Blame tests/unittests/torture_packet_filter.c

Packit Service 31306d
/*
Packit Service 31306d
 * This file is part of the SSH Library
Packit Service 31306d
 *
Packit Service 31306d
 * Copyright (c) 2018 by Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Packit Service 31306d
 *
Packit Service 31306d
 * The SSH Library is free software; you can redistribute it and/or modify
Packit Service 31306d
 * it under the terms of the GNU Lesser General Public License as published by
Packit Service 31306d
 * the Free Software Foundation; either version 2.1 of the License, or (at your
Packit Service 31306d
 * option) any later version.
Packit Service 31306d
 *
Packit Service 31306d
 * The SSH Library is distributed in the hope that it will be useful, but
Packit Service 31306d
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
Packit Service 31306d
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
Packit Service 31306d
 * License for more details.
Packit Service 31306d
 *
Packit Service 31306d
 * You should have received a copy of the GNU Lesser General Public License
Packit Service 31306d
 * along with the SSH Library; see the file COPYING.  If not, write to
Packit Service 31306d
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
Packit Service 31306d
 * MA 02111-1307, USA.
Packit Service 31306d
 */
Packit Service 31306d
Packit Service 31306d
/*
Packit Service 31306d
 * This test checks if the messages accepted by the packet filter were intented
Packit Service 31306d
 * to be accepted.
Packit Service 31306d
 *
Packit Service 31306d
 * The process consists in 2 steps:
Packit Service 31306d
 *   - Try the filter with a message type in an arbitrary state
Packit Service 31306d
 *   - If the message is accepted by the filter, check if the message is in the
Packit Service 31306d
 *     set of accepted states.
Packit Service 31306d
 *
Packit Service 31306d
 * Only the values selected by the flag (COMPARE_*) are considered.
Packit Service 31306d
 * */
Packit Service 31306d
Packit Service 31306d
#include "config.h"
Packit Service 31306d
Packit Service 31306d
#define LIBSSH_STATIC
Packit Service 31306d
Packit Service 31306d
#include "torture.h"
Packit Service 31306d
#include "libssh/priv.h"
Packit Service 31306d
#include "libssh/libssh.h"
Packit Service 31306d
#include "libssh/session.h"
Packit Service 31306d
#include "libssh/auth.h"
Packit Service 31306d
#include "libssh/ssh2.h"
Packit Service 31306d
#include "libssh/packet.h"
Packit Service 31306d
Packit Service 31306d
#include "packet.c"
Packit Service 31306d
Packit Service 31306d
#define COMPARE_SESSION_STATE       1
Packit Service 31306d
#define COMPARE_ROLE                (1 << 1)
Packit Service 31306d
#define COMPARE_DH_STATE            (1 << 2)
Packit Service 31306d
#define COMPARE_AUTH_STATE          (1 << 3)
Packit Service 31306d
#define COMPARE_GLOBAL_REQ_STATE    (1 << 4)
Packit Service 31306d
#define COMPARE_CURRENT_METHOD      (1 << 5)
Packit Service 31306d
Packit Service 31306d
#define SESSION_STATE_COUNT 11
Packit Service 31306d
#define DH_STATE_COUNT 4
Packit Service 31306d
#define AUTH_STATE_COUNT 15
Packit Service 31306d
#define GLOBAL_REQ_STATE_COUNT 5
Packit Service 31306d
#define MESSAGE_COUNT 100 // from 1 to 100
Packit Service 31306d
Packit Service 31306d
#define ROLE_CLIENT 0
Packit Service 31306d
#define ROLE_SERVER 1
Packit Service 31306d
Packit Service 31306d
/*
Packit Service 31306d
 * This is the list of currently unfiltered message types.
Packit Service 31306d
 * Only unrecognized types should be in this list.
