rpms / cyrus-sasl

Clone
Source Code
GIT

Blame SOURCES/cyrus-sasl-2.1.27-Add-basic-test-plain-auth.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   8b8af068b456761d7560aa391d7872c4c5b448a9
  2.   SOURCES
  3.   cyrus-sasl-2.1.27-Add-basic-test-plain-auth.patch
Blob History Raw
8b8af0 
diff -Nru cyrus-sasl-2.1.27/tests/runtests.py cyrus-sasl-2.1.27-beldmit/tests/runtests.py
8b8af0 
--- cyrus-sasl-2.1.27/tests/runtests.py	2020-12-23 14:31:35.564537485 +0100
8b8af0 
+++ cyrus-sasl-2.1.27-beldmit/tests/runtests.py	2020-12-23 14:30:46.933219377 +0100
8b8af0 
@@ -313,6 +313,99 @@
8b8af0
8b8af0 
     return err
8b8af0
8b8af0 
+def setup_plain(testdir):
8b8af0 
+    """ Create sasldb file """
8b8af0 
+    sasldbfile = os.path.join(testdir, 'testsasldb.db')
8b8af0 
+
8b8af0 
+    sasldbenv = {'SASL_PATH': os.path.join(testdir, '../../plugins/.libs'),
8b8af0 
+                 'LD_LIBRARY_PATH' : os.path.join(testdir, '../../lib/.libs')}
8b8af0 
+
8b8af0 
+    passwdprog = os.path.join(testdir, '../../utils/saslpasswd2')
8b8af0 
+
8b8af0 
+    echo = subprocess.Popen(('echo', '1234567'), stdout=subprocess.PIPE)
8b8af0 
+    subprocess.check_call([
8b8af0 
+        passwdprog, "-f", sasldbfile, "-c", "test",
8b8af0 
+        "-u", "host.realm.test", "-p"
8b8af0 
+        ], stdin=echo.stdout, env=sasldbenv, timeout=5)
8b8af0 
+
8b8af0 
+    return (sasldbfile, sasldbenv)
8b8af0 
+
8b8af0 
+def plain_test(sasldbfile, sasldbenv):
8b8af0 
+    try:
8b8af0 
+        srv = subprocess.Popen(["../tests/t_gssapi_srv", "-P", sasldbfile],
8b8af0 
+                               stdout=subprocess.PIPE,
8b8af0 
+                               stderr=subprocess.PIPE, env=sasldbenv)
8b8af0 
+        srv.stdout.readline() # Wait for srv to say it is ready
8b8af0 
+        cli = subprocess.Popen(["../tests/t_gssapi_cli", "-P", "1234567"],
8b8af0 
+                               stdout=subprocess.PIPE,
8b8af0 
+                               stderr=subprocess.PIPE, env=sasldbenv)
8b8af0 
+        try:
8b8af0 
+            cli.wait(timeout=5)
8b8af0 
+            srv.wait(timeout=5)
8b8af0 
+        except Exception as e:
8b8af0 
+            print("Failed on {}".format(e));
8b8af0 
+            cli.kill()
8b8af0 
+            srv.kill()
8b8af0 
+        if cli.returncode != 0 or srv.returncode != 0:
8b8af0 
+            raise Exception("CLI ({}): {} --> SRV ({}): {}".format(
8b8af0 
+                cli.returncode, cli.stderr.read().decode('utf-8'),
8b8af0 
+                srv.returncode, srv.stderr.read().decode('utf-8')))
8b8af0 
+    except Exception as e:
8b8af0 
+        print("FAIL: {}".format(e))
8b8af0 
+        return 1
8b8af0 
+
8b8af0 
+    print("PASS: PLAIN CLI({}) SRV({})".format(
8b8af0 
+        cli.stdout.read().decode('utf-8').strip(),
8b8af0 
+        srv.stdout.read().decode('utf-8').strip()))
8b8af0 
+    return 0
8b8af0 
+
8b8af0 
+def plain_mismatch_test(sasldbfile, sasldbenv):
8b8af0 
+    result = "FAIL"
8b8af0 
+    try:
8b8af0 
+        srv = subprocess.Popen(["../tests/t_gssapi_srv", "-P", sasldbfile],
8b8af0 
+                               stdout=subprocess.PIPE,
8b8af0 
+                               stderr=subprocess.PIPE, env=sasldbenv)
8b8af0 
+        srv.stdout.readline() # Wait for srv to say it is ready
8b8af0 
