sbonazzo / rpms / cyrus-sasl

Forked from rpms/cyrus-sasl 2 years ago
Clone

Blame SOURCES/cyrus-sasl-2.1.27-Add-basic-test-plain-auth.patch

138d55
diff -Nru cyrus-sasl-2.1.27/tests/runtests.py cyrus-sasl-2.1.27-beldmit/tests/runtests.py
138d55
--- cyrus-sasl-2.1.27/tests/runtests.py	2020-12-23 14:31:35.564537485 +0100
138d55
+++ cyrus-sasl-2.1.27-beldmit/tests/runtests.py	2020-12-23 14:30:46.933219377 +0100
138d55
@@ -313,6 +313,99 @@
138d55
 
138d55
     return err
138d55
 
138d55
+def setup_plain(testdir):
138d55
+    """ Create sasldb file """
138d55
+    sasldbfile = os.path.join(testdir, 'testsasldb.db')
138d55
+
138d55
+    sasldbenv = {'SASL_PATH': os.path.join(testdir, '../../plugins/.libs'),
138d55
+                 'LD_LIBRARY_PATH' : os.path.join(testdir, '../../lib/.libs')}
138d55
+
138d55
+    passwdprog = os.path.join(testdir, '../../utils/saslpasswd2')
138d55
+
138d55
+    echo = subprocess.Popen(('echo', '1234567'), stdout=subprocess.PIPE)
138d55
+    subprocess.check_call([
138d55
+        passwdprog, "-f", sasldbfile, "-c", "test",
138d55
+        "-u", "host.realm.test", "-p"
138d55
+        ], stdin=echo.stdout, env=sasldbenv, timeout=5)
138d55
+
138d55
+    return (sasldbfile, sasldbenv)
138d55
+
138d55
+def plain_test(sasldbfile, sasldbenv):
138d55
+    try:
138d55
+        srv = subprocess.Popen(["../tests/t_gssapi_srv", "-P", sasldbfile],
138d55
+                               stdout=subprocess.PIPE,
138d55
+                               stderr=subprocess.PIPE, env=sasldbenv)
138d55
+        srv.stdout.readline() # Wait for srv to say it is ready
138d55
+        cli = subprocess.Popen(["../tests/t_gssapi_cli", "-P", "1234567"],
138d55
+                               stdout=subprocess.PIPE,
138d55
+                               stderr=subprocess.PIPE, env=sasldbenv)
138d55
+        try:
138d55
+            cli.wait(timeout=5)
138d55
+            srv.wait(timeout=5)
138d55
+        except Exception as e:
138d55
+            print("Failed on {}".format(e));
138d55
+            cli.kill()
138d55
+            srv.kill()
138d55
+        if cli.returncode != 0 or srv.returncode != 0:
138d55
+            raise Exception("CLI ({}): {} --> SRV ({}): {}".format(
138d55
+                cli.returncode, cli.stderr.read().decode('utf-8'),
138d55
+                srv.returncode, srv.stderr.read().decode('utf-8')))
138d55
+    except Exception as e:
138d55
+        print("FAIL: {}".format(e))
138d55
+        return 1
138d55
+
138d55
+    print("PASS: PLAIN CLI({}) SRV({})".format(
138d55
+        cli.stdout.read().decode('utf-8').strip(),
138d55
+        srv.stdout.read().decode('utf-8').strip()))
138d55
+    return 0
138d55
+
138d55
+def plain_mismatch_test(sasldbfile, sasldbenv):
138d55
+    result = "FAIL"
138d55
+    try:
138d55
+        srv = subprocess.Popen(["../tests/t_gssapi_srv", "-P", sasldbfile],
138d55
+                               stdout=subprocess.PIPE,
138d55
+                               stderr=subprocess.PIPE, env=sasldbenv)
138d55
+        srv.stdout.readline() # Wait for srv to say it is ready
138d55
+        bindings = base64.b64encode("CLI CBS".encode('utf-8'))
138d55
+        cli = subprocess.Popen(["../tests/t_gssapi_cli", "-P", "12345678"],
138d55
+                               stdout=subprocess.PIPE,
138d55
+                               stderr=subprocess.PIPE, env=sasldbenv)
138d55
+        try:
138d55
+            cli.wait(timeout=5)
138d55
+            srv.wait(timeout=5)
138d55
+        except Exception as e:
138d55
+            print("Failed on {}".format(e));
138d55
+            cli.kill()
138d55
+            srv.kill()
138d55
+        if cli.returncode != 0 or srv.returncode != 0:
138d55
+            cli_err = cli.stderr.read().decode('utf-8').strip()
138d55
+            srv_err = srv.stderr.read().decode('utf-8').strip()
138d55
+            if "authentication failure" in srv_err:
138d55
+                result = "PASS"
138d55
+            raise Exception("CLI ({}): {} --> SRV ({}): {}".format(
138d55
+                cli.returncode, cli_err, srv.returncode, srv_err))
138d55
+    except Exception as e:
138d55
+        print("{}: {}".format(result, e))
138d55
+        return 0
138d55
+
138d55
+    print("FAIL: This test should fail [CLI({}) SRV({})]".format(
138d55
+        cli.stdout.read().decode('utf-8').strip(),
138d55
+        srv.stdout.read().decode('utf-8').strip()))
138d55
+    return 1
138d55
+
138d55
+def plain_tests(testdir):
138d55
+    err = 0
138d55
+    sasldbfile, sasldbenv = setup_plain(testdir)
138d55
+    #print("DB file: {}, ENV: {}".format(sasldbfile, sasldbenv))
138d55
+    print('SASLDB PLAIN:')
138d55
+    print('    ', end='')
138d55
+    err += plain_test(sasldbfile, sasldbenv)
138d55
+
138d55
+    print('SASLDB PLAIN PASSWORD MISMATCH:')
138d55
+    print('    ', end='')
138d55
+    err += plain_mismatch_test(sasldbfile, sasldbenv)
138d55
+
138d55
+    return err
138d55
 
