |
118 | &error_abort), | |
119 | ==, 2); | |
120 | g_assert_cmpint(qauthz_list_append_rule(auth, "frank", | |
121 | QAUTHZ_LIST_POLICY_DENY, | |
122 | QAUTHZ_LIST_FORMAT_EXACT, | |
123 | &error_abort), | |
124 | ==, 3); | |
125 | ||
126 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); | |
127 | ||
128 | g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"), | |
129 | ==, 2); | |
130 | ||
131 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); | |
132 | ||
133 | g_assert_cmpint(qauthz_list_insert_rule(auth, "dan", | |
134 | QAUTHZ_LIST_POLICY_DENY, | |
135 | QAUTHZ_LIST_FORMAT_EXACT, | |
136 | 2, | |
137 | &error_abort), | |
138 | ==, 2); | |
139 | ||
140 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); | |
141 | ||
142 | object_unparent(OBJECT(auth)); | |
143 | } | |
144 | ||
145 | int main(int argc, char **argv) | |
146 | { | |
147 | g_test_init(&argc, &argv, NULL); | |
148 | ||
149 | module_call_init(MODULE_INIT_QOM); | |
150 | ||
151 | g_test_add_func("/auth/list/default/deny", test_authz_default_deny); | |
152 | g_test_add_func("/auth/list/default/allow", test_authz_default_allow); | |
153 | g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); | |
154 | g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); | |
155 | g_test_add_func("/auth/list/complex", test_authz_complex); | |
156 | g_test_add_func("/auth/list/add-remove", test_authz_add_remove); | |
157 | ||
158 | return g_test_run(); | |
159 | } |