Packit Service 31306d
 * */
Packit Service 31306d
static uint8_t unfiltered[] = {
Packit Service 31306d
    8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
Packit Service 31306d
    22, 23, 24, 25, 26, 27, 28, 29,
Packit Service 31306d
    35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49,
Packit Service 31306d
    54, 55, 56, 57, 58, 59,
Packit Service 31306d
    62,
Packit Service 31306d
    67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
Packit Service 31306d
    83, 84, 85, 86, 87, 88, 89,
Packit Service 31306d
};
Packit Service 31306d
Packit Service 31306d
typedef struct global_state_st {
Packit Service 31306d
    /* If the bit in this flag is zero, the corresponding state is not
Packit Service 31306d
     * considered, working as a wildcard (meaning any value is accepted) */
Packit Service 31306d
    uint32_t flags;
Packit Service 31306d
    uint8_t role;
Packit Service 31306d
    enum ssh_session_state_e session;
Packit Service 31306d
    enum ssh_dh_state_e dh;
Packit Service 31306d
    enum ssh_auth_state_e auth;
Packit Service 31306d
    enum ssh_channel_request_state_e global_req;
Packit Service 31306d
} global_state;
Packit Service 31306d
Packit Service 31306d
static int cmp_state(const void *e1, const void *e2)
Packit Service 31306d
{
Packit Service 31306d
    global_state *s1 = (global_state *) e1;
Packit Service 31306d
    global_state *s2 = (global_state *) e2;
Packit Service 31306d
Packit Service 31306d
    /* Compare role (client == 0 or server == 1)*/
Packit Service 31306d
    if (s1->role < s2->role) {
Packit Service 31306d
        return -1;
Packit Service 31306d
    }
Packit Service 31306d
    else if (s1->role > s2->role) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    /* Compare session state */
Packit Service 31306d
    if (s1->session < s2->session) {
Packit Service 31306d
        return -1;
Packit Service 31306d
    }
Packit Service 31306d
    else if (s1->session > s2->session) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    /* Compare DH state */
Packit Service 31306d
    if (s1->dh < s2->dh) {
Packit Service 31306d
        return -1;
Packit Service 31306d
    }
Packit Service 31306d
    else if (s1->dh > s2->dh) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    /* Compare auth */
Packit Service 31306d
    if (s1->auth < s2->auth) {
Packit Service 31306d
        return -1;
Packit Service 31306d
    }
Packit Service 31306d
    else if (s1->auth > s2->auth) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    /* Compare global_req */
Packit Service 31306d
    if (s1->global_req < s2->global_req) {
Packit Service 31306d
        return -1;
Packit Service 31306d
    }
Packit Service 31306d
    else if (s1->global_req > s2->global_req) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    /* If all equal, they are equal */
Packit Service 31306d
    return 0;
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static int cmp_state_search(const void *key, const void *array_element)
Packit Service 31306d
{
Packit Service 31306d
    global_state *s1 = (global_state *) key;
Packit Service 31306d
    global_state *s2 = (global_state *) array_element;
Packit Service 31306d
Packit Service 31306d
    int result = 0;
Packit Service 31306d
Packit Service 31306d
    if (s2->flags & COMPARE_ROLE) {
Packit Service 31306d
        /* Compare role (client == 0 or server == 1)*/
Packit Service 31306d
        if (s1->role < s2->role) {
Packit Service 31306d
            return -1;
Packit Service 31306d
        }
Packit Service 31306d
        else if (s1->role > s2->role) {
Packit Service 31306d
            return 1;
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    if (s2->flags & COMPARE_SESSION_STATE) {
Packit Service 31306d
        /* Compare session state */
Packit Service 31306d
        if (s1->session < s2->session) {
Packit Service 31306d
            result = -1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
        else if (s1->session > s2->session) {
Packit Service 31306d
            result = 1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    if (s2->flags & COMPARE_DH_STATE) {
Packit Service 31306d
        /* Compare DH state */
Packit Service 31306d
        if (s1->dh < s2->dh) {
Packit Service 31306d
            result = -1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