138d55
 if __name__ == "__main__":
138d55
 
138d55
@@ -329,5 +422,9 @@
138d55
 
138d55
     err = gssapi_tests(T)
138d55
     if err != 0:
138d55
-        print('{} test(s) FAILED'.format(err))
138d55
+        print('{} GSSAPI test(s) FAILED'.format(err))
138d55
+
138d55
+    err = plain_tests(T)
138d55
+    if err != 0:
138d55
+        print('{} PLAIN test(s) FAILED'.format(err))
138d55
         sys.exit(-1)
138d55
diff -Nru cyrus-sasl-2.1.27/tests/t_gssapi_cli.c cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_cli.c
138d55
--- cyrus-sasl-2.1.27/tests/t_gssapi_cli.c	2020-12-23 14:31:35.564537485 +0100
138d55
+++ cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_cli.c	2021-01-06 11:26:15.460662537 +0100
138d55
@@ -16,6 +16,8 @@
138d55
 #include <saslplug.h>
138d55
 #include <saslutil.h>
138d55
 
138d55
+const char *testpass = NULL;
138d55
+
138d55
 static int setup_socket(void)
138d55
 {
138d55
     struct sockaddr_in addr;
138d55
@@ -34,9 +36,60 @@
138d55
     return sock;
138d55
 }
138d55
 
