test-authz-listfile.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
test-authz-listfile.c (5958B)
      1/*
      2 * QEMU list authorization object tests
      3 *
      4 * Copyright (c) 2018 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#include "qemu/osdep.h"
     22#include "qemu/main-loop.h"
     23#include "qemu/module.h"
     24#include "authz/listfile.h"
     25
     26static char *workdir;
     27
     28static gchar *qemu_authz_listfile_test_save(const gchar *name,
     29                                            const gchar *cfg)
     30{
     31    gchar *path = g_strdup_printf("%s/default-deny.cfg", workdir);
     32    GError *gerr = NULL;
     33
     34    if (!g_file_set_contents(path, cfg, -1, &gerr)) {
     35        g_printerr("Unable to save config %s: %s\n",
     36                   path, gerr->message);
     37        g_error_free(gerr);
     38        g_free(path);
     39        rmdir(workdir);
     40        abort();
     41    }
     42
     43    return path;
     44}
     45
     46static void test_authz_default_deny(void)
     47{
     48    gchar *file = qemu_authz_listfile_test_save(
     49        "default-deny.cfg",
     50        "{ \"policy\": \"deny\" }");
     51    Error *local_err = NULL;
     52
     53    QAuthZListFile *auth = qauthz_list_file_new("auth0",
     54                                                file, false,
     55                                                &local_err);
     56    unlink(file);
     57    g_free(file);
     58    g_assert(local_err == NULL);
     59    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     60
     61    object_unparent(OBJECT(auth));
     62}
     63
     64static void test_authz_default_allow(void)
     65{
     66    gchar *file = qemu_authz_listfile_test_save(
     67        "default-allow.cfg",
     68        "{ \"policy\": \"allow\" }");
     69    Error *local_err = NULL;
     70
     71    QAuthZListFile *auth = qauthz_list_file_new("auth0",
     72                                                file, false,
     73                                                &local_err);
     74    unlink(file);
     75    g_free(file);
     76    g_assert(local_err == NULL);
     77    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
     78
     79    object_unparent(OBJECT(auth));
     80}
     81
     82static void test_authz_explicit_deny(void)
     83{
     84    gchar *file = qemu_authz_listfile_test_save(
     85        "explicit-deny.cfg",
     86        "{ \"rules\": [ "
     87        "    { \"match\": \"fred\","
     88        "      \"policy\": \"deny\","
     89        "      \"format\": \"exact\" } ],"
     90        "  \"policy\": \"allow\" }");
     91    Error *local_err = NULL;
     92
     93    QAuthZListFile *auth = qauthz_list_file_new("auth0",
     94                                                file, false,
     95                                                &local_err);
     96    unlink(file);
     97    g_free(file);
     98    g_assert(local_err == NULL);
     99
    100    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
    101
    102    object_unparent(OBJECT(auth));
    103}
    104
    105static void test_authz_explicit_allow(void)
    106{
    107    gchar *file = qemu_authz_listfile_test_save(
    108        "explicit-allow.cfg",
    109        "{ \"rules\": [ "
    110        "    { \"match\": \"fred\","
    111        "      \"policy\": \"allow\","
    112        "      \"format\": \"exact\" } ],"
    113        "  \"policy\": \"deny\" }");
    114    Error *local_err = NULL;
    115
    116    QAuthZListFile *auth = qauthz_list_file_new("auth0",
    117                                                file, false,
    118                                                &local_err);
    119    unlink(file);
    120    g_free(file);
    121    g_assert(local_err == NULL);
    122
    123    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
    124
    125    object_unparent(OBJECT(auth));
    126}
    127
    128
    129static void test_authz_complex(void)
    130{
    131    gchar *file = qemu_authz_listfile_test_save(
    132        "complex.cfg",
    133        "{ \"rules\": [ "
    134        "    { \"match\": \"fred\","
    135        "      \"policy\": \"allow\","
    136        "      \"format\": \"exact\" },"
    137        "    { \"match\": \"bob\","
    138        "      \"policy\": \"allow\","
    139        "      \"format\": \"exact\" },"
    140        "    { \"match\": \"dan\","
    141        "      \"policy\": \"deny\","
    142        "      \"format\": \"exact\" },"
    143        "    { \"match\": \"dan*\","
    144        "      \"policy\": \"allow\","
    145        "      \"format\": \"glob\" } ],"
    146        "  \"policy\": \"deny\" }");
    147
    148    Error *local_err = NULL;
    149
    150    QAuthZListFile *auth = qauthz_list_file_new("auth0",
    151                                                file, false,
    152                                                &local_err);
    153    unlink(file);
    154    g_free(file);
    155    g_assert(local_err == NULL);
    156
    157    g_assert(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
    158    g_assert(qauthz_is_allowed(QAUTHZ(auth), "bob", &error_abort));
    159    g_assert(!qauthz_is_allowed(QAUTHZ(auth), "dan", &error_abort));
    160    g_assert(qauthz_is_allowed(QAUTHZ(auth), "danb", &error_abort));
    161
    162    object_unparent(OBJECT(auth));
    163}
    164
    165
    166int main(int argc, char **argv)
    167{
    168    int ret;
    169    GError *gerr = NULL;
    170
    171    g_test_init(&argc, &argv, NULL);
    172
    173    module_call_init(MODULE_INIT_QOM);
    174
    175    workdir = g_dir_make_tmp("qemu-test-authz-listfile-XXXXXX",
    176                             &gerr);
    177    if (!workdir) {
    178        g_printerr("Unable to create temporary dir: %s\n",
    179                   gerr->message);
    180        g_error_free(gerr);
    181        abort();
    182    }
    183
    184    g_test_add_func("/auth/list/default/deny", test_authz_default_deny);
    185    g_test_add_func("/auth/list/default/allow", test_authz_default_allow);
    186    g_test_add_func("/auth/list/explicit/deny", test_authz_explicit_deny);
    187    g_test_add_func("/auth/list/explicit/allow", test_authz_explicit_allow);
    188    g_test_add_func("/auth/list/complex", test_authz_complex);
    189
    190    ret = g_test_run();
    191
    192    rmdir(workdir);
    193    g_free(workdir);
    194
    195    return ret;
    196}