You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
412 lines
12 KiB
412 lines
12 KiB
2 years ago
|
diff -Nru cyrus-sasl-2.1.27/tests/runtests.py cyrus-sasl-2.1.27-beldmit/tests/runtests.py
|
||
|
--- cyrus-sasl-2.1.27/tests/runtests.py 2020-12-23 14:31:35.564537485 +0100
|
||
|
+++ cyrus-sasl-2.1.27-beldmit/tests/runtests.py 2020-12-23 14:30:46.933219377 +0100
|
||
|
@@ -313,6 +313,99 @@
|
||
|
|
||
|
return err
|
||
|
|
||
|
+def setup_plain(testdir):
|
||
|
+ """ Create sasldb file """
|
||
|
+ sasldbfile = os.path.join(testdir, 'testsasldb.db')
|
||
|
+
|
||
|
+ sasldbenv = {'SASL_PATH': os.path.join(testdir, '../../plugins/.libs'),
|
||
|
+ 'LD_LIBRARY_PATH' : os.path.join(testdir, '../../lib/.libs')}
|
||
|
+
|
||
|
+ passwdprog = os.path.join(testdir, '../../utils/saslpasswd2')
|
||
|
+
|
||
|
+ echo = subprocess.Popen(('echo', '1234567'), stdout=subprocess.PIPE)
|
||
|
+ subprocess.check_call([
|
||
|
+ passwdprog, "-f", sasldbfile, "-c", "test",
|
||
|
+ "-u", "host.realm.test", "-p"
|
||
|
+ ], stdin=echo.stdout, env=sasldbenv, timeout=5)
|
||
|
+
|
||
|
+ return (sasldbfile, sasldbenv)
|
||
|
+
|
||
|
+def plain_test(sasldbfile, sasldbenv):
|
||
|
+ try:
|
||
|
+ srv = subprocess.Popen(["../tests/t_gssapi_srv", "-P", sasldbfile],
|
||
|
+ stdout=subprocess.PIPE,
|
||
|
+ stderr=subprocess.PIPE, env=sasldbenv)
|
||
|
+ srv.stdout.readline() # Wait for srv to say it is ready
|
||
|
+ cli = subprocess.Popen(["../tests/t_gssapi_cli", "-P", "1234567"],
|
||
|
+ stdout=subprocess.PIPE,
|
||
|
+ stderr=subprocess.PIPE, env=sasldbenv)
|
||
|
+ try:
|
||
|
+ cli.wait(timeout=5)
|
||
|
+ srv.wait(timeout=5)
|
||
|
+ except Exception as e:
|
||
|
+ print("Failed on {}".format(e));
|
||
|
+ cli.kill()
|
||
|
+ srv.kill()
|
||
|
+ if cli.returncode != 0 or srv.returncode != 0:
|
||
|
+ raise Exception("CLI ({}): {} --> SRV ({}): {}".format(
|
||
|
+ cli.returncode, cli.stderr.read().decode('utf-8'),
|
||
|
+ srv.returncode, srv.stderr.read().decode('utf-8')))
|
||
|
+ except Exception as e:
|
||
|
+ print("FAIL: {}".format(e))
|
||
|
+ return 1
|
||
|
+
|
||
|
+ print("PASS: PLAIN CLI({}) SRV({})".format(
|
||
|
+ cli.stdout.read().decode('utf-8').strip(),
|
||
|
+ srv.stdout.read().decode('utf-8').strip()))
|
||
|
+ return 0
|
||
|
+
|
||
|
+def plain_mismatch_test(sasldbfile, sasldbenv):
|
||
|
+ result = "FAIL"
|
||
|
+ try:
|
||
|
+ srv = subprocess.Popen(["../tests/t_gssapi_srv", "-P", sasldbfile],
|
||
|
+ stdout=subprocess.PIPE,
|
||
|
+ stderr=subprocess.PIPE, env=sasldbenv)
|
||
|
+ srv.stdout.readline() # Wait for srv to say it is ready
|
||
|
+ bindings = base64.b64encode("CLI CBS".encode('utf-8'))
|
||
|
+ cli = subprocess.Popen(["../tests/t_gssapi_cli", "-P", "12345678"],
|
||
|
+ stdout=subprocess.PIPE,