+        bindings = base64.b64encode("CLI CBS".encode('utf-8'))
8b8af0 
+        cli = subprocess.Popen(["../tests/t_gssapi_cli", "-P", "12345678"],
8b8af0 
+                               stdout=subprocess.PIPE,
8b8af0 
+                               stderr=subprocess.PIPE, env=sasldbenv)
8b8af0 
+        try:
8b8af0 
+            cli.wait(timeout=5)
8b8af0 
+            srv.wait(timeout=5)
8b8af0 
+        except Exception as e:
8b8af0 
+            print("Failed on {}".format(e));
8b8af0 
+            cli.kill()
8b8af0 
+            srv.kill()
8b8af0 
+        if cli.returncode != 0 or srv.returncode != 0:
8b8af0 
+            cli_err = cli.stderr.read().decode('utf-8').strip()
8b8af0 
+            srv_err = srv.stderr.read().decode('utf-8').strip()
8b8af0 
+            if "authentication failure" in srv_err:
8b8af0 
+                result = "PASS"
8b8af0 
+            raise Exception("CLI ({}): {} --> SRV ({}): {}".format(
8b8af0 
+                cli.returncode, cli_err, srv.returncode, srv_err))
8b8af0 
+    except Exception as e:
8b8af0 
+        print("{}: {}".format(result, e))
8b8af0 
+        return 0
8b8af0 
+
8b8af0 
+    print("FAIL: This test should fail [CLI({}) SRV({})]".format(
8b8af0 
+        cli.stdout.read().decode('utf-8').strip(),
8b8af0 
+        srv.stdout.read().decode('utf-8').strip()))
8b8af0 
+    return 1
8b8af0 
+
8b8af0 
+def plain_tests(testdir):
8b8af0 
+    err = 0
8b8af0 
+    sasldbfile, sasldbenv = setup_plain(testdir)
8b8af0 
+    #print("DB file: {}, ENV: {}".format(sasldbfile, sasldbenv))
8b8af0 
+    print('SASLDB PLAIN:')
8b8af0 
+    print('    ', end='')
8b8af0 
+    err += plain_test(sasldbfile, sasldbenv)
8b8af0 
+
8b8af0 
+    print('SASLDB PLAIN PASSWORD MISMATCH:')
8b8af0 
+    print('    ', end='')
8b8af0 
+    err += plain_mismatch_test(sasldbfile, sasldbenv)
8b8af0 
+
8b8af0 
+    return err
8b8af0
8b8af0 
 if __name__ == "__main__":
8b8af0
8b8af0 
@@ -329,5 +422,9 @@
8b8af0
8b8af0 
     err = gssapi_tests(T)
8b8af0 
     if err != 0:
8b8af0 
-        print('{} test(s) FAILED'.format(err))
8b8af0 
+        print('{} GSSAPI test(s) FAILED'.format(err))
8b8af0 
+
8b8af0 
+    err = plain_tests(T)
8b8af0 
+    if err != 0:
8b8af0 
+        print('{} PLAIN test(s) FAILED'.format(err))
8b8af0 
         sys.exit(-1)
8b8af0 
diff -Nru cyrus-sasl-2.1.27/tests/t_gssapi_cli.c cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_cli.c
8b8af0 
--- cyrus-sasl-2.1.27/tests/t_gssapi_cli.c	2020-12-23 14:31:35.564537485 +0100
8b8af0 
+++ cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_cli.c	2021-01-06 11:26:15.460662537 +0100
8b8af0 
@@ -16,6 +16,8 @@
8b8af0 
 #include <saslplug.h>
8b8af0 
 #include <saslutil.h>
8b8af0
8b8af0 
+const char *testpass = NULL;
8b8af0 
+
8b8af0 
 static int setup_socket(void)
8b8af0 
 {
8b8af0 
     struct sockaddr_in addr;
8b8af0 
@@ -34,9 +36,60 @@
8b8af0 
     return sock;
8b8af0 
 }
8b8af0
8b8af0 
+static int get_user(void *context __attribute__((unused)),
8b8af0 
+                  int id,
8b8af0 
+                  const char **result,
8b8af0 
+                  unsigned *len)
8b8af0 
+{
8b8af0 
+    const char *testuser = "test@host.realm.test";
8b8af0 
+
8b8af0 
+    if (! result)
8b8af0 
+        return SASL_BADPARAM;
8b8af0 
+
8b8af0 
+    switch (id) {
