From e60e5e0a8e8e98edae8c678e5c300b30368006fb Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 7 Mar 2016 17:59:07 +0100 Subject: [PATCH 2/2] Add tests for send and receive sendto_kdc hooks [ghudson@mit.edu: style changes] ticket: 8386 Conflicts: src/tests/Makefile.in [rharwood@redhat.com: fix cherry-pick merge conflicts] [rharwood@redhat.com: remove references to .gitignore] --- src/tests/Makefile.in | 12 ++- src/tests/deps | 10 ++ src/tests/hooks.c | 253 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/tests/t_hooks.py | 9 ++ 5 files changed, 281 insertions(+), 4 deletions(-) create mode 100644 src/tests/hooks.c create mode 100755 src/tests/t_hooks.py diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index b24e197..0fc0ea9 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -6,9 +6,9 @@ SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \ RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \ LC_ALL=C $(VALGRIND) -OBJS= adata.o etinfo.o gcred.o hist.o hrealm.o kdbtest.o plugorder.o \ +OBJS= adata.o etinfo.o gcred.o hist.o hooks.o hrealm.o kdbtest.o plugorder.o \ t_init_creds.o t_localauth.o rdreq.o responder.o s2p.o s4u2proxy.o -EXTRADEPSRCS= adata.c etinfo.c gcred.c hist.c hrealm.c kdbtest.c plugorder.c \ +EXTRADEPSRCS= adata.c etinfo.c gcred.c hist.c hooks.c hrealm.c kdbtest.c plugorder.c \ t_init_creds.c t_localauth.c rdreq.o responder.c s2p.c s4u2proxy.c TEST_DB = ./testdb @@ -33,6 +33,9 @@ gcred: gcred.o $(KRB5_BASE_DEPLIBS) hist: hist.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ hist.o $(KDB5_LIBS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) +hooks: hooks.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ hooks.o $(KRB5_BASE_LIBS) + hrealm: hrealm.o $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ hrealm.o $(KRB5_BASE_LIBS) @@ -107,9 +110,10 @@ kdb_check: kdc.conf krb5.conf $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f $(RM) $(TEST_DB)* stash_file -check-pytests:: adata etinfo gcred hist hrealm kdbtest plugorder rdreq +check-pytests:: adata etinfo gcred hist hooks hrealm kdbtest plugorder rdreq check-pytests:: responder s2p s4u2proxy t_init_creds t_localauth unlockiter $(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_hooks.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS) @@ -159,7 +163,7 @@ check-pytests:: responder s2p s4u2proxy t_init_creds t_localauth unlockiter $(RUNPYTEST) $(srcdir)/t_tabdump.py $(PYTESTFLAGS) clean:: - $(RM) gcred hist hrealm kdbtest plugorder rdreq responder s2p + $(RM) gcred hist hooks hrealm kdbtest plugorder rdreq responder s2p $(RM) adata etinfo gcred hist hrealm kdbtest plugorder rdreq responder $(RM) s2p s4u2proxy t_init_creds t_localauth krb5.conf kdc.conf $(RM) -rf kdc_realm/sandbox ldap diff --git a/src/tests/deps b/src/tests/deps index de33c55..3634dc4 100644 --- a/src/tests/deps +++ b/src/tests/deps @@ -50,6 +50,16 @@ $(OUTPRE)hist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ hist.c +$(OUTPRE)hooks.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h hooks.c $(OUTPRE)hrealm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ diff --git a/src/tests/hooks.c b/src/tests/hooks.c new file mode 100644 index 0000000..fabdb89 --- /dev/null +++ b/src/tests/hooks.c @@ -0,0 +1,253 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* tests/hooks.c - test harness for KDC send and recv hooks */ +/* + * Copyright (C) 2016 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "k5-int.h" + +static krb5_context ctx; + +static void +check_code(krb5_error_code code, const char *file, int line) +{ + const char *errmsg; + + if (code) { + errmsg = krb5_get_error_message(ctx, code); + fprintf(stderr, "%s:%d -- %s (code=%d)\n", file, line, errmsg, + (int)code); + krb5_free_error_message(ctx, errmsg); + exit(1); + } +} + +#define check(code) check_code((code), __FILE__, __LINE__) + +/* Verify that the canonicalize bit is set in an AS-REQ and remove it. */ +static krb5_error_code +test_send_as_req(krb5_context context, void *data, const krb5_data *realm, + const krb5_data *message, krb5_data **new_message_out, + krb5_data **reply_out) +{ + krb5_kdc_req *as_req; + int cmp; + + assert(krb5_is_as_req(message)); + check(decode_krb5_as_req(message, &as_req)); + + assert(as_req->msg_type == KRB5_AS_REQ); + assert(as_req->kdc_options & KDC_OPT_CANONICALIZE); + assert(as_req->client->realm.length == realm->length); + cmp = memcmp(as_req->client->realm.data, realm->data, realm->length); + assert(cmp == 0); + + /* Remove the canonicalize flag and create a new message. */ + as_req->kdc_options &= ~KDC_OPT_CANONICALIZE; + check(encode_krb5_as_req(as_req, new_message_out)); + + krb5_free_kdc_req(context, as_req); + return 0; +} + +/* Verify that reply is an AS-REP with kvno 1 and a valid enctype. */ +static krb5_error_code +test_recv_as_rep(krb5_context context, void *data, krb5_error_code code, + const krb5_data *realm, const krb5_data *message, + const krb5_data *reply, krb5_data **new_reply) +{ + krb5_kdc_rep *as_rep; + + assert(code == 0); + assert(krb5_is_as_rep(reply)); + check(decode_krb5_as_rep(reply, &as_rep)); + + assert(as_rep->msg_type == KRB5_AS_REP); + assert(as_rep->ticket->enc_part.kvno == 1); + assert(krb5_c_valid_enctype(as_rep->ticket->enc_part.enctype)); + + krb5_free_kdc_rep(context, as_rep); + return 0; +} + +/* Create a fake error reply. */ +static krb5_error_code +test_send_error(krb5_context context, void *data, const krb5_data *realm, + const krb5_data *message, krb5_data **new_message_out, + krb5_data **reply_out) +{ + krb5_error_code ret; + krb5_error err; + krb5_principal client, server; + char *realm_str, *princ_str; + int r; + + realm_str = k5memdup0(realm->data, realm->length, &ret); + check(ret); + + r = asprintf(&princ_str, "invalid@%s", realm_str); + assert(r > 0); + check(krb5_parse_name(ctx, princ_str, &client)); + free(princ_str); + + r = asprintf(&princ_str, "krbtgt@%s", realm_str); + assert(r > 0); + check(krb5_parse_name(ctx, princ_str, &server)); + free(princ_str); + free(realm_str); + + err.magic = KV5M_ERROR; + err.ctime = 1971196337; + err.cusec = 0; + err.susec = 97008; + err.stime = 1458219390; + err.error = 6; + err.client = client; + err.server = server; + err.text = string2data("CLIENT_NOT_FOUND"); + err.e_data = empty_data(); + check(encode_krb5_error(&err, reply_out)); + + krb5_free_principal(ctx, client); + krb5_free_principal(ctx, server); + return 0; +} + +static krb5_error_code +test_recv_error(krb5_context context, void *data, krb5_error_code code, + const krb5_data *realm, const krb5_data *message, + const krb5_data *reply, krb5_data **new_reply) +{ + /* The send hook created a reply, so this hook should not be executed. */ + abort(); +} + +/* Modify an AS-REP reply, change the msg_type to KRB5_TGS_REP. */ +static krb5_error_code +test_recv_modify_reply(krb5_context context, void *data, krb5_error_code code, + const krb5_data *realm, const krb5_data *message, + const krb5_data *reply, krb5_data **new_reply) +{ + krb5_kdc_rep *as_rep; + + assert(code == 0); + assert(krb5_is_as_rep(reply)); + check(decode_krb5_as_rep(reply, &as_rep)); + + as_rep->msg_type = KRB5_TGS_REP; + check(encode_krb5_as_rep(as_rep, new_reply)); + + krb5_free_kdc_rep(context, as_rep); + return 0; +} + +/* Return an error given by the callback data argument. */ +static krb5_error_code +test_send_return_value(krb5_context context, void *data, + const krb5_data *realm, const krb5_data *message, + krb5_data **new_message_out, krb5_data **reply_out) +{ + assert(data != NULL); + return *(krb5_error_code *)data; +} + +/* Return an error given by the callback argument. */ +static krb5_error_code +test_recv_return_value(krb5_context context, void *data, krb5_error_code code, + const krb5_data *realm, const krb5_data *message, + const krb5_data *reply, krb5_data **new_reply) +{ + assert(data != NULL); + return *(krb5_error_code *)data; +} + +int +main(int argc, char *argv[]) +{ + const char *principal, *password; + krb5_principal client; + krb5_get_init_creds_opt *opts; + krb5_creds creds; + krb5_error_code ret, test_return_code; + + if (argc != 3) { + fprintf(stderr, "Usage: %s princname password\n", argv[0]); + exit(1); + } + principal = argv[1]; + password = argv[2]; + + check(krb5_init_context(&ctx)); + check(krb5_parse_name(ctx, principal, &client)); + + /* Use a send hook to modify an outgoing AS-REQ. The library will detect + * the modification in the reply. */ + check(krb5_get_init_creds_opt_alloc(ctx, &opts)); + krb5_get_init_creds_opt_set_canonicalize(opts, 1); + krb5_set_kdc_send_hook(ctx, test_send_as_req, NULL); + krb5_set_kdc_recv_hook(ctx, test_recv_as_rep, NULL); + ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL, + NULL, 0, NULL, opts); + assert(ret == KRB5_KDCREP_MODIFIED); + krb5_get_init_creds_opt_free(ctx, opts); + + /* Use a send hook to synthesize a KRB-ERROR reply. */ + krb5_set_kdc_send_hook(ctx, test_send_error, NULL); + krb5_set_kdc_recv_hook(ctx, test_recv_error, NULL); + ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL, + NULL, 0, NULL, NULL); + assert(ret == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN); + + /* Use a recv hook to modify a KDC reply. */ + krb5_set_kdc_send_hook(ctx, NULL, NULL); + krb5_set_kdc_recv_hook(ctx, test_recv_modify_reply, NULL); + ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL, + NULL, 0, NULL, NULL); + assert(ret == KRB5KRB_AP_ERR_MSG_TYPE); + + /* Verify that the user data pointer works in the send hook. */ + test_return_code = KRB5KDC_ERR_PREAUTH_FAILED; + krb5_set_kdc_send_hook(ctx, test_send_return_value, &test_return_code); + krb5_set_kdc_recv_hook(ctx, NULL, NULL); + ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL, + NULL, 0, NULL, NULL); + assert(ret == KRB5KDC_ERR_PREAUTH_FAILED); + + /* Verify that the user data pointer works in the recv hook. */ + test_return_code = KRB5KDC_ERR_NULL_KEY; + krb5_set_kdc_send_hook(ctx, NULL, NULL); + krb5_set_kdc_recv_hook(ctx, test_recv_return_value, &test_return_code); + ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL, + NULL, 0, NULL, NULL); + assert(ret == KRB5KDC_ERR_NULL_KEY); + + krb5_free_principal(ctx, client); + krb5_free_context(ctx); + return 0; +} diff --git a/src/tests/t_hooks.py b/src/tests/t_hooks.py new file mode 100755 index 0000000..58dff3a --- /dev/null +++ b/src/tests/t_hooks.py @@ -0,0 +1,9 @@ +#!/usr/bin/python +from k5test import * + +# Test that KDC send and recv hooks work correctly. +realm = K5Realm(create_host=False, get_creds=False) +realm.run(['./hooks', realm.user_princ, password('user')]) +realm.stop() + +success('send and recv hook tests') -- 2.8.0.rc3