projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'cynara' into tizen
[platform/core/test/security-tests.git] / tests / cynara-tests / test_cases.cpp
1 /*
2  * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 /*
18  * @file        test_cases.cpp
19  * @author      Aleksander Zdyb <a.zdyb@partner.samsung.com>
20  * @author      Marcin Niesluchowski <m.niesluchow@samsung.com>
21  * @author      Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
22  * @version     1.1
23  * @brief       Tests for libcynara-client and libcynara-admin
24  */
25
26 #include <cynara_test_commons.h>
27
28 #include <tests_common.h>
29 #include <cynara_test_client.h>
30 #include <cynara_test_admin.h>
31
32 #include <climits>
33
34 void tc01_cynara_initialize_func()
35 {
36     CynaraTestClient();
37 }
38
39 void tc02_admin_initialize_func()
40 {
41     CynaraTestAdmin admin;
42 }
43
44 void tc03_cynara_check_invalid_params_func()
45 {
46     CynaraTestClient cynara;
47
48     const char *client = "client03";
49     const char *user = "user03";
50     const char *privilege = "privilege03";
51     const char *session = "session03";
52
53     cynara.check(nullptr, session, user,    privilege, CYNARA_API_INVALID_PARAM);
54     cynara.check(client,  nullptr, user,    privilege, CYNARA_API_INVALID_PARAM);
55     cynara.check(client,  session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
56     cynara.check(client,  session, user,    nullptr,   CYNARA_API_INVALID_PARAM);
57 }
58
59 void checkInvalidPolicy(CynaraTestAdmin &admin,
60                         const char *bucket,
61                         const char *client,
62                         const char *user,
63                         const char *privilege,
64                         const int result,
65                         const char *resultExtra)
66 {
67     CynaraPoliciesContainer cp;
68     cp.add(bucket, client, user, privilege, result, resultExtra);
69
70     admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
71 }
72
73 void tc04_admin_set_policies_invalid_params_func()
74 {
75     CynaraTestAdmin admin;
76
77     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
78     const char *client = "client04";
79     const char *user = "user04";
80     const char *privilege = "privilege04";
81     const int resultAllow = CYNARA_ADMIN_ALLOW;
82     const int resultBucket = CYNARA_ADMIN_BUCKET;
83     const int resultNone = CYNARA_ADMIN_NONE;
84     const char *resultExtra = nullptr;
85
86     checkInvalidPolicy(admin, nullptr, client,  user,    privilege, resultAllow,  resultExtra);
87     checkInvalidPolicy(admin, bucket,  nullptr, user,    privilege, resultAllow,  resultExtra);
88     checkInvalidPolicy(admin, bucket,  client,  nullptr, privilege, resultAllow,  resultExtra);
89     checkInvalidPolicy(admin, bucket,  client,  user,    nullptr,   resultAllow,  resultExtra);
90     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, INT_MAX,      resultExtra);
91     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, resultBucket, nullptr    );
92     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, resultNone,   resultExtra);
93 }
94
95 void tc05_admin_set_bucket_invalid_params_func()
96 {
97     CynaraTestAdmin admin;
98
99     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
100     const int operationAllow = CYNARA_ADMIN_ALLOW;
101     const int operationDelete = CYNARA_ADMIN_DELETE;
102     const int operationNone = CYNARA_ADMIN_NONE;
103     const char *extra = nullptr;
104
105     admin.setBucket(nullptr, operationAllow,   extra, CYNARA_API_INVALID_PARAM);
106     admin.setBucket(bucket,  INT_MAX,          extra, CYNARA_API_INVALID_PARAM);
107     admin.setBucket(bucket,  operationDelete,  extra, CYNARA_API_OPERATION_NOT_ALLOWED);
108     admin.setBucket(bucket,  operationNone,    extra, CYNARA_API_OPERATION_NOT_ALLOWED);
109 }
110
111 void tc06_cynara_check_empty_admin1_func()
112 {
113     CynaraTestClient cynara;
114
115     const char *client = "client06_1";
116     const char *session = "session06_1";
117     const char *user = "user06_1";
118     const char *privilege = "privilege06_1";
119
120     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
121 }
122
123 void tc06_cynara_check_empty_admin2_func()
124 {
125     CynaraTestClient cynara;
126
127     const char *client = CYNARA_ADMIN_WILDCARD;
128     const char *session = "session06_2";
129     const char *user = CYNARA_ADMIN_WILDCARD;
130     const char *privilege = CYNARA_ADMIN_WILDCARD;
131
132     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
133 }
134
135 void tc07_admin_set_bucket_admin_allow_deny_func()
136 {
137     CynaraTestAdmin admin;
138     CynaraTestClient cynara;
139
140     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
141     const char *client = "client07";
142     const char *session = "session07";
143     const char *user = "user07";
144     const char *privilege = "privilege07";
145     const char *extra = nullptr;
146
147     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
148
149     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
150
151     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
152
153     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
154 }
155
156 void tc08_admin_set_policies_allow_remove1_func()
157 {
158     CynaraTestAdmin admin;
