flexnbd-c/tests/unit/check_acl.c

#include <check.h>
#include <stdio.h>

#include "acl.h"
#include "util.h"

START_TEST( test_null_acl )
{
	struct acl *acl = acl_create( 0,NULL, 0 );

	fail_if( NULL == acl, "No acl alloced." );
	fail_unless( 0 == acl->len, "Incorrect length" );
}
END_TEST


START_TEST( test_parses_single_line )
{
	char *lines[] = {"127.0.0.1"};
	struct acl * acl = acl_create( 1, lines, 0 );

	fail_unless( 1 == acl->len, "Incorrect length." );
	fail_if( NULL == acl->entries, "No entries present." );
}
END_TEST

START_TEST( test_parses_multiple_lines )
{
	char *lines[] = {"127.0.0.1", "::1"};
	struct acl * acl = acl_create( 2, lines, 0 );
	union mysockaddr e0, e1;

	parse_ip_to_sockaddr( &e0.generic, lines[0] );
	parse_ip_to_sockaddr( &e1.generic, lines[1] );

	fail_unless( acl->len == 2, "Multiple lines not parsed" );

	struct ip_and_mask *entry;
	entry = &(*acl->entries)[0];
	fail_unless(entry->ip.family == e0.family, "entry 0 has wrong family!");
	entry = &(*acl->entries)[1];
	fail_unless(entry->ip.family == e1.family, "entry 1 has wrong family!");
}
END_TEST

START_TEST( test_destroy_doesnt_crash )
{
	char *lines[] = {"127.0.0.1"};
	struct acl * acl = acl_create( 1, lines, 0 );

	acl_destroy( acl );
}
END_TEST


START_TEST( test_includes_single_address )
{
	char *lines[] = {"127.0.0.1"};
	struct acl * acl = acl_create( 1, lines, 0 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );

	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );
}
END_TEST

START_TEST( test_includes_single_address_when_netmask_specified_ipv4 )
{
	char *lines[] = {"127.0.0.1/24"};
	struct acl * acl = acl_create( 1, lines, 0 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "127.0.0.0" );
	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );

	parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );
	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );

	parse_ip_to_sockaddr( &x.generic, "127.0.0.255" );
	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );
}
END_TEST

START_TEST( test_includes_single_address_when_netmask_specified_ipv6 )
{
	char *lines[] = {"fe80::/10"};
	struct acl * acl = acl_create( 1, lines, 0 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "fe80::1" );
	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );

	parse_ip_to_sockaddr( &x.generic, "fe80::2" );
	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );

	parse_ip_to_sockaddr( &x.generic, "fe80:ffff:ffff::ffff" );
	fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );
}
END_TEST

START_TEST( test_includes_single_address_when_multiple_entries_exist )
{
	char *lines[] = {"127.0.0.1", "::1"};
	struct acl * acl = acl_create( 2, lines, 0 );
	union mysockaddr e0;
	union mysockaddr e1;

	parse_ip_to_sockaddr( &e0.generic, "127.0.0.1" );
	parse_ip_to_sockaddr( &e1.generic, "::1" );

	fail_unless( acl_includes( acl, &e0 ), "Included address 0 wasn't covered" );
	fail_unless( acl_includes( acl, &e1 ), "Included address 1 wasn't covered" );
}
END_TEST


START_TEST( test_doesnt_include_other_address )
{
	char *lines[] = {"127.0.0.1"};
	struct acl * acl  = acl_create( 1, lines, 0 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "127.0.0.2" );
	fail_if( acl_includes( acl, &x ), "Excluded address was covered." );
}
END_TEST

START_TEST( test_doesnt_include_other_address_when_netmask_specified )
{
	char *lines[] = {"127.0.0.1/32"};
	struct acl * acl  = acl_create( 1, lines, 0 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "127.0.0.2" );
	fail_if( acl_includes( acl, &x ), "Excluded address was covered." );
}
END_TEST

