Skip to content

L
libzmq
Commit 9528983d authored by Simon Giesecke's avatar Simon Giesecke
Browse files
Options

Problem: tests without test framework 

Solution: migrate to Unity
parent 90a4d268
Hide whitespace changes
Inline Side-by-side
Showing with 174 additions and 187 deletions
Makefile.am
View file @ 9528983d
......@@ -930,7 +930,8 @@ if BUILD_GSSAPI
test_apps += tests/test_security_gssapi
tests_test_security_gssapi_SOURCES = tests/test_security_gssapi.cpp
tests_test_security_gssapi_LDADD = src/libzmq.la
tests_test_security_gssapi_LDADD = src/libzmq.la ${UNITY_LIBS}
tests_test_security_gssapi_CPPFLAGS = ${UNITY_CPPFLAGS}
endif
......
tests/CMakeLists.txt
View file @ 9528983d
......@@ -75,6 +75,11 @@ set(tests
test_mock_pub_sub
)
if(NOT WIN32)
list(APPEND tests
test_security_gssapi)
endif()
if(ZMQ_HAVE_CURVE)
list(APPEND tests
test_security_curve)
......
tests/test_security_gssapi.cpp
View file @ 9528983d
......@@ -28,6 +28,7 @@
*/
#include "testutil.hpp"
#include "testutil_unity.hpp"
#if defined(ZMQ_HAVE_WINDOWS)
#include <winsock2.h>
#include <ws2tcpip.h>
......@@ -55,42 +56,6 @@ const char *name = "zmqtest2";
static volatile int zap_deny_all = 0;
// Read one event off the monitor socket; return value and address
// by reference, if not null, and event number by value. Returns -1
// in case of error.
static int get_monitor_event (void *monitor_, int *value_, char **address_)
{
// First frame in message contains event number and value
zmq_msg_t msg;
zmq_msg_init (&msg);
if (zmq_msg_recv (&msg, monitor_, 0) == -1)
return -1; // Interruped, presumably
assert (zmq_msg_more (&msg));
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
uint16_t event = *(uint16_t *) (data);
if (value_)
*value_ = *(uint32_t *) (data + 2);
zmq_msg_close (&msg);
// Second frame in message contains event address
zmq_msg_init (&msg);
if (zmq_msg_recv (&msg, monitor_, 0) == -1)
return -1; // Interruped, presumably
assert (!zmq_msg_more (&msg));
if (address_) {
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
size_t size = zmq_msg_size (&msg);
*address_ = (char *) malloc (size + 1);
memcpy (*address_, data, size);
*address_[size] = 0;
}
zmq_msg_close (&msg);
return event;
}
// --------------------------------------------------------------------------
// This methods receives and validates ZAP requestes (allowing or denying
// each client connection).
......@@ -111,8 +76,8 @@ static void zap_handler (void *handler_)
char *mechanism = s_recv (handler_);
char *principal = s_recv (handler_);
assert (streq (version, "1.0"));
assert (streq (mechanism, "GSSAPI"));
TEST_ASSERT_EQUAL_STRING ("1.0", version);
TEST_ASSERT_EQUAL_STRING ("GSSAPI", mechanism);
s_sendmore (handler_, version);
s_sendmore (handler_, sequence);
......@@ -141,113 +106,190 @@ static void zap_handler (void *handler_)
zmq_close (handler_);
}
void test_valid_creds (void *ctx_,
void *server_,
void *server_mon_,
char *endpoint_)
static char my_endpoint[MAX_SOCKET_STRING];
static void *zap_thread;
static void *server;
static void *server_mon;
void check_krb_available ()
{
if (!getenv ("KRB5_KTNAME") || !getenv ("KRB5_CLIENT_KTNAME")) {
TEST_IGNORE_MESSAGE ("KRB5 environment unavailable, skipping test");
}
}
void setUp ()
{
void *client = zmq_socket (ctx_, ZMQ_DEALER);
assert (client);
int rc = zmq_setsockopt (client, ZMQ_GSSAPI_SERVICE_PRINCIPAL, name,
strlen (name) + 1);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1);
assert (rc == 0);
setup_test_context ();
zap_thread = 0;
server = NULL;
server_mon = NULL;
check_krb_available ();
// Spawn ZAP handler
// We create and bind ZAP socket in main thread to avoid case
// where child thread does not start up fast enough.