159     CynaraTestClient cynara;
160
161     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
162     const char *session = "session08_1";
163     const int resultAllow = CYNARA_ADMIN_ALLOW;
164     const int resultDelete = CYNARA_ADMIN_DELETE;
165     const char *resultExtra = nullptr;
166
167     const std::vector< std::vector<const char *> > data = {
168         { "client08_1_a", "user08_1_a", "privilege08_1_a" },
169         { "client08_1_b", "user08_1_b", "privilege08_1_b" },
170     };
171
172     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
173     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
174
175     // allow first policy
176     {
177         CynaraPoliciesContainer cp;
178         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
179         admin.setPolicies(cp);
180     }
181     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
182     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
183
184     // allow second policy
185     {
186         CynaraPoliciesContainer cp;
187         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
188         admin.setPolicies(cp);
189     }
190     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
191     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
192
193     // delete first policy
194     {
195         CynaraPoliciesContainer cp;
196         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
197         admin.setPolicies(cp);
198     }
199     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
200     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
201
202     // delete second policy
203     {
204         CynaraPoliciesContainer cp;
205         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
206         admin.setPolicies(cp);
207     }
208     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
209     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
210 }
211
212 void tc08_admin_set_policies_allow_remove2_func()
213 {
214     CynaraTestAdmin admin;
215     CynaraTestClient cynara;
216
217     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
218     const char *session = "session08_2";
219     const int resultAllow = CYNARA_ADMIN_ALLOW;
220     const int resultDelete = CYNARA_ADMIN_DELETE;
221     const char *resultExtra = nullptr;
222
223     const std::vector< std::vector<const char *> > data = {
224         { "client08_2_a", "user08_2_a", "privilege08_2_a" },
225         { "client08_2_b", "user08_2_b", "privilege08_2_b" },
226     };
227
228     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
229     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
230
231     // allow first policy
232     {
233         CynaraPoliciesContainer cp;
234         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
235         admin.setPolicies(cp);
236     }
237     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
238     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
239
240     // delete first, allow second policy
241     {
242         CynaraPoliciesContainer cp;
243         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
244         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
245         admin.setPolicies(cp);
246     }
247     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
248     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
249
250     // delete second policy
251     {
252         CynaraPoliciesContainer cp;
253         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
254         admin.setPolicies(cp);
255     }
256
257     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
258     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
259 }
260
261 void tc08_admin_set_policies_allow_remove3_func()
262 {
263     CynaraTestAdmin admin;
264     CynaraTestClient cynara;
265
266     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
267     const char *session = "session08_3";
268     const int resultAllow = CYNARA_ADMIN_ALLOW;
269     const int resultDelete = CYNARA_ADMIN_DELETE;
270     const char *resultExtra = nullptr;
271
272     const std::vector< std::vector<const char *> > data = {
273         { "client08_3_a", "user08_3_a", "privilege08_3_a" },
274         { "client08_3_b", "user08_3_b", "privilege08_3_b" },
275     };
276
277     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
278     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
279
280     // allow first and second policy
281     {
282         CynaraPoliciesContainer cp;
283         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
284         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
285         admin.setPolicies(cp);
286     }
287     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
288     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
289
290     // delete first and second policy
291     {
292         CynaraPoliciesContainer cp;
293         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
294         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
295         admin.setPolicies(cp);
296     }
297
298     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
299     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
300 }
301
302 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
303                   const char *session)
304 {
305     CynaraTestClient cynara;
