test-authz-list.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
test-authz-list.c (6051B)
      1/*
      2 * QEMU list file authorization object tests
      3 *
      4 * Copyright (c) 2018 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#include "qemu/osdep.h"
     22
     23#include "authz/list.h"
     24#include "qemu/module.h"
     25
     26static void test_authz_default_deny(void)
     27{
     28    QAuthZList *auth = qauthz_list_new("auth0",
     29                                       QAUTHZ_LIST_POLICY_DENY,
     30                                       &error_abort);
     31
     32    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     33
     34    object_unparent(OBJECT(auth));
     35}
     36
     37static void test_authz_default_allow(void)
     38{
     39    QAuthZList *auth = qauthz_list_new("auth0",
     40                                       QAUTHZ_LIST_POLICY_ALLOW,
     41                                       &error_abort);
     42
     43    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     44
     45    object_unparent(OBJECT(auth));
     46}
     47
     48static void test_authz_explicit_deny(void)
     49{
     50    QAuthZList *auth = qauthz_list_new("auth0",
     51                                       QAUTHZ_LIST_POLICY_ALLOW,
     52                                       &error_abort);
     53
     54    qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_DENY,
     55                            QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     56
     57    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     58
     59    object_unparent(OBJECT(auth));
     60}
     61
     62static void test_authz_explicit_allow(void)
     63{
     64    QAuthZList *auth = qauthz_list_new("auth0",
     65                                       QAUTHZ_LIST_POLICY_DENY,
     66                                       &error_abort);
     67
     68    qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
     69                            QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     70
     71    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     72
     73    object_unparent(OBJECT(auth));
     74}
     75
     76
     77static void test_authz_complex(void)
     78{
     79    QAuthZList *auth = qauthz_list_new("auth0",
     80                                       QAUTHZ_LIST_POLICY_DENY,
     81                                       &error_abort);
     82
     83    qauthz_list_append_rule(auth, "fred", QAUTHZ_LIST_POLICY_ALLOW,
     84                            QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     85    qauthz_list_append_rule(auth, "bob", QAUTHZ_LIST_POLICY_ALLOW,
     86                            QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     87    qauthz_list_append_rule(auth, "dan", QAUTHZ_LIST_POLICY_DENY,
     88                            QAUTHZ_LIST_FORMAT_EXACT, &error_abort);
     89    qauthz_list_append_rule(auth, "dan*", QAUTHZ_LIST_POLICY_ALLOW,
     90                            QAUTHZ_LIST_FORMAT_GLOB, &error_abort);
     91
     92    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     93    g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
     94    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
     95    g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
     96
     97    object_unparent(OBJECT(auth));
     98}
     99
    100static void test_authz_add_remove(void)
    101{
    102    QAuthZList *auth = qauthz_list_new("auth0",
    103                                       QAUTHZ_LIST_POLICY_ALLOW,
    104                                       &error_abort);
    105
    106    g_assert_cmpint(qauthz_list_append_rule(auth, "fred",
    107                                            QAUTHZ_LIST_POLICY_ALLOW,
    108                                            QAUTHZ_LIST_FORMAT_EXACT,
    109                                            &error_abort),
    110                    ==, 0);
    111    g_assert_cmpint(qauthz_list_append_rule(auth, "bob",
    112                                            QAUTHZ_LIST_POLICY_ALLOW,
    113                                            QAUTHZ_LIST_FORMAT_EXACT,
    114                                            &error_abort),
    115                    ==, 1);
    116    g_assert_cmpint(qauthz_list_append_rule(auth, "dan",
    117                                            QAUTHZ_LIST_POLICY_DENY,
    118                                            QAUTHZ_LIST_FORMAT_EXACT,
    119                                            &error_abort),
    120                    ==, 2);
    121    g_assert_cmpint(qauthz_list_append_rule(auth, "frank",
    122                                            QAUTHZ_LIST_POLICY_DENY,
    123                                            QAUTHZ_LIST_FORMAT_EXACT,
    124                                            &error_abort),
    125                    ==, 3);
    126
    127    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    128
    129    g_assert_cmpint(qauthz_list_delete_rule(auth, "dan"),
    130                    ==, 2);
    131
    132    g_assert(qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    133
    134    g_assert_cmpint(qauthz_list_insert_rule(auth, "dan",
    135                                            QAUTHZ_LIST_POLICY_DENY,
    136                                            QAUTHZ_LIST_FORMAT_EXACT,
    137                                            2,
    138                                            &error_abort),
    139                    ==, 2);
    140
    141    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    142
    143    object_unparent(OBJECT(auth));
    144}
    145
    146int main(int argc, char **argv)
    147{
    148    g_test_init(&argc, &argv, NULL);
    149
    150    module_call_init(MODULE_INIT_QOM);
    151
    152    g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
    153    g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
    154    g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
    155    g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
    156    g_test_add_func("/auth/list/complex", test_authz_complex);
    157    g_test_add_func("/auth/list/add-remove", test_authz_add_remove);
    158
    159    return g_test_run();
    160}