/* * torture_bind_config.c - Tests for server side configuration * * This file is part of the SSH Library * * Copyright (c) 2019 by Red Hat, Inc. * * Author: Anderson Toshiyuki Sasaki * * The SSH Library is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation; either version 2.1 of the License, or (at your * option) any later version. * * The SSH Library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public * License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with the SSH Library; see the file COPYING. If not, write to * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, * MA 02111-1307, USA. */ #include "config.h" #define LIBSSH_STATIC #include "torture.h" #include "torture_key.h" #include #include extern LIBSSH_THREAD int ssh_log_level; #define LOGLEVEL "verbose" #define LOGLEVEL2 "fatal" #define LOGLEVEL3 "DEBUG1" #define LOGLEVEL4 "DEBUG2" #define LISTEN_ADDRESS "::1" #define LISTEN_ADDRESS2 "::2" #define KEXALGORITHMS "ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1" #define KEXALGORITHMS2 "ecdh-sha2-nistp521" #define CIPHERS "aes128-ctr,aes192-ctr,aes256-ctr" #define CIPHERS2 "aes256-ctr" #define HOSTKEYALGORITHMS "ssh-ed25519,ecdsa-sha2-nistp521,ssh-rsa" #define HOSTKEYALGORITHMS_UNKNOWN "ssh-ed25519,ecdsa-sha2-nistp521,unknown,ssh-rsa" #define HOSTKEYALGORITHMS2 "rsa-sha2-256" #define PUBKEYACCEPTEDTYPES "rsa-sha2-512,ssh-rsa,ecdsa-sha2-nistp521" #define PUBKEYACCEPTEDTYPES_UNKNOWN "rsa-sha2-512,ssh-rsa,unknown,ecdsa-sha2-nistp521" #define PUBKEYACCEPTEDTYPES2 "rsa-sha2-256,ssh-rsa" #define MACS "hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com" #define MACS2 "hmac-sha1" #ifdef HAVE_DSA #define LIBSSH_DSA_TESTKEY "libssh_testkey.id_dsa" #endif #define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa" #define LIBSSH_ED25519_TESTKEY "libssh_testkey.id_ed25519" #ifdef HAVE_ECC #define LIBSSH_ECDSA_521_TESTKEY "libssh_testkey.id_ecdsa521" #endif #define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS "libssh_test_bind_config_listenaddress" #define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2 "libssh_test_bind_config_listenaddress2" #define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE "libssh_test_bind_config_listenaddress_twice" #define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC "libssh_test_bind_config_listenaddress_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_PORT "libssh_test_bind_config_port" #define LIBSSH_TEST_BIND_CONFIG_PORT2 "libssh_test_bind_config_port2" #define LIBSSH_TEST_BIND_CONFIG_PORT_TWICE "libssh_test_bind_config_port_twice" #define LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC "libssh_test_bind_config_port_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY "libssh_test_bind_config_hostkey" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY2 "libssh_test_bind_config_hostkey2" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE "libssh_test_bind_config_hostkey_twice" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC "libssh_test_bind_config_hostkey_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL "libssh_test_bind_config_loglevel" #define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2 "libssh_test_bind_config_loglevel2" #define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE "libssh_test_bind_config_loglevel_twice" #define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC "libssh_test_bind_config_loglevel_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_CIPHERS "libssh_test_bind_config_ciphers" #define LIBSSH_TEST_BIND_CONFIG_CIPHERS2 "libssh_test_bind_config_ciphers2" #define LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE "libssh_test_bind_config_ciphers_twice" #define LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC "libssh_test_bind_config_ciphers_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_MACS "libssh_test_bind_config_macs" #define LIBSSH_TEST_BIND_CONFIG_MACS2 "libssh_test_bind_config_macs2" #define LIBSSH_TEST_BIND_CONFIG_MACS_TWICE "libssh_test_bind_config_macs_twice" #define LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC "libssh_test_bind_config_macs_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS "libssh_test_bind_config_kexalgorithms" #define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2 "libssh_test_bind_config_kexalgorithms2" #define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE "libssh_test_bind_config_kexalgorithms_twice" #define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC "libssh_test_bind_config_kexalgorithms_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_FULL "libssh_test_bind_config_full" #define LIBSSH_TEST_BIND_CONFIG_INCLUDE "libssh_test_bind_config_include" #define LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE "libssh_test_bind_config_include_recursive" #define LIBSSH_TEST_BIND_CONFIG_CORNER_CASES "libssh_test_bind_config_corner_cases" #define LIBSSH_TEST_BIND_CONFIG_MATCH_ALL "libssh_test_bind_config_match_all" #define LIBSSH_TEST_BIND_CONFIG_MATCH_TWICE "libssh_test_bind_config_match_twice" #define LIBSSH_TEST_BIND_CONFIG_MATCH_UNSUPPORTED "libssh_test_bind_config_match_unsupported" #define LIBSSH_TEST_BIND_CONFIG_MATCH_NOT_ALLOWED "libssh_test_bind_config_match_not_allowed" #define LIBSSH_TEST_BIND_CONFIG_MATCH_CORNER_CASES "libssh_test_bind_config_match_corner_cases" #define LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID "libssh_test_bind_config_match_invalid" #define LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID2 "libssh_test_bind_config_match_invalid2" #define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED "libssh_test_bind_config_pubkey" #define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2 "libssh_test_bind_config_pubkey2" #define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE "libssh_test_bind_config_pubkey_twice" #define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC "libssh_test_bind_config_pubkey_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN "libssh_test_bind_config_pubkey_unknown" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS "libssh_test_bind_config_hostkey_alg" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2 "libssh_test_bind_config_hostkey_alg2" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE "libssh_test_bind_config_hostkey_alg_twice" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC "libssh_test_bind_config_hostkey_alg_twice_rec" #define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN "libssh_test_bind_config_hostkey_alg_unknown" const char template[] = "temp_dir_XXXXXX"; struct bind_st { char *cwd; char *temp_dir; ssh_bind bind; }; static int setup_config_files(void **state) { struct bind_st *test_state = NULL; char *cwd = NULL; char *tmp_dir = NULL; int rc = 0; test_state = (struct bind_st *)malloc(sizeof(struct bind_st)); assert_non_null(test_state); cwd = torture_get_current_working_dir(); assert_non_null(cwd); tmp_dir = torture_make_temp_dir(template); assert_non_null(tmp_dir); test_state->cwd = cwd; test_state->temp_dir = tmp_dir; *state = test_state; rc = torture_change_dir(tmp_dir); assert_int_equal(rc, 0); printf("Changed directory to: %s\n", tmp_dir); /* For ed25519 the test keys are not available in legacy PEM format. Using * the new OpenSSH format for all algorithms */ torture_write_file(LIBSSH_RSA_TESTKEY, torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0)); torture_write_file(LIBSSH_ED25519_TESTKEY, torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0)); #ifdef HAVE_ECC torture_write_file(LIBSSH_ECDSA_521_TESTKEY, torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0)); #endif #ifdef HAVE_DSA torture_write_file(LIBSSH_DSA_TESTKEY, torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0)); #endif torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS, "ListenAddress "LISTEN_ADDRESS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2, "ListenAddress "LISTEN_ADDRESS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE, "ListenAddress "LISTEN_ADDRESS"\n" "ListenAddress "LISTEN_ADDRESS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC, "ListenAddress "LISTEN_ADDRESS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT, "Port 123\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT2, "Port 456\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT_TWICE, "Port 123\n" "Port 456\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC, "Port 123\n" "Include "LIBSSH_TEST_BIND_CONFIG_PORT2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY, "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY2, "HostKey "LIBSSH_RSA_TESTKEY"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE, "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n" "HostKey "LIBSSH_RSA_TESTKEY"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC, "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n" "Include "LIBSSH_TEST_BIND_CONFIG_HOSTKEY2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL, "LogLevel "LOGLEVEL"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2, "LogLevel "LOGLEVEL2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE, "LogLevel "LOGLEVEL"\n" "LogLevel "LOGLEVEL2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC, "LogLevel "LOGLEVEL"\n" "Include "LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS, "Ciphers "CIPHERS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS2, "Ciphers "CIPHERS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE, "Ciphers "CIPHERS"\n" "Ciphers "CIPHERS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC, "Ciphers "CIPHERS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_CIPHERS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS, "MACs "MACS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS2, "MACs "MACS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS_TWICE, "MACs "MACS"\n" "MACs "MACS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC, "MACs "MACS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_MACS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS, "KexAlgorithms "KEXALGORITHMS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2, "KexAlgorithms "KEXALGORITHMS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE, "KexAlgorithms "KEXALGORITHMS"\n" "KexAlgorithms "KEXALGORITHMS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC, "KexAlgorithms "KEXALGORITHMS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_FULL, "ListenAddress "LISTEN_ADDRESS"\n" "Port 123\n" "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n" "LogLevel "LOGLEVEL"\n" "Ciphers "CIPHERS"\n" "MACs "MACS"\n" "KexAlgorithms "KEXALGORITHMS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_INCLUDE, "Include "LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_PORT"\n" "Include "LIBSSH_TEST_BIND_CONFIG_HOSTKEY"\n" "Include "LIBSSH_TEST_BIND_CONFIG_LOGLEVEL"\n" "Include "LIBSSH_TEST_BIND_CONFIG_CIPHERS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_MACS"\n" "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE, "Include "LIBSSH_TEST_BIND_CONFIG_INCLUDE"\n"); /* Unsupported options and corner cases */ torture_write_file(LIBSSH_TEST_BIND_CONFIG_CORNER_CASES, "\n" /* empty line */ "# comment line\n" " # comment line not starting with hash\n" "UnknownConfigurationOption yes\n" "Ciphers "CIPHERS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_ALL, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match All\n" "\tLogLevel "LOGLEVEL2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_TWICE, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match All\n" "\tLogLevel "LOGLEVEL2"\n" "Match All\n" "\tLogLevel "LOGLEVEL3"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_UNSUPPORTED, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match User alice\n" "\tLogLevel "LOGLEVEL2"\n" "Match Group sftp_users\n" "\tLogLevel "LOGLEVEL2"\n" "Match Host 192.168.0.