void *handler = zmq_socket (get_test_context (), ZMQ_REP);
TEST_ASSERT_SUCCESS_ERRNO (zmq_bind (handler, "inproc://zeromq.zap.01"));
zap_thread = zmq_threadstart (&zap_handler, handler);
// Server socket will accept connections
server = test_context_socket (ZMQ_DEALER);
int as_server = 1;
TEST_ASSERT_SUCCESS_ERRNO (
zmq_setsockopt (server, ZMQ_GSSAPI_SERVER, &as_server, sizeof (int)));
TEST_ASSERT_SUCCESS_ERRNO (
zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1));
int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type,
sizeof (name_type));
assert (rc == 0);
rc = zmq_connect (client, endpoint_);
assert (rc == 0);
bounce (server_, client);
rc = zmq_close (client);
assert (rc == 0);
int event = get_monitor_event (server_mon_, NULL, NULL);
assert (event == ZMQ_EVENT_HANDSHAKE_SUCCEEDED);
TEST_ASSERT_SUCCESS_ERRNO (zmq_setsockopt (
server, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type, sizeof (name_type)));
bind_loopback_ipv4 (server, my_endpoint, sizeof my_endpoint);
// Monitor handshake events on the server
TEST_ASSERT_SUCCESS_ERRNO (zmq_socket_monitor (
server, "inproc://monitor-server",
ZMQ_EVENT_HANDSHAKE_SUCCEEDED | ZMQ_EVENT_HANDSHAKE_FAILED_AUTH
| ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL));
// Create socket for collecting monitor events
server_mon = test_context_socket (ZMQ_PAIR);
// Connect it to the inproc endpoints so they'll get events
TEST_ASSERT_SUCCESS_ERRNO (
zmq_connect (server_mon, "inproc://monitor-server"));
}
void tearDown ()
{
// Shutdown
if (server_mon)
test_context_socket_close_zero_linger (server_mon);
if (server)
test_context_socket_close (server);
teardown_test_context ();
// Wait until ZAP handler terminates
if (zap_thread)
zmq_threadclose (zap_thread);
}
// Read one event off the monitor socket; return value and address
// by reference, if not null, and event number by value. Returns -1
// in case of error.
static int get_monitor_event (void *monitor_, int *value_, char **address_)
{
// First frame in message contains event number and value
zmq_msg_t msg;
zmq_msg_init (&msg);
if (zmq_msg_recv (&msg, monitor_, 0) == -1)
return -1; // Interruped, presumably
TEST_ASSERT_TRUE (zmq_msg_more (&msg));
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
uint16_t event = *(uint16_t *) (data);
if (value_)
*value_ = *(uint32_t *) (data + 2);
zmq_msg_close (&msg);
// Second frame in message contains event address
zmq_msg_init (&msg);
if (zmq_msg_recv (&msg, monitor_, 0) == -1)
return -1; // Interruped, presumably
TEST_ASSERT_FALSE (zmq_msg_more (&msg));
if (address_) {
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
size_t size = zmq_msg_size (&msg);
*address_ = (char *) malloc (size + 1);
memcpy (*address_, data, size);
*address_[size] = 0;
}
zmq_msg_close (&msg);
return event;
}
void test_valid_creds ()
{
void *client = test_context_socket (ZMQ_DEALER);
TEST_ASSERT_SUCCESS_ERRNO (zmq_setsockopt (
client, ZMQ_GSSAPI_SERVICE_PRINCIPAL, name, strlen (name) + 1));
TEST_ASSERT_SUCCESS_ERRNO (
zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1));
int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
TEST_ASSERT_SUCCESS_ERRNO (zmq_setsockopt (
client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type, sizeof (name_type)));
TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
bounce (server, client);
test_context_socket_close (client);
int event = get_monitor_event (server_mon, NULL, NULL);
TEST_ASSERT_EQUAL_INT (ZMQ_EVENT_HANDSHAKE_SUCCEEDED, event);
}
// Check security with valid but unauthorized credentials
// Note: ZAP may see multiple requests - after a failure, client will
// fall back to other crypto types for principal, if available.
