test_security_gssapi.cpp 12.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
/*
    Copyright (c) 2007-2017 Contributors as noted in the AUTHORS file

    This file is part of libzmq, the ZeroMQ core engine in C++.

    libzmq is free software; you can redistribute it and/or modify it under
    the terms of the GNU Lesser General Public License (LGPL) as published
    by the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.

    As a special exception, the Contributors give you permission to link
    this library with independent modules to produce an executable,
    regardless of the license terms of these independent modules, and to
    copy and distribute the resulting executable under terms of your choice,
    provided that you also meet, for each linked independent module, the
    terms and conditions of the license of that module. An independent
    module is a module which is not derived from or based on this library.
    If you modify this library, you must extend this exception to your
    version of the library.

    libzmq is distributed in the hope that it will be useful, but WITHOUT
    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
    FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
    License for more details.

    You should have received a copy of the GNU Lesser General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "testutil.hpp"
31 32 33 34 35
#if defined(ZMQ_HAVE_WINDOWS)
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdexcept>
#define close closesocket
36
#else
37 38 39 40
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
#endif

//  This test requires a KRB5 environment with the following
//  service principal (substitute your host.domain and REALM):
//
//    zmqtest2/host.domain@REALM   (host.domain should be host running test)
//
//  Export keys for this principal to a keytab file and set the environment
//  variables KRB5_KTNAME and KRB5_CLIENT_KTNAME to FILE:/path/to/your/keytab.
//  The test will use it both for client and server roles.
//
//  The test is derived in large part from test_security_curve.cpp

const char *name = "zmqtest2";

static volatile int zap_deny_all = 0;

//  Read one event off the monitor socket; return value and address
//  by reference, if not null, and event number by value. Returns -1
//  in case of error.

62
#ifdef ZMQ_BUILD_DRAFT_API
63
static int get_monitor_event (void *monitor_, int *value_, char **address_)
64 65 66 67
{
    //  First frame in message contains event number and value
    zmq_msg_t msg;
    zmq_msg_init (&msg);
68
    if (zmq_msg_recv (&msg, monitor_, 0) == -1)
69
        return -1; //  Interruped, presumably
70 71 72 73
    assert (zmq_msg_more (&msg));

    uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
    uint16_t event = *(uint16_t *) (data);
74 75
    if (value_)
        *value_ = *(uint32_t *) (data + 2);
76
    zmq_msg_close (&msg);
77 78 79

    //  Second frame in message contains event address
    zmq_msg_init (&msg);
80
    if (zmq_msg_recv (&msg, monitor_, 0) == -1)
81
        return -1; //  Interruped, presumably
82 83
    assert (!zmq_msg_more (&msg));

84
    if (address_) {
85 86
        uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
        size_t size = zmq_msg_size (&msg);
87 88 89
        *address_ = (char *) malloc (size + 1);
        memcpy (*address_, data, size);
        *address_[size] = 0;
90
    }
91 92
    zmq_msg_close (&msg);

93 94
    return event;
}
95
#endif
96 97 98 99 100 101

//  --------------------------------------------------------------------------
//  This methods receives and validates ZAP requestes (allowing or denying
//  each client connection).
//  N.B. on failure, each crypto type in keytab will be tried

102
static void zap_handler (void *handler_)
103 104 105
{
    //  Process ZAP requests forever
    while (true) {
106
        char *version = s_recv (handler_);
107
        if (!version)
108
            break; //  Terminating
109

110 111 112 113 114 115
        char *sequence = s_recv (handler_);
        char *domain = s_recv (handler_);
        char *address = s_recv (handler_);
        char *routing_id = s_recv (handler_);
        char *mechanism = s_recv (handler_);
        char *principal = s_recv (handler_);
116 117 118 119

        assert (streq (version, "1.0"));
        assert (streq (mechanism, "GSSAPI"));

120 121
        s_sendmore (handler_, version);
        s_sendmore (handler_, sequence);
122 123

        if (!zap_deny_all) {
124 125 126 127
            s_sendmore (handler_, "200");
            s_sendmore (handler_, "OK");
            s_sendmore (handler_, "anonymous");
            s_send (handler_, "");
128 129
            //fprintf (stderr, "ALLOW %s\n", principal);
        } else {
130 131 132 133
            s_sendmore (handler_, "400");
            s_sendmore (handler_, "Denied");
            s_sendmore (handler_, "");
            s_send (handler_, "");
134
            //fprintf (stderr, "DENY %s\n", principal);
135 136 137 138 139
        }
        free (version);
        free (sequence);
        free (domain);
        free (address);
140
        free (routing_id);
141 142 143
        free (mechanism);
        free (principal);
    }
144
    zmq_close (handler_);
145 146
}