306
307     for (auto it = data.begin(); it != data.end(); ++it) {
308         RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
309     }
310
311     for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
312         for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
313             for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
314                 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
315             }
316         }
317     }
318 }
319
320 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
321 {
322     RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
323     for (auto it = data.begin(); it != data.end(); ++it) {
324         RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
325     }
326 }
327
328 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
329                                       const char *session)
330 {
331     CynaraTestClient cynara;
332
333     checkSingleWildcardData(data);
334
335     for (size_t c = 0; c < data.size(); ++c) {
336         for (size_t u = 0; u < data.size(); ++u) {
337             for (size_t p = 0; p < data.size(); ++p) {
338                 if ((u == 0 && p == 0)
339                  || (c == 1 && p == 1)
340                  || (c == 2 && u == 2)) {
341                     cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
342                 } else {
343                     cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
344                 }
345             }
346         }
347     }
348 }
349
350 void setSingleWildcardPolicies(const char *bucket,
351                                const std::vector< std::vector<const char *> > &data,
352                                const int result, const char* resultExtra)
353 {
354     CynaraTestAdmin admin;
355     CynaraPoliciesContainer cp;
356
357     checkSingleWildcardData(data);
358
359     cp.add(bucket,
360            CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
361            result, resultExtra);
362     cp.add(bucket,
363            data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
364            result, resultExtra);
365     cp.add(bucket,
366            data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
367            result, resultExtra);
368
369     admin.setPolicies(cp);
370 }
371
372 void tc09_admin_set_policies_wildcard_accesses_func()
373 {
374     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
375     const char *session = "session09";
376     const char *resultExtra = nullptr;
377
378     const std::vector< std::vector<const char *> > data = {
379         { "client09_a", "user09_a", "privilege09_a" },
380         { "client09_b", "user09_b", "privilege09_b" },
381         { "client09_c", "user09_c", "privilege09_c" }
382     };
383
384     checkAllDeny(data, session);
385
386     setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
387
388     checkSingleWildcardAllowRestDeny(data, session);
389
390     setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
391
392     checkAllDeny(data, session);
393 }
394
395 void tc10_admin_change_extra_bucket_func()
396 {
397     CynaraTestAdmin admin;
398     CynaraTestClient cynara;
399
400     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
401     const char *bucket = "bucket10";
402     const char *session = "session10";
403     const char *extra = nullptr;
404     const char *extraResult = nullptr;
405
406
407     const std::vector< std::vector<const char *> > data = {
408         { "client10_a", "user10_a", "privilege10_a" },
409         { "client10_b", "user10_b", "privilege10_b" }
410     };
411
412     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
413     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
414
415     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
416
417     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
418     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
419
420     {
421         CynaraPoliciesContainer cp;
422         cp.add(bucketDefault,
423                data[0][0], data[0][1], data[0][2],
424                CYNARA_ADMIN_BUCKET, bucket);
425         admin.setPolicies(cp);
426     }
427
428     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
429     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
430
431     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
432
433     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
434     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
435
436     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
437
438     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
439     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
440
441     {
442         CynaraPoliciesContainer cp;
443         cp.add(bucketDefault,
444                data[0][0], data[0][1], data[0][2],
445                CYNARA_ADMIN_DELETE, extraResult);
446         admin.setPolicies(cp);
447     }
448
449     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
450     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
451
452     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
453 }
454
455 void tc11_admin_bucket_not_found_func()
456 {
457     CynaraTestAdmin admin;
458     CynaraTestClient cynara;
459
460     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
461     const char *bucket = "bucket11";