void test_unauth_creds (void *ctx_,
void *server_,
void *server_mon_,
char *endpoint_)
void test_unauth_creds ()
{
void *client = zmq_socket (ctx_, ZMQ_DEALER);
assert (client);
int rc = zmq_setsockopt (client, ZMQ_GSSAPI_SERVICE_PRINCIPAL, name,
strlen (name) + 1);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1);
assert (rc == 0);
void *client = test_context_socket (ZMQ_DEALER);
TEST_ASSERT_SUCCESS_ERRNO (zmq_setsockopt (
client, ZMQ_GSSAPI_SERVICE_PRINCIPAL, name, strlen (name) + 1));
TEST_ASSERT_SUCCESS_ERRNO (
zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1));
int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type,
sizeof (name_type));
assert (rc == 0);
TEST_ASSERT_SUCCESS_ERRNO (zmq_setsockopt (
client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type, sizeof (name_type)));
zap_deny_all = 1;
rc = zmq_connect (client, endpoint_);
assert (rc == 0);
TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
expect_bounce_fail (server_, client);
close_zero_linger (client);
expect_bounce_fail (server, client);
test_context_socket_close_zero_linger (client);
int event = get_monitor_event (server_mon_, NULL, NULL);
assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH);
int event = get_monitor_event (server_mon, NULL, NULL);
TEST_ASSERT_EQUAL_INT (ZMQ_EVENT_HANDSHAKE_FAILED_AUTH, event);
}
// Check GSSAPI security with NULL client credentials
// This must be caught by the gssapi_server class, not passed to ZAP
void test_null_creds (void *ctx_,
void *server_,
void *server_mon_,
char *endpoint_)
void test_null_creds ()
{
void *client = zmq_socket (ctx_, ZMQ_DEALER);
assert (client);
int rc = zmq_connect (client, endpoint_);
assert (rc == 0);
expect_bounce_fail (server_, client);
close_zero_linger (client);
void *client = test_context_socket (ZMQ_DEALER);
TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
expect_bounce_fail (server, client);
test_context_socket_close_zero_linger (client);
int error;
int event = get_monitor_event (server_mon_, &error, NULL);
assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL);
assert (error == ZMQ_PROTOCOL_ERROR_ZMTP_MECHANISM_MISMATCH);
int event = get_monitor_event (server_mon, &error, NULL);
TEST_ASSERT_EQUAL_INT (ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, event);
TEST_ASSERT_EQUAL_INT (ZMQ_PROTOCOL_ERROR_ZMTP_MECHANISM_MISMATCH, error);
}
// Check GSSAPI security with PLAIN client credentials
// This must be caught by the curve_server class, not passed to ZAP
void test_plain_creds (void *ctx_,
void *server_,
void *server_mon_,
char *endpoint_)
void test_plain_creds ()
{
void *client = zmq_socket (ctx_, ZMQ_DEALER);
assert (client);
int rc = zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, "admin", 5);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, "password", 8);
assert (rc == 0);
rc = zmq_connect (client, endpoint_);
assert (rc == 0);
expect_bounce_fail (server_, client);
close_zero_linger (client);
void *client = test_context_socket (ZMQ_DEALER);
TEST_ASSERT_SUCCESS_ERRNO (
zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, "admin", 5));
TEST_ASSERT_SUCCESS_ERRNO (
zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, "password", 8));
TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
expect_bounce_fail (server, client);
test_context_socket_close_zero_linger (client);
}
// Unauthenticated messages from a vanilla socket shouldn't be received
void test_vanilla_socket (void *ctx_,
void *server_,
void *server_mon_,
char *endpoint_)
void test_vanilla_socket ()
{
struct sockaddr_in ip4addr;
int s;
unsigned short int port;
