#include #include #include "acl.h" #include "util.h" START_TEST(test_null_acl) { struct acl *acl = acl_create(0, NULL, 0); fail_if(NULL == acl, "No acl alloced."); fail_unless(0 == acl->len, "Incorrect length"); } END_TEST START_TEST(test_parses_single_line) { char *lines[] = { "127.0.0.1" }; struct acl *acl = acl_create(1, lines, 0); fail_unless(1 == acl->len, "Incorrect length."); fail_if(NULL == acl->entries, "No entries present."); } END_TEST START_TEST(test_parses_multiple_lines) { char *lines[] = { "127.0.0.1", "::1" }; struct acl *acl = acl_create(2, lines, 0); union mysockaddr e0, e1; parse_ip_to_sockaddr(&e0.generic, lines[0]); parse_ip_to_sockaddr(&e1.generic, lines[1]); fail_unless(acl->len == 2, "Multiple lines not parsed"); struct ip_and_mask *entry; entry = &(*acl->entries)[0]; fail_unless(entry->ip.family == e0.family, "entry 0 has wrong family!"); entry = &(*acl->entries)[1]; fail_unless(entry->ip.family == e1.family, "entry 1 has wrong family!"); } END_TEST START_TEST(test_destroy_doesnt_crash) { char *lines[] = { "127.0.0.1" }; struct acl *acl = acl_create(1, lines, 0); acl_destroy(acl); } END_TEST START_TEST(test_includes_single_address) { char *lines[] = { "127.0.0.1" }; struct acl *acl = acl_create(1, lines, 0); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "127.0.0.1"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); } END_TEST START_TEST(test_includes_single_address_when_netmask_specified_ipv4) { char *lines[] = { "127.0.0.1/24" }; struct acl *acl = acl_create(1, lines, 0); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "127.0.0.0"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); parse_ip_to_sockaddr(&x.generic, "127.0.0.1"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); parse_ip_to_sockaddr(&x.generic, "127.0.0.255"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); } END_TEST START_TEST(test_includes_single_address_when_netmask_specified_ipv6) { char *lines[] = { "fe80::/10" }; struct acl *acl = acl_create(1, lines, 0); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "fe80::1"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); parse_ip_to_sockaddr(&x.generic, "fe80::2"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); parse_ip_to_sockaddr(&x.generic, "fe80:ffff:ffff::ffff"); fail_unless(acl_includes(acl, &x), "Included address wasn't covered"); } END_TEST START_TEST(test_includes_single_address_when_multiple_entries_exist) { char *lines[] = { "127.0.0.1", "::1" }; struct acl *acl = acl_create(2, lines, 0); union mysockaddr e0; union mysockaddr e1; parse_ip_to_sockaddr(&e0.generic, "127.0.0.1"); parse_ip_to_sockaddr(&e1.generic, "::1"); fail_unless(acl_includes(acl, &e0), "Included address 0 wasn't covered"); fail_unless(acl_includes(acl, &e1), "Included address 1 wasn't covered"); } END_TEST START_TEST(test_doesnt_include_other_address) { char *lines[] = { "127.0.0.1" }; struct acl *acl = acl_create(1, lines, 0); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "127.0.0.2"); fail_if(acl_includes(acl, &x), "Excluded address was covered."); } END_TEST START_TEST(test_doesnt_include_other_address_when_netmask_specified) { char *lines[] = { "127.0.0.1/32" }; struct acl *acl = acl_create(1, lines, 0); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "127.0.0.2"); fail_if(acl_includes(acl, &x), "Excluded address was covered."); } END_TEST START_TEST(test_doesnt_include_other_address_when_multiple_entries_exist) { char *lines[] = { "127.0.0.1", "::1" }; struct acl *acl = acl_create(2, lines, 0); union mysockaddr e0; union mysockaddr e1; parse_ip_to_sockaddr(&e0.generic, "127.0.0.2"); parse_ip_to_sockaddr(&e1.generic, "::2"); fail_if(acl_includes(acl, &e0), "Excluded address 0 was covered."); fail_if(acl_includes(acl, &e1), "Excluded address 1 was covered."); } END_TEST START_TEST(test_default_deny_rejects) { struct acl *acl = acl_create(0, NULL, 1); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "127.0.0.1"); fail_if(acl_includes(acl, &x), "Default deny accepted."); } END_TEST START_TEST(test_default_accept_rejects) { struct acl *acl = acl_create(0, NULL, 0); union mysockaddr x; parse_ip_to_sockaddr(&x.generic, "127.0.0.1"); fail_unless(acl_includes(acl, &x), "Default accept rejected."); } END_TEST Suite * acl_suite(void) { Suite *s = suite_create("acl"); TCase *tc_create = tcase_create("create"); TCase *tc_includes = tcase_create("includes"); TCase *tc_destroy = tcase_create("destroy"); tcase_add_test(tc_create, test_null_acl); tcase_add_test(tc_create, test_parses_single_line); tcase_add_test(tc_includes, test_parses_multiple_lines); tcase_add_test(tc_includes, test_includes_single_address); tcase_add_test(tc_includes, test_includes_single_address_when_netmask_specified_ipv4); tcase_add_test(tc_includes, test_includes_single_address_when_netmask_specified_ipv6); tcase_add_test(tc_includes, test_includes_single_address_when_multiple_entries_exist); tcase_add_test(tc_includes, test_doesnt_include_other_address); tcase_add_test(tc_includes, test_doesnt_include_other_address_when_netmask_specified); tcase_add_test(tc_includes, test_doesnt_include_other_address_when_multiple_entries_exist); tcase_add_test(tc_includes, test_default_deny_rejects); tcase_add_test(tc_includes, test_default_accept_rejects); tcase_add_test(tc_destroy, test_destroy_doesnt_crash); suite_add_tcase(s, tc_create); suite_add_tcase(s, tc_includes); suite_add_tcase(s, tc_destroy); return s; } int main(void) { #ifdef DEBUG log_level = 0; #else log_level = 2; #endif int number_failed; Suite *s = acl_suite(); SRunner *sr = srunner_create(s); srunner_run_all(sr, CK_NORMAL); log_level = 0; number_failed = srunner_ntests_failed(sr); srunner_free(sr); return (number_failed == 0) ? 0 : 1; }