8b8af0 
+    case SASL_CB_USER:
8b8af0 
+    case SASL_CB_AUTHNAME:
8b8af0 
+        *result = testuser;
8b8af0 
+        break;
8b8af0 
+    default:
8b8af0 
+        return SASL_BADPARAM;
8b8af0 
+    }
8b8af0 
+
8b8af0 
+    if (len) *len = strlen(*result);
8b8af0 
+
8b8af0 
+    return SASL_OK;
8b8af0 
+}
8b8af0 
+
8b8af0 
+static int get_pass(sasl_conn_t *conn __attribute__((unused)),
8b8af0 
+          void *context __attribute__((unused)),
8b8af0 
+          int id,
8b8af0 
+          sasl_secret_t **psecret)
8b8af0 
+{
8b8af0 
+    size_t len;
8b8af0 
+    static sasl_secret_t *x;
8b8af0 
+
8b8af0 
+    /* paranoia check */
8b8af0 
+    if (! conn || ! psecret || id != SASL_CB_PASS)
8b8af0 
+        return SASL_BADPARAM;
8b8af0 
+
8b8af0 
+    len = strlen(testpass);
8b8af0 
+
8b8af0 
+    x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len);
8b8af0 
+
8b8af0 
+    if (!x) {
8b8af0 
+        return SASL_NOMEM;
8b8af0 
+    }
8b8af0 
+
8b8af0 
+    x->len = len;
8b8af0 
+    strcpy((char *)x->data, testpass);
8b8af0 
+
8b8af0 
+    *psecret = x;
8b8af0 
+    return SASL_OK;
8b8af0 
+}
8b8af0 
+
8b8af0 
 int main(int argc, char *argv[])
8b8af0 
 {
8b8af0 
-    sasl_callback_t callbacks[2] = {};
8b8af0 
+    sasl_callback_t callbacks[4] = {};
8b8af0 
     char buf[8192];
8b8af0 
     const char *chosenmech;
8b8af0 
     sasl_conn_t *conn;
8b8af0 
@@ -49,8 +102,9 @@
8b8af0 
     const char *sasl_mech = "GSSAPI";
8b8af0 
     bool spnego = false;
8b8af0 
     bool zeromaxssf = false;
8b8af0 
+    bool plain = false;
8b8af0
8b8af0 
-    while ((c = getopt(argc, argv, "c:zN")) != EOF) {
8b8af0 
+    while ((c = getopt(argc, argv, "c:zNP:")) != EOF) {
8b8af0 
         switch (c) {
8b8af0 
         case 'c':
8b8af0 
             parse_cb(&cb, cb_buf, 256, optarg);
8b8af0 
@@ -61,6 +115,10 @@
8b8af0 
         case 'N':
8b8af0 
             spnego = true;
8b8af0 
             break;
8b8af0 
+        case 'P':
8b8af0 
+            plain = true;
8b8af0 
+            testpass = optarg;
8b8af0 
+            break;
8b8af0 
         default:
8b8af0 
             break;
8b8af0 
         }
8b8af0 
@@ -73,6 +131,12 @@
8b8af0 
     callbacks[1].id = SASL_CB_LIST_END;
8b8af0 
     callbacks[1].proc = NULL;
8b8af0 
     callbacks[1].context = NULL;
8b8af0 
+    callbacks[2].id = SASL_CB_LIST_END;
8b8af0 
+    callbacks[2].proc = NULL;
8b8af0 
+    callbacks[2].context = NULL;
8b8af0 
+    callbacks[3].id = SASL_CB_LIST_END;
8b8af0 
+    callbacks[3].proc = NULL;
8b8af0 
+    callbacks[3].context = NULL;
8b8af0
8b8af0 
     r = sasl_client_init(callbacks);
8b8af0 
     if (r != SASL_OK) exit(-1);
8b8af0 
@@ -91,6 +155,16 @@
8b8af0 
         sasl_mech = "GSS-SPNEGO";
8b8af0 
     }
8b8af0
8b8af0 
+    if (plain) {
8b8af0 
+        sasl_mech = "PLAIN";
8b8af0 
+
8b8af0 
+        callbacks[1].id = SASL_CB_AUTHNAME;
8b8af0 
+        callbacks[1].proc = (sasl_callback_ft)&get_user;
8b8af0 
+
8b8af0 
+        callbacks[2].id = SASL_CB_PASS;
8b8af0 
+        callbacks[2].proc = (sasl_callback_ft)&get_pass;
8b8af0 
+    }
8b8af0 
+
8b8af0 
     if (zeromaxssf) {
8b8af0 
         /* set all security properties to 0 including maxssf */
8b8af0 
         sasl_security_properties_t secprops = { 0 };
8b8af0 
@@ -99,9 +173,9 @@
8b8af0
8b8af0 