int rc = sscanf (endpoint_, "tcp://127.0.0.1:%hu", &port);
assert (rc == 1);
int rc = sscanf (my_endpoint, "tcp://127.0.0.1:%hu", &port);
TEST_ASSERT_EQUAL_INT (1, rc);
ip4addr.sin_family = AF_INET;
ip4addr.sin_port = htons (port);
#if defined(ZMQ_HAVE_WINDOWS) && (_WIN32_WINNT < 0x0600)
......@@ -258,95 +300,34 @@ void test_vanilla_socket (void *ctx_,
s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
rc = connect (s, (struct sockaddr *) &ip4addr, sizeof (ip4addr));
assert (rc > -1);
TEST_ASSERT_GREATER_THAN (-1, rc);
// send anonymous ZMTP/1.0 greeting
send (s, "\x01\x00", 2, 0);
// send sneaky message that shouldn't be received
send (s, "\x08\x00sneaky\0", 9, 0);
int timeout = 250;
zmq_setsockopt (server_, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
char *buf = s_recv (server_);
zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
char *buf = s_recv (server);
if (buf != NULL) {
printf ("Received unauthenticated message: %s\n", buf);
assert (buf == NULL);
TEST_ASSERT_NULL (buf);
}
close (s);
}
int main (void)
{
if (!getenv ("KRB5_KTNAME") || !getenv ("KRB5_CLIENT_KTNAME")) {
printf ("KRB5 environment unavailable, skipping test\n");
return 77; // SKIP
}
// Avoid entanglements with user's credential cache
setenv ("KRB5CCNAME", "MEMORY", 1);
setup_test_environment ();
void *ctx = zmq_ctx_new ();
assert (ctx);
size_t len = MAX_SOCKET_STRING;
char my_endpoint[MAX_SOCKET_STRING];
// Spawn ZAP handler
// We create and bind ZAP socket in main thread to avoid case
// where child thread does not start up fast enough.
void *handler = zmq_socket (ctx, ZMQ_REP);
assert (handler);
int rc = zmq_bind (handler, "inproc://zeromq.zap.01");
assert (rc == 0);
void *zap_thread = zmq_threadstart (&zap_handler, handler);
// Server socket will accept connections
void *server = zmq_socket (ctx, ZMQ_DEALER);
assert (server);
int as_server = 1;
rc = zmq_setsockopt (server, ZMQ_GSSAPI_SERVER, &as_server, sizeof (int));
assert (rc == 0);
rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1);
assert (rc == 0);
int name_type = ZMQ_GSSAPI_NT_HOSTBASED;
rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type,
sizeof (name_type));
assert (rc == 0);
rc = zmq_bind (server, "tcp://127.0.0.1:*");
assert (rc == 0);
rc = zmq_getsockopt (server, ZMQ_LAST_ENDPOINT, my_endpoint, &len);
assert (rc == 0);
// Monitor handshake events on the server
rc = zmq_socket_monitor (server, "inproc://monitor-server",
ZMQ_EVENT_HANDSHAKE_SUCCEEDED
| ZMQ_EVENT_HANDSHAKE_FAILED_AUTH
| ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL);
assert (rc == 0);
// Create socket for collecting monitor events
void *server_mon = NULL;
server_mon = zmq_socket (ctx, ZMQ_PAIR);
assert (server_mon);
// Connect it to the inproc endpoints so they'll get events
rc = zmq_connect (server_mon, "inproc://monitor-server");
assert (rc == 0);
// Attempt various connections
test_valid_creds (ctx, server, server_mon, my_endpoint);
test_null_creds (ctx, server, server_mon, my_endpoint);
test_plain_creds (ctx, server, server_mon, my_endpoint);
test_vanilla_socket (ctx, server, server_mon, my_endpoint);
test_unauth_creds (ctx, server, server_mon, my_endpoint);
// Shutdown
close_zero_linger (server_mon);
rc = zmq_close (server);
assert (rc == 0);
rc = zmq_ctx_term (ctx);
assert (rc == 0);
// Wait until ZAP handler terminates
zmq_threadclose (zap_thread);
UNITY_BEGIN ();
RUN_TEST (test_valid_creds);
RUN_TEST (test_null_creds);
RUN_TEST (test_plain_creds);
RUN_TEST (test_vanilla_socket);
RUN_TEST (test_unauth_creds);
return UNITY_END ();
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment