From 958c354cca98700ccd6943012ea285aa74b05342 Mon Sep 17 00:00:00 2001 From: Simon Arlott Date: Sat, 23 Feb 2019 12:31:56 +0000 Subject: [PATCH] tests: Verify behaviour if services authenticates a user after SASL is aborted --- .gitignore | 1 + tests/Makefile.am | 2 + tests/TESTS | 1 + tests/client_util.c | 47 +++++- tests/client_util.h | 9 +- tests/runtime/modules/autoload/ip_cloaking.so | 1 - .../modules/autoload/ip_cloaking_3.0.so | 1 - .../modules/autoload/ip_cloaking_4.0.so | 1 - .../modules/autoload/ip_cloaking_old.so | 1 - tests/sasl_abort1.c | 153 ++++++++++++++++++ tests/sasl_abort1.conf | 44 +++++ 11 files changed, 252 insertions(+), 9 deletions(-) delete mode 120000 tests/runtime/modules/autoload/ip_cloaking.so delete mode 120000 tests/runtime/modules/autoload/ip_cloaking_3.0.so delete mode 120000 tests/runtime/modules/autoload/ip_cloaking_4.0.so delete mode 120000 tests/runtime/modules/autoload/ip_cloaking_old.so create mode 100644 tests/sasl_abort1.c create mode 100644 tests/sasl_abort1.conf diff --git a/.gitignore b/.gitignore index 39347b7e..cfeceb18 100644 --- a/.gitignore +++ b/.gitignore @@ -62,6 +62,7 @@ tests/msgbuf_unparse1 tests/rb_dictionary1 tests/rb_snprintf_append1 tests/rb_snprintf_try_append1 +tests/sasl_abort1 tests/send1 tests/serv_connect1 tests/substitution1 diff --git a/tests/Makefile.am b/tests/Makefile.am index 3318c876..0efb4c7f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -4,6 +4,7 @@ check_PROGRAMS = runtests \ rb_dictionary1 \ rb_snprintf_append1 \ rb_snprintf_try_append1 \ + sasl_abort1 \ send1 \ serv_connect1 \ substitution1 @@ -26,6 +27,7 @@ msgbuf_unparse1_SOURCES = msgbuf_unparse1.c rb_dictionary1_SOURCES = rb_dictionary1.c rb_snprintf_append1_SOURCES = rb_snprintf_append1.c rb_snprintf_try_append1_SOURCES = rb_snprintf_try_append1.c +sasl_abort1_SOURCES = sasl_abort1.c ircd_util.c client_util.c send1_SOURCES = send1.c ircd_util.c client_util.c serv_connect1_SOURCES = serv_connect1.c ircd_util.c client_util.c substitution1_SOURCES = substitution1.c diff --git a/tests/TESTS b/tests/TESTS index ce1b3e7d..61e51d74 100644 --- a/tests/TESTS +++ b/tests/TESTS @@ -3,6 +3,7 @@ msgbuf_unparse1 rb_dictionary1 rb_snprintf_append1 rb_snprintf_try_append1 +sasl_abort1 send1 serv_connect1 substitution1 diff --git a/tests/client_util.c b/tests/client_util.c index 04c22e0b..796782d5 100644 --- a/tests/client_util.c +++ b/tests/client_util.c @@ -27,9 +27,42 @@ #include "hash.h" #include "s_newconf.h" +#include "parse.h" +#include "listener.h" #define MSG "%s:%d (%s)", __FILE__, __LINE__, __FUNCTION__ +static struct Listener fake_listener = { + .next = NULL, + .name = "fake", + .F = NULL, + .ref_count = 0, + .active = 1, + .ssl = 1, + .defer_accept = 0, + .sctp = false, + .wsock = 0, + .addr = { + { .ss_family = AF_INET6 }, + { .ss_family = AF_INET6 }, + }, + .vhost = { "fake" }, +}; + +struct Client *make_local_unknown(void) +{ + struct Client *client; + + client = make_client(NULL); + rb_dlinkMoveNode(&client->localClient->tnode, &unknown_list, &lclient_list); + client->servptr = &me; + rb_dlinkAdd(client, &client->lnode, &client->servptr->serv->users); + client->localClient->listener = &fake_listener; + client->preClient->auth.accepted = true; + + return client; +} + struct Client *make_local_person(void) { return make_local_person_nick(TEST_NICK); @@ -44,10 +77,7 @@ struct Client *make_local_person_full(const char *nick, const char *username, co { struct Client *client; - client = make_client(NULL); - rb_dlinkMoveNode(&client->localClient->tnode, &unknown_list, &lclient_list); - client->servptr = &me; - rb_dlinkAdd(client, &client->lnode, &client->servptr->serv->users); + client = make_local_unknown(); make_user(client); SetClient(client); @@ -187,6 +217,15 @@ char *get_client_sendq(const struct Client *client) return ""; } +void client_util_parse(struct Client *client, const char *message) +{ + char *copy = rb_strdup(message); + + parse(client, copy, copy+strlen(copy)); + + rb_free(copy); +} + void