static void test_cram_md5_auth()
{
const char *user = "******";
const char *pass = "******";
cbsasl_conn_t *conn = NULL;
char creds[128];
unsigned credslen = 0;
const char *output = NULL;
unsigned outputlen = 0;
cbsasl_error_t err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "CRAM-MD5", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
construct_cram_md5_credentials(creds, &credslen, user, strlen(user), pass,
strlen(pass), conn->c.server.sasl_data,
conn->c.server.sasl_data_len);
err = cbsasl_server_step(conn, creds, credslen, &output, &outputlen);
cb_assert(err == SASL_OK);
if (output != NULL) {
free((char *)output);
}
cbsasl_dispose(&conn);
cbsasl_server_term();
cb_assert(conn == NULL);
}
CBSASL_PUBLIC_API
cbsasl_error_t cbsasl_client_new(const char *service, const char *serverFQDN, const char *iplocalport,
const char *ipremoteport, const cbsasl_callback_t *prompt_supp, unsigned flags,
cbsasl_conn_t **pconn)
{
cbsasl_conn_t *conn;
cbsasl_callback_t *callbacks = (cbsasl_callback_t *)prompt_supp;
int ii;
if (prompt_supp == NULL) {
return SASL_BADPARAM;
}
conn = calloc(1, sizeof(*conn));
if (conn == NULL) {
return SASL_NOMEM;
}
conn->client = 1;
ii = 0;
/* Locate the callbacks */
while (callbacks[ii].id != CBSASL_CB_LIST_END) {
if (callbacks[ii].id == CBSASL_CB_USER || callbacks[ii].id == CBSASL_CB_AUTHNAME) {
union {
int (*get)(void *, int, const char **, unsigned int *);
int (*proc)(void);
} hack;
hack.proc = callbacks[ii].proc;
conn->c.client.get_username = hack.get;
conn->c.client.get_username_ctx = callbacks[ii].context;
} else if (callbacks[ii].id == CBSASL_CB_PASS) {
union {
int (*get)(cbsasl_conn_t *, void *, int, cbsasl_secret_t **);
int (*proc)(void);
} hack;
hack.proc = callbacks[ii].proc;
conn->c.client.get_password = hack.get;
conn->c.client.get_password_ctx = callbacks[ii].context;
}
++ii;
}
if (conn->c.client.get_username == NULL || conn->c.client.get_password == NULL) {
cbsasl_dispose(&conn);
return SASL_NOUSER;
}
*pconn = conn;
(void)service;
(void)serverFQDN;
(void)iplocalport;
(void)ipremoteport;
(void)flags;
return SASL_OK;
}
static void
cleanup_negotiated(mc_pSESSINFO ctx)
{
if (ctx->sasl) {
cbsasl_dispose(&ctx->sasl);
}
if (ctx->mech) {
free(ctx->mech);
}
free(ctx);
}
static void sasl_auth_response_handler(lcb_server_t *server,
struct lcb_command_data_st *command_data,
protocol_binary_response_header *res)
{
lcb_uint16_t ret = ntohs(res->response.status);
if (ret == PROTOCOL_BINARY_RESPONSE_SUCCESS) {
if (server->sasl_conn) {
cbsasl_dispose(&server->sasl_conn);
}
server->sasl_conn = NULL;
lcb_server_connected(server);
} else if (ret == PROTOCOL_BINARY_RESPONSE_AUTH_CONTINUE) {
protocol_binary_request_no_extras req;
lcb_connection_t conn = &server->connection;
const char *out, *bytes = (const char *)res + sizeof(res->bytes);
unsigned int nout, nbytes = ntohl(res->response.bodylen);
if (cbsasl_client_step(server->sasl_conn, bytes, nbytes,
NULL, &out, &nout) != SASL_CONTINUE) {
lcb_error_handler(server->instance, LCB_AUTH_ERROR,
"Unable to perform SASL STEP");
return;
}
memset(&req, 0, sizeof(req));
req.message.header.request.magic = PROTOCOL_BINARY_REQ;
req.message.header.request.opcode = PROTOCOL_BINARY_CMD_SASL_STEP;
req.message.header.request.keylen = ntohs((lcb_uint16_t)server->sasl_nmech);
req.message.header.request.datatype = PROTOCOL_BINARY_RAW_BYTES;
