ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

tests: Migrate torture_auth as a cwrap test

Просмотр исходного кода 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Andreas Schneider 2015-09-10 14:07:51 +02:00
родитель ee8664418a
Коммит 112d4cc7e6
3 изменённых файлов: 262 добавлений и 209 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
tests/client/CMakeLists.txt
Просмотреть файл

@ -3,7 +3,6 @@ project(clienttests C)
find_package(socket_wrapper) find_package(socket_wrapper)
add_cmocka_test(torture_algorithms torture_algorithms.c ${TORTURE_LIBRARY}) add_cmocka_test(torture_algorithms torture_algorithms.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_auth torture_auth.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_knownhosts torture_knownhosts.c ${TORTURE_LIBRARY}) add_cmocka_test(torture_knownhosts torture_knownhosts.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_proxycommand torture_proxycommand.c ${TORTURE_LIBRARY}) add_cmocka_test(torture_proxycommand torture_proxycommand.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_session torture_session.c ${TORTURE_LIBRARY}) add_cmocka_test(torture_session torture_session.c ${TORTURE_LIBRARY})
@ -16,7 +15,8 @@ if (WITH_SFTP)
endif (WITH_SFTP) endif (WITH_SFTP)
set(LIBSSH_CLIENT_TESTS set(LIBSSH_CLIENT_TESTS
torture_connect) torture_connect
torture_auth)
foreach(_CLI_TEST ${LIBSSH_CLIENT_TESTS}) foreach(_CLI_TEST ${LIBSSH_CLIENT_TESTS})
add_cmocka_test(${_CLI_TEST} ${_CLI_TEST}.c ${TORTURE_LIBRARY}) add_cmocka_test(${_CLI_TEST} ${_CLI_TEST}.c ${TORTURE_LIBRARY})