138d55
+static int get_user(void *context __attribute__((unused)),
138d55
+                  int id,
138d55
+                  const char **result,
138d55
+                  unsigned *len)
138d55
+{
138d55
+    const char *testuser = "test@host.realm.test";
138d55
+
138d55
+    if (! result)
138d55
+        return SASL_BADPARAM;
138d55
+
138d55
+    switch (id) {
138d55
+    case SASL_CB_USER:
138d55
+    case SASL_CB_AUTHNAME:
138d55
+        *result = testuser;
138d55
+        break;
138d55
+    default:
138d55
+        return SASL_BADPARAM;
138d55
+    }
138d55
+
138d55
+    if (len) *len = strlen(*result);
138d55
+
138d55
+    return SASL_OK;
138d55
+}
138d55
+
138d55
+static int get_pass(sasl_conn_t *conn __attribute__((unused)),
138d55
+          void *context __attribute__((unused)),
138d55
+          int id,
138d55
+          sasl_secret_t **psecret)
138d55
+{
138d55
+    size_t len;
138d55
+    static sasl_secret_t *x;
138d55
+
138d55
+    /* paranoia check */
138d55
+    if (! conn || ! psecret || id != SASL_CB_PASS)
138d55
+        return SASL_BADPARAM;
138d55
+
138d55
+    len = strlen(testpass);
138d55
+
138d55
+    x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len);
138d55
+
138d55
+    if (!x) {
138d55
+        return SASL_NOMEM;
138d55
+    }
138d55
+
138d55
+    x->len = len;
138d55
+    strcpy((char *)x->data, testpass);
138d55
+
138d55
+    *psecret = x;
138d55
+    return SASL_OK;
138d55
+}
138d55
+
138d55
 int main(int argc, char *argv[])
138d55
 {
138d55
-    sasl_callback_t callbacks[2] = {};
138d55
+    sasl_callback_t callbacks[4] = {};
138d55
     char buf[8192];
138d55
     const char *chosenmech;
138d55
     sasl_conn_t *conn;
138d55
@@ -49,8 +102,9 @@
138d55
     const char *sasl_mech = "GSSAPI";
138d55
     bool spnego = false;
138d55
     bool zeromaxssf = false;
138d55
+    bool plain = false;
138d55
 
138d55
-    while ((c = getopt(argc, argv, "c:zN")) != EOF) {
138d55
+    while ((c = getopt(argc, argv, "c:zNP:")) != EOF) {
138d55
         switch (c) {
138d55
         case 'c':
138d55
             parse_cb(&cb, cb_buf, 256, optarg);
138d55
@@ -61,6 +115,10 @@
138d55
         case 'N':
138d55
             spnego = true;
138d55
             break;
138d55
+        case 'P':
138d55
+            plain = true;
138d55
+            testpass = optarg;
138d55
+            break;
138d55
         default:
138d55
             break;
138d55
         }
138d55
@@ -73,6 +131,12 @@
138d55
     callbacks[1].id = SASL_CB_LIST_END;
138d55
     callbacks[1].proc = NULL;
138d55
     callbacks[1].context = NULL;
138d55
+    callbacks[2].id = SASL_CB_LIST_END;
138d55
+    callbacks[2].proc = NULL;
138d55
+    callbacks[2].context = NULL;
138d55
+    callbacks[3].id = SASL_CB_LIST_END;
138d55
+    callbacks[3].proc = NULL;
138d55
+    callbacks[3].context = NULL;
138d55
 
138d55
     r = sasl_client_init(callbacks);
138d55
     if (r != SASL_OK) exit(-1);
138d55
@@ -91,6 +155,16 @@
138d55
         sasl_mech = "GSS-SPNEGO";
138d55
     }
138d55
 
138d55
+    if (plain) {
138d55
+        sasl_mech = "PLAIN";
138d55
+
138d55
+        callbacks[1].id = SASL_CB_AUTHNAME;
138d55
+        callbacks[1].proc = (sasl_callback_ft)&get_user;
138d55
+
138d55
+        callbacks[2].id = SASL_CB_PASS;
138d55
+        callbacks[2].proc = (sasl_callback_ft)&get_pass;
138d55
+    }
138d55
+
138d55
     if (zeromaxssf) {
138d55
         /* set all security properties to 0 including maxssf */
138d55
         sasl_security_properties_t secprops = { 0 };
138d55
@@ -99,9 +173,9 @@
138d55
 