req.message.header.request.bodylen = ntohl((lcb_uint32_t)(server->sasl_nmech + nout));
lcb_server_buffer_start_packet(server, command_data->cookie, conn->output,
&server->output_cookies,
req.bytes, sizeof(req.bytes));
lcb_server_buffer_write_packet(server, conn->output,
server->sasl_mech, server->sasl_nmech);
lcb_server_buffer_write_packet(server, conn->output, out, nout);
lcb_server_buffer_end_packet(server, conn->output);
lcb_sockrw_set_want(conn, LCB_WRITE_EVENT, 0);
} else {
lcb_error_handler(server->instance, LCB_AUTH_ERROR,
"SASL authentication failed");
}
/* Make it known that this was a success. */
lcb_error_handler(server->instance, LCB_SUCCESS, NULL);
(void)command_data;
}
static void sasl_step_response_handler(lcb_server_t *server,
struct lcb_command_data_st *command_data,
protocol_binary_response_header *res)
{
lcb_uint16_t ret = ntohs(res->response.status);
if (ret == PROTOCOL_BINARY_RESPONSE_SUCCESS) {
if (server->sasl_conn) {
cbsasl_dispose(&server->sasl_conn);
}
server->sasl_conn = NULL;
lcb_server_connected(server);
} else {
lcb_error_handler(server->instance, LCB_AUTH_ERROR,
"SASL authentication failed");
}
(void)command_data;
}
static void test_plain_auth()
{
cbsasl_conn_t *conn = NULL;
const char *output = NULL;
unsigned outputlen = 0;
cbsasl_error_t err;
err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "bad_mech", NULL, 0, NULL, NULL);
cb_assert(err == SASL_BADPARAM);
free((void *)output);
/* Normal behavior */
output = NULL;
err = cbsasl_server_start(&conn, "PLAIN", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
err = cbsasl_server_step(conn, "\0mikewied\0mikepw", 16, &output, &outputlen);
cb_assert(err == SASL_OK);
free((void *)output);
cbsasl_server_term();
/* With wrong password */
output = NULL;
err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "PLAIN", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
err = cbsasl_server_step(conn, "\0mikewied\0badpPW", 16, &output, &outputlen);
cb_assert(err == SASL_FAIL);
free((void *)output);
cbsasl_dispose(&conn);
cb_assert(conn == NULL);
cbsasl_server_term();
/* with no password */
output = NULL;
err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "PLAIN", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
err = cbsasl_server_step(conn, "\0nopass\0", 8, &output, &outputlen);
cb_assert(err == SASL_OK);
free((void *)output);
cbsasl_server_term();
/* with authzid */
output = NULL;
err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "PLAIN", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
err = cbsasl_server_step(conn, "funzid\0mikewied\0mikepw", 22, &output, &outputlen);
cb_assert(err == SASL_OK);
free((void *)output);
cbsasl_server_term();
/* with no pw or username ending null */
output = NULL;
err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "PLAIN", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
err = cbsasl_server_step(conn, "funzid\0mikewied", 15, &output, &outputlen);
cb_assert(err != SASL_OK);
free((void *)output);
cbsasl_server_term();
/* with no nulls at all */
output = NULL;
err = cbsasl_server_init();
cb_assert(err == SASL_OK);
err = cbsasl_server_start(&conn, "PLAIN", NULL, 0, NULL, NULL);
cb_assert(err == SASL_CONTINUE);
err = cbsasl_server_step(conn, "funzidmikewied", 14, &output, &outputlen);
cb_assert(err != SASL_OK);
free((void *)output);
cbsasl_server_term();
cbsasl_dispose(&conn);
cb_assert(conn == NULL);
}