739
tests/client/torture_auth.c
Просмотреть файл

@ -25,388 +25,165 @@
#include "libssh/libssh.h" #include "libssh/libssh.h"
#include "libssh/priv.h" #include "libssh/priv.h"
#include "libssh/session.h" #include "libssh/session.h"
#include <sys/types.h>
#include <pwd.h>
/* agent_is_running */
#include "agent.c" #include "agent.c"
static int setup(void **state) { static int sshd_setup(void **state)
{
torture_setup_sshd_server(state);
return 0;
}
static int sshd_teardown(void **state) {
torture_teardown_sshd_server(state);
return 0;
}
static int session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity(); int verbosity = torture_libssh_verbosity();
ssh_session session = ssh_new();
ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); s->ssh.session = ssh_new();
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); assert_non_null(s->ssh.session);
*state = session; ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
return 0; return 0;
} }
static int teardown(void **state) { static int session_teardown(void **state)
ssh_disconnect(*state); {
ssh_free(*state); struct torture_state *s = *state;
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);
return 0; return 0;
} }
static void torture_auth_autopubkey(void **state) { static int pubkey_setup(void **state)
ssh_session session = *state; {
char *user = getenv("TORTURE_USER"); int rc;
struct passwd *pwd;
rc = session_setup(state);
if (rc != 0) {
return rc;
}
pwd = getpwnam("bob");
assert_non_null(pwd);
setuid(pwd->pw_uid);
/* Make sure we do not interfere with another ssh-agent */
unsetenv("SSH_AUTH_SOCK");
unsetenv("SSH_AGENT_PID");
return 0;
}
static int agent_setup(void **state)
{
struct torture_state *s = *state;
char ssh_agent_cmd[4096];
char ssh_agent_sock[1024];
char ssh_agent_pidfile[1024];
int rc; int rc;
if (user == NULL) { rc = pubkey_setup(state);
print_message("*** Please set the environment variable TORTURE_USER" if (rc != 0) {
" to enable this test!!\n"); return rc;
return;
} }
rc = ssh_options_set(session, SSH_OPTIONS_USER, user); snprintf(ssh_agent_sock,
assert_true(rc == SSH_OK); sizeof(ssh_agent_cmd),
"%s/agent.sock",
s->socket_dir);
rc = ssh_connect(session); snprintf(ssh_agent_pidfile,
assert_true(rc == SSH_OK); sizeof(ssh_agent_pidfile),
"%s/agent.pid",
s->socket_dir);
rc = ssh_userauth_none(session,NULL); /* Production ready code!!! */
/* This request should return a SSH_REQUEST_DENIED error */ snprintf(ssh_agent_cmd,
if (rc == SSH_ERROR) { sizeof(ssh_agent_cmd),
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED); "eval `ssh-agent -a %s`; echo $SSH_AGENT_PID > %s",
} ssh_agent_sock, ssh_agent_pidfile);
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
rc = ssh_userauth_publickey_auto(session, NULL, NULL); rc = system(ssh_agent_cmd);
assert_true(rc == SSH_AUTH_SUCCESS); assert_return_code(rc, errno);
setenv("SSH_AUTH_SOCK", ssh_agent_sock, 1);
setenv("TORTURE_SSH_AGENT_PIDFILE", ssh_agent_pidfile, 1);
rc = system("ssh-add");
assert_return_code(rc, errno);
return 0;
} }
static void torture_auth_autopubkey_nonblocking(void **state) { static int agent_teardown(void **state)
ssh_session session = *state; {
char *user = getenv("TORTURE_USER"); const char *ssh_agent_pidfile;
int rc; int rc;
if (user == NULL) { rc = session_teardown(state);
print_message("*** Please set the environment variable TORTURE_USER" if (rc != 0) {
" to enable this test!!\n"); return rc;
return;
} }
rc = ssh_options_set(session, SSH_OPTIONS_USER, user); ssh_agent_pidfile = getenv("TORTURE_SSH_AGENT_PIDFILE");
assert_true(rc == SSH_OK); assert_non_null(ssh_agent_pidfile);
rc = ssh_connect(session); /* kill agent pid */
assert_true(rc == SSH_OK); torture_terminate_process(ssh_agent_pidfile);
ssh_set_blocking(session,0); unlink(ssh_agent_pidfile);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */ unsetenv("TORTURE_SSH_AGENT_PIDFILE");
if (rc == SSH_ERROR) { unsetenv("SSH_AUTH_SOCK");
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
return 0;
} }
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_kbdint(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
char *password = getenv("TORTURE_PASSWORD");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (password == NULL) {
print_message("*** Please set the environment variable "
"TORTURE_PASSWORD to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_INTERACTIVE);
rc = ssh_userauth_kbdint(session, NULL, NULL);
assert_true(rc == SSH_AUTH_INFO);
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
rc = ssh_userauth_kbdint_setanswer(session, 0, password);
assert_false(rc < 0);
rc = ssh_userauth_kbdint(session, NULL, NULL);
/* Sometimes, SSH server send an empty query at the end of exchange */
if(rc == SSH_AUTH_INFO) {
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
rc = ssh_userauth_kbdint(session, NULL, NULL);
}
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_kbdint_nonblocking(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
char *password = getenv("TORTURE_PASSWORD");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (password == NULL) {
print_message("*** Please set the environment variable "
"TORTURE_PASSWORD to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_INTERACTIVE);
do {
rc = ssh_userauth_kbdint(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_true(rc == SSH_AUTH_INFO);
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
do {
rc = ssh_userauth_kbdint_setanswer(session, 0, password);
} while (rc == SSH_AUTH_AGAIN);
assert_false(rc < 0);
do {
rc = ssh_userauth_kbdint(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* Sometimes, SSH server send an empty query at the end of exchange */
if(rc == SSH_AUTH_INFO) {
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
do {
rc = ssh_userauth_kbdint(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
}
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_password(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
char *password = getenv("TORTURE_PASSWORD");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (password == NULL) {
print_message("*** Please set the environment variable "
"TORTURE_PASSWORD to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session, NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
rc = ssh_userauth_password(session, NULL, password);
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_password_nonblocking(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
char *password = getenv("TORTURE_PASSWORD");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (password == NULL) {
print_message("*** Please set the environment variable "
"TORTURE_PASSWORD to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
do {
rc = ssh_userauth_password(session, NULL, password);
} while(rc==SSH_AUTH_AGAIN);
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_agent(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (!agent_is_running(session)){
print_message("*** Agent not running. Test ignored\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
rc = ssh_userauth_agent(session, NULL);
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_agent_nonblocking(void **state) {
ssh_session session = *state;
char *user = getenv("TORTURE_USER");
int rc;
if (user == NULL) {
print_message("*** Please set the environment variable TORTURE_USER"
" to enable this test!!\n");
return;
}
if (!agent_is_running(session)){
print_message("*** Agent not running. Test ignored\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_agent(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_true(rc == SSH_AUTH_SUCCESS);