462     const char *client = "client11";
463     const char *session = "session11";
464     const char *user = "user11";
465     const char *privilege = "privilege11";
466
467     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
468
469     {
470         CynaraPoliciesContainer cp;
471         cp.add(bucketDefault,
472                client, user, privilege,
473                CYNARA_ADMIN_BUCKET, bucket);
474         admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
475     }
476     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
477 }
478
479 void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
480 {
481     CynaraTestAdmin admin;
482     CynaraTestClient cynara;
483
484     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
485     const char *bucket = "bucket12";
486     const char *client = "client12";
487     const char *session = "session12";
488     const char *user = "user12";
489     const char *privilege = "privilege12";
490     const char *extra = nullptr;
491
492     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
493
494     {
495         CynaraPoliciesContainer cp;
496         cp.add(bucketDefault,
497                client, user, privilege,
498                CYNARA_ADMIN_BUCKET, bucket);
499         admin.setPolicies(cp);
500     }
501     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
502
503     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
504     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
505
506     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
507     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
508
509     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
510     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
511 }
512
513 void tc13_admin_set_policies_to_extra_bucket_func()
514 {
515     CynaraTestAdmin admin;
516     CynaraTestClient cynara;
517
518     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
519     const char *bucket = "bucket13";
520     const char *client = "client13";
521     const char *session = "session13";
522     const char *user = "user13";
523     const char *privilege = "privilege13";
524     const char *extra = nullptr;
525     const char *extraResult = nullptr;
526
527     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
528     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
529
530     {
531         CynaraPoliciesContainer cp;
532         cp.add(bucketDefault,
533                client, user, privilege,
534                CYNARA_ADMIN_BUCKET, bucket);
535         cp.add(bucket,
536                client, user, privilege,
537                CYNARA_ADMIN_ALLOW, extraResult);
538         admin.setPolicies(cp);
539     }
540     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
541
542     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
543     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
544 }
545
546 void tc14_admin_set_policies_integrity_func()
547 {
548     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
549     const char *bucket = "bucket14";
550     const char *client = "client14";
551     const char *session = "session14";
552     const char *user = "user14";
553     const char *privilege = "privilege14";
554     const char *extraResult = nullptr;
555
556     {
557         CynaraTestClient cynara;
558         cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
559     }
560
561     {
562         CynaraTestAdmin admin;
563         CynaraPoliciesContainer cp;
564         cp.add(bucketDefault,
565                client, user, privilege,
566                CYNARA_ADMIN_ALLOW, extraResult);
567         cp.add(bucket,
568                client, user, privilege,
569                CYNARA_ADMIN_ALLOW, extraResult);
570         admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
571     }
572
573     {
574         CynaraTestClient cynara;
575         cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
576     }
577 }
578
579 void tc15_admin_set_bucket_admin_none1_func()
580 {
581     CynaraTestAdmin admin;
582     CynaraTestClient cynara;
583
584     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
585     const char *bucket = "bucket15_1";
586     const char *client = "client15_1";
587     const char *session = "session15_1";
588     const char *user = "user15_1";
589     const char *privilege = "privilege15_1";
590     const char *extra = nullptr;
591     const char *extraResult = nullptr;
592
593     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
594
595     {
596         CynaraPoliciesContainer cp;
597         cp.add(bucketDefault,
598                client, user, privilege,
599                CYNARA_ADMIN_BUCKET, bucket);
600         cp.add(bucket,
601                client, user, privilege,
602                CYNARA_ADMIN_ALLOW, extraResult);
603         admin.setPolicies(cp);
604     }
605     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
606 }
607
608 void tc15_admin_set_bucket_admin_none2_func()
609 {
610     CynaraTestAdmin admin;
611     CynaraTestClient cynara;
612
613     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
614     const char *bucket = "bucket15_2";
615     const char *client = "client15_2";
616     const char *session = "session15_2";
617     const char *user = "user15_2";
618     const char *privilege = "privilege15_2";
