qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

test-authz-list.c (6051B)

      1 /*
      2  * QEMU list file authorization object tests
      3  *
      4  * Copyright (c) 2018 Red Hat, Inc.
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  *
     19  */
     20 
     21 #include "qemu/osdep.h"
     22 
     23 #include "authz/list.h"
     24 #include "qemu/module.h"
     25 
     26 static void test_authz_default_deny(void)
     27 {
     28     QAuthZList *auth = qauthz_list_new("auth0",
     29                                        QAUTHZ_LIST_POLICY_DENY,
     30                                        &error_abort);
     31 
     32     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     33 
     34     object_unparent(OBJECT(auth));
     35 }
     36 
     37 static void test_authz_default_allow(void)
     38 {
     39     QAuthZList *auth = qauthz_list_new("auth0",
     40                                        QAUTHZ_LIST_POLICY_ALLOW,
     41                                        &error_abort);
     42 
     43     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     44 
     45     object_unparent(OBJECT(auth));
     46 }
     47 
     48 static void test_authz_explicit_deny(void)
     49 {
     50     QAuthZList *auth = qauthz_list_new("auth0",
     51                                        QAUTHZ_LIST_POLICY_ALLOW,
     52                                        &error_abort);
     53 
     54     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
     55                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     56 
     57     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     58 
     59     object_unparent(OBJECT(auth));
     60 }
     61 
     62 static void test_authz_explicit_allow(void)
     63 {
     64     QAuthZList *auth = qauthz_list_new("auth0",
     65                                        QAUTHZ_LIST_POLICY_DENY,
     66                                        &error_abort);
     67 
     68     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
     69                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     70 
     71     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     72 
     73     object_unparent(OBJECT(auth));
     74 }
     75 
     76 
     77 static void test_authz_complex(void)
     78 {
     79     QAuthZList *auth = qauthz_list_new("auth0",
     80                                        QAUTHZ_LIST_POLICY_DENY,
     81                                        &error_abort);
     82 
     83     qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
     84                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     85     qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
     86                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     87     qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
     88                             QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     89     qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
     90                             QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
     91 
     92     g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     93     g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
     94     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
     95     g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
     96 
     97     object_unparent(OBJECT(auth));
     98 }
     99 
    100 static void test_authz_add_remove(void)
    101 {
    102     QAuthZList *auth = qauthz_list_new("auth0",
    103                                        QAUTHZ_LIST_POLICY_ALLOW,
    104                                        &error_abort);
    105 
    106     g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
    107                                             QAUTHZ_LIST_POLICY_ALLOW,
    108                                             QAUTHZ_LIST_FORMAT_EXACT,
    109                                             &error_abort),
    110                     ==, 0);
    111     g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
    112                                             QAUTHZ_LIST_POLICY_ALLOW,
    113                                             QAUTHZ_LIST_FORMAT_EXACT,
    114                                             &error_abort),
    115                     ==, 1);
    116     g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
    117                                             QAUTHZ_LIST_POLICY_DENY,
    118                                             QAUTHZ_LIST_FORMAT_EXACT,
    119                                             &error_abort),
    120                     ==, 2);
    121     g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
    122                                             QAUTHZ_LIST_POLICY_DENY,
    123                                             QAUTHZ_LIST_FORMAT_EXACT,
    124                                             &error_abort),
    125                     ==, 3);
    126 
    127     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    128 
    129     g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
    130                     ==, 2);
    131 
    132     g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    133 
    134     g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
    135                                             QAUTHZ_LIST_POLICY_DENY,
    136                                             QAUTHZ_LIST_FORMAT_EXACT,
    137                                             2,
    138                                             &error_abort),
    139                     ==, 2);
    140 
    141     g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    142 
    143     object_unparent(OBJECT(auth));
    144 }
    145 
    146 int main(int argc, char **argv)
    147 {
    148     g_test_init(&argc, &argv, NULL);
    149 
    150     module_call_init(MODULE_INIT_QOM);
    151 
    152     g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
    153     g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
    154     g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
    155     g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
    156     g_test_add_func("/auth/list/complex", test_authz_complex);
    157     g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
    158 
    159     return g_test_run();
    160 }