138d55
     r = sasl_client_start(conn, sasl_mech, NULL, &data, &len, &chosenmech);
138d55
     if (r != SASL_OK && r != SASL_CONTINUE) {
138d55
-	saslerr(r, "starting SASL negotiation");
138d55
-	printf("\n%s\n", sasl_errdetail(conn));
138d55
-	exit(-1);
138d55
+        saslerr(r, "starting SASL negotiation");
138d55
+        printf("\n%s\n", sasl_errdetail(conn));
138d55
+        exit(-1);
138d55
     }
138d55
 
138d55
     sd = setup_socket();
138d55
@@ -111,11 +185,11 @@
138d55
         len = 8192;
138d55
         recv_string(sd, buf, &len, false);
138d55
 
138d55
-	r = sasl_client_step(conn, buf, len, NULL, &data, &len;;
138d55
-	if (r != SASL_OK && r != SASL_CONTINUE) {
138d55
-	    saslerr(r, "performing SASL negotiation");
138d55
-	    printf("\n%s\n", sasl_errdetail(conn));
138d55
-	    exit(-1);
138d55
+        r = sasl_client_step(conn, buf, len, NULL, &data, &len;;
138d55
+        if (r != SASL_OK && r != SASL_CONTINUE) {
138d55
+            saslerr(r, "performing SASL negotiation");
138d55
+            printf("\n%s\n", sasl_errdetail(conn));
138d55
+            exit(-1);
138d55
         }
138d55
     }
138d55
 
138d55
diff -Nru cyrus-sasl-2.1.27/tests/t_gssapi_srv.c cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_srv.c
138d55
--- cyrus-sasl-2.1.27/tests/t_gssapi_srv.c	2020-12-23 14:31:35.565537492 +0100
138d55
+++ cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_srv.c	2021-01-06 11:27:48.373257373 +0100
138d55
@@ -1,4 +1,5 @@
138d55
-/* Copyright (C) Simo Sorce <simo@redhat.com>
138d55
+/* Copyright (C) Simo Sorce <simo@redhat.com>,
138d55
+ * Dmitry Belyavskiy <dbelyavs@redhat.com>
138d55
  * See COPYING file for License */
138d55
 
138d55
 #include "t_common.h"
138d55
@@ -15,6 +16,10 @@
138d55
 #include <arpa/inet.h>
138d55
 #include <saslplug.h>
138d55
 
138d55
+const char *sasldb_path = NULL,
138d55
+      *auxprop_plugin = "sasldb",
138d55
+      *pwcheck_method = "auxprop-hashed";
138d55
+
138d55
 static int setup_socket(void)
138d55
 {
138d55
     struct sockaddr_in addr;
138d55
@@ -45,9 +50,38 @@
138d55
     return sd;
138d55
 }
138d55
 
138d55
+static int test_getopt(void *context __attribute__((unused)),
138d55
+                const char *plugin_name __attribute__((unused)),
138d55
+                const char *option,
138d55
+                const char **result,
138d55
+                unsigned *len)
138d55
+{
138d55
+    if (sasldb_path && !strcmp(option, "sasldb_path")) {
138d55
+        *result = sasldb_path;
138d55
+        if (len)
138d55
+            *len = (unsigned) strlen(sasldb_path);
138d55
+        return SASL_OK;
138d55
+    }
138d55
+
138d55
+    if (sasldb_path && !strcmp(option, "auxprop_plugin")) {
138d55
+        *result = auxprop_plugin;
138d55
+        if (len)
138d55
+            *len = (unsigned) strlen(auxprop_plugin);
138d55
+        return SASL_OK;
138d55
+    }
138d55
+
138d55
+    if (sasldb_path && !strcmp(option, "pwcheck_method")) {
138d55
+        *result = pwcheck_method;
138d55
+        if (len)
138d55
+            *len = (unsigned) strlen(pwcheck_method);
138d55
+        return SASL_OK;
138d55
+    }
138d55
+    return SASL_FAIL;
138d55
+}
138d55
+
138d55
 int main(int argc, char *argv[])
138d55
 {
138d55
-    sasl_callback_t callbacks[2] = {};
138d55
+    sasl_callback_t callbacks[3] = {};
138d55
     char buf[8192];
138d55
     sasl_conn_t *conn;
138d55
     const char *data;
138d55
@@ -59,8 +93,9 @@
138d55
     const char *sasl_mech = "GSSAPI";
138d55
     bool spnego = false;
138d55
     bool zeromaxssf = false;
138d55
+    bool plain = false;
138d55
 