client_util_init(void) { } diff --git a/tests/client_util.h b/tests/client_util.h index da0bdbb3..45e8d5fc 100644 --- a/tests/client_util.h +++ b/tests/client_util.h @@ -63,6 +63,7 @@ void client_util_init(void); void client_util_free(void); +struct Client *make_local_unknown(void); struct Client *make_local_person(void); struct Client *make_local_person_nick(const char *nick); struct Client *make_local_person_full(const char *nick, const char *username, const char *hostname, const char *ip, const char *realname); @@ -83,11 +84,17 @@ struct Channel *make_channel(void); char *get_client_sendq(const struct Client *client); +void client_util_parse(struct Client *client, const char *message); + #define is_client_sendq_empty(client, message, ...) do { \ is_string("", get_client_sendq(client), message, ##__VA_ARGS__); \ } while (0) -#define is_client_sendq(queue, client, message, ...) do { \ +#define is_client_sendq_one(queue, client, message, ...) do { \ is_string(queue, get_client_sendq(client), message, ##__VA_ARGS__); \ + } while (0) + +#define is_client_sendq(queue, client, message, ...) do { \ + is_client_sendq_one(queue, client, message, ##__VA_ARGS__); \ is_client_sendq_empty(client, message, ##__VA_ARGS__); \ } while (0) diff --git a/tests/runtime/modules/autoload/ip_cloaking.so b/tests/runtime/modules/autoload/ip_cloaking.so deleted file mode 120000 index a76d8193..00000000 --- a/tests/runtime/modules/autoload/ip_cloaking.so +++ /dev/null @@ -1 +0,0 @@ -../../../../extensions/.libs/ip_cloaking.so \ No newline at end of file diff --git a/tests/runtime/modules/autoload/ip_cloaking_3.0.so b/tests/runtime/modules/autoload/ip_cloaking_3.0.so deleted file mode 120000 index f4d7a53f..00000000 --- a/tests/runtime/modules/autoload/ip_cloaking_3.0.so +++ /dev/null @@ -1 +0,0 @@ -../../../../extensions/.libs/ip_cloaking_3.0.so \ No newline at end of file diff --git a/tests/runtime/modules/autoload/ip_cloaking_4.0.so b/tests/runtime/modules/autoload/ip_cloaking_4.0.so deleted file mode 120000 index 20960245..00000000 --- a/tests/runtime/modules/autoload/ip_cloaking_4.0.so +++ /dev/null @@ -1 +0,0 @@ -../../../../extensions/.libs/ip_cloaking_4.0.so \ No newline at end of file diff --git a/tests/runtime/modules/autoload/ip_cloaking_old.so b/tests/runtime/modules/autoload/ip_cloaking_old.so deleted file mode 120000 index 06a62ee0..00000000 --- a/tests/runtime/modules/autoload/ip_cloaking_old.so +++ /dev/null @@ -1 +0,0 @@ -../../../../extensions/.libs/ip_cloaking_old.so \ No newline at end of file diff --git a/tests/sasl_abort1.c b/tests/sasl_abort1.c new file mode 100644 index 00000000..d2e5321a --- /dev/null +++ b/tests/sasl_abort1.c @@ -0,0 +1,153 @@ +/* + * sasl_abort1.c: Test SASL abort from the ircd to services + * Copyright 2019 Simon Arlott + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 + * USA + */ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include "tap/basic.h" + +#include "ircd_util.h" +#include "client_util.h" + +#include "s_serv.h" +#include "s_conf.h" +#include "s_newconf.h" +#include "hash.h" + +#define MSG "%s:%d (%s; aborted=%d, by_user=%d)", __FILE__, __LINE__, __FUNCTION__, aborted, by_user + +static void common_sasl_test(bool aborted, bool by_user) +{ + ircd_util_init(__FILE__); + client_util_init(); + + struct Client *user = make_local_unknown(); + struct Client *server = make_remote_server(&me); + struct Client *remote = make_remote_person(server); + + rb_inet_pton_sock(TEST_IP, (struct sockaddr *)&user->localClient->ip); + rb_strlcpy(user->host, TEST_HOSTNAME, sizeof(user->host)); + rb_inet_ntop_sock((struct sockaddr *)&user->localClient->ip, user->sockhost, sizeof(user->sockhost)); + + strcpy(server->id, TEST_SERVER_ID); + strcpy(remote->id, TEST_REMOTE_ID); + add_to_id_hash(remote->id, remote); + server->localClient->caps = CAP_ENCAP | CAP_TS6; + remote->umodes |= UMODE_SERVICE; + + client_util_parse(user, "CAP LS 302" CRLF); + const char *line; + while ((line = get_client_sendq(user)) && strcmp(line, "")) { + printf("%s", line); + } + + client_util_parse(user, "NICK " TEST_NICK CRLF); + client_util_parse(user, "USER " TEST_USERNAME " 0 0 :" TEST_REALNAME CRLF); + is_client_sendq_empty(user, MSG); + + user->tsinfo = 42; + + client_util_parse(user, "CAP REQ :sasl" CRLF); + is_client_sendq(":" TEST_ME_NAME " CAP " TEST_NICK " ACK :sasl" CRLF, user, MSG); + + client_util_parse(user, "AUTHENTICATE EXTERNAL" CRLF); + is_client_sendq_empty(user, MSG); + + is_client_sendq_one(":" TEST_ME_ID " ENCAP " TEST_SERVER_NAME " SASL " TEST_ME_ID "AAAAAB " TEST_REMOTE_ID " H " TEST_HOSTNAME " " TEST_IP " P" CRLF, server, MSG); + is_client_sendq_one(":" TEST_ME_ID " ENCAP " TEST_SERVER_NAME " SASL " TEST_ME_ID "AAAAAB " TEST_REMOTE_ID " S EXTERNAL" CRLF, server, MSG); + is_client_sendq_empty(server, MSG); + + if (aborted) { + if (by_user) { + // Explicit abort by user + client_util_parse(user, "AUTHENTICATE *" CRLF); + is_client_sendq(":" TEST_ME_NAME " 906 " TEST_NICK " :SASL authentication aborted" CRLF, user, MSG); + + client_util_parse(user, "CAP END" CRLF); + ok(IsClient(user), MSG); + } else { + // Implicit abort by completing registration + client_util_parse(user, "CAP END" CRLF); + ok(IsClient(user), MSG); + is_client_sendq_one(":" TEST_ME_NAME " 906 " TEST_NICK " :SASL authentication aborted" CRLF, user, MSG); + } + + is_client_sendq_one(":" TEST_ME_ID " ENCAP " TEST_SERVER_NAME " SASL " TEST_ME_ID "AAAAAB " TEST_REMOTE_ID " D A" CRLF, server, MSG); + is_client_sendq(":" TEST_ME_ID " UID " TEST_NICK " 1 42 +i ~" TEST_USERNAME " " TEST_HOSTNAME " " TEST_IP " " TEST_ME_ID "AAAAAB :" TEST_REALNAME CRLF, server, MSG); + } else { + // Return a successful auth + client_util_parse(server, ":" TEST_SERVER_NAME " ENCAP " TEST_ME_NAME " SASL " TEST_REMOTE_ID " " TEST_ME_ID "AAAAAB D S" CRLF); + + // User should be authenticated + is_client_sendq_one(":" TEST_ME_NAME " 903 " TEST_NICK " :SASL authentication successful" CRLF, user, MSG); + + client_util_parse(user, "CAP END" CRLF); + ok(IsClient(user), MSG); + } + + is_client_sendq_one(":" TEST_ME_NAME " 001 " TEST_NICK " :Welcome to the Test Internet Relay Chat Network " TEST_NICK CRLF, user, MSG); + while ((line = get_client_sendq(user)) && strcmp(line, "")) { + printf("%s", line); + } + + if (aborted) { + // Return a successful auth after auth was aborted + client_util_parse(server, ":" TEST_SERVER_NAME " ENCAP " TEST_ME_NAME " SASL " TEST_REMOTE_ID " " TEST_ME_ID "AAAAAB D S" CRLF); + + // User should not be authenticated + is_client_sendq_empty(user, MSG); + } + + remove_local_person(user); + remove_remote_person(remote); + remove_remote_server(server); + + client_util_free(); + ircd_util_free(); +} + +static void successful_login(void) +{ + common_sasl_test(false, false); +} + +static void successful_login_after_aborted_by_registration(void) +{ + common_sasl_test(true, false); +} + +static void successful_login_after_aborted_by_user(void) +{ + common_sasl_test(true, true); +} + +int main(int argc, char *argv[]) +{ + plan_lazy(); + + successful_login(); + successful_login_after_aborted_by_registration(); + successful_login_after_aborted_by_user(); + + return 0; +} diff --git a/tests/sasl_abort1.conf b/tests/sasl_abort1.conf new file mode 100644 index 00000000..b3b0ea54 --- /dev/null +++ b/tests/sasl_abort1.conf @@ -0,0 +1,44 @@ +serverinfo { + sid = "0AA"; + name = "me.test"; + description = "Test server"; + network_name = "Test network"; +}; + + +class "default" { + ping_time = 1000 minutes; + connectfreq = 1000 minutes; + number_per_ident = 1000; + number_per_ip = 1000; + number_per_ip_global = 1000; + cidr_ipv4_bitlen = 24; + cidr_ipv6_bitlen = 64; + number_per_cidr = 1000; + max_number = 1000; + sendq = 4 megabytes; +}; + +connect "remote.test" { + host = "::1"; + fingerprint = "test"; + class = "default"; +}; + +service { + name = "remote.test"; +}; + +privset "admin" { + privs = oper:admin; +}; + +auth { + user = "*@*"; + class = "default"; +}; + +general { + sasl_service = "remote_test"; + ping_cookie = no; +};