}
static void torture_auth_none(void **state) { static void torture_auth_none(void **state) {
ssh_session session = *state; struct torture_state *s = *state;
char *user = getenv("TORTURE_USER"); ssh_session session = s->ssh.session;
int rc; int rc;
if (user == NULL) { rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
print_message("*** Please set the environment variable TORTURE_USER" assert_int_equal(rc, SSH_OK);
" to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session); rc = ssh_connect(session);
assert_true(rc == SSH_OK); assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL); rc = ssh_userauth_none(session,NULL);
assert_int_equal(rc, SSH_AUTH_DENIED);
assert_true(rc == SSH_AUTH_DENIED);
/* This request should return a SSH_REQUEST_DENIED error */ /* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED); assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
} }
} }
static void torture_auth_none_nonblocking(void **state) { static void torture_auth_none_nonblocking(void **state) {
ssh_session session = *state; struct torture_state *s = *state;
char *user = getenv("TORTURE_USER"); ssh_session session = s->ssh.session;
int rc; int rc;
if (user == NULL) { rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
print_message("*** Please set the environment variable TORTURE_USER" assert_int_equal(rc, SSH_OK);
" to enable this test!!\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, user);
assert_true(rc == SSH_OK);
rc = ssh_connect(session); rc = ssh_connect(session);
assert_true(rc == SSH_OK); assert_int_equal(rc, SSH_OK);
/* This request should return a SSH_REQUEST_DENIED error */ /* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
@ -418,29 +195,301 @@ static void torture_auth_none_nonblocking(void **state) {
do { do {
rc = ssh_userauth_none(session,NULL); rc = ssh_userauth_none(session,NULL);
} while (rc == SSH_AUTH_AGAIN); } while (rc == SSH_AUTH_AGAIN);
assert_true(rc == SSH_AUTH_DENIED); assert_int_equal(rc, SSH_AUTH_DENIED);
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED); assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
} }
static void torture_auth_autopubkey(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
/* Authenticate as alice with bob his pubkey */
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_autopubkey_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
do {
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
#if 0 /* FIXME Requires UsePAM and pam_wrapper */
static void torture_auth_kbdint(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_INTERACTIVE);
rc = ssh_userauth_kbdint(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_INFO);
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
rc = ssh_userauth_kbdint_setanswer(session, 0, TORTURE_SSH_USER_BOB_PASSWORD);
assert_false(rc < 0);
rc = ssh_userauth_kbdint(session, NULL, NULL);
/* Sometimes, SSH server send an empty query at the end of exchange */
if(rc == SSH_AUTH_INFO) {
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
rc = ssh_userauth_kbdint(session, NULL, NULL);
}
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_kbdint_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_INTERACTIVE);
do {
rc = ssh_userauth_kbdint(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_INFO);
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
do {
rc = ssh_userauth_kbdint_setanswer(session, 0, TORTURE_SSH_USER_BOB_PASSWORD);
} while (rc == SSH_AUTH_AGAIN);
assert_false(rc < 0);
do {
rc = ssh_userauth_kbdint(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* Sometimes, SSH server send an empty query at the end of exchange */
if(rc == SSH_AUTH_INFO) {
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
do {
rc = ssh_userauth_kbdint(session, NULL, NULL);
} while (rc == SSH_AUTH_AGAIN);
}
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
#endif
static void torture_auth_password(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session, NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
rc = ssh_userauth_password(session, NULL, TORTURE_SSH_USER_BOB_PASSWORD);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_password_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
do {
rc = ssh_userauth_password(session, NULL, TORTURE_SSH_USER_BOB_PASSWORD);
} while(rc==SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_agent(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
if (!agent_is_running(session)){
print_message("*** Agent not running. Test ignored\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
rc = ssh_userauth_agent(session, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_agent_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
if (!agent_is_running(session)){
print_message("*** Agent not running. Test ignored\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_agent(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
int torture_run_tests(void) { int torture_run_tests(void) {
int rc; int rc;
struct CMUnitTest tests[] = { struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(torture_auth_kbdint, setup, teardown), cmocka_unit_test_setup_teardown(torture_auth_none,
cmocka_unit_test_setup_teardown(torture_auth_kbdint_nonblocking, setup, teardown), session_setup,
cmocka_unit_test_setup_teardown(torture_auth_password, setup, teardown), session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_password_nonblocking, setup, teardown), cmocka_unit_test_setup_teardown(torture_auth_none_nonblocking,
cmocka_unit_test_setup_teardown(torture_auth_autopubkey, setup, teardown), session_setup,
cmocka_unit_test_setup_teardown(torture_auth_autopubkey_nonblocking, setup, teardown), session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_agent, setup, teardown), cmocka_unit_test_setup_teardown(torture_auth_password,
cmocka_unit_test_setup_teardown(torture_auth_agent_nonblocking, setup, teardown), session_setup,
cmocka_unit_test_setup_teardown(torture_auth_none, setup, teardown), session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_none_nonblocking, setup, teardown), cmocka_unit_test_setup_teardown(torture_auth_password_nonblocking,
session_setup,
session_teardown),
#if 0 /* FIXME requires UsePAM and probably pam_wrapper */
cmocka_unit_test_setup_teardown(torture_auth_kbdint,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_kbdint_nonblocking,
session_setup,
session_teardown),
#endif
cmocka_unit_test_setup_teardown(torture_auth_autopubkey,
pubkey_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_autopubkey_nonblocking,
pubkey_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_auth_agent,
agent_setup,
agent_teardown),
cmocka_unit_test_setup_teardown(torture_auth_agent_nonblocking,
agent_setup,
agent_teardown),
}; };
ssh_init(); ssh_init();
torture_filter_tests(tests); torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests, NULL, NULL); rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
ssh_finalize(); ssh_finalize();
return rc; return rc;

4
tests/torture.h
Просмотреть файл

@ -47,6 +47,10 @@
#endif /* assert_return_code */ #endif /* assert_return_code */
#define TORTURE_SSH_SERVER "127.0.0.10" #define TORTURE_SSH_SERVER "127.0.0.10"
#define TORTURE_SSH_USER_BOB "bob"
#define TORTURE_SSH_USER_BOB_PASSWORD "secret"
#define TORTURE_SSH_USER_ALICE "alice"
#define TORTURE_TESTKEY_PASSWORD "libssh-rocks" #define TORTURE_TESTKEY_PASSWORD "libssh-rocks"