tests: Verify behaviour if services authenticates a user after SASL is aborted

This commit is contained in:
Simon Arlott 2019-02-23 12:31:56 +00:00
parent ac5a5a0cfa
commit 958c354cca
No known key found for this signature in database
GPG key ID: 49BFFEEFD4C3ED53
11 changed files with 252 additions and 9 deletions

1
.gitignore vendored
View file

@ -62,6 +62,7 @@ tests/msgbuf_unparse1
tests/rb_dictionary1 tests/rb_dictionary1
tests/rb_snprintf_append1 tests/rb_snprintf_append1
tests/rb_snprintf_try_append1 tests/rb_snprintf_try_append1
tests/sasl_abort1
tests/send1 tests/send1
tests/serv_connect1 tests/serv_connect1
tests/substitution1 tests/substitution1

View file

@ -4,6 +4,7 @@ check_PROGRAMS = runtests \
rb_dictionary1 \ rb_dictionary1 \
rb_snprintf_append1 \ rb_snprintf_append1 \
rb_snprintf_try_append1 \ rb_snprintf_try_append1 \
sasl_abort1 \
send1 \ send1 \
serv_connect1 \ serv_connect1 \
substitution1 substitution1
@ -26,6 +27,7 @@ msgbuf_unparse1_SOURCES = msgbuf_unparse1.c
rb_dictionary1_SOURCES = rb_dictionary1.c rb_dictionary1_SOURCES = rb_dictionary1.c
rb_snprintf_append1_SOURCES = rb_snprintf_append1.c rb_snprintf_append1_SOURCES = rb_snprintf_append1.c
rb_snprintf_try_append1_SOURCES = rb_snprintf_try_append1.c rb_snprintf_try_append1_SOURCES = rb_snprintf_try_append1.c
sasl_abort1_SOURCES = sasl_abort1.c ircd_util.c client_util.c
send1_SOURCES = send1.c ircd_util.c client_util.c send1_SOURCES = send1.c ircd_util.c client_util.c
serv_connect1_SOURCES = serv_connect1.c ircd_util.c client_util.c serv_connect1_SOURCES = serv_connect1.c ircd_util.c client_util.c
substitution1_SOURCES = substitution1.c substitution1_SOURCES = substitution1.c

View file

@ -3,6 +3,7 @@ msgbuf_unparse1
rb_dictionary1 rb_dictionary1
rb_snprintf_append1 rb_snprintf_append1
rb_snprintf_try_append1 rb_snprintf_try_append1
sasl_abort1
send1 send1
serv_connect1 serv_connect1
substitution1 substitution1

View file

@ -27,9 +27,42 @@
#include "hash.h" #include "hash.h"
#include "s_newconf.h" #include "s_newconf.h"
#include "parse.h"
#include "listener.h"
#define MSG "%s:%d (%s)", __FILE__, __LINE__, __FUNCTION__ #define MSG "%s:%d (%s)", __FILE__, __LINE__, __FUNCTION__
static struct Listener fake_listener = {
.next = NULL,
.name = "fake",
.F = NULL,
.ref_count = 0,
.active = 1,
.ssl = 1,
.defer_accept = 0,
.sctp = false,
.wsock = 0,
.addr = {
{ .ss_family = AF_INET6 },
{ .ss_family = AF_INET6 },
},
.vhost = { "fake" },
};
struct Client *make_local_unknown(void)
{
struct Client *client;
client = make_client(NULL);
rb_dlinkMoveNode(&client->localClient->tnode, &unknown_list, &lclient_list);
client->servptr = &me;
rb_dlinkAdd(client, &client->lnode, &client->servptr->serv->users);
client->localClient->listener = &fake_listener;
client->preClient->auth.accepted = true;
return client;
}
struct Client *make_local_person(void) struct Client *make_local_person(void)
{ {
return make_local_person_nick(TEST_NICK); return make_local_person_nick(TEST_NICK);
@ -44,10 +77,7 @@ struct Client *make_local_person_full(const char *nick, const char *username, co
{ {
struct Client *client; struct Client *client;
client = make_client(NULL); client = make_local_unknown();
rb_dlinkMoveNode(&client->localClient->tnode, &unknown_list, &lclient_list);
client->servptr = &me;
rb_dlinkAdd(client, &client->lnode, &client->servptr->serv->users);
make_user(client); make_user(client);
SetClient(client); SetClient(client);
@ -187,6 +217,15 @@ char *get_client_sendq(const struct Client *client)
return ""; return "";
} }
void client_util_parse(struct Client *client, const char *message)
{
char *copy = rb_strdup(message);
parse(client, copy, copy+strlen(copy));
rb_free(copy);
}
void client_util_init(void) void client_util_init(void)
{ {
} }