*\n" "\tLogLevel "LOGLEVEL2"\n" "Match LocalAddress 172.30.1.5\n" "\tLogLevel "LOGLEVEL2"\n" "Match LocalPort 42\n" "\tLogLevel "LOGLEVEL2"\n" "Match Rdomain 4\n" "\tLogLevel "LOGLEVEL2"\n" "Match Address 10.0.0.10\n" "\tLogLevel "LOGLEVEL2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_NOT_ALLOWED, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match All\n" "\tListenAddress "LISTEN_ADDRESS2"\n" "\tPort 456\n" "\tHostKey "LIBSSH_RSA_TESTKEY"\n" "\tCiphers "CIPHERS2"\n" "\tMACs "MACS2"\n" "\tKexAlgorithms "KEXALGORITHMS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_CORNER_CASES, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match User alice\n" "\tLogLevel "LOGLEVEL2"\n" "Match All\n" "\tLogLevel "LOGLEVEL3"\n" "Match All\n" "\tLogLevel "LOGLEVEL"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match User alice All\n" "\tLogLevel "LOGLEVEL2"\n" "Match All\n" "\tLogLevel "LOGLEVEL3"\n" "Match All\n" "\tLogLevel "LOGLEVEL4"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID2, "Include "LIBSSH_TEST_BIND_CONFIG_FULL"\n" "Match All User alice\n" "\tLogLevel "LOGLEVEL2"\n" "Match All\n" "\tLogLevel "LOGLEVEL3"\n" "Match All\n" "\tLogLevel "LOGLEVEL4"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED, "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2, "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE, "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n" "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC, "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n" "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN, "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES_UNKNOWN"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS, "HostKeyAlgorithms "HOSTKEYALGORITHMS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2, "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE, "HostKeyAlgorithms "HOSTKEYALGORITHMS"\n" "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC, "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n" "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n"); torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN, "HostKeyAlgorithms "HOSTKEYALGORITHMS_UNKNOWN"\n"); return 0; } static int sshbind_setup(void **state) { int rc; struct bind_st *test_state = NULL; rc = setup_config_files((void **)&test_state); assert_int_equal(rc, 0); assert_non_null(test_state); test_state->bind = ssh_bind_new(); assert_non_null(test_state->bind); *state = test_state; return 0; } static int sshbind_teardown(void **state) { struct bind_st *test_state = NULL; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->cwd); assert_non_null(test_state->temp_dir); assert_non_null(test_state->bind); rc = torture_change_dir(test_state->cwd); assert_int_equal(rc, 0); rc = torture_rmdirs(test_state->temp_dir); assert_int_equal(rc, 0); SAFE_FREE(test_state->temp_dir); SAFE_FREE(test_state->cwd); ssh_bind_free(test_state->bind); SAFE_FREE(test_state); return 0; } static void torture_bind_config_listen_address(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS); assert_int_equal(rc, 0); assert_non_null(bind->bindaddr); assert_string_equal(bind->bindaddr, LISTEN_ADDRESS); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->bindaddr); assert_string_equal(bind->bindaddr, LISTEN_ADDRESS); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->bindaddr); assert_string_equal(bind->bindaddr, LISTEN_ADDRESS); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2); assert_int_equal(rc, 0); assert_non_null(bind->bindaddr); assert_string_equal(bind->bindaddr, LISTEN_ADDRESS2); } static void torture_bind_config_port(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT); assert_int_equal(rc, 0); assert_int_equal(bind->bindport, 123); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT_TWICE); assert_int_equal(rc, 0); assert_int_equal(bind->bindport, 123); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC); assert_int_equal(rc, 0); assert_int_equal(bind->bindport, 123); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT2); assert_int_equal(rc, 0); assert_int_equal(bind->bindport, 456); } static void torture_bind_config_hostkey(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY); assert_int_equal(rc, 0); assert_non_null(bind->ecdsakey); assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->ecdsakey); assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY); assert_non_null(bind->rsakey); assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY); } static void torture_bind_config_hostkey_twice_rec(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->ecdsakey); assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY); assert_non_null(bind->rsakey); assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY); } static void torture_bind_config_hostkey_separately(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY); assert_int_equal(rc, 0); assert_non_null(bind->ecdsakey); assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY2); assert_int_equal(rc, 0); assert_non_null(bind->rsakey); assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY); assert_non_null(bind->ecdsakey); assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY); } static