|
||
|
+ stderr=subprocess.PIPE, env=sasldbenv)
|
||
|
+ try:
|
||
|
+ cli.wait(timeout=5)
|
||
|
+ srv.wait(timeout=5)
|
||
|
+ except Exception as e:
|
||
|
+ print("Failed on {}".format(e));
|
||
|
+ cli.kill()
|
||
|
+ srv.kill()
|
||
|
+ if cli.returncode != 0 or srv.returncode != 0:
|
||
|
+ cli_err = cli.stderr.read().decode('utf-8').strip()
|
||
|
+ srv_err = srv.stderr.read().decode('utf-8').strip()
|
||
|
+ if "authentication failure" in srv_err:
|
||
|
+ result = "PASS"
|
||
|
+ raise Exception("CLI ({}): {} --> SRV ({}): {}".format(
|
||
|
+ cli.returncode, cli_err, srv.returncode, srv_err))
|
||
|
+ except Exception as e:
|
||
|
+ print("{}: {}".format(result, e))
|
||
|
+ return 0
|
||
|
+
|
||
|
+ print("FAIL: This test should fail [CLI({}) SRV({})]".format(
|
||
|
+ cli.stdout.read().decode('utf-8').strip(),
|
||
|
+ srv.stdout.read().decode('utf-8').strip()))
|
||
|
+ return 1
|
||
|
+
|
||
|
+def plain_tests(testdir):
|
||
|
+ err = 0
|
||
|
+ sasldbfile, sasldbenv = setup_plain(testdir)
|
||
|
+ #print("DB file: {}, ENV: {}".format(sasldbfile, sasldbenv))
|
||
|
+ print('SASLDB PLAIN:')
|
||
|
+ print(' ', end='')
|
||
|
+ err += plain_test(sasldbfile, sasldbenv)
|
||
|
+
|
||
|
+ print('SASLDB PLAIN PASSWORD MISMATCH:')
|
||
|
+ print(' ', end='')
|
||
|
+ err += plain_mismatch_test(sasldbfile, sasldbenv)
|
||
|
+
|
||
|
+ return err
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
|
||
|
@@ -329,5 +422,9 @@
|
||
|
|
||
|
err = gssapi_tests(T)
|
||
|
if err != 0:
|
||
|
- print('{} test(s) FAILED'.format(err))
|
||
|
+ print('{} GSSAPI test(s) FAILED'.format(err))
|
||
|
+
|
||
|
+ err = plain_tests(T)
|
||
|
+ if err != 0:
|
||
|
+ print('{} PLAIN test(s) FAILED'.format(err))
|
||
|
sys.exit(-1)
|
||
|
diff -Nru cyrus-sasl-2.1.27/tests/t_gssapi_cli.c cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_cli.c
|
||
|
--- cyrus-sasl-2.1.27/tests/t_gssapi_cli.c 2020-12-23 14:31:35.564537485 +0100
|
||
|
+++ cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_cli.c 2021-01-06 11:26:15.460662537 +0100
|
||
|
@@ -16,6 +16,8 @@
|
||
|
#include <saslplug.h>
|
||
|
#include <saslutil.h>
|
||
|
|
||
|
+const char *testpass = NULL;
|
||
|
+
|
||
|
static int setup_socket(void)
|
||
|
{
|
||
|
struct sockaddr_in addr;
|
||
|
@@ -34,9 +36,60 @@
|
||
|
return sock;
|
||
|
}
|
||
|
|
||
|
+static int get_user(void *context __attribute__((unused)),
|
||
|
+ int id,
|
||
|
+ const char **result,
|
||
|
+ unsigned *len)
|
||
|
+{
|
||
|
+ const char *testuser = "test@host.realm.test";
|
||
|
+
|
||
|
+ if (! result)
|
||
|
+ return SASL_BADPARAM;
|
||
|
+
|
||
|
+ switch (id) {
|
||
|
+ case SASL_CB_USER:
|
||
|
+ case SASL_CB_AUTHNAME:
|
||
|
+ *result = testuser;
|
||
|
+ break;
|
||
|
+ default:
|
||
