generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-01-21 02:00:36 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #637 from minrk/test_plain_inauth

Browse Source 
test failed auth for both PLAIN and CURVE
This commit is contained in:
Pieter Hintjens 2013-09-01 10:18:50 -07:00
commit ca8ac83e97
3 changed files with 182 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
tests/test_security.cpp
View File

@ -115,7 +115,7 @@ int main (void)
assert (rc == 0);
rc = zmq_close (server);
assert (rc == 0);
// Check PLAIN security
server = zmq_socket (ctx, ZMQ_DEALER);
assert (server);
@ -196,6 +196,69 @@ int main (void)
// Wait until ZAP handler terminates.
zmq_threadclose(zap_thread);
// Check PLAIN security -- failed authentication
server = zmq_socket (ctx, ZMQ_DEALER);
assert (server);
rc = zmq_setsockopt(server, ZMQ_IDENTITY, "IDENT", 6);
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
strcpy (username, "wronguser");
strcpy (password, "wrongpass");
rc = zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, username, strlen (username));
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, password, strlen (password));
assert (rc == 0);
as_server = 1;
rc = zmq_setsockopt (server, ZMQ_PLAIN_SERVER, &as_server, sizeof (int));
assert (rc == 0);
optsize = sizeof (int);
rc = zmq_getsockopt (client, ZMQ_MECHANISM, &mechanism, &optsize);
assert (rc == 0);
assert (mechanism == ZMQ_PLAIN);
rc = zmq_getsockopt (server, ZMQ_MECHANISM, &mechanism, &optsize);
assert (rc == 0);
assert (mechanism == ZMQ_PLAIN);
rc = zmq_getsockopt (client, ZMQ_PLAIN_SERVER, &as_server, &optsize);
assert (rc == 0);
assert (as_server == 0);
rc = zmq_getsockopt (server, ZMQ_PLAIN_SERVER, &as_server, &optsize);
assert (rc == 0);
assert (as_server == 1);
// Create and bind ZAP socket
zap = zmq_socket (ctx, ZMQ_REP);
assert (zap);
rc = zmq_bind (zap, "inproc://zeromq.zap.01");
assert (rc == 0);
// Spawn ZAP handler
zap_thread = zmq_threadstart(&zap_handler, zap);
rc = zmq_bind (server, "tcp://*:9996");
assert (rc == 0);
rc = zmq_connect (client, "tcp://localhost:9996");
assert (rc == 0);
// Send message from inauthenticated client to server
expect_bounce_fail(server, client);
rc = zmq_close (client);
assert (rc == 0);
rc = zmq_close (server);
assert (rc == 0);
// Wait until ZAP handler terminates.
zmq_threadclose(zap_thread);
// Check PLAIN security -- two servers trying to talk to each other
server = zmq_socket (ctx, ZMQ_DEALER);