View file

@ -63,6 +63,7 @@
void client_util_init(void); void client_util_init(void);
void client_util_free(void); void client_util_free(void);
struct Client *make_local_unknown(void);
struct Client *make_local_person(void); struct Client *make_local_person(void);
struct Client *make_local_person_nick(const char *nick); struct Client *make_local_person_nick(const char *nick);
struct Client *make_local_person_full(const char *nick, const char *username, const char *hostname, const char *ip, const char *realname); struct Client *make_local_person_full(const char *nick, const char *username, const char *hostname, const char *ip, const char *realname);
@ -83,11 +84,17 @@ struct Channel *make_channel(void);
char *get_client_sendq(const struct Client *client); char *get_client_sendq(const struct Client *client);
void client_util_parse(struct Client *client, const char *message);
#define is_client_sendq_empty(client, message, ...) do { \ #define is_client_sendq_empty(client, message, ...) do { \
is_string("", get_client_sendq(client), message, ##__VA_ARGS__); \ is_string("", get_client_sendq(client), message, ##__VA_ARGS__); \
} while (0) } while (0)
#define is_client_sendq(queue, client, message, ...) do { \ #define is_client_sendq_one(queue, client, message, ...) do { \
is_string(queue, get_client_sendq(client), message, ##__VA_ARGS__); \ is_string(queue, get_client_sendq(client), message, ##__VA_ARGS__); \
} while (0)
#define is_client_sendq(queue, client, message, ...) do { \
is_client_sendq_one(queue, client, message, ##__VA_ARGS__); \
is_client_sendq_empty(client, message, ##__VA_ARGS__); \ is_client_sendq_empty(client, message, ##__VA_ARGS__); \
} while (0) } while (0)

View file

@ -1 +0,0 @@
../../../../extensions/.libs/ip_cloaking.so

View file

@ -1 +0,0 @@
../../../../extensions/.libs/ip_cloaking_3.0.so

View file

@ -1 +0,0 @@
../../../../extensions/.libs/ip_cloaking_4.0.so

View file

@ -1 +0,0 @@
../../../../extensions/.libs/ip_cloaking_old.so

153
tests/sasl_abort1.c Normal file
View file

@ -0,0 +1,153 @@
/*
* sasl_abort1.c: Test SASL abort from the ircd to services
* Copyright 2019 Simon Arlott
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*/
#define _GNU_SOURCE
#include <dlfcn.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include "tap/basic.h"
#include "ircd_util.h"
#include "client_util.h"
#include "s_serv.h"
#include "s_conf.h"
#include "s_newconf.h"
#include "hash.h"
#define MSG "%s:%d (%s; aborted=%d, by_user=%d)", __FILE__, __LINE__, __FUNCTION__, aborted, by_user
static void common_sasl_test(bool aborted, bool by_user)
{
ircd_util_init(__FILE__);
client_util_init();
struct Client *user = make_local_unknown();
struct Client *server = make_remote_server(&me);
struct Client *remote = make_remote_person(server);
rb_inet_pton_sock(TEST_IP, (struct sockaddr *)&user->localClient->ip);
rb_strlcpy(user->host, TEST_HOSTNAME, sizeof(user->host));
rb_inet_ntop_sock((struct sockaddr *)&user->localClient->ip, user->sockhost, sizeof(user->sockhost));
strcpy(server->id, TEST_SERVER_ID);
strcpy(remote->id, TEST_REMOTE_ID);
add_to_id_hash(remote->id, remote);
server->localClient->caps = CAP_ENCAP | CAP_TS6;
remote->umodes |= UMODE_SERVICE;
client_util_parse(user, "CAP LS 302" CRLF);
const char *line;
while ((line = get_client_sendq(user)) && strcmp(line, "")) {
printf("%s", line);
}
client_util_parse(user, "NICK " TEST_NICK CRLF);
client_util_parse(user, "USER " TEST_USERNAME " 0 0 :" TEST_REALNAME CRLF);
is_client_sendq_empty(user, MSG);
user->tsinfo = 42;
client_util_parse(user, "CAP REQ :sasl" CRLF);
is_client_sendq(":" TEST_ME_NAME " CAP " TEST_NICK " ACK :sasl" CRLF, user, MSG);
client_util_parse(user, "AUTHENTICATE EXTERNAL" CRLF);
is_client_sendq_empty(user, MSG);
is_client_sendq_one(":" TEST_ME_ID " ENCAP " TEST_SERVER_NAME " SASL " TEST_ME_ID "AAAAAB " TEST_REMOTE_ID " H " TEST_HOSTNAME " " TEST_IP " P" CRLF, server, MSG);
is_client_sendq_one(":" TEST_ME_ID " ENCAP " TEST_SERVER_NAME " SASL " TEST_ME_ID "AAAAAB " TEST_REMOTE_ID " S EXTERNAL" CRLF, server, MSG);
is_client_sendq_empty(server, MSG);
if (aborted) {
if (by_user) {
// Explicit abort by user
client_util_parse(user, "AUTHENTICATE *" CRLF);
is_client_sendq(":" TEST_ME_NAME " 906 " TEST_NICK " :SASL authentication aborted" CRLF, user, MSG);
client_util_parse(user, "CAP END" CRLF);
ok(IsClient(user), MSG);
} else {
// Implicit abort by completing registration
client_util_parse(user, "CAP END" CRLF);
ok(IsClient(user), MSG);
is_client_sendq_one(":" TEST_ME_NAME " 906 " TEST_NICK " :SASL authentication aborted" CRLF, user, MSG);
}
is_client_sendq_one(":" TEST_ME_ID " ENCAP " TEST_SERVER_NAME " SASL " TEST_ME_ID "AAAAAB " TEST_REMOTE_ID " D A" CRLF, server, MSG);
is_client_sendq(":" TEST_ME_ID " UID " TEST_NICK " 1 42 +i ~" TEST_USERNAME " " TEST_HOSTNAME " " TEST_IP " " TEST_ME_ID "AAAAAB :" TEST_REALNAME CRLF, server, MSG);
} else {
// Return a successful auth
client_util_parse(server, ":" TEST_SERVER_NAME " ENCAP " TEST_ME_NAME " SASL " TEST_REMOTE_ID " " TEST_ME_ID "AAAAAB D S" CRLF);
// User should be authenticated
is_client_sendq_one(":" TEST_ME_NAME " 903 " TEST_NICK " :SASL authentication successful" CRLF, user, MSG);
client_util_parse(user, "CAP END" CRLF);
ok(IsClient(user), MSG);
}
is_client_sendq_one(":" TEST_ME_NAME " 001 " TEST_NICK " :Welcome to the Test Internet Relay Chat Network " TEST_NICK CRLF, user, MSG);
while ((line = get_client_sendq(user)) && strcmp(line, "")) {
printf("%s", line);
}
if (aborted) {
// Return a successful auth after auth was aborted
client_util_parse(server, ":" TEST_SERVER_NAME " ENCAP " TEST_ME_NAME " SASL " TEST_REMOTE_ID " " TEST_ME_ID "AAAAAB D S" CRLF);
// User should not be authenticated
is_client_sendq_empty(user, MSG);
}
remove_local_person(user);
remove_remote_person(remote);
remove_remote_server(server);
client_util_free();
ircd_util_free();
}
static void successful_login(void)
{
common_sasl_test(false, false);
}
static void successful_login_after_aborted_by_registration(void)
{
common_sasl_test(true, false);
}
static void successful_login_after_aborted_by_user(void)
{
common_sasl_test(true, true);
}
int main(int argc, char *argv[])
{
plan_lazy();
successful_login();
successful_login_after_aborted_by_registration();
successful_login_after_aborted_by_user();
return 0;
}

44
tests/sasl_abort1.conf Normal file
View file

@ -0,0 +1,44 @@
serverinfo {
sid = "0AA";
name = "me.test";
description = "Test server";
network_name = "Test network";
};
class "default" {
ping_time = 1000 minutes;
connectfreq = 1000 minutes;
number_per_ident = 1000;
number_per_ip = 1000;
number_per_ip_global = 1000;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
number_per_cidr = 1000;
max_number = 1000;
sendq = 4 megabytes;
};
connect "remote.test" {
host = "::1";
fingerprint = "test";
class = "default";
};
service {
name = "remote.test";
};
privset "admin" {
privs = oper:admin;
};
auth {
user = "*@*";
class = "default";
};
general {
sasl_service = "remote_test";
ping_cookie = no;
};