     r = sasl_client_start(conn, sasl_mech, NULL, &data, &len, &chosenmech);
8b8af0 
     if (r != SASL_OK && r != SASL_CONTINUE) {
8b8af0 
-	saslerr(r, "starting SASL negotiation");
8b8af0 
-	printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
-	exit(-1);
8b8af0 
+        saslerr(r, "starting SASL negotiation");
8b8af0 
+        printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
+        exit(-1);
8b8af0 
     }
8b8af0
8b8af0 
     sd = setup_socket();
8b8af0 
@@ -111,11 +185,11 @@
8b8af0 
         len = 8192;
8b8af0 
         recv_string(sd, buf, &len, false);
8b8af0
8b8af0 
-	r = sasl_client_step(conn, buf, len, NULL, &data, &len;;
8b8af0 
-	if (r != SASL_OK && r != SASL_CONTINUE) {
8b8af0 
-	    saslerr(r, "performing SASL negotiation");
8b8af0 
-	    printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
-	    exit(-1);
8b8af0 
+        r = sasl_client_step(conn, buf, len, NULL, &data, &len;;
8b8af0 
+        if (r != SASL_OK && r != SASL_CONTINUE) {
8b8af0 
+            saslerr(r, "performing SASL negotiation");
8b8af0 
+            printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
+            exit(-1);
8b8af0 
         }
8b8af0 
     }
8b8af0
8b8af0 
diff -Nru cyrus-sasl-2.1.27/tests/t_gssapi_srv.c cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_srv.c
8b8af0 
--- cyrus-sasl-2.1.27/tests/t_gssapi_srv.c	2020-12-23 14:31:35.565537492 +0100
8b8af0 
+++ cyrus-sasl-2.1.27-beldmit/tests/t_gssapi_srv.c	2021-01-06 11:27:48.373257373 +0100
8b8af0 
@@ -1,4 +1,5 @@
8b8af0 
-/* Copyright (C) Simo Sorce <simo@redhat.com>
8b8af0 
+/* Copyright (C) Simo Sorce <simo@redhat.com>,
8b8af0 
+ * Dmitry Belyavskiy <dbelyavs@redhat.com>
8b8af0 
  * See COPYING file for License */
8b8af0
8b8af0 
 #include "t_common.h"
8b8af0 
@@ -15,6 +16,10 @@
8b8af0 
 #include <arpa/inet.h>
8b8af0 
 #include <saslplug.h>
8b8af0
8b8af0 
+const char *sasldb_path = NULL,
8b8af0 
+      *auxprop_plugin = "sasldb",
8b8af0 
+      *pwcheck_method = "auxprop-hashed";
8b8af0 
+
8b8af0 
 static int setup_socket(void)
8b8af0 
 {
8b8af0 
     struct sockaddr_in addr;
8b8af0 
@@ -45,9 +50,38 @@
8b8af0 
     return sd;
8b8af0 
 }
8b8af0
8b8af0 
+static int test_getopt(void *context __attribute__((unused)),
8b8af0 
+                const char *plugin_name __attribute__((unused)),
8b8af0 
+                const char *option,
8b8af0 
+                const char **result,
8b8af0 
+                unsigned *len)
8b8af0 
+{
8b8af0 
+    if (sasldb_path && !strcmp(option, "sasldb_path")) {
8b8af0 
+        *result = sasldb_path;
8b8af0 
+        if (len)
8b8af0 
+            *len = (unsigned) strlen(sasldb_path);
8b8af0 
+        return SASL_OK;
8b8af0 
+    }
8b8af0 
+
8b8af0 
+    if (sasldb_path && !strcmp(option, "auxprop_plugin")) {
8b8af0 
+        *result = auxprop_plugin;
8b8af0 
+        if (len)
8b8af0 
+            *len = (unsigned) strlen(auxprop_plugin);
8b8af0 
+        return SASL_OK;
8b8af0 
+    }
8b8af0 
+
8b8af0 
+    if (sasldb_path && !strcmp(option, "pwcheck_method")) {
8b8af0 
+        *result = pwcheck_method;
8b8af0 
+        if (len)
8b8af0 
+            *len = (unsigned) strlen(pwcheck_method);
8b8af0 
+        return SASL_OK;
8b8af0 
+    }
8b8af0 
+    return SASL_FAIL;
8b8af0 
+}
8b8af0 
+
8b8af0 
 int main(int argc, char *argv[])