        else if (s1->dh > s2->dh) {
Packit Service 31306d
            result = 1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    if (s2->flags & COMPARE_AUTH_STATE) {
Packit Service 31306d
        /* Compare auth */
Packit Service 31306d
        if (s1->auth < s2->auth) {
Packit Service 31306d
            result = -1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
        else if (s1->auth > s2->auth) {
Packit Service 31306d
            result = 1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    if (s2->flags & COMPARE_GLOBAL_REQ_STATE) {
Packit Service 31306d
        /* Compare global_req */
Packit Service 31306d
        if (s1->global_req < s2->global_req) {
Packit Service 31306d
            result = -1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
        else if (s1->global_req > s2->global_req) {
Packit Service 31306d
            result = 1;
Packit Service 31306d
            goto end;
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
end:
Packit Service 31306d
    return result;
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static int is_state_accepted(global_state *tested, global_state *accepted,
Packit Service 31306d
                             int accepted_len)
Packit Service 31306d
{
Packit Service 31306d
    global_state *found = NULL;
Packit Service 31306d
Packit Service 31306d
    found = bsearch(tested, accepted, accepted_len, sizeof(global_state),
Packit Service 31306d
                    cmp_state_search);
Packit Service 31306d
Packit Service 31306d
    if (found != NULL) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    return 0;
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static int cmp_uint8(const void *i, const void *j)
Packit Service 31306d
{
Packit Service 31306d
    uint8_t e1 = *((uint8_t *)i);
Packit Service 31306d
    uint8_t e2 = *((uint8_t *)j);
Packit Service 31306d
Packit Service 31306d
    if (e1 < e2) {
Packit Service 31306d
        return -1;
Packit Service 31306d
    }
Packit Service 31306d
    else if (e1 > e2) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    return 0;
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static int check_unfiltered(uint8_t msg_type)
Packit Service 31306d
{
Packit Service 31306d
    uint8_t *found;
Packit Service 31306d
Packit Service 31306d
    found = bsearch(&msg_type, unfiltered, sizeof(unfiltered)/sizeof(uint8_t),
Packit Service 31306d
                    sizeof(uint8_t), cmp_uint8);
Packit Service 31306d
Packit Service 31306d
    if (found != NULL) {
Packit Service 31306d
        return 1;
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    return 0;
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static void torture_packet_filter_check_unfiltered(void **state)
Packit Service 31306d
{
Packit Service 31306d
    ssh_session session;
Packit Service 31306d
Packit Service 31306d
    int role_c;
Packit Service 31306d
    int auth_c;
Packit Service 31306d
    int session_c;
Packit Service 31306d
    int dh_c;
Packit Service 31306d
    int global_req_c;
Packit Service 31306d
Packit Service 31306d
    uint8_t msg_type;
Packit Service 31306d
Packit Service 31306d
    enum ssh_packet_filter_result_e rc;
Packit Service 31306d
    int in_unfiltered;
Packit Service 31306d
Packit Service 31306d
    (void)state;
Packit Service 31306d
Packit Service 31306d
    session = ssh_new();
Packit Service 31306d
Packit Service 31306d
    for (msg_type = 1; msg_type <= MESSAGE_COUNT; msg_type++) {
Packit Service 31306d
        session->in_packet.type = msg_type;
Packit Service 31306d
        for (role_c = 0; role_c < 2; role_c++) {
Packit Service 31306d
            session->server = role_c;
Packit Service 31306d
            for (session_c = 0; session_c < SESSION_STATE_COUNT; session_c++) {
Packit Service 31306d
                session->session_state = session_c;
Packit Service 31306d
                for (dh_c = 0; dh_c < DH_STATE_COUNT; dh_c++) {
Packit Service 31306d
                    session->dh_handshake_state = dh_c;
Packit Service 31306d
                    for (auth_c = 0; auth_c < AUTH_STATE_COUNT; auth_c++) {
Packit Service 31306d
                        session->auth.state = auth_c;
Packit Service 31306d
                        for (global_req_c = 0;
Packit Service 31306d
                                global_req_c < GLOBAL_REQ_STATE_COUNT;
Packit Service 31306d
                                global_req_c++)
Packit Service 31306d
                        {
Packit Service 31306d
                            session->global_req_state = global_req_c;
Packit Service 31306d
Packit Service 31306d
                            rc = ssh_packet_incoming_filter(session);
Packit Service 31306d
Packit Service 31306d
                            if (rc == SSH_PACKET_UNKNOWN) {
Packit Service 31306d
                                in_unfiltered = check_unfiltered(msg_type);
Packit Service 31306d
Packit Service 31306d
                                if (!in_unfiltered) {
Packit Service 31306d
                                    fprintf(stderr, "Message type %d UNFILTERED "
Packit Service 31306d
                                            "in state: role %d, session %d, dh %d, auth %d\n",
Packit Service 31306d
                                            msg_type, role_c, session_c, dh_c, auth_c);
Packit Service 31306d
                                }
Packit Service 31306d
                                assert_int_equal(in_unfiltered, 1);
Packit Service 31306d
                            }
Packit Service 31306d
                            else {
Packit Service 31306d
                                in_unfiltered = check_unfiltered(msg_type);
Packit Service 31306d
Packit Service 31306d
                                if (in_unfiltered) {
Packit Service 31306d
                                    fprintf(stderr, "Message type %d NOT UNFILTERED "
Packit Service 31306d
                                            "in state: role %d, session %d, dh %d, auth %d\n",
Packit Service 31306d
                                            msg_type, role_c, session_c, dh_c, auth_c);
Packit Service 31306d
                                }
Packit Service 31306d
                                assert_int_equal(in_unfiltered, 0);
Packit Service 31306d
                            }
Packit Service 31306d
                        }
Packit Service 31306d
                    }
Packit Service 31306d
                }
Packit Service 31306d
            }
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
    ssh_free(session);
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static int check_message_in_all_states(global_state accepted[],
Packit Service 31306d
                                       int accepted_count, uint8_t msg_type)
Packit Service 31306d
{
Packit Service 31306d
    ssh_session session;
Packit Service 31306d
Packit Service 31306d
    int role_c;
Packit Service 31306d
    int auth_c;
Packit Service 31306d
    int session_c;
Packit Service 31306d
    int dh_c;
Packit Service 31306d
    int global_req_c;
Packit Service 31306d
Packit Service 31306d
    enum ssh_packet_filter_result_e rc;
Packit Service 31306d
    int in_accepted;
Packit Service 31306d
Packit Service 31306d
    global_state key;
Packit Service 31306d
Packit Service 31306d
    session = ssh_new();
Packit Service 31306d
Packit Service 31306d
    /* Sort the accepted array so that the elements can be searched using
Packit Service 31306d
     * bsearch */
Packit Service 31306d
    qsort(accepted, accepted_count, sizeof(global_state), cmp_state);
Packit Service 31306d
Packit Service 31306d
    session->in_packet.type = msg_type;
Packit Service 31306d
Packit Service 31306d
    for (role_c = 0; role_c < 2; role_c++) {
Packit Service 31306d
        session->server = role_c;
Packit Service 31306d
        key.role = role_c;
Packit Service 31306d
        for (session_c = 0; session_c < SESSION_STATE_COUNT; session_c++) {
Packit Service 31306d
            session->session_state = session_c;
Packit Service 31306d
            key.session = session_c;
Packit Service 31306d
            for (dh_c = 0; dh_c < DH_STATE_COUNT; dh_c++) {
Packit Service 31306d
                session->dh_handshake_state = dh_c;
Packit Service 31306d
                key.dh = dh_c;
Packit Service 31306d
                for (auth_c = 0; auth_c < AUTH_STATE_COUNT; auth_c++) {
Packit Service 31306d
                    session->auth.state = auth_c;
Packit Service 31306d
                    key.auth = auth_c;
Packit Service 31306d
                    for (global_req_c = 0;
Packit Service 31306d
                         global_req_c < GLOBAL_REQ_STATE_COUNT;
Packit Service 31306d
                         global_req_c++)
