[qemu.git] / tests / test-authz-listfile.c

/*
 * QEMU list authorization object tests
 *
 * Copyright (c) 2018 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "qemu/osdep.h"
#include "qemu/main-loop.h"
#include "qemu/module.h"
#include "authz/listfile.h"

static char *workdir;

static gchar *qemu_authz_listfile_test_save(const gchar *name,
                                            const gchar *cfg)
{
    gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir);
    GError *gerr = NULL;

    if (!g_file_set_contents(path, cfg, -1, &gerr)) {
        g_printerr("Unable to save config %s: %s\n",
                   path, gerr->message);
        g_error_free(gerr);
        g_free(path);
        rmdir(workdir);
        abort();
    }

    return path;
}

static void test_authz_default_deny(void)
{
    gchar *file = qemu_authz_listfile_test_save(
        "default-deny.cfg",
        "{ \"policy\": \"deny\" }");
    Error *local_err = NULL;

    QAuthZListFile *auth = qauthz_list_file_new("auth0",
                                                file, false,
                                                &local_err);
    unlink(file);
    g_free(file);
    g_assert(local_err == NULL);
    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));

    object_unparent(OBJECT(auth));
}

static void test_authz_default_allow(void)
{
    gchar *file = qemu_authz_listfile_test_save(
        "default-allow.cfg",
        "{ \"policy\": \"allow\" }");
    Error *local_err = NULL;

    QAuthZListFile *auth = qauthz_list_file_new("auth0",
                                                file, false,
                                                &local_err);
    unlink(file);
    g_free(file);
    g_assert(local_err == NULL);
    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));

    object_unparent(OBJECT(auth));
}

static void test_authz_explicit_deny(void)
{
    gchar *file = qemu_authz_listfile_test_save(
        "explicit-deny.cfg",
        "{ \"rules\": [ "
        "    { \"match\": \"fred\","
        "      \"policy\": \"deny\","
        "      \"format\": \"exact\" } ],"
        "  \"policy\": \"allow\" }");
    Error *local_err = NULL;

    QAuthZListFile *auth = qauthz_list_file_new("auth0",
                                                file, false,
                                                &local_err);
    unlink(file);
    g_free(file);
    g_assert(local_err == NULL);

    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));

    object_unparent(OBJECT(auth));
}

static void test_authz_explicit_allow(void)
{
    gchar *file = qemu_authz_listfile_test_save(
        "explicit-allow.cfg",
        "{ \"rules\": [ "
        "    { \"match\": \"fred\","
        "      \"policy\": \"allow\","
        "      \"format\": \"exact\" } ],"
        "  \"policy\": \"deny\" }");
    Error *local_err = NULL;

    QAuthZListFile *auth = qauthz_list_file_new("auth0",
                                                file, false,
                                                &local_err);
    unlink(file);
    g_free(file);
    g_assert(local_err == NULL);

    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));

    object_unparent(OBJECT(auth));
}


static void test_authz_complex(void)
{
    gchar *file = qemu_authz_listfile_test_save(
        "complex.cfg",
        "{ \"rules\": [ "
        "    { \"match\": \"fred\","
        "      \"policy\": \"allow\","
        "      \"format\": \"exact\" },"
        "    { \"match\": \"bob\","
        "      \"policy\": \"allow\","
        "      \"format\": \"exact\" },"
        "    { \"match\": \"dan\","
        "      \"policy\": \"deny\","
        "      \"format\": \"exact\" },"
        "    { \"match\": \"dan*\","
        "      \"policy\": \"allow\","
        "      \"format\": \"glob\" } ],"
        "  \"policy\": \"deny\" }");

    Error *local_err = NULL;

    QAuthZListFile *auth = qauthz_list_file_new("auth0",
                                                file, false,
                                                &local_err);
    unlink(file);
    g_free(file);
    g_assert(local_err == NULL);

    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
    g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));

    object_unparent(OBJECT(auth));
}


int main(int argc, char **argv)
{
    int ret;
    GError *gerr = NULL;

    g_test_init(&argc, &argv, NULL);

    module_call_init(MODULE_INIT_QOM);

    workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX",
                             &gerr);
    if (!workdir) {
        g_printerr("Unable to create temporary dir: %s\n",
                   gerr->message);
        g_error_free(gerr);
        abort();
    }

    g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
    g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
    g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
    g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
    g_test_add_func("/auth/list/complex", test_authz_complex);

    ret = g_test_run();

    rmdir(workdir);
    g_free(workdir);