8b8af0 
 {
8b8af0 
-    sasl_callback_t callbacks[2] = {};
8b8af0 
+    sasl_callback_t callbacks[3] = {};
8b8af0 
     char buf[8192];
8b8af0 
     sasl_conn_t *conn;
8b8af0 
     const char *data;
8b8af0 
@@ -59,8 +93,9 @@
8b8af0 
     const char *sasl_mech = "GSSAPI";
8b8af0 
     bool spnego = false;
8b8af0 
     bool zeromaxssf = false;
8b8af0 
+    bool plain = false;
8b8af0
8b8af0 
-    while ((c = getopt(argc, argv, "c:zN")) != EOF) {
8b8af0 
+    while ((c = getopt(argc, argv, "c:zNP:")) != EOF) {
8b8af0 
         switch (c) {
8b8af0 
         case 'c':
8b8af0 
             parse_cb(&cb, cb_buf, 256, optarg);
8b8af0 
@@ -71,6 +106,10 @@
8b8af0 
         case 'N':
8b8af0 
             spnego = true;
8b8af0 
             break;
8b8af0 
+        case 'P':
8b8af0 
+            plain = true;
8b8af0 
+            sasldb_path = optarg;
8b8af0 
+            break;
8b8af0 
         default:
8b8af0 
             break;
8b8af0 
         }
8b8af0 
@@ -81,9 +120,12 @@
8b8af0 
     callbacks[0].id = SASL_CB_GETPATH;
8b8af0 
     callbacks[0].proc = (sasl_callback_ft)&getpath;
8b8af0 
     callbacks[0].context = NULL;
8b8af0 
-    callbacks[1].id = SASL_CB_LIST_END;
8b8af0 
-    callbacks[1].proc = NULL;
8b8af0 
+    callbacks[1].id = SASL_CB_GETOPT;
8b8af0 
+    callbacks[1].proc = (sasl_callback_ft)&test_getopt;
8b8af0 
     callbacks[1].context = NULL;
8b8af0 
+    callbacks[2].id = SASL_CB_LIST_END;
8b8af0 
+    callbacks[2].proc = NULL;
8b8af0 
+    callbacks[2].context = NULL;
8b8af0
8b8af0 
     r = sasl_server_init(callbacks, "t_gssapi_srv");
8b8af0 
     if (r != SASL_OK) exit(-1);
8b8af0 
@@ -103,6 +145,10 @@
8b8af0 
         sasl_mech = "GSS-SPNEGO";
8b8af0 
     }
8b8af0
8b8af0 
+    if (plain) {
8b8af0 
+        sasl_mech = "PLAIN";
8b8af0 
+    }
8b8af0 
+
8b8af0 
     if (zeromaxssf) {
8b8af0 
         /* set all security properties to 0 including maxssf */
8b8af0 
         sasl_security_properties_t secprops = { 0 };
8b8af0 
@@ -116,9 +162,9 @@
8b8af0
8b8af0 
     r = sasl_server_start(conn, sasl_mech, buf, len, &data, &len;;
8b8af0 
     if (r != SASL_OK && r != SASL_CONTINUE) {
8b8af0 
-	saslerr(r, "starting SASL negotiation");
8b8af0 
-	printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
-	exit(-1);
8b8af0 
+        saslerr(r, "starting SASL negotiation");
8b8af0 
+        printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
+        exit(-1);
8b8af0 
     }
8b8af0
8b8af0 
     while (r == SASL_CONTINUE) {
8b8af0 
@@ -126,12 +172,12 @@
8b8af0 
         len = 8192;
8b8af0 
         recv_string(sd, buf, &len, true);
8b8af0
8b8af0 
-	r = sasl_server_step(conn, buf, len, &data, &len;;
8b8af0 
-	if (r != SASL_OK && r != SASL_CONTINUE) {
8b8af0 
-	    saslerr(r, "performing SASL negotiation");
8b8af0 
-	    printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
-	    exit(-1);
8b8af0 
-	}
8b8af0 
+        r = sasl_server_step(conn, buf, len, &data, &len;;
8b8af0 
+        if (r != SASL_OK && r != SASL_CONTINUE) {
8b8af0 
+            saslerr(r, "performing SASL negotiation");
8b8af0 
+            printf("\n%s\n", sasl_errdetail(conn));
8b8af0 
+            exit(-1);
8b8af0 
+        }
8b8af0 
     }
8b8af0
8b8af0 
     if (r != SASL_OK) exit(-1);

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation