[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 13/20: test_digestauth2: added testing of nonce bind opt
From: |
gnunet |
Subject: |
[libmicrohttpd] 13/20: test_digestauth2: added testing of nonce bind options |
Date: |
Mon, 15 Aug 2022 20:38:39 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit e4092f1d54c3ceb9d1954afed5f8d2fce600f183
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Mon Aug 15 17:28:58 2022 +0300
test_digestauth2: added testing of nonce bind options
---
src/testcurl/.gitignore | 4 ++
src/testcurl/Makefile.am | 18 ++++++-
src/testcurl/test_digestauth2.c | 113 ++++++++++++++++++++++++++++++++++------
3 files changed, 119 insertions(+), 16 deletions(-)
diff --git a/src/testcurl/.gitignore b/src/testcurl/.gitignore
index c06787a1..a31cb1ee 100644
--- a/src/testcurl/.gitignore
+++ b/src/testcurl/.gitignore
@@ -173,3 +173,7 @@ core
/test_digestauth2_sha256_userdigest
/test_digestauth2_oldapi2_sha256_userdigest
/test_digestauth2_sha256_userhash_userdigest
+/test_digestauth2_bind_all
+/test_digestauth2_bind_uri
+/test_digestauth2_oldapi1_bind_all
+/test_digestauth2_oldapi1_bind_uri
diff --git a/src/testcurl/Makefile.am b/src/testcurl/Makefile.am
index 34590e8f..0e23f251 100644
--- a/src/testcurl/Makefile.am
+++ b/src/testcurl/Makefile.am
@@ -185,7 +185,11 @@ check_PROGRAMS += \
test_digestauth2_userhash_userdigest \
test_digestauth2_sha256_userdigest \
test_digestauth2_oldapi2_sha256_userdigest \
- test_digestauth2_sha256_userhash_userdigest
+ test_digestauth2_sha256_userhash_userdigest \
+ test_digestauth2_bind_all \
+ test_digestauth2_bind_uri \
+ test_digestauth2_oldapi1_bind_all \
+ test_digestauth2_oldapi1_bind_uri
endif
if HEAVY_TESTS
@@ -343,6 +347,18 @@ test_digestauth2_oldapi2_sha256_userdigest_SOURCES = \
test_digestauth2_sha256_userhash_userdigest_SOURCES = \
test_digestauth2.c mhd_has_param.h mhd_has_in_name.h
+test_digestauth2_bind_all_SOURCES = \
+ test_digestauth2.c mhd_has_param.h mhd_has_in_name.h
+
+test_digestauth2_bind_uri_SOURCES = \
+ test_digestauth2.c mhd_has_param.h mhd_has_in_name.h
+
+test_digestauth2_oldapi1_bind_all_SOURCES = \
+ test_digestauth2.c mhd_has_param.h mhd_has_in_name.h
+
+test_digestauth2_oldapi1_bind_uri_SOURCES = \
+ test_digestauth2.c mhd_has_param.h mhd_has_in_name.h
+
test_get_iovec_SOURCES = \
test_get_iovec.c mhd_has_in_name.h
diff --git a/src/testcurl/test_digestauth2.c b/src/testcurl/test_digestauth2.c
index d88435c3..fa418f69 100644
--- a/src/testcurl/test_digestauth2.c
+++ b/src/testcurl/test_digestauth2.c
@@ -275,6 +275,10 @@ static int test_userhash;
static int test_userdigest;
static int test_sha256;
static int test_rfc2069;
+/* Bind DAuth nonces to everything except URI */
+static int test_bind_all;
+/* Bind DAuth nonces to URI */
+static int test_bind_uri;
static int curl_uses_usehash;
/* Static helper variables */
