]>
Commit | Line | Data |
---|---|---|
55d86984 DB |
1 | /* |
2 | * QEMU list authorization object tests | |
3 | * | |
4 | * Copyright (c) 2018 Red Hat, Inc. | |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
18 | * | |
19 | */ | |
20 | ||
21 | #include "qemu/osdep.h" | |
22 | #include "qemu/main-loop.h" | |
23 | #include "authz/listfile.h" | |
24 | ||
25 | static char *workdir; | |
26 | ||
27 | static gchar *qemu_authz_listfile_test_save(const gchar *name, | |
28 | const gchar *cfg) | |
29 | { | |
30 | gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir); | |
31 | GError *gerr = NULL; | |
32 | ||
33 | if (!g_file_set_contents(path, cfg, -1, &gerr)) { | |
34 | g_printerr("Unable to save config %s: %s\n", | |
35 | path, gerr->message); | |
36 | g_error_free(gerr); | |
37 | g_free(path); | |
38 | rmdir(workdir); | |
39 | abort(); | |
40 | } | |
41 | ||
42 | return path; | |
43 | } | |
44 | ||
45 | static void test_authz_default_deny(void) | |
46 | { | |
47 | gchar *file = qemu_authz_listfile_test_save( | |
48 | "default-deny.cfg", | |
49 | "{ \"policy\": \"deny\" }"); | |
50 | Error *local_err = NULL; | |
51 | ||
52 | QAuthZListFile *auth = qauthz_list_file_new("auth0", | |
53 | file, false, | |
54 | &local_err); | |
55 | unlink(file); | |
56 | g_free(file); | |
57 | g_assert(local_err == NULL); | |
58 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
59 | ||
60 | object_unparent(OBJECT(auth)); | |
61 | } | |
62 | ||
63 | static void test_authz_default_allow(void) | |
64 | { | |
65 | gchar *file = qemu_authz_listfile_test_save( | |
66 | "default-allow.cfg", | |
67 | "{ \"policy\": \"allow\" }"); | |
68 | Error *local_err = NULL; | |
69 | ||
70 | QAuthZListFile *auth = qauthz_list_file_new("auth0", | |
71 | file, false, | |
72 | &local_err); | |
73 | unlink(file); | |
74 | g_free(file); | |
75 | g_assert(local_err == NULL); | |
76 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
77 | ||
78 | object_unparent(OBJECT(auth)); | |
79 | } | |
80 | ||
81 | static void test_authz_explicit_deny(void) | |
82 | { | |
83 | gchar *file = qemu_authz_listfile_test_save( | |
84 | "explicit-deny.cfg", | |
85 | "{ \"rules\": [ " | |
86 | " { \"match\": \"fred\"," | |
87 | " \"policy\": \"deny\"," | |
88 | " \"format\": \"exact\" } ]," | |
89 | " \"policy\": \"allow\" }"); | |
90 | Error *local_err = NULL; | |
91 | ||
92 | QAuthZListFile *auth = qauthz_list_file_new("auth0", | |
93 | file, false, | |
94 | &local_err); | |
95 | unlink(file); | |
96 | g_free(file); | |
97 | g_assert(local_err == NULL); | |
98 | ||
99 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
100 | ||
101 | object_unparent(OBJECT(auth)); | |
102 | } | |
103 | ||
104 | static void test_authz_explicit_allow(void) | |
105 | { | |
106 | gchar *file = qemu_authz_listfile_test_save( | |
107 | "explicit-allow.cfg", | |
108 | "{ \"rules\": [ " | |
109 | " { \"match\": \"fred\"," | |
110 | " \"policy\": \"allow\"," | |
111 | " \"format\": \"exact\" } ]," | |
112 | " \"policy\": \"deny\" }"); | |
113 | Error *local_err = NULL; | |
114 | ||
115 | QAuthZListFile *auth = qauthz_list_file_new("auth0", | |
116 | file, false, | |
117 | &local_err); | |
118 | unlink(file); | |
119 | g_free(file); | |
120 | g_assert(local_err == NULL); | |
121 | ||
122 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
123 | ||
124 | object_unparent(OBJECT(auth)); | |
125 | } | |
126 | ||
127 | ||
128 | static void test_authz_complex(void) | |
129 | { | |
130 | gchar *file = qemu_authz_listfile_test_save( | |
131 | "complex.cfg", | |
132 | "{ \"rules\": [ " | |
133 | " { \"match\": \"fred\"," | |
134 | " \"policy\": \"allow\"," | |
135 | " \"format\": \"exact\" }," | |
136 | " { \"match\": \"bob\"," | |
137 | " \"policy\": \"allow\"," | |
138 | " \"format\": \"exact\" }," | |
139 | " { \"match\": \"dan\"," | |
140 | " \"policy\": \"deny\"," | |
141 | " \"format\": \"exact\" }," | |
142 | " { \"match\": \"dan*\"," | |
143 | " \"policy\": \"allow\"," | |
144 | " \"format\": \"glob\" } ]," | |
145 | " \"policy\": \"deny\" }"); | |
146 | ||
147 | Error *local_err = NULL; | |
148 | ||
149 | QAuthZListFile *auth = qauthz_list_file_new("auth0", | |
150 | file, false, | |
151 | &local_err); | |
152 | unlink(file); | |
153 | g_free(file); | |
154 | g_assert(local_err == NULL); | |
155 | ||
156 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort)); | |
157 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort)); | |
158 | g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort)); | |
159 | g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort)); | |
160 | ||
161 | object_unparent(OBJECT(auth)); | |
162 | } | |
163 | ||
164 | ||
165 | int main(int argc, char **argv) | |
166 | { | |
167 | int ret; | |
168 | GError *gerr = NULL; | |
169 | ||
170 | g_test_init(&argc, &argv, NULL); | |
171 | ||
172 | module_call_init(MODULE_INIT_QOM); | |
173 | ||
174 | workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX", | |
175 | &gerr); | |
176 | if (!workdir) { | |
177 | g_printerr("Unable to create temporary dir: %s\n", | |
178 | gerr->message); | |
179 | g_error_free(gerr); | |
180 | abort(); | |
181 | } | |
182 | ||
183 | g_test_add_func("/auth/list/default/deny", test_authz_default_deny); | |
184 | g_test_add_func("/auth/list/default/allow", test_authz_default_allow); | |
185 | g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny); | |
186 | g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow); | |
187 | g_test_add_func("/auth/list/complex", test_authz_complex); | |
188 | ||
189 | ret = g_test_run(); | |
190 | ||
191 | rmdir(workdir); | |
192 | g_free(workdir); | |
193 | ||
194 | return ret; | |
195 | } |