138d55
-    while ((c = getopt(argc, argv, "c:zN")) != EOF) {
138d55
+    while ((c = getopt(argc, argv, "c:zNP:")) != EOF) {
138d55
         switch (c) {
138d55
         case 'c':
138d55
             parse_cb(&cb, cb_buf, 256, optarg);
138d55
@@ -71,6 +106,10 @@
138d55
         case 'N':
138d55
             spnego = true;
138d55
             break;
138d55
+        case 'P':
138d55
+            plain = true;
138d55
+            sasldb_path = optarg;
138d55
+            break;
138d55
         default:
138d55
             break;
138d55
         }
138d55
@@ -81,9 +120,12 @@
138d55
     callbacks[0].id = SASL_CB_GETPATH;
138d55
     callbacks[0].proc = (sasl_callback_ft)&getpath;
138d55
     callbacks[0].context = NULL;
138d55
-    callbacks[1].id = SASL_CB_LIST_END;
138d55
-    callbacks[1].proc = NULL;
138d55
+    callbacks[1].id = SASL_CB_GETOPT;
138d55
+    callbacks[1].proc = (sasl_callback_ft)&test_getopt;
138d55
     callbacks[1].context = NULL;
138d55
+    callbacks[2].id = SASL_CB_LIST_END;
138d55
+    callbacks[2].proc = NULL;
138d55
+    callbacks[2].context = NULL;
138d55
 
138d55
     r = sasl_server_init(callbacks, "t_gssapi_srv");
138d55
     if (r != SASL_OK) exit(-1);
138d55
@@ -103,6 +145,10 @@
138d55
         sasl_mech = "GSS-SPNEGO";
138d55
     }
138d55
 
138d55
+    if (plain) {
138d55
+        sasl_mech = "PLAIN";
138d55
+    }
138d55
+
138d55
     if (zeromaxssf) {
138d55
         /* set all security properties to 0 including maxssf */
138d55
         sasl_security_properties_t secprops = { 0 };
138d55
@@ -116,9 +162,9 @@
138d55
 
138d55
     r = sasl_server_start(conn, sasl_mech, buf, len, &data, &len;;
138d55
     if (r != SASL_OK && r != SASL_CONTINUE) {
138d55
-	saslerr(r, "starting SASL negotiation");
138d55
-	printf("\n%s\n", sasl_errdetail(conn));
138d55
-	exit(-1);
138d55
+        saslerr(r, "starting SASL negotiation");
138d55
+        printf("\n%s\n", sasl_errdetail(conn));
138d55
+        exit(-1);
138d55
     }
138d55
 
138d55
     while (r == SASL_CONTINUE) {
138d55
@@ -126,12 +172,12 @@
138d55
         len = 8192;
138d55
         recv_string(sd, buf, &len, true);
138d55
 
138d55
-	r = sasl_server_step(conn, buf, len, &data, &len;;
138d55
-	if (r != SASL_OK && r != SASL_CONTINUE) {
138d55
-	    saslerr(r, "performing SASL negotiation");
138d55
-	    printf("\n%s\n", sasl_errdetail(conn));
138d55
-	    exit(-1);
138d55
-	}
138d55
+        r = sasl_server_step(conn, buf, len, &data, &len;;
138d55
+        if (r != SASL_OK && r != SASL_CONTINUE) {
138d55
+            saslerr(r, "performing SASL negotiation");
138d55
+            printf("\n%s\n", sasl_errdetail(conn));
138d55
+            exit(-1);
138d55
+        }
138d55
     }
138d55
 
138d55
     if (r != SASL_OK) exit(-1);