83
tests/test_security_curve.cpp
View File

@ -25,7 +25,17 @@
static void zap_handler (void *zap)
{
int timeout = 250;
int rc;
rc = zmq_setsockopt(zap, ZMQ_RCVTIMEO, &timeout, sizeof (int));
assert (rc == 0);
char *version = s_recv (zap);
if (version == NULL) {
printf("ZAP timeout\n");
rc = zmq_close(zap);
assert (rc == 0);
return;
}
char *sequence = s_recv (zap);
char *domain = s_recv (zap);
char *address = s_recv (zap);
@ -52,10 +62,11 @@ static void zap_handler (void *zap)
free (mechanism);
free (client_key);
int rc = zmq_close (zap);
rc = zmq_close (zap);
assert (rc == 0);
}
int main (void)
{
#ifndef HAVE_LIBSODIUM
@ -84,7 +95,7 @@ int main (void)
char client_secret [] = "D:)Q[IlAW!ahhC2ac:9*A}h:p?([4%wOTJ%JR%cs";
char server_public [] = "rq:rM>}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7";
char server_secret [] = "JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6";
as_server = 1;
rc = zmq_setsockopt (server, ZMQ_CURVE_SERVER, &as_server, sizeof (int));
assert (rc == 0);
@ -142,6 +153,74 @@ int main (void)
// Wait until ZAP handler terminates.
zmq_threadclose(zap_thread);
// Test that Curve rejects inauthenticated connections
// Use the wrong client key
strcpy(client_public, "1111222233334444555566667777888899990000");
// Server socket will accept connections
server = zmq_socket (ctx, ZMQ_DEALER);
assert (server);
// Client socket that will try to connect to server
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
as_server = 1;
rc = zmq_setsockopt (server, ZMQ_CURVE_SERVER, &as_server, sizeof (int));
assert (rc == 0);
rc = zmq_setsockopt (server, ZMQ_CURVE_SECRETKEY, server_secret, 40);
assert (rc == 0);
rc = zmq_setsockopt(server, ZMQ_IDENTITY, "IDENT", 6);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 40);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 40);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 40);
assert (rc == 0);
// Test the client and server both have the right mechanism.
optsize = sizeof (int);
rc = zmq_getsockopt (client, ZMQ_MECHANISM, &mechanism, &optsize);
assert (rc == 0);
assert (mechanism == ZMQ_CURVE);
rc = zmq_getsockopt (server, ZMQ_MECHANISM, &mechanism, &optsize);
assert (rc == 0);
assert (mechanism == ZMQ_CURVE);
// Test the server bit on both client and server.
rc = zmq_getsockopt (client, ZMQ_CURVE_SERVER, &as_server, &optsize);
assert (rc == 0);
assert (as_server == 0);
rc = zmq_getsockopt (server, ZMQ_CURVE_SERVER, &as_server, &optsize);
assert (rc == 0);
assert (as_server == 1);
// Create and bind ZAP socket
zap = zmq_socket (ctx, ZMQ_REP);
assert (zap);
rc = zmq_bind (zap, "inproc://zeromq.zap.01");
assert (rc == 0);
zap_thread = zmq_threadstart(&zap_handler, zap);
rc = zmq_bind (server, "tcp://*:9997");
assert (rc == 0);
rc = zmq_connect (client, "tcp://localhost:9997");
assert (rc == 0);
expect_bounce_fail(server, client);
close_zero_linger (client);
rc = zmq_close (server);
assert (rc == 0);
// Wait until ZAP handler terminates.
zmq_threadclose(zap_thread);
// Shutdown
rc = zmq_ctx_term (ctx);
assert (rc == 0);

37
tests/testutil.hpp
View File

@ -83,6 +83,43 @@ bounce (void *server, void *client)
assert (memcmp (buffer, content, 32) == 0);
}
// Same as bounce, but expect messages to never arrive
// for security or subscriber reasons.
void
expect_bounce_fail (void *server, void *client)
{
const char *content = "12345678ABCDEFGH12345678abcdefgh";
char buffer [32];
// Send message from client to server
int rc = zmq_send (client, content, 32, ZMQ_SNDMORE);
assert (rc == 32);
rc = zmq_send (client, content, 32, 0);
assert (rc == 32);
// Receive message at server side (should not succeed)
int timeout = 250;
rc = zmq_setsockopt(server, ZMQ_RCVTIMEO, &timeout, sizeof (int));
assert (rc == 0);
rc = zmq_setsockopt(client, ZMQ_RCVTIMEO, &timeout, sizeof (int));
assert (rc == 0);
rc = zmq_recv (server, buffer, 32, 0);
assert (rc == -1);
assert (zmq_errno() == EAGAIN);
rc = zmq_send (server, content, 32, ZMQ_SNDMORE);
assert (rc == 32);
rc = zmq_send (server, content, 32, 0);
assert (rc == 32);
rc = zmq_recv (client, buffer, 32, 0);
assert (rc == -1);
assert (zmq_errno() == EAGAIN);
}
// Receive 0MQ string from socket and convert into C string
// Caller must free returned string. Returns NULL if the context
// is being terminated.