|
+ return SASL_BADPARAM;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (len) *len = strlen(*result);
|
||
|
+
|
||
|
+ return SASL_OK;
|
||
|
+}
|
||
|
+
|
||
|
+static int get_pass(sasl_conn_t *conn __attribute__((unused)),
|
||
|
+ void *context __attribute__((unused)),
|
||
|
+ int id,
|
||
|
+ sasl_secret_t **psecret)
|
||
|
+{
|
||
|
+ size_t len;
|
||
|
+ static sasl_secret_t *x;
|
||
|
+
|
||
|
+ /* paranoia check */
|
||
|
+ if (! conn || ! psecret || id != SASL_CB_PASS)
|
||
|
+ return SASL_BADPARAM;
|
||
|
+
|
||
|
+ len = strlen(testpass);
|
||
|
+
|
||
|
+ x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len);
|
||
|
+
|
||
|
+ if (!x) {
|
||
|
+ return SASL_NOMEM;
|
||
|
+ }
|
||
|
+
|
||
|
+ x->len = len;
|
||
|
+ strcpy((char *)x->data, testpass);
|
||
|
+
|
||
|
+ *psecret = x;
|
||
|
+ return SASL_OK;
|
||
|
+}
|
||
|
+
|
||
|
int main(int argc, char *argv[])
|
||
|
{
|
||
|
- sasl_callback_t callbacks[2] = {};
|
||
|
+ sasl_callback_t callbacks[4] = {};
|
||
|
char buf[8192];
|
||
|
const char *chosenmech;
|
||
|
sasl_conn_t *conn;
|
||
|
@@ -49,8 +102,9 @@
|
||
|
const char *sasl_mech = "GSSAPI";
|
||
|
bool spnego = false;
|
||
|
bool zeromaxssf = false;
|
||
|
+ bool plain = false;
|
||
|
|
||
|
- while ((c = getopt(argc, argv, "c:zN")) != EOF) {
|
||
|
+ while ((c = getopt(argc, argv, "c:zNP:")) != EOF) {
|
||
|
switch (c) {
|
||
|
case 'c':
|
||
|
parse_cb(&cb, cb_buf, 256, optarg);
|
||
|
@@ -61,6 +115,10 @@
|
||
|
case 'N':
|
||
|
spnego = true;
|
||
|
break;
|
||
|
+ case 'P':
|
||
|
+ plain = true;
|
||
|
+ testpass = optarg;
|
||
|
+ break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
@@ -73,6 +131,12 @@
|
||
|
callbacks[1].id = SASL_CB_LIST_END;
|
||
|
callbacks[1].proc = NULL;
|
||
|
callbacks[1].context = NULL;
|
||
|
+ callbacks[2].id = SASL_CB_LIST_END;
|
||
|
+ callbacks[2].proc = NULL;
|
||
|
+ callbacks[2].context = NULL;
|
||
|
+ callbacks[3].id = SASL_CB_LIST_END;
|
||
|
+ callbacks[3].proc = NULL;
|
||
|
+ callbacks[3].context = NULL;
|
||
|
|
||
|
r = sasl_client_init(callbacks);
|
||
|
if (r != SASL_OK) exit(-1);
|
||
|
@@ -91,6 +155,16 @@
|
||
|
sasl_mech = "GSS-SPNEGO";
|
||
|
}
|
||
|
|
||
|
+ if (plain) {
|
||
|
+ sasl_mech = "PLAIN";
|
||
|
+
|
||
|
+ callbacks[1].id = SASL_CB_AUTHNAME;
|
||
|
+ callbacks[1].proc = (sasl_callback_ft)&get_user;
|
||
|
+
|
||
|
+ callbacks[2].id = SASL_CB_PASS;
|
||
|
+ callbacks[2].proc = (sasl_callback_ft)&get_pass;
|
||
|
+ }
|
||
|
+
|
||
|
if (zeromaxssf) {
|
||
|
/* set all security properties to 0 including maxssf */
|
||
|
sasl_security_properties_t secprops = { 0 };
|
||
|
@@ -99,9 +173,9 @@
|
||
|
|
||
|
r = sasl_client_start(conn, sasl_mech, NULL, &data, &len, &chosenmech);
|
||
|
if (r != SASL_OK && r != SASL_CONTINUE) {