147 148 149 150
void test_valid_creds (void *ctx_,
                       void *server_,
                       void *server_mon_,
                       char *endpoint_)
151
{
152
    void *client = zmq_socket (ctx_, ZMQ_DEALER);
153
    assert (client);
154 155
    int rc = zmq_setsockopt (client, ZMQ_GSSAPI_SERVICE_PRINCIPAL, name,
                             strlen (name) + 1);
156
    assert (rc == 0);
157
    rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1);
158 159
    assert (rc == 0);
    int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
160 161
    rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type,
                         sizeof (name_type));
162
    assert (rc == 0);
163
    rc = zmq_connect (client, endpoint_);
164 165
    assert (rc == 0);

166
    bounce (server_, client);
167 168 169
    rc = zmq_close (client);
    assert (rc == 0);

170
#ifdef ZMQ_BUILD_DRAFT_API
171
    int event = get_monitor_event (server_mon_, NULL, NULL);
172 173
    assert (event == ZMQ_EVENT_HANDSHAKE_SUCCEEDED);
#endif
174 175 176 177 178
}

//  Check security with valid but unauthorized credentials
//  Note: ZAP may see multiple requests - after a failure, client will
//  fall back to other crypto types for principal, if available.
179 180 181 182
void test_unauth_creds (void *ctx_,
                        void *server_,
                        void *server_mon_,
                        char *endpoint_)
183
{
184
    void *client = zmq_socket (ctx_, ZMQ_DEALER);
185
    assert (client);
186 187
    int rc = zmq_setsockopt (client, ZMQ_GSSAPI_SERVICE_PRINCIPAL, name,
                             strlen (name) + 1);
188
    assert (rc == 0);
189
    rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1);
190 191
    assert (rc == 0);
    int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
192 193
    rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type,
                         sizeof (name_type));
194 195
    assert (rc == 0);
    zap_deny_all = 1;
196
    rc = zmq_connect (client, endpoint_);
197 198
    assert (rc == 0);

199
    expect_bounce_fail (server_, client);
200 201
    close_zero_linger (client);

202
#ifdef ZMQ_BUILD_DRAFT_API
203
    int event = get_monitor_event (server_mon_, NULL, NULL);
204 205
    assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH);
#endif
206 207 208 209
}

//  Check GSSAPI security with NULL client credentials
//  This must be caught by the gssapi_server class, not passed to ZAP
210 211 212 213
void test_null_creds (void *ctx_,
                      void *server_,
                      void *server_mon_,
                      char *endpoint_)
214
{
215
    void *client = zmq_socket (ctx_, ZMQ_DEALER);
216
    assert (client);
217
    int rc = zmq_connect (client, endpoint_);
218
    assert (rc == 0);
219
    expect_bounce_fail (server_, client);
220 221
    close_zero_linger (client);

222
#ifdef ZMQ_BUILD_DRAFT_API
223
    int error;
224
    int event = get_monitor_event (server_mon_, &error, NULL);
225 226
    assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL);
    assert (error == ZMQ_PROTOCOL_ERROR_ZMTP_MECHANISM_MISMATCH);
227
#endif
228 229 230 231
}

//  Check GSSAPI security with PLAIN client credentials
//  This must be caught by the curve_server class, not passed to ZAP
232 233 234 235
void test_plain_creds (void *ctx_,
                       void *server_,
                       void *server_mon_,
                       char *endpoint_)
236
{
237
    void *client = zmq_socket (ctx_, ZMQ_DEALER);
238 239 240 241 242
    assert (client);
    int rc = zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, "admin", 5);
    assert (rc == 0);
    rc = zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, "password", 8);
    assert (rc == 0);
243
    rc = zmq_connect (client, endpoint_);
244
    assert (rc == 0);
245
    expect_bounce_fail (server_, client);
246 247 248 249
    close_zero_linger (client);
}

