sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s4-torture: Add torture_check_krb5_error() function

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2016-07-04 09:47:10 +02:00 committed by Andrew Bartlett
parent 51d2779a60
commit bc3473e67c
1 changed files with 111 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
source4/torture/krb5/kdc-heimdal.c
View File

@ -74,6 +74,66 @@ static bool torture_krb5_pre_send_test(struct torture_krb5_context *test_context
return true;
}
static bool torture_check_krb5_error(struct torture_krb5_context *test_context,
const krb5_data *reply,
krb5_error_code expected_error,
bool check_pa_data)
{
KRB_ERROR error = { 0 };
size_t used = 0;
int rc;
rc = decode_KRB_ERROR(reply->data, reply->length, &error, &used);
torture_assert_int_equal(test_context->tctx,
rc, 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx,
used, reply->length,
"length mismatch");
torture_assert_int_equal(test_context->tctx,
error.pvno, 5,
"Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx,
error.error_code, expected_error - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
if (check_pa_data) {
METHOD_DATA m;
size_t len;
int i;
bool found = false;
torture_assert(test_context->tctx,
error.e_data != NULL,
"No e-data returned");
rc = decode_METHOD_DATA(error.e_data->data,
error.e_data->length,
&m,
&len);
torture_assert_int_equal(test_context->tctx,
rc, 0,
"Got invalid method data");
torture_assert(test_context->tctx,
m.len > 0,
"No PA_DATA given");
for (i = 0; i < m.len; i++) {
if (m.val[i].padata_type == KRB5_PADATA_ENC_TIMESTAMP) {
found = true;
break;
}
}
torture_assert(test_context->tctx,
found,
"Encrypted timestamp not found");
}
free_KRB_ERROR(&error);
return true;
}
/*
* Confirm that the incoming packet from the KDC meets certain
* expectations. This uses a switch and the packet count to work out
@ -86,18 +146,19 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex
{
KRB_ERROR error;
size_t used;
bool ok;
switch (test_context->test)
{
case TORTURE_KRB5_TEST_PLAIN:
if (test_context->packet_count == 0) {
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KDC_ERR_PREAUTH_REQUIRED - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KDC_ERR_PREAUTH_REQUIRED,
false);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
} else if ((decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used) == 0)
&& (test_context->packet_count == 1)) {
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
@ -139,23 +200,21 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex
*/
case TORTURE_KRB5_TEST_PAC_REQUEST:
if (test_context->packet_count == 0) {
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KRB_ERR_RESPONSE_TOO_BIG - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KRB_ERR_RESPONSE_TOO_BIG,
false);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
} else if (test_context->packet_count == 1) {
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KDC_ERR_PREAUTH_REQUIRED - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KDC_ERR_PREAUTH_REQUIRED,
false);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
} else if ((decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used) == 0)
&& (test_context->packet_count == 2)) {
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
@ -180,41 +239,21 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex
*/
case TORTURE_KRB5_TEST_BREAK_PW:
if (test_context->packet_count == 0) {
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KDC_ERR_PREAUTH_REQUIRED - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KDC_ERR_PREAUTH_REQUIRED,
false);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
} else if (test_context->packet_count == 1) {
METHOD_DATA m;
size_t len;
int i, ret = 0;
bool found = false;
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KDC_ERR_PREAUTH_FAILED - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
torture_assert(test_context->tctx, error.e_data != NULL, "No e-data returned");
ret = decode_METHOD_DATA(error.e_data->data, error.e_data->length, &m, &len);
torture_assert_int_equal(test_context->tctx, ret, 0,
"Got invalid method data");
torture_assert(test_context->tctx, m.len > 0, "No PA_DATA given");
for (i = 0; i < m.len; i++) {
if (m.val[i].padata_type == KRB5_PADATA_ENC_TIMESTAMP) {
found = true;
break;
}
}
torture_assert(test_context->tctx, found, "Encrypted timestamp not found");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KDC_ERR_PREAUTH_FAILED,
true);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
}
torture_assert(test_context->tctx, test_context->packet_count < 2, "too many packets");
free_AS_REQ(&test_context->as_req);
@ -225,23 +264,21 @@ static bool torture_krb5_post_recv_test(struct torture_krb5_context *test_contex
*/
case TORTURE_KRB5_TEST_CLOCK_SKEW:
if (test_context->packet_count == 0) {
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KDC_ERR_PREAUTH_REQUIRED - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KDC_ERR_PREAUTH_REQUIRED,
false);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
} else if (test_context->packet_count == 1) {
torture_assert_int_equal(test_context->tctx,
decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used), 0,
"decode_AS_REP failed");
torture_assert_int_equal(test_context->tctx, used, recv_buf->length, "length mismatch");
torture_assert_int_equal(test_context->tctx, error.pvno, 5, "Got wrong error.pvno");
torture_assert_int_equal(test_context->tctx, error.error_code, KRB5KRB_AP_ERR_SKEW - KRB5KDC_ERR_NONE,
"Got wrong error.error_code");
free_KRB_ERROR(&error);
ok = torture_check_krb5_error(test_context,
recv_buf,
KRB5KRB_AP_ERR_SKEW,
false);
torture_assert(test_context->tctx,
ok,
"torture_check_krb5_error failed");
}
torture_assert(test_context->tctx, test_context->packet_count < 2, "too many packets");
free_AS_REQ(&test_context->as_req);