@@ -706,6 +710,13 @@ ahc_echo (void *cls,
else
expect_res = MHD_DAUTH_OK;
}
+ else if (test_bind_uri)
+ {
+ if ((0 != tr_p->uri_num) && (1 == tr_p->req_num))
+ expect_res = MHD_DAUTH_NONCE_OTHER_COND;
+ else
+ expect_res = MHD_DAUTH_OK;
+ }
else
expect_res = MHD_DAUTH_OK;
@@ -732,15 +743,22 @@ ahc_echo (void *cls,
mhdErrorExitDesc ("MHD_digest_auth_check[_digest]3()' returned " \
"MHD_DAUTH_NONCE_STALE");
break;
+ case MHD_DAUTH_NONCE_OTHER_COND:
+ if (expect_res == MHD_DAUTH_NONCE_OTHER_COND)
+ {
+ if (verbose)
+ printf ("Got expected auth check result: "
+ "MHD_DAUTH_NONCE_OTHER_COND.\n");
+ }
+ else
+ mhdErrorExitDesc ("MHD_digest_auth_check[_digest]3()' returned " \
+ "MHD_DAUTH_NONCE_OTHER_COND");
+ break;
/* Invalid results */
case MHD_DAUTH_NONCE_WRONG:
mhdErrorExitDesc ("MHD_digest_auth_check[_digest]3()' returned " \
"MHD_DAUTH_NONCE_WRONG");
break;
- case MHD_DAUTH_NONCE_OTHER_COND:
- mhdErrorExitDesc ("MHD_digest_auth_check[_digest]3()' returned " \
- "MHD_DAUTH_NONCE_OTHER_COND");
- break;
case MHD_DAUTH_ERROR:
externalErrorExitDesc ("General error returned " \
"by 'MHD_digest_auth_check[_digest]3()'");
@@ -786,7 +804,8 @@ ahc_echo (void *cls,
MHD_queue_response (connection, MHD_HTTP_OK, response))
mhdErrorExitDesc ("'MHD_queue_response()' failed");
}
- else if (MHD_DAUTH_NONCE_STALE == check_res)
+ else if ((MHD_DAUTH_NONCE_STALE == check_res) ||
+ (MHD_DAUTH_NONCE_OTHER_COND == check_res))
{
response =
MHD_create_response_from_buffer_static (MHD_STATICSTR_LEN_ (DENIED),
@@ -838,6 +857,7 @@ ahc_echo (void *cls,
/* Use old API v2 */
char *username;
int check_res;
+ int expect_res;
username = MHD_digest_auth_get_username (connection);
if (NULL != username)
@@ -868,10 +888,21 @@ ahc_echo (void *cls,
MHD_DIGEST_ALG_SHA256 :
MHD_DIGEST_ALG_MD5);
- if (MHD_YES != check_res)
+ if (test_bind_uri)
+ {
+ if ((0 != tr_p->uri_num) && (1 == tr_p->req_num))
+ expect_res = MHD_INVALID_NONCE;
+ else
+ expect_res = MHD_YES;
+ }
+ else
+ expect_res = MHD_YES;
+
+ if (expect_res != check_res)
{
fprintf (stderr, "'MHD_digest_auth_check[_digest]2()' returned "
- "unexpected result: %d. ", check_res);
+ "unexpected result '%d', while expected is '%d. ",
+ check_res, expect_res);
mhdErrorExitDesc ("Wrong 'MHD_digest_auth_check[_digest]2()' result");
}
response =
@@ -880,9 +911,24 @@ ahc_echo (void *cls,
if (NULL == response)
mhdErrorExitDesc ("Response creation failed");
- if (MHD_YES !=
- MHD_queue_response (connection, MHD_HTTP_OK, response))
- mhdErrorExitDesc ("'MHD_queue_response()' failed");
+ if (MHD_YES == expect_res)
+ {
+ if (MHD_YES !=
+ MHD_queue_response (connection, MHD_HTTP_OK, response))
+ mhdErrorExitDesc ("'MHD_queue_response()' failed");
+ }
+ else if (MHD_INVALID_NONCE == expect_res)
+ {
+ if (MHD_YES !=
+ MHD_queue_auth_fail_response2 (connection, REALM_VAL, OPAQUE_VALUE,
+ response, 1,
+ test_sha256 ?
