+++ /dev/null
-/*
- * QEMU list authorization object tests
- *
- * Copyright (c) 2018 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "qemu/osdep.h"
-#include "qemu/main-loop.h"
-#include "qemu/module.h"
-#include "authz/listfile.h"
-
-static char *workdir;
-
-static gchar *qemu_authz_listfile_test_save(const gchar *name,
- const gchar *cfg)
-{
- gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir);
- GError *gerr = NULL;
-
- if (!g_file_set_contents(path, cfg, -1, &gerr)) {
- g_printerr("Unable to save config %s: %s\n",
- path, gerr->message);
- g_error_free(gerr);
- g_free(path);
- rmdir(workdir);
- abort();
- }
-
- return path;
-}
-
-static void test_authz_default_deny(void)
-{
- gchar *file = qemu_authz_listfile_test_save(
- "default-deny.cfg",
- "{ \"policy\": \"deny\" }");
- Error *local_err = NULL;
-
- QAuthZListFile *auth = qauthz_list_file_new("auth0",
- file, false,
- &local_err);
- unlink(file);
- g_free(file);
- g_assert(local_err == NULL);
- g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
-
- object_unparent(OBJECT(auth));
-}
-
-static void test_authz_default_allow(void)
-{
- gchar *file = qemu_authz_listfile_test_save(
- "default-allow.cfg",
- "{ \"policy\": \"allow\" }");
- Error *local_err = NULL;
-
- QAuthZListFile *auth = qauthz_list_file_new("auth0",
- file, false,
- &local_err);
- unlink(file);
- g_free(file);
- g_assert(local_err == NULL);
- g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
-
- object_unparent(OBJECT(auth));
-}
-
-static void test_authz_explicit_deny(void)
-{
- gchar *file = qemu_authz_listfile_test_save(
- "explicit-deny.cfg",
- "{ \"rules\": [ "
- " { \"match\": \"fred\","
- " \"policy\": \"deny\","
- " \"format\": \"exact\" } ],"
- " \"policy\": \"allow\" }");
- Error *local_err = NULL;
-
- QAuthZListFile *auth = qauthz_list_file_new("auth0",
- file, false,
- &local_err);
- unlink(file);
- g_free(file);
- g_assert(local_err == NULL);
-
- g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
-
- object_unparent(OBJECT(auth));
-}
-
-static void test_authz_explicit_allow(void)
-{
- gchar *file = qemu_authz_listfile_test_save(
- "explicit-allow.cfg",
- "{ \"rules\": [ "
- " { \"match\": \"fred\","
- " \"policy\": \"allow\","
- " \"format\": \"exact\" } ],"
- " \"policy\": \"deny\" }");
- Error *local_err = NULL;
-
- QAuthZListFile *auth = qauthz_list_file_new("auth0",
- file, false,
- &local_err);
- unlink(file);
- g_free(file);
- g_assert(local_err == NULL);
-
- g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
-
- object_unparent(OBJECT(auth));
-}
-
-
-static void test_authz_complex(void)
-{
- gchar *file = qemu_authz_listfile_test_save(
- "complex.cfg",
- "{ \"rules\": [ "
- " { \"match\": \"fred\","
- " \"policy\": \"allow\","
- " \"format\": \"exact\" },"
- " { \"match\": \"bob\","
- " \"policy\": \"allow\","
- " \"format\": \"exact\" },"
- " { \"match\": \"dan\","
- " \"policy\": \"deny\","
- " \"format\": \"exact\" },"
- " { \"match\": \"dan*\","
- " \"policy\": \"allow\","
- " \"format\": \"glob\" } ],"
- " \"policy\": \"deny\" }");
-
- Error *local_err = NULL;
-
- QAuthZListFile *auth = qauthz_list_file_new("auth0",
- file, false,
- &local_err);
- unlink(file);
- g_free(file);
- g_assert(local_err == NULL);
-
- g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
- g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
- g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
- g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
-
- object_unparent(OBJECT(auth));
-}
-
-
-int main(int argc, char **argv)
-{
- int ret;
- GError *gerr = NULL;
-
- g_test_init(&argc, &argv, NULL);
-
- module_call_init(MODULE_INIT_QOM);
-
- workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX",
- &gerr);
- if (!workdir) {
- g_printerr("Unable to create temporary dir: %s\n",
- gerr->message);
- g_error_free(gerr);
- abort();
- }
-
- g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
- g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
- g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
- g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
- g_test_add_func("/auth/list/complex", test_authz_complex);
-
- ret = g_test_run();
-
- rmdir(workdir);
- g_free(workdir);
-
- return ret;
-}
projects / mirror_qemu.git / blobdiff