|
||
|
- saslerr(r, "starting SASL negotiation");
|
||
|
- printf("\n%s\n", sasl_errdetail(conn));
|
||
|
- exit(-1);
|
||
|
+ saslerr(r, "starting SASL negotiation");
|
||
|
+ printf("\n%s\n", sasl_errdetail(conn));
|
||
|
+ exit(-1);
|
||
|
}
|
||
|
|
||
|
sd = setup_socket();
|
||
|
@@ -111,11 +185,11 @@
|
||
|
len = 8192;
|
||
|
recv_string(sd, buf, &len, false);
|
||
|
|
||
|
- r = sasl_client_step(conn, buf, len, NULL, &data, &len);
|
||
|
- if (r != SASL_OK && r != SASL_CONTINUE) {
|
||
|
- saslerr(r, "performing SASL negotiation");
|
||
|
- printf("\n%s\n", sasl_errdetail(conn));
|
||
|
- exit(-1);
|
||
|
+ r = sasl_client_step(conn, buf, len, NULL, &data, &len);
|
||
|
+ if (r != SASL_OK && r != SASL_CONTINUE) {
|
||
|
+ saslerr(r, "performing SASL negotiation");
|
||
|
+ printf("\n%s\n", sasl_errdetail(conn));
|
||
|
+ exit(-1);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
diff -Nru cyrus-sasl-2.1.27/tests/t_gssapi_srv.c cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_srv.c
|
||
|
--- cyrus-sasl-2.1.27/tests/t_gssapi_srv.c 2020-12-23 14:31:35.565537492 +0100
|
||
|
+++ cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_srv.c 2021-01-06 11:27:48.373257373 +0100
|
||
|
@@ -1,4 +1,5 @@
|
||
|
-/* Copyright (C) Simo Sorce <simo@redhat.com>
|
||
|
+/* Copyright (C) Simo Sorce <simo@redhat.com>,
|
||
|
+ * Dmitry Belyavskiy <dbelyavs@redhat.com>
|
||
|
* See COPYING file for License */
|
||
|
|
||
|
#include "t_common.h"
|
||
|
@@ -15,6 +16,10 @@
|
||
|
#include <arpa/inet.h>
|
||
|
#include <saslplug.h>
|
||
|
|
||
|
+const char *sasldb_path = NULL,
|
||
|
+ *auxprop_plugin = "sasldb",
|
||
|
+ *pwcheck_method = "auxprop-hashed";
|
||
|
+
|
||
|
static int setup_socket(void)
|
||
|
{
|
||
|
struct sockaddr_in addr;
|
||
|
@@ -45,9 +50,38 @@
|
||
|
return sd;
|
||
|
}
|
||
|
|
||
|
+static int test_getopt(void *context __attribute__((unused)),
|
||
|
+ const char *plugin_name __attribute__((unused)),
|
||
|
+ const char *option,
|
||
|
+ const char **result,
|
||
|
+ unsigned *len)
|
||
|
+{
|
||
|
+ if (sasldb_path && !strcmp(option, "sasldb_path")) {
|
||
|
+ *result = sasldb_path;
|
||
|
+ if (len)
|
||
|
+ *len = (unsigned) strlen(sasldb_path);
|
||
|
+ return SASL_OK;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (sasldb_path && !strcmp(option, "auxprop_plugin")) {
|
||
|
+ *result = auxprop_plugin;
|
||
|
+ if (len)
|
||
|
+ *len = (unsigned) strlen(auxprop_plugin);
|
||
|
+ return SASL_OK;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (sasldb_path && !strcmp(option, "pwcheck_method")) {
|
||
|
+ *result = pwcheck_method;
|
||
|
+ if (len)
|
||
|
+ *len = (unsigned) strlen(pwcheck_method);
|
||
|
+ return SASL_OK;
|
||
|
+ }
|
||
|
+ return SASL_FAIL;
|
||
|
+}
|
||
|