START_TEST( test_doesnt_include_other_address_when_multiple_entries_exist )
{
	char *lines[] = {"127.0.0.1", "::1"};
	struct acl * acl  = acl_create( 2, lines, 0 );
	union mysockaddr e0;
	union mysockaddr e1;

	parse_ip_to_sockaddr( &e0.generic, "127.0.0.2" );
	parse_ip_to_sockaddr( &e1.generic, "::2" );

	fail_if( acl_includes( acl, &e0 ), "Excluded address 0 was covered." );
	fail_if( acl_includes( acl, &e1 ), "Excluded address 1 was covered." );
}
END_TEST

START_TEST( test_default_deny_rejects )
{
	struct acl * acl = acl_create( 0, NULL, 1 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );

	fail_if( acl_includes( acl, &x ), "Default deny accepted." );
}
END_TEST


START_TEST( test_default_accept_rejects )
{
	struct acl * acl = acl_create( 0, NULL, 0 );
	union mysockaddr x;

	parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );

	fail_unless( acl_includes( acl, &x ), "Default accept rejected." );
}
END_TEST


Suite* acl_suite(void)
{
	Suite *s = suite_create("acl");
	TCase *tc_create = tcase_create("create");
	TCase *tc_includes = tcase_create("includes");
	TCase *tc_destroy = tcase_create("destroy");


	tcase_add_test(tc_create, test_null_acl);
	tcase_add_test(tc_create, test_parses_single_line);
	tcase_add_test(tc_includes, test_parses_multiple_lines);

	tcase_add_test(tc_includes, test_includes_single_address);
	tcase_add_test(tc_includes, test_includes_single_address_when_netmask_specified_ipv4);
	tcase_add_test(tc_includes, test_includes_single_address_when_netmask_specified_ipv6);

	tcase_add_test(tc_includes, test_includes_single_address_when_multiple_entries_exist);

	tcase_add_test(tc_includes, test_doesnt_include_other_address);
	tcase_add_test(tc_includes, test_doesnt_include_other_address_when_netmask_specified);
	tcase_add_test(tc_includes, test_doesnt_include_other_address_when_multiple_entries_exist);

	tcase_add_test(tc_includes, test_default_deny_rejects);
	tcase_add_test(tc_includes, test_default_accept_rejects);

	tcase_add_test(tc_destroy, test_destroy_doesnt_crash);

	suite_add_tcase(s, tc_create);
	suite_add_tcase(s, tc_includes);
	suite_add_tcase(s, tc_destroy);

	return s;
}

int main(void)
{
#ifdef DEBUG
	log_level = 0;
#else
	log_level = 2;
#endif
	int number_failed;
	Suite *s = acl_suite();
	SRunner *sr = srunner_create(s);
	srunner_run_all(sr, CK_NORMAL);
	log_level = 0;
	number_failed = srunner_ntests_failed(sr);
	srunner_free(sr);
	return (number_failed == 0) ? 0 : 1;
}
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`#include <check.h>`
			`#include <stdio.h>`

			`#include "acl.h"`
Rewrote error & log functions to be more general, use longjmp to get out of trouble and into predictable cleanup functions (one for each of serve, client & control contexts). We use 'fatal' to mean 'kill the thread' and 'error' to mean 'don't kill the thread', assuming some recovery action, except I don't use error anywhere yet. 2012-06-09 02:25:12 +01:00			`#include "util.h"`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00
			`START_TEST( test_null_acl )`
			`{`
			`struct acl *acl = acl_create( 0,NULL, 0 );`

			`fail_if( NULL == acl, "No acl alloced." );`
			`fail_unless( 0 == acl->len, "Incorrect length" );`
			`}`
			`END_TEST`


			`START_TEST( test_parses_single_line )`
			`{`
			`char *lines[] = {"127.0.0.1"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`

			`fail_unless( 1 == acl->len, "Incorrect length." );`
			`fail_if( NULL == acl->entries, "No entries present." );`
			`}`
			`END_TEST`

Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`START_TEST( test_parses_multiple_lines )`
			`{`
			`char *lines[] = {"127.0.0.1", "::1"};`
			`struct acl * acl = acl_create( 2, lines, 0 );`
			`union mysockaddr e0, e1;`

			`parse_ip_to_sockaddr( &e0.generic, lines[0] );`
			`parse_ip_to_sockaddr( &e1.generic, lines[1] );`

			`fail_unless( acl->len == 2, "Multiple lines not parsed" );`

			`struct ip_and_mask *entry;`
			`entry = &(*acl->entries)[0];`
			`fail_unless(entry->ip.family == e0.family, "entry 0 has wrong family!");`
			`entry = &(*acl->entries)[1];`
			`fail_unless(entry->ip.family == e1.family, "entry 1 has wrong family!");`
			`}`
			`END_TEST`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00
			`START_TEST( test_destroy_doesnt_crash )`
			`{`
			`char *lines[] = {"127.0.0.1"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`

			`acl_destroy( acl );`
			`}`
			`END_TEST`


			`START_TEST( test_includes_single_address )`
			`{`
			`char *lines[] = {"127.0.0.1"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`
			`union mysockaddr x;`
Whitespace 2012-06-11 13:05:22 +01:00
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );`

			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`
			`}`
			`END_TEST`

Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`START_TEST( test_includes_single_address_when_netmask_specified_ipv4 )`
			`{`
			`char *lines[] = {"127.0.0.1/24"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`
			`union mysockaddr x;`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.0" );`
			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );`
			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.255" );`
			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`
			`}`
			`END_TEST`

			`START_TEST( test_includes_single_address_when_netmask_specified_ipv6 )`
			`{`
			`char *lines[] = {"fe80::/10"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`
			`union mysockaddr x;`

			`parse_ip_to_sockaddr( &x.generic, "fe80::1" );`
			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`

			`parse_ip_to_sockaddr( &x.generic, "fe80::2" );`
			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`

			`parse_ip_to_sockaddr( &x.generic, "fe80:ffff:ffff::ffff" );`
			`fail_unless( acl_includes( acl, &x ), "Included address wasn't covered" );`
			`}`
			`END_TEST`

			`START_TEST( test_includes_single_address_when_multiple_entries_exist )`
			`{`
			`char *lines[] = {"127.0.0.1", "::1"};`
			`struct acl * acl = acl_create( 2, lines, 0 );`
			`union mysockaddr e0;`
			`union mysockaddr e1;`

			`parse_ip_to_sockaddr( &e0.generic, "127.0.0.1" );`
			`parse_ip_to_sockaddr( &e1.generic, "::1" );`

			`fail_unless( acl_includes( acl, &e0 ), "Included address 0 wasn't covered" );`
			`fail_unless( acl_includes( acl, &e1 ), "Included address 1 wasn't covered" );`
			`}`
			`END_TEST`

Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00
			`START_TEST( test_doesnt_include_other_address )`
			`{`
			`char *lines[] = {"127.0.0.1"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`
			`union mysockaddr x;`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.2" );`
			`fail_if( acl_includes( acl, &x ), "Excluded address was covered." );`
			`}`
			`END_TEST`

Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`START_TEST( test_doesnt_include_other_address_when_netmask_specified )`
			`{`
			`char *lines[] = {"127.0.0.1/32"};`
			`struct acl * acl = acl_create( 1, lines, 0 );`
			`union mysockaddr x;`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.2" );`
			`fail_if( acl_includes( acl, &x ), "Excluded address was covered." );`
			`}`
			`END_TEST`

			`START_TEST( test_doesnt_include_other_address_when_multiple_entries_exist )`
			`{`
			`char *lines[] = {"127.0.0.1", "::1"};`
			`struct acl * acl = acl_create( 2, lines, 0 );`
			`union mysockaddr e0;`
			`union mysockaddr e1;`