Packit Service 31306d
                    {
Packit Service 31306d
                        session->global_req_state = global_req_c;
Packit Service 31306d
                        key.global_req = global_req_c;
Packit Service 31306d
Packit Service 31306d
                        rc = ssh_packet_incoming_filter(session);
Packit Service 31306d
Packit Service 31306d
                        if (rc == SSH_PACKET_ALLOWED) {
Packit Service 31306d
                            in_accepted = is_state_accepted(&key, accepted,
Packit Service 31306d
                                                         accepted_count);
Packit Service 31306d
Packit Service 31306d
                            if (!in_accepted) {
Packit Service 31306d
                                fprintf(stderr, "Message type %d ALLOWED "
Packit Service 31306d
                                        "in state: role %d, session %d, dh %d, auth %d\n",
Packit Service 31306d
                                        msg_type, role_c, session_c, dh_c, auth_c);
Packit Service 31306d
                            }
Packit Service 31306d
                            assert_int_equal(in_accepted, 1);
Packit Service 31306d
                        }
Packit Service 31306d
                        else if (rc == SSH_PACKET_DENIED) {
Packit Service 31306d
                            in_accepted = is_state_accepted(&key, accepted, accepted_count);
Packit Service 31306d
Packit Service 31306d
                            if (in_accepted) {
Packit Service 31306d
                                fprintf(stderr, "Message type %d DENIED "
Packit Service 31306d
                                        "in state: role %d, session %d, dh %d, auth %d\n",
Packit Service 31306d
                                        msg_type, role_c, session_c, dh_c, auth_c);
Packit Service 31306d
                            }
Packit Service 31306d
                            assert_int_equal(in_accepted, 0);
Packit Service 31306d
                        }
Packit Service 31306d
                        else {
Packit Service 31306d
                            fprintf(stderr, "Message type %d UNFILTERED "
Packit Service 31306d
                                    "in state: role %d, session %d, dh %d, auth %d\n",
Packit Service 31306d
                                    msg_type, role_c, session_c, dh_c, auth_c);
Packit Service 31306d
                        }
Packit Service 31306d
                    }
Packit Service 31306d
                }
Packit Service 31306d
            }
Packit Service 31306d
        }
Packit Service 31306d
    }
Packit Service 31306d
Packit Service 31306d
    ssh_free(session);
Packit Service 31306d
    return 0;
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static void torture_packet_filter_check_auth_success(void **state)
Packit Service 31306d
{
Packit Service 31306d
    int rc;
Packit Service 31306d
Packit Service 31306d
    global_state accepted[] = {
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_ROLE |
Packit Service 31306d
                    COMPARE_AUTH_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE),
Packit Service 31306d
            .role = ROLE_CLIENT,
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATING,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
            .auth = SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
Packit Service 31306d
        },
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_ROLE |
Packit Service 31306d
                    COMPARE_AUTH_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE),
Packit Service 31306d
            .role = ROLE_CLIENT,
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATING,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
            .auth = SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
Packit Service 31306d
        },
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_ROLE |
Packit Service 31306d
                    COMPARE_AUTH_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE),
Packit Service 31306d
            .role = ROLE_CLIENT,
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATING,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
            .auth = SSH_AUTH_STATE_GSSAPI_MIC_SENT,
Packit Service 31306d
        },
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_ROLE |
Packit Service 31306d
