]> Git Repo - qemu.git/blame - tests/test-authz-pam.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests/libqtest: Make qtest_qmp_device_add/del independent from global_qtest
[qemu.git] / tests / test-authz-pam.c
CommitLineData
8953caf3
DB		 1/*
2 * QEMU PAM authorization object tests
3 *
4 * Copyright (c) 2018 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21#include "qemu/osdep.h"
22#include "qapi/error.h"
0b8fa32f 23#include "qemu/module.h"
8953caf3
DB		 24#include "authz/pamacct.h"
25
26#include <security/pam_appl.h>
27
28static bool failauth;
29
30/*
31 * These two functions are exported by libpam.so.
32 *
33 * By defining them again here, our impls are resolved
34 * by the linker instead of those in libpam.so
35 *
36 * The test suite is thus isolated from the host system
37 * PAM setup, so we can do predictable test scenarios
38 */
39int
40pam_start(const char *service_name, const char *user,
41 const struct pam_conv *pam_conversation,
42 pam_handle_t **pamh)
43{
44 failauth = true;
45 if (!g_str_equal(service_name, "qemu-vnc")) {
46 return PAM_AUTH_ERR;
47 }
48
49 if (g_str_equal(user, "fred")) {
50 failauth = false;
51 }
52
53 return PAM_SUCCESS;
54}
55
56
57int
58pam_acct_mgmt(pam_handle_t *pamh, int flags)
59{
60 if (failauth) {
61 return PAM_AUTH_ERR;
62 }
63
64 return PAM_SUCCESS;
65}
66
67
68static void test_authz_unknown_service(void)
69{
70 Error *local_err = NULL;
71 QAuthZPAM *auth = qauthz_pam_new("auth0",
72 "qemu-does-not-exist",
73 &error_abort);
74
75 g_assert_nonnull(auth);
76
77 g_assert_false(qauthz_is_allowed(QAUTHZ(auth), "fred", &local_err));
78
79 error_free_or_abort(&local_err);
80 object_unparent(OBJECT(auth));
81}
82
83
84static void test_authz_good_user(void)
85{
86 QAuthZPAM *auth = qauthz_pam_new("auth0",
87 "qemu-vnc",
88 &error_abort);
89
90 g_assert_nonnull(auth);
91
92 g_assert_true(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
93
94 object_unparent(OBJECT(auth));
95}
96
97
98static void test_authz_bad_user(void)
99{
100 Error *local_err = NULL;
101 QAuthZPAM *auth = qauthz_pam_new("auth0",
102 "qemu-vnc",
103 &error_abort);
104
105 g_assert_nonnull(auth);
106
107 g_assert_false(qauthz_is_allowed(QAUTHZ(auth), "bob", &local_err));
108
109 error_free_or_abort(&local_err);
110 object_unparent(OBJECT(auth));
111}
112
113
114int main(int argc, char **argv)
115{
116 g_test_init(&argc, &argv, NULL);
117
118 module_call_init(MODULE_INIT_QOM);
119
120 g_test_add_func("/auth/pam/unknown-service", test_authz_unknown_service);
121 g_test_add_func("/auth/pam/good-user", test_authz_good_user);
122 g_test_add_func("/auth/pam/bad-user", test_authz_bad_user);
123
124 return g_test_run();
125}
Empty description
This page took 0.093865 seconds and 4 git commands to generate.