    return ret;
}
Commit	Line	Data
55d86984 DB	1	/*
	2	* QEMU list authorization object tests
	3	*
	4	* Copyright (c) 2018 Red Hat, Inc.
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*
	19	*/
	20
	21	#include "qemu/osdep.h"
	22	#include "qemu/main-loop.h"
0b8fa32f	23	#include "qemu/module.h"
55d86984 DB	24	#include "authz/listfile.h"
	25
	26	static char *workdir;
	27
	28	static gchar qemu_authz_listfile_test_save(const gchar name,
	29	const gchar *cfg)
	30	{
	31	gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir);
	32	GError *gerr = NULL;
	33
	34	if (!g_file_set_contents(path, cfg, -1, &gerr)) {
	35	g_printerr("Unable to save config %s: %s\n",
	36	path, gerr->message);
	37	g_error_free(gerr);
	38	g_free(path);
	39	rmdir(workdir);
	40	abort();
	41	}
	42
	43	return path;
	44	}
	45
	46	static void test_authz_default_deny(void)
	47	{
	48	gchar *file = qemu_authz_listfile_test_save(
	49	"default-deny.cfg",
	50	"{ \"policy\": \"deny\" }");
	51	Error *local_err = NULL;
	52
	53	QAuthZListFile *auth = qauthz_list_file_new("auth0",
	54	file, false,
	55	&local_err);
	56	unlink(file);
	57	g_free(file);
	58	g_assert(local_err == NULL);
	59	g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
	60
	61	object_unparent(OBJECT(auth));
	62	}
	63
	64	static void test_authz_default_allow(void)
	65	{
	66	gchar *file = qemu_authz_listfile_test_save(
	67	"default-allow.cfg",
	68	"{ \"policy\": \"allow\" }");
	69	Error *local_err = NULL;
	70
	71	QAuthZListFile *auth = qauthz_list_file_new("auth0",
	72	file, false,
	73	&local_err);
	74	unlink(file);
	75	g_free(file);
	76	g_assert(local_err == NULL);
	77	g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
	78
	79	object_unparent(OBJECT(auth));
	80	}
	81
	82	static void test_authz_explicit_deny(void)
	83	{
	84	gchar *file = qemu_authz_listfile_test_save(
	85	"explicit-deny.cfg",
	86	"{ \"rules\": [ "
	87	" { \"match\": \"fred\","
88	" \"policy\": \"deny\","
89	" \"format\": \"exact\" } ],"
90	" \"policy\": \"allow\" }");
91	Error *local_err = NULL;
92
93	QAuthZListFile *auth = qauthz_list_file_new("auth0",
94	file, false,
95	&local_err);
96	unlink(file);
97	g_free(file);
98	g_assert(local_err == NULL);
99
100	g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
101
102	object_unparent(OBJECT(auth));
103	}
104
105	static void test_authz_explicit_allow(void)
106	{
107	gchar *file = qemu_authz_listfile_test_save(
108	"explicit-allow.cfg",
109	"{ \"rules\": [ "
110	" { \"match\": \"fred\","
111	" \"policy\": \"allow\","
112	" \"format\": \"exact\" } ],"
113	" \"policy\": \"deny\" }");
114	Error *local_err = NULL;
115
116	QAuthZListFile *auth = qauthz_list_file_new("auth0",
117	file, false,
118	&local_err);
119	unlink(file);
120	g_free(file);
121	g_assert(local_err == NULL);
122
123	g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
124
125	object_unparent(OBJECT(auth));
126	}
127
128
129	static void test_authz_complex(void)
130	{
131	gchar *file = qemu_authz_listfile_test_save(
132	"complex.cfg",
133	"{ \"rules\": [ "
134	" { \"match\": \"fred\","
135	" \"policy\": \"allow\","
136	" \"format\": \"exact\" },"
137	" { \"match\": \"bob\","
138	" \"policy\": \"allow\","
139	" \"format\": \"exact\" },"
140	" { \"match\": \"dan\","
141	" \"policy\": \"deny\","
142	" \"format\": \"exact\" },"
143	" { \"match\": \"dan*\","
144	" \"policy\": \"allow\","
145	" \"format\": \"glob\" } ],"
146	" \"policy\": \"deny\" }");
147
148	Error *local_err = NULL;
149
150	QAuthZListFile *auth = qauthz_list_file_new("auth0",
151	file, false,
152	&local_err);
153	unlink(file);
154	g_free(file);
155	g_assert(local_err == NULL);
156
157	g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
158	g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
159	g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
160	g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
161
162	object_unparent(OBJECT(auth));
163	}
164
165
166	int main(int argc, char **argv)
167	{
168	int ret;
169	GError *gerr = NULL;
170
171	g_test_init(&argc, &argv, NULL);
172
173	module_call_init(MODULE_INIT_QOM);
174
175	workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX",
176	&gerr);
177	if (!workdir) {
178	g_printerr("Unable to create temporary dir: %s\n",
179	gerr->message);
180	g_error_free(gerr);
181	abort();
182	}
183
184	g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
185	g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
186	g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
187	g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
188	g_test_add_func("/auth/list/complex", test_authz_complex);
189
190	ret = g_test_run();
191
192	rmdir(workdir);
193	g_free(workdir);
194
195	return ret;
196	}