                    COMPARE_AUTH_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE),
Packit Service 31306d
            .role = ROLE_CLIENT,
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATING,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
            .auth = SSH_AUTH_STATE_KBDINT_SENT,
Packit Service 31306d
        },
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_ROLE |
Packit Service 31306d
                    COMPARE_AUTH_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE |
Packit Service 31306d
                    COMPARE_CURRENT_METHOD),
Packit Service 31306d
            .role = ROLE_CLIENT,
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATING,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
            .auth = SSH_AUTH_STATE_AUTH_NONE_SENT,
Packit Service 31306d
        }
Packit Service 31306d
    };
Packit Service 31306d
Packit Service 31306d
    int accepted_count = 5;
Packit Service 31306d
Packit Service 31306d
    /* Unused */
Packit Service 31306d
    (void) state;
Packit Service 31306d
Packit Service 31306d
    rc = check_message_in_all_states(accepted, accepted_count,
Packit Service 31306d
            SSH2_MSG_USERAUTH_SUCCESS);
Packit Service 31306d
Packit Service 31306d
    assert_int_equal(rc, 0);
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static void torture_packet_filter_check_msg_ext_info(void **state)
Packit Service 31306d
{
Packit Service 31306d
    int rc;
Packit Service 31306d
Packit Service 31306d
    global_state accepted[] = {
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE),
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATING,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
        },
Packit Service 31306d
        {
Packit Service 31306d
            .flags = (COMPARE_SESSION_STATE |
Packit Service 31306d
                    COMPARE_DH_STATE),
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATED,
Packit Service 31306d
            .dh = DH_STATE_FINISHED,
Packit Service 31306d
        },
Packit Service 31306d
    };
Packit Service 31306d
Packit Service 31306d
    int accepted_count = 2;
Packit Service 31306d
Packit Service 31306d
    /* Unused */
Packit Service 31306d
    (void) state;
Packit Service 31306d
Packit Service 31306d
    rc = check_message_in_all_states(accepted, accepted_count,
Packit Service 31306d
            SSH2_MSG_EXT_INFO);
Packit Service 31306d
Packit Service 31306d
    assert_int_equal(rc, 0);
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
static void torture_packet_filter_check_channel_open(void **state)
Packit Service 31306d
{
Packit Service 31306d
    int rc;
Packit Service 31306d
Packit Service 31306d
    /* The only condition to accept a CHANNEL_OPEN is to be authenticated */
Packit Service 31306d
    global_state accepted[] = {
Packit Service 31306d
        {
Packit Service 31306d
            .flags = COMPARE_SESSION_STATE,
Packit Service 31306d
            .session = SSH_SESSION_STATE_AUTHENTICATED,
Packit Service 31306d
        }
Packit Service 31306d
    };
Packit Service 31306d
Packit Service 31306d
    int accepted_count = 1;
Packit Service 31306d
Packit Service 31306d
    /* Unused */
Packit Service 31306d
    (void) state;
Packit Service 31306d
Packit Service 31306d
    rc = check_message_in_all_states(accepted, accepted_count,
Packit Service 31306d
            SSH2_MSG_CHANNEL_OPEN);
Packit Service 31306d
Packit Service 31306d
    assert_int_equal(rc, 0);
Packit Service 31306d
}
Packit Service 31306d
Packit Service 31306d
int torture_run_tests(void)
Packit Service 31306d
{
Packit Service 31306d
    int rc;
Packit Service 31306d
    struct CMUnitTest tests[] = {
Packit Service 31306d
        cmocka_unit_test(torture_packet_filter_check_auth_success),
Packit Service 31306d
        cmocka_unit_test(torture_packet_filter_check_channel_open),
Packit Service 31306d
        cmocka_unit_test(torture_packet_filter_check_unfiltered),
Packit Service 31306d
        cmocka_unit_test(torture_packet_filter_check_msg_ext_info)
Packit Service 31306d
    };
Packit Service 31306d
Packit Service 31306d
    ssh_init();
Packit Service 31306d
    torture_filter_tests(tests);
Packit Service 31306d
    rc = cmocka_run_group_tests(tests, NULL, NULL);
Packit Service 31306d
    ssh_finalize();
Packit Service 31306d
    return rc;
Packit Service 31306d
}