From 117f6e415238b507a42cbc3ccdb45ad8408bfdfd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 7 Mar 2016 17:59:07 +0100
Subject: [PATCH] Add tests for send and receive sendto_kdc hooks
[ghudson@mit.edu: style changes]
ticket: 8386
---
.gitignore | 1 +
src/tests/Makefile.in | 18 ++--
src/tests/deps | 10 ++
src/tests/hooks.c | 253 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/tests/t_hooks.py | 9 ++
5 files changed, 284 insertions(+), 7 deletions(-)
create mode 100644 src/tests/hooks.c
create mode 100755 src/tests/t_hooks.py
diff --git a/.gitignore b/.gitignore
index d424019..fdc62f9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -361,6 +361,7 @@ local.properties
/src/tests/etinfo
/src/tests/gcred
/src/tests/hist
+/src/tests/hooks
/src/tests/hrealm
/src/tests/icred
/src/tests/kdbtest
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 4ab8e6e..d060513 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -6,10 +6,10 @@ SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
LC_ALL=C $(VALGRIND)
-OBJS= adata.o etinfo.o gcred.o hist.o hrealm.o icred.o kdbtest.o localauth.o \
- plugorder.o rdreq.o responder.o s2p.o s4u2proxy.o
-EXTRADEPSRCS= adata.c etinfo.c gcred.c hist.c hrealm.c icred.c kdbtest.c \
- localauth.c plugorder.c rdreq.o responder.c s2p.c s4u2proxy.c
+OBJS= adata.o etinfo.o gcred.o hist.o hooks.o hrealm.o icred.o kdbtest.o \
+ localauth.o plugorder.o rdreq.o responder.o s2p.o s4u2proxy.o
+EXTRADEPSRCS= adata.c etinfo.c gcred.c hist.c hooks.c hrealm.c icred.c \
+ kdbtest.c localauth.c plugorder.c rdreq.o responder.c s2p.c s4u2proxy.c
TEST_DB = ./testdb
TEST_REALM = FOO.TEST.REALM
@@ -33,6 +33,9 @@ gcred: gcred.o $(KRB5_BASE_DEPLIBS)
hist: hist.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ hist.o $(KDB5_LIBS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+hooks: hooks.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ hooks.o $(KRB5_BASE_LIBS)
+
hrealm: hrealm.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ hrealm.o $(KRB5_BASE_LIBS)
@@ -107,9 +110,10 @@ kdb_check: kdc.conf krb5.conf
$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
$(RM) $(TEST_DB)* stash_file
-check-pytests:: adata etinfo gcred hist hrealm icred kdbtest localauth
+check-pytests:: adata etinfo gcred hist hooks hrealm icred kdbtest localauth
check-pytests:: plugorder rdreq responder s2p s4u2proxy unlockiter
$(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_hooks.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
@@ -159,7 +163,7 @@ check-pytests:: plugorder rdreq responder s2p s4u2proxy unlockiter
$(RUNPYTEST) $(srcdir)/t_tabdump.py $(PYTESTFLAGS)
clean::
- $(RM) adata etinfo gcred hist hrealm icred kdbtest localauth plugorder
- $(RM) rdreq responder s2p s4u2proxy krb5.conf kdc.conf
+ $(RM) adata etinfo gcred hist hooks hrealm icred kdbtest localauth
+ $(RM) plugorder rdreq responder s2p s4u2proxy krb5.conf kdc.conf
$(RM) -rf kdc_realm/sandbox ldap
$(RM) au.log
diff --git a/src/tests/deps b/src/tests/deps
index d280026..55df1a7 100644
--- a/src/tests/deps
+++ b/src/tests/deps
@@ -50,6 +50,16 @@ $(OUTPRE)hist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
hist.c
+$(OUTPRE)hooks.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h hooks.c
$(OUTPRE)hrealm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
diff --git a/src/tests/hooks.c b/src/tests/hooks.c
new file mode 100644
index 0000000..fabdb89
--- /dev/null
+++ b/src/tests/hooks.c
@@ -0,0 +1,253 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/hooks.c - test harness for KDC send and recv hooks */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check_code(krb5_error_code code, const char *file, int line)
+{
+ const char *errmsg;
+
+ if (code) {
+ errmsg = krb5_get_error_message(ctx, code);
+ fprintf(stderr, "%s:%d -- %s (code=%d)\n", file, line, errmsg,
+ (int)code);
+ krb5_free_error_message(ctx, errmsg);
+ exit(1);
+ }
+}
+
+#define check(code) check_code((code), __FILE__, __LINE__)
+
+/* Verify that the canonicalize bit is set in an AS-REQ and remove it. */
+static krb5_error_code
+test_send_as_req(krb5_context context, void *data, const krb5_data *realm,
+ const krb5_data *message, krb5_data **new_message_out,
+ krb5_data **reply_out)
+{
+ krb5_kdc_req *as_req;
+ int cmp;
+
+ assert(krb5_is_as_req(message));
+ check(decode_krb5_as_req(message, &as_req));
+
+ assert(as_req->msg_type == KRB5_AS_REQ);
+ assert(as_req->kdc_options & KDC_OPT_CANONICALIZE);
+ assert(as_req->client->realm.length == realm->length);
+ cmp = memcmp(as_req->client->realm.data, realm->data, realm->length);
+ assert(cmp == 0);
+
+ /* Remove the canonicalize flag and create a new message. */
+ as_req->kdc_options &= ~KDC_OPT_CANONICALIZE;
+ check(encode_krb5_as_req(as_req, new_message_out));
+
+ krb5_free_kdc_req(context, as_req);
+ return 0;
+}
+
+/* Verify that reply is an AS-REP with kvno 1 and a valid enctype. */
+static krb5_error_code
+test_recv_as_rep(krb5_context context, void *data, krb5_error_code code,
+ const krb5_data *realm, const krb5_data *message,
+ const krb5_data *reply, krb5_data **new_reply)
+{
+ krb5_kdc_rep *as_rep;
+
+ assert(code == 0);
+ assert(krb5_is_as_rep(reply));
+ check(decode_krb5_as_rep(reply, &as_rep));
+
+ assert(as_rep->msg_type == KRB5_AS_REP);
+ assert(as_rep->ticket->enc_part.kvno == 1);
+ assert(krb5_c_valid_enctype(as_rep->ticket->enc_part.enctype));
+
+ krb5_free_kdc_rep(context, as_rep);
+ return 0;
+}
+
+/* Create a fake error reply. */
+static krb5_error_code
+test_send_error(krb5_context context, void *data, const krb5_data *realm,
+ const krb5_data *message, krb5_data **new_message_out,
+ krb5_data **reply_out)
+{
+ krb5_error_code ret;
+ krb5_error err;
+ krb5_principal client, server;
+ char *realm_str, *princ_str;
+ int r;
+
+ realm_str = k5memdup0(realm->data, realm->length, &ret);
+ check(ret);
+
+ r = asprintf(&princ_str, "invalid@%s", realm_str);
+ assert(r > 0);
+ check(krb5_parse_name(ctx, princ_str, &client));
+ free(princ_str);
+
+ r = asprintf(&princ_str, "krbtgt@%s", realm_str);
+ assert(r > 0);
+ check(krb5_parse_name(ctx, princ_str, &server));
+ free(princ_str);
+ free(realm_str);
+
+ err.magic = KV5M_ERROR;
+ err.ctime = 1971196337;
+ err.cusec = 0;
+ err.susec = 97008;
+ err.stime = 1458219390;
+ err.error = 6;
+ err.client = client;
+ err.server = server;
+ err.text = string2data("CLIENT_NOT_FOUND");
+ err.e_data = empty_data();
+ check(encode_krb5_error(&err, reply_out));
+
+ krb5_free_principal(ctx, client);
+ krb5_free_principal(ctx, server);
+ return 0;
+}
+
+static krb5_error_code
+test_recv_error(krb5_context context, void *data, krb5_error_code code,
+ const krb5_data *realm, const krb5_data *message,
+ const krb5_data *reply, krb5_data **new_reply)
+{
+ /* The send hook created a reply, so this hook should not be executed. */
+ abort();
+}
+
+/* Modify an AS-REP reply, change the msg_type to KRB5_TGS_REP. */
+static krb5_error_code
+test_recv_modify_reply(krb5_context context, void *data, krb5_error_code code,
+ const krb5_data *realm, const krb5_data *message,
+ const krb5_data *reply, krb5_data **new_reply)
+{
+ krb5_kdc_rep *as_rep;
+
+ assert(code == 0);
+ assert(krb5_is_as_rep(reply));
+ check(decode_krb5_as_rep(reply, &as_rep));
+
+ as_rep->msg_type = KRB5_TGS_REP;
+ check(encode_krb5_as_rep(as_rep, new_reply));
+
+ krb5_free_kdc_rep(context, as_rep);
+ return 0;
+}
+
+/* Return an error given by the callback data argument. */
+static krb5_error_code
+test_send_return_value(krb5_context context, void *data,
+ const krb5_data *realm, const krb5_data *message,
+ krb5_data **new_message_out, krb5_data **reply_out)
+{
+ assert(data != NULL);
+ return *(krb5_error_code *)data;
+}
+
+/* Return an error given by the callback argument. */
+static krb5_error_code
+test_recv_return_value(krb5_context context, void *data, krb5_error_code code,
+ const krb5_data *realm, const krb5_data *message,
+ const krb5_data *reply, krb5_data **new_reply)
+{
+ assert(data != NULL);
+ return *(krb5_error_code *)data;
+}
+
+int
+main(int argc, char *argv[])
+{
+ const char *principal, *password;
+ krb5_principal client;
+ krb5_get_init_creds_opt *opts;
+ krb5_creds creds;
+ krb5_error_code ret, test_return_code;
+
+ if (argc != 3) {
+ fprintf(stderr, "Usage: %s princname password\n", argv[0]);
+ exit(1);
+ }
+ principal = argv[1];
+ password = argv[2];
+
+ check(krb5_init_context(&ctx));
+ check(krb5_parse_name(ctx, principal, &client));
+
+ /* Use a send hook to modify an outgoing AS-REQ. The library will detect
+ * the modification in the reply. */
+ check(krb5_get_init_creds_opt_alloc(ctx, &opts));
+ krb5_get_init_creds_opt_set_canonicalize(opts, 1);
+ krb5_set_kdc_send_hook(ctx, test_send_as_req, NULL);
+ krb5_set_kdc_recv_hook(ctx, test_recv_as_rep, NULL);
+ ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+ NULL, 0, NULL, opts);
+ assert(ret == KRB5_KDCREP_MODIFIED);
+ krb5_get_init_creds_opt_free(ctx, opts);
+
+ /* Use a send hook to synthesize a KRB-ERROR reply. */
+ krb5_set_kdc_send_hook(ctx, test_send_error, NULL);
+ krb5_set_kdc_recv_hook(ctx, test_recv_error, NULL);
+ ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+ NULL, 0, NULL, NULL);
+ assert(ret == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN);
+
+ /* Use a recv hook to modify a KDC reply. */
+ krb5_set_kdc_send_hook(ctx, NULL, NULL);
+ krb5_set_kdc_recv_hook(ctx, test_recv_modify_reply, NULL);
+ ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+ NULL, 0, NULL, NULL);
+ assert(ret == KRB5KRB_AP_ERR_MSG_TYPE);
+
+ /* Verify that the user data pointer works in the send hook. */
+ test_return_code = KRB5KDC_ERR_PREAUTH_FAILED;
+ krb5_set_kdc_send_hook(ctx, test_send_return_value, &test_return_code);
+ krb5_set_kdc_recv_hook(ctx, NULL, NULL);
+ ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+ NULL, 0, NULL, NULL);
+ assert(ret == KRB5KDC_ERR_PREAUTH_FAILED);
+
+ /* Verify that the user data pointer works in the recv hook. */
+ test_return_code = KRB5KDC_ERR_NULL_KEY;
+ krb5_set_kdc_send_hook(ctx, NULL, NULL);
+ krb5_set_kdc_recv_hook(ctx, test_recv_return_value, &test_return_code);
+ ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+ NULL, 0, NULL, NULL);
+ assert(ret == KRB5KDC_ERR_NULL_KEY);
+
+ krb5_free_principal(ctx, client);
+ krb5_free_context(ctx);
+ return 0;
+}
diff --git a/src/tests/t_hooks.py b/src/tests/t_hooks.py
new file mode 100755
index 0000000..58dff3a
--- /dev/null
+++ b/src/tests/t_hooks.py
@@ -0,0 +1,9 @@
+#!/usr/bin/python
+from k5test import *
+
+# Test that KDC send and recv hooks work correctly.
+realm = K5Realm(create_host=False, get_creds=False)
+realm.run(['./hooks', realm.user_princ, password('user')])
+realm.stop()
+
+success('send and recv hook tests')
--
2.8.0.rc3