+ MHD_DIGEST_ALG_SHA256 :
+ MHD_DIGEST_ALG_MD5))
+ mhdErrorExitDesc ("'MHD_queue_auth_fail_response2()' failed");
+ }
+ else
+ externalErrorExitDesc ("Wrong 'check_res' value");
}
else
{
@@ -914,6 +960,7 @@ ahc_echo (void *cls,
/* Use old API v1 */
char *username;
int check_res;
+ int expect_res;
username = MHD_digest_auth_get_username (connection);
if (NULL != username)
@@ -939,21 +986,45 @@ ahc_echo (void *cls,
userdigest_bin,
50 * TIMEOUTS_VAL);
- if (MHD_YES != check_res)
+ if (test_bind_uri)
+ {
+ if ((0 != tr_p->uri_num) && (1 == tr_p->req_num))
+ expect_res = MHD_INVALID_NONCE;
+ else
+ expect_res = MHD_YES;
+ }
+ else
+ expect_res = MHD_YES;
+
+ if (expect_res != check_res)
{
fprintf (stderr, "'MHD_digest_auth_check[_digest]()' returned "
- "unexpected result: %d. ", check_res);
+ "unexpected result '%d', while expected is '%d. ",
+ check_res, expect_res);
mhdErrorExitDesc ("Wrong 'MHD_digest_auth_check[_digest]()' result");
}
+
response =
MHD_create_response_from_buffer_static (MHD_STATICSTR_LEN_ (PAGE),
(const void *) PAGE);
if (NULL == response)
mhdErrorExitDesc ("Response creation failed");
- if (MHD_YES !=
- MHD_queue_response (connection, MHD_HTTP_OK, response))
- mhdErrorExitDesc ("'MHD_queue_response()' failed");
+ if (MHD_YES == expect_res)
+ {
+ if (MHD_YES !=
+ MHD_queue_response (connection, MHD_HTTP_OK, response))
+ mhdErrorExitDesc ("'MHD_queue_response()' failed");
+ }
+ else if (MHD_INVALID_NONCE == expect_res)
+ {
+ if (MHD_YES !=
+ MHD_queue_auth_fail_response (connection, REALM_VAL, OPAQUE_VALUE,
+ response, 1))
+ mhdErrorExitDesc ("'MHD_queue_auth_fail_response()' failed");
+ }
+ else
+ externalErrorExitDesc ("Wrong 'check_res' value");
}
else
{
@@ -1213,6 +1284,7 @@ check_result (CURLcode curl_code, CURL *c, struct CBC
*pcbc)
static unsigned int
testDigestAuth (void)
{
+ unsigned int dauth_nonce_bind;
struct MHD_Daemon *d;
uint16_t port;
struct CBC cbc;
@@ -1237,12 +1309,21 @@ testDigestAuth (void)
fflush (stderr);
}
+ dauth_nonce_bind = MHD_DAUTH_BIND_NONCE_NONE;
+ if (test_bind_all)
+ dauth_nonce_bind |=
+ (MHD_DAUTH_BIND_NONCE_CLIENT_IP | MHD_DAUTH_BIND_NONCE_REALM);
+ if (test_bind_uri)
+ dauth_nonce_bind |= MHD_DAUTH_BIND_NONCE_URI_PARAMS;
+
d = MHD_start_daemon (MHD_USE_ERROR_LOG,
port, NULL, NULL,
&ahc_echo, &rq_tr,
MHD_OPTION_DIGEST_AUTH_RANDOM_COPY,
sizeof (salt), salt,
MHD_OPTION_NONCE_NC_SIZE, 300,
+ MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE,
+ dauth_nonce_bind,
MHD_OPTION_END);
}
if (d == NULL)
@@ -1329,6 +1410,8 @@ main (int argc, char *const *argv)
test_userdigest = has_in_name (argv[0], "_userdigest");
test_sha256 = has_in_name (argv[0], "_sha256");
test_rfc2069 = has_in_name (argv[0], "_rfc2069");
+ test_bind_all = has_in_name (argv[0], "_bind_all");
+ test_bind_uri = has_in_name (argv[0], "_bind_uri");
/* Wrong test types combinations */
if (1 == test_oldapi)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] 07/20: digestauth: do not use "algorithm" in response header in RFC2069 mode, (continued)
- [libmicrohttpd] 07/20: digestauth: do not use "algorithm" in response header in RFC2069 mode, gnunet, 2022/08/15
- [libmicrohttpd] 11/20: Added MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE to control how to generate and check nonces for Digest Auth, gnunet, 2022/08/15
- [libmicrohttpd] 10/20: daemon.c: fixed and simplified sockaddr alignment handling, gnunet, 2022/08/15
- [libmicrohttpd] 02/20: microhttpd: minor doxy improvement, gnunet, 2022/08/15
- [libmicrohttpd] 17/20: digestauth: minor comment correction, gnunet, 2022/08/15
- [libmicrohttpd] 15/20: test_digestauth2: added third request with new connection, gnunet, 2022/08/15
- [libmicrohttpd] 19/20: digestauth: updated the method of nonce generation in default mode, gnunet, 2022/08/15
- [libmicrohttpd] 20/20: calculate_nonce(): added comments, minor code corrections, gnunet, 2022/08/15
- [libmicrohttpd] 09/20: mhd_str: added function for bin to hex without zero-termination, gnunet, 2022/08/15
- [libmicrohttpd] 14/20: test_digestauth2: reuse the same connection for the second request, gnunet, 2022/08/15
- [libmicrohttpd] 13/20: test_digestauth2: added testing of nonce bind options,
gnunet <=