void torture_bind_config_loglevel(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level, new_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LOGLEVEL); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 2); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 2); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 2); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 1); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_ciphers(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; char *fips_ciphers = NULL; char *fips_ciphers2 = NULL; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; if (ssh_fips_mode()) { fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS); assert_non_null(fips_ciphers); fips_ciphers2 = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS2); assert_non_null(fips_ciphers2); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers); } else { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers); } else { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers); } else { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS2); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers2); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers2); } else { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS2); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS2); } SAFE_FREE(fips_ciphers); SAFE_FREE(fips_ciphers2); } static void torture_bind_config_macs(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MACS); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_MAC_S_C]); assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS); assert_non_null(bind->wanted_methods[SSH_MAC_C_S]); assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MACS_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_MAC_S_C]); assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS); assert_non_null(bind->wanted_methods[SSH_MAC_C_S]); assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_MAC_S_C]); assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS); assert_non_null(bind->wanted_methods[SSH_MAC_C_S]); assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MACS2); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_MAC_S_C]); assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS2); assert_non_null(bind->wanted_methods[SSH_MAC_C_S]); assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS2); } static void torture_bind_config_kexalgorithms(void **state) { struct bind_st *test_state; ssh_bind bind; char *fips_kex = NULL; char *fips_kex2 = NULL; int rc; if (ssh_fips_mode()) { fips_kex = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS); assert_non_null(fips_kex); fips_kex2 = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS2); assert_non_null(fips_kex2); } assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_KEX]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex); } else { assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_KEX]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex); } else { assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_KEX]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex); } else { assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_KEX]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex2); } else { assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS2); } SAFE_FREE(fips_kex); SAFE_FREE(fips_kex2); } static void torture_bind_config_pubkey_accepted(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; char *fips_pubkeys = NULL; char *fips_pubkeys2 = NULL; if (ssh_fips_mode()) { fips_pubkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES); assert_non_null(fips_pubkeys); fips_pubkeys2 = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES2); assert_non_null(fips_pubkeys2); } assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); if (ssh_fips_mode()) { assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys); } else { assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); if (ssh_fips_mode()) { assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys2); } else { assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); if (ssh_fips_mode()) { assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys); } else { assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); if (ssh_fips_mode()) { assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys2); } else { assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); if (ssh_fips_mode()) { assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys); } else { assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES); } SAFE_FREE(fips_pubkeys); SAFE_FREE(fips_pubkeys2); } static void torture_bind_config_hostkey_algorithms(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; char *fips_hostkeys = NULL; char *fips_hostkeys2 = NULL; if (ssh_fips_mode()) { fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS); assert_non_null(fips_hostkeys); fips_hostkeys2 = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS2); assert_non_null(fips_hostkeys2); } assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys); } else { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys2); } else { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys); } else { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys2); } else { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2); } rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys); } else { assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS); } SAFE_FREE(fips_hostkeys); SAFE_FREE(fips_hostkeys2); } static int assert_full_bind_config(void **state) { struct bind_st *test_state; ssh_bind bind; int new_level; char *fips_ciphers = NULL; char *fips_kex = NULL; if (ssh_fips_mode()) { fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS); assert_non_null(fips_ciphers); fips_kex = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS); assert_non_null(fips_kex); } assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; new_level = ssh_get_log_level(); assert_int_equal(new_level, 2); assert_non_null(bind->bindaddr); assert_string_equal(bind->bindaddr, LISTEN_ADDRESS); assert_int_equal(bind->bindport, 123); assert_non_null(bind->ecdsakey); assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers); } else { assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS); } assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers); } else { assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS); } assert_non_null(bind->wanted_methods[SSH_MAC_S_C]); assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS); assert_non_null(bind->wanted_methods[SSH_MAC_C_S]); assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS); assert_non_null(bind->wanted_methods[SSH_KEX]); if (ssh_fips_mode()) { assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex); } else { assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS); } SAFE_FREE(fips_ciphers); SAFE_FREE(fips_kex); return 0; } static void torture_bind_config_full(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_FULL); assert_int_equal(rc, 0); rc = assert_full_bind_config(state); assert_int_equal(rc, 0); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_include(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_INCLUDE); assert_int_equal(rc, 0); rc = assert_full_bind_config(state); assert_int_equal(rc, 0); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_include_recursive(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE); assert_int_equal(rc, 0); rc = assert_full_bind_config(state); assert_int_equal(rc, 0); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } /** * @brief Verify the configuration parser does not choke on unknown * or unsupported configuration options */ static void torture_bind_config_corner_cases(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CORNER_CASES); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS2); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS2); } static void torture_bind_config_match_all(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level, new_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_ALL); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 1); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_match_twice(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level, new_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_TWICE); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 1); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_match_unsupported(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_UNSUPPORTED); assert_int_equal(rc, 0); rc = assert_full_bind_config(state); assert_int_equal(rc, 0); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_match_not_allowed(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_NOT_ALLOWED); assert_int_equal(rc, 0); rc = assert_full_bind_config(state); assert_int_equal(rc, 0); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_match_corner_cases(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level, new_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_CORNER_CASES); assert_int_equal(rc, 0); new_level = ssh_get_log_level(); assert_int_equal(new_level, 3); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } static void torture_bind_config_match_invalid(void **state) { struct bind_st *test_state; ssh_bind bind; int rc; int previous_level; assert_non_null(state); test_state = *((struct bind_st **)state); assert_non_null(test_state); assert_non_null(test_state->bind); bind = test_state->bind; previous_level = ssh_get_log_level(); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID); assert_int_equal(rc, -1); rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID2); assert_int_equal(rc, -1); rc = ssh_set_log_level(previous_level); assert_int_equal(rc, SSH_OK); } int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { cmocka_unit_test_setup_teardown(torture_bind_config_listen_address, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_port, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_hostkey, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_twice_rec, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_separately, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_loglevel, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_ciphers, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_macs, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_full, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_include, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_include_recursive, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_corner_cases, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_match_all, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_match_twice, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_match_unsupported, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_match_not_allowed, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_match_corner_cases, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_match_invalid, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted, sshbind_setup, sshbind_teardown), cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms, sshbind_setup, sshbind_teardown), }; ssh_init(); torture_filter_tests(tests); rc = cmocka_run_group_tests(tests, NULL, NULL); ssh_finalize(); return rc; }