+
|
||
|
int main(int argc, char *argv[])
|
||
|
{
|
||
|
- sasl_callback_t callbacks[2] = {};
|
||
|
+ sasl_callback_t callbacks[3] = {};
|
||
|
char buf[8192];
|
||
|
sasl_conn_t *conn;
|
||
|
const char *data;
|
||
|
@@ -59,8 +93,9 @@
|
||
|
const char *sasl_mech = "GSSAPI";
|
||
|
bool spnego = false;
|
||
|
bool zeromaxssf = false;
|
||
|
+ bool plain = false;
|
||
|
|
||
|
- while ((c = getopt(argc, argv, "c:zN")) != EOF) {
|
||
|
+ while ((c = getopt(argc, argv, "c:zNP:")) != EOF) {
|
||
|
switch (c) {
|
||
|
case 'c':
|
||
|
parse_cb(&cb, cb_buf, 256, optarg);
|
||
|
@@ -71,6 +106,10 @@
|
||
|
case 'N':
|
||
|
spnego = true;
|
||
|
break;
|
||
|
+ case 'P':
|
||
|
+ plain = true;
|
||
|
+ sasldb_path = optarg;
|
||
|
+ break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
@@ -81,9 +120,12 @@
|
||
|
callbacks[0].id = SASL_CB_GETPATH;
|
||
|
callbacks[0].proc = (sasl_callback_ft)&getpath;
|
||
|
callbacks[0].context = NULL;
|
||
|
- callbacks[1].id = SASL_CB_LIST_END;
|
||
|
- callbacks[1].proc = NULL;
|
||
|
+ callbacks[1].id = SASL_CB_GETOPT;
|
||
|
+ callbacks[1].proc = (sasl_callback_ft)&test_getopt;
|
||
|
callbacks[1].context = NULL;
|
||
|
+ callbacks[2].id = SASL_CB_LIST_END;
|
||
|
+ callbacks[2].proc = NULL;
|
||
|
+ callbacks[2].context = NULL;
|
||
|
|
||
|
r = sasl_server_init(callbacks, "t_gssapi_srv");
|
||
|
if (r != SASL_OK) exit(-1);
|
||
|
@@ -103,6 +145,10 @@
|
||
|
sasl_mech = "GSS-SPNEGO";
|
||
|
}
|
||
|
|
||
|
+ if (plain) {
|
||
|
+ sasl_mech = "PLAIN";
|
||
|
+ }
|
||
|
+
|
||
|
if (zeromaxssf) {
|
||
|
/* set all security properties to 0 including maxssf */
|
||
|
sasl_security_properties_t secprops = { 0 };
|
||
|
@@ -116,9 +162,9 @@
|
||
|
|
||
|
r = sasl_server_start(conn, sasl_mech, buf, len, &data, &len);
|
||
|
if (r != SASL_OK && r != SASL_CONTINUE) {
|
||
|
- saslerr(r, "starting SASL negotiation");
|
||
|
- printf("\n%s\n", sasl_errdetail(conn));
|
||
|
- exit(-1);
|
||
|
+ saslerr(r, "starting SASL negotiation");
|
||
|
+ printf("\n%s\n", sasl_errdetail(conn));
|
||
|
+ exit(-1);
|
||
|
}
|
||
|
|
||
|
while (r == SASL_CONTINUE) {
|
||
|
@@ -126,12 +172,12 @@
|
||
|
len = 8192;
|
||
|
recv_string(sd, buf, &len, true);
|
||
|
|
||
|
- r = sasl_server_step(conn, buf, len, &data, &len);
|
||
|
- if (r != SASL_OK && r != SASL_CONTINUE) {
|
||
|
- saslerr(r, "performing SASL negotiation");
|
||
|
- printf("\n%s\n", sasl_errdetail(conn));
|
||
|
- exit(-1);
|
||
|
- }
|
||
|
+ r = sasl_server_step(conn, buf, len, &data, &len);
|
||
|
+ if (r != SASL_OK && r != SASL_CONTINUE) {
|
||
|
+ saslerr(r, "performing SASL negotiation");
|
||
|
+ printf("\n%s\n", sasl_errdetail(conn));
|
||
|
+ exit(-1);
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
if (r != SASL_OK) exit(-1);
|