			`parse_ip_to_sockaddr( &e0.generic, "127.0.0.2" );`
			`parse_ip_to_sockaddr( &e1.generic, "::2" );`

			`fail_if( acl_includes( acl, &e0 ), "Excluded address 0 was covered." );`
			`fail_if( acl_includes( acl, &e1 ), "Excluded address 1 was covered." );`
			`}`
			`END_TEST`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00
			`START_TEST( test_default_deny_rejects )`
			`{`
			`struct acl * acl = acl_create( 0, NULL, 1 );`
			`union mysockaddr x;`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );`

			`fail_if( acl_includes( acl, &x ), "Default deny accepted." );`
			`}`
			`END_TEST`


			`START_TEST( test_default_accept_rejects )`
			`{`
			`struct acl * acl = acl_create( 0, NULL, 0 );`
			`union mysockaddr x;`

			`parse_ip_to_sockaddr( &x.generic, "127.0.0.1" );`

			`fail_unless( acl_includes( acl, &x ), "Default accept rejected." );`
			`}`
			`END_TEST`


Make the compiler stricter and tidy up code to make the subsequent errors and warnings go away 2012-06-11 13:57:03 +01:00			`Suite* acl_suite(void)`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`{`
			`Suite *s = suite_create("acl");`
			`TCase *tc_create = tcase_create("create");`
			`TCase *tc_includes = tcase_create("includes");`
			`TCase *tc_destroy = tcase_create("destroy");`
Whitespace 2012-06-11 13:05:22 +01:00

Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`tcase_add_test(tc_create, test_null_acl);`
			`tcase_add_test(tc_create, test_parses_single_line);`
Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`tcase_add_test(tc_includes, test_parses_multiple_lines);`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00
			`tcase_add_test(tc_includes, test_includes_single_address);`
Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`tcase_add_test(tc_includes, test_includes_single_address_when_netmask_specified_ipv4);`
			`tcase_add_test(tc_includes, test_includes_single_address_when_netmask_specified_ipv6);`

			`tcase_add_test(tc_includes, test_includes_single_address_when_multiple_entries_exist);`

Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`tcase_add_test(tc_includes, test_doesnt_include_other_address);`
Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`tcase_add_test(tc_includes, test_doesnt_include_other_address_when_netmask_specified);`
			`tcase_add_test(tc_includes, test_doesnt_include_other_address_when_multiple_entries_exist);`

Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`tcase_add_test(tc_includes, test_default_deny_rejects);`
			`tcase_add_test(tc_includes, test_default_accept_rejects);`

			`tcase_add_test(tc_destroy, test_destroy_doesnt_crash);`

			`suite_add_tcase(s, tc_create);`
			`suite_add_tcase(s, tc_includes);`
			`suite_add_tcase(s, tc_destroy);`

			`return s;`
			`}`

			`int main(void)`
			`{`
check_acl correctly sets log_level 2012-06-27 16:18:38 +01:00			`#ifdef DEBUG`
Fix handling ACLs where > 1 entry exists 2012-06-11 12:56:45 +01:00			`log_level = 0;`
check_acl correctly sets log_level 2012-06-27 16:18:38 +01:00			`#else`
			`log_level = 2;`
			`#endif`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`int number_failed;`
			`Suite *s = acl_suite();`
			`SRunner *sr = srunner_create(s);`
			`srunner_run_all(sr, CK_NORMAL);`
Rewrote error & log functions to be more general, use longjmp to get out of trouble and into predictable cleanup functions (one for each of serve, client & control contexts). We use 'fatal' to mean 'kill the thread' and 'error' to mean 'don't kill the thread', assuming some recovery action, except I don't use error anywhere yet. 2012-06-09 02:25:12 +01:00			`log_level = 0;`
Pull ACLs into their own struct 2012-06-07 17:47:43 +01:00			`number_failed = srunner_ntests_failed(sr);`
			`srunner_free(sr);`
			`return (number_failed == 0) ? 0 : 1;`
			`}`