// Unauthenticated messages from a vanilla socket shouldn't be received
250 251 252 253
void test_vanilla_socket (void *ctx_,
                          void *server_,
                          void *server_mon_,
                          char *endpoint_)
254 255 256
{
    struct sockaddr_in ip4addr;
    int s;
257
    unsigned short int port;
258
    int rc = sscanf (endpoint_, "tcp://127.0.0.1:%hu", &port);
259
    assert (rc == 1);
260
    ip4addr.sin_family = AF_INET;
261
    ip4addr.sin_port = htons (port);
262
#if defined(ZMQ_HAVE_WINDOWS) && (_WIN32_WINNT < 0x0600)
263 264
    ip4addr.sin_addr.s_addr = inet_addr ("127.0.0.1");
#else
265
    inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr);
266 267 268
#endif

    s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
269
    rc = connect (s, (struct sockaddr *) &ip4addr, sizeof (ip4addr));
270 271 272 273 274 275
    assert (rc > -1);
    // send anonymous ZMTP/1.0 greeting
    send (s, "\x01\x00", 2, 0);
    // send sneaky message that shouldn't be received
    send (s, "\x08\x00sneaky\0", 9, 0);
    int timeout = 250;
276 277
    zmq_setsockopt (server_, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
    char *buf = s_recv (server_);
278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297
    if (buf != NULL) {
        printf ("Received unauthenticated message: %s\n", buf);
        assert (buf == NULL);
    }
    close (s);
}

int main (void)
{
    if (!getenv ("KRB5_KTNAME") || !getenv ("KRB5_CLIENT_KTNAME")) {
        printf ("KRB5 environment unavailable, skipping test\n");
        return 77; // SKIP
    }
    // Avoid entanglements with user's credential cache
    setenv ("KRB5CCNAME", "MEMORY", 1);

    setup_test_environment ();
    void *ctx = zmq_ctx_new ();
    assert (ctx);

298 299 300
    size_t len = MAX_SOCKET_STRING;
    char my_endpoint[MAX_SOCKET_STRING];

301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
    //  Spawn ZAP handler
    //  We create and bind ZAP socket in main thread to avoid case
    //  where child thread does not start up fast enough.
    void *handler = zmq_socket (ctx, ZMQ_REP);
    assert (handler);
    int rc = zmq_bind (handler, "inproc://zeromq.zap.01");
    assert (rc == 0);
    void *zap_thread = zmq_threadstart (&zap_handler, handler);

    //  Server socket will accept connections
    void *server = zmq_socket (ctx, ZMQ_DEALER);
    assert (server);
    int as_server = 1;
    rc = zmq_setsockopt (server, ZMQ_GSSAPI_SERVER, &as_server, sizeof (int));
    assert (rc == 0);
316
    rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1);
317 318
    assert (rc == 0);
    int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
319 320
    rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type,
                         sizeof (name_type));
321
    assert (rc == 0);
322 323 324
    rc = zmq_bind (server, "tcp://127.0.0.1:*");
    assert (rc == 0);
    rc = zmq_getsockopt (server, ZMQ_LAST_ENDPOINT, my_endpoint, &len);
325 326
    assert (rc == 0);

327
#ifdef ZMQ_BUILD_DRAFT_API
328 329
    //  Monitor handshake events on the server
    rc = zmq_socket_monitor (server, "inproc://monitor-server",
330 331 332
                             ZMQ_EVENT_HANDSHAKE_SUCCEEDED
                               | ZMQ_EVENT_HANDSHAKE_FAILED_AUTH
                               | ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL);
333
    assert (rc == 0);
334
#endif
335 336

    //  Create socket for collecting monitor events
337 338 339
    void *server_mon = NULL;
#ifdef ZMQ_BUILD_DRAFT_API
    server_mon = zmq_socket (ctx, ZMQ_PAIR);
340
    assert (server_mon);
341
#endif
342 343 344 345 346 347

    //  Connect it to the inproc endpoints so they'll get events
    rc = zmq_connect (server_mon, "inproc://monitor-server");
    assert (rc == 0);

    //  Attempt various connections
348 349 350 351 352
    test_valid_creds (ctx, server, server_mon, my_endpoint);
    test_null_creds (ctx, server, server_mon, my_endpoint);
    test_plain_creds (ctx, server, server_mon, my_endpoint);
    test_vanilla_socket (ctx, server, server_mon, my_endpoint);
    test_unauth_creds (ctx, server, server_mon, my_endpoint);
353 354

    //  Shutdown
355
#ifdef ZMQ_BUILD_DRAFT_API
356
    close_zero_linger (server_mon);
357
#endif
358 359 360 361 362 363 364 365 366 367
    rc = zmq_close (server);
    assert (rc == 0);
    rc = zmq_ctx_term (ctx);
    assert (rc == 0);

    //  Wait until ZAP handler terminates
    zmq_threadclose (zap_thread);

    return 0;
}