619     const char *extra = nullptr;
620
621     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
622
623     {
624         CynaraPoliciesContainer cp;
625         cp.add(bucketDefault,
626                client, user, privilege,
627                CYNARA_ADMIN_BUCKET, bucket);
628         admin.setPolicies(cp);
629     }
630     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
631 }
632
633 void tc15_admin_set_bucket_admin_none3_func()
634 {
635     CynaraTestAdmin admin;
636     CynaraTestClient cynara;
637
638     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
639     const char *bucket = "bucket15_3";
640     const char *client = "client15_3";
641     const char *session = "session15_3";
642     const char *user = "user15_3";
643     const char *privilege = "privilege15_3";
644     const char *extra = nullptr;
645     const char *extraResult = nullptr;
646
647     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
648
649     {
650         CynaraPoliciesContainer cp;
651         cp.add(bucketDefault,
652                client, user, privilege,
653                CYNARA_ADMIN_BUCKET, bucket);
654         cp.add(bucketDefault,
655                client, user, CYNARA_ADMIN_WILDCARD,
656                CYNARA_ADMIN_ALLOW, extraResult);
657         admin.setPolicies(cp);
658     }
659     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
660 }
661
662 void tc16_admin_check_single_bucket_func()
663 {
664     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
665     const char *client = "client16";
666     const char *user = "user16";
667     const char *privilege = "privilege16";
668     const char *extraResult = nullptr;
669     int recursive = 1;
670     int notrecursive = 0;
671
672     CynaraTestAdmin admin;
673
674     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
675                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
676     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
677                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
678
679     CynaraPoliciesContainer cp;
680     cp.add(bucketDefault,
681            client, user, privilege,
682            CYNARA_ADMIN_ALLOW, extraResult);
683     admin.setPolicies(cp);
684
685     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
686                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
687     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
688                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
689 }
690
691 void tc17_admin_check_nested_bucket_func()
692 {
693     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
694     const char *bucket = "bucket17";
695     const char *client = "client17";
696     const char *user = "user17";
697     const char *privilege = "privilege17";
698     const char *extra = nullptr;
699     const char *extraResult = nullptr;
700     int recursive = 1;
701     int notrecursive = 0;
702
703     CynaraTestAdmin admin;
704     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
705
706     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
707                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
708     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
709                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
710     admin.adminCheck(bucket, recursive, client, user, privilege,
711                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
712     admin.adminCheck(bucket, notrecursive, client, user, privilege,
713                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
714
715     {
716         CynaraPoliciesContainer cp;
717         cp.add(bucketDefault,
718                client, user, privilege,
719                CYNARA_ADMIN_BUCKET, bucket);
720         cp.add(bucket,
721                client, user, privilege,
722                CYNARA_ADMIN_ALLOW, extraResult);
723         admin.setPolicies(cp);
724     }
725
726     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
727                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
728     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
729                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
730     admin.adminCheck(bucket, recursive, client, user, privilege,
731                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
732     admin.adminCheck(bucket, notrecursive, client, user, privilege,
733                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
734 }
735
736 void tc18_admin_check_multiple_matches_func()
737 {
738     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
739     const char *client = "client18";
740     const char *user = "user18";
741     const char *privilege = "privilege18";
742     const char *wildcard = CYNARA_ADMIN_WILDCARD;
743     const char *extra = nullptr;
744     const char *extraResult = nullptr;
745     int recursive = 1;
746     int notrecursive = 0;
747
748     CynaraTestAdmin admin;
749
750     auto check = [&](int expected_result)
751     {
752         admin.adminCheck(bucketDefault, recursive, client, user, privilege,
753                          expected_result, nullptr, CYNARA_API_SUCCESS);
754         admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
755                          expected_result, nullptr, CYNARA_API_SUCCESS);
756     };
757
758     check(CYNARA_ADMIN_DENY);
759
760     {
761         CynaraPoliciesContainer cp;
762         cp.add(bucketDefault,
763                client, user, privilege,
764                CYNARA_ADMIN_ALLOW, extraResult);
765         admin.setPolicies(cp);
766     }
767
768     check(CYNARA_ADMIN_ALLOW);
769
770     {
771         CynaraPoliciesContainer cp;
772         cp.add(bucketDefault,
773                wildcard, user, privilege,
774                CYNARA_ADMIN_DENY, extraResult);
775         admin.setPolicies(cp);
776     }
777
778     check(CYNARA_ADMIN_DENY);
779
780     admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
781
782     check(CYNARA_ADMIN_DENY);
783
784     {
785         CynaraPoliciesContainer cp;
786         cp.add(bucketDefault,
787                client, user, privilege,
788                CYNARA_ADMIN_DELETE, extraResult);
789         admin.setPolicies(cp);
790     }
791
792     check(CYNARA_ADMIN_DENY);
793
794     {
795         CynaraPoliciesContainer cp;
796         cp.add(bucketDefault,
797                wildcard, user, privilege,
798                CYNARA_ADMIN_DELETE, extraResult);
799         admin.setPolicies(cp);
800     }
801
802     check(CYNARA_ADMIN_ALLOW);
803 }
804
805 void tc19_admin_check_none_bucket_func()
806 {
807     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
808     const char *bucket1 = "bucket19_a";
809     const char *bucket2 = "bucket19_b";
810     const char *client = "client19";
811     const char *user = "user19";
812     const char *privilege = "privilege19";
813     const char *extra = nullptr;
814     int recursive = 1;
815     int notrecursive = 0;
816
817     CynaraTestAdmin admin;
818     admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
819     admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
820
821     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
822                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
823     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
824                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
825     admin.adminCheck(bucket1, recursive, client, user, privilege,
826                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
827     admin.adminCheck(bucket1, notrecursive, client, user, privilege,
828                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
829     admin.adminCheck(bucket2, recursive, client, user, privilege,
830                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
831     admin.adminCheck(bucket2, notrecursive, client, user, privilege,
832                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
833
834     {
835         CynaraPoliciesContainer cp;
836         cp.add(bucketDefault,
837                client, user, privilege,
838                CYNARA_ADMIN_BUCKET, bucket1);
839         cp.add(bucket1,
840                client, user, privilege,
841                CYNARA_ADMIN_BUCKET, bucket2);
842         admin.setPolicies(cp);
843     }
844
845     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
846                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
847     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
848                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
849     admin.adminCheck(bucket1, recursive, client, user, privilege,
850                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
851     admin.adminCheck(bucket1, notrecursive, client, user, privilege,
852                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
853     admin.adminCheck(bucket2, recursive, client, user, privilege,
854                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
855     admin.adminCheck(bucket2, notrecursive, client, user, privilege,
856                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
857 }
858
859 RUNNER_TEST_GROUP_INIT(cynara_tests)
860
861 RUN_CYNARA_TEST(tc01_cynara_initialize)
862 RUN_CYNARA_TEST(tc02_admin_initialize)
863 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
864 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
865 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
866 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
867 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
868 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
869 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
870 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
871 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
872 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
873 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
874 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
875 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
876 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
877 RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
878 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
879 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
880 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
881 RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
882 RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
883 RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
884 RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
Domain: Security / Uncategorized;