Tree - source-git/perl-Authen-SASL

source-git / perl-Authen-SASL

Blame t/server/digest_md5.t

Blob History Raw

Packit	ae5a87	`#!perl`
Packit	ae5a87	`use strict;`
Packit	ae5a87	`use warnings;`
Packit	ae5a87
Packit	ae5a87	`BEGIN {`
Packit	ae5a87	`require Test::More;`
Packit	ae5a87	`eval { require Digest::MD5 } or Test::More->import(skip_all => 'Need Digest::MD5');`
Packit	ae5a87	`eval { require Digest::HMAC_MD5 } or Test::More->import(skip_all => 'Need Digest::HMAC_MD5');`
Packit	ae5a87	`}`
Packit	ae5a87
Packit	ae5a87	`use Test::More (tests => 33);`
Packit	ae5a87
Packit	ae5a87	`use Authen::SASL qw(Perl);`
Packit	ae5a87	`use_ok 'Authen::SASL::Perl::DIGEST_MD5';`
Packit	ae5a87
Packit	ae5a87	`my $authname;`
Packit	ae5a87
Packit	ae5a87	`my $sasl = Authen::SASL->new(`
Packit	ae5a87	`mechanism => 'DIGEST-MD5',`
Packit	ae5a87	`callback => {`
Packit	ae5a87	`getsecret => sub { $_[2]->('fred') },`
Packit	ae5a87	`},`
Packit	ae5a87	`);`
Packit	ae5a87	`ok($sasl,'new');`
Packit	ae5a87
Packit	ae5a87	`no warnings 'once';`
Packit	ae5a87	`# override for testing as by default it uses $$, time and rand`
Packit	ae5a87	`$Authen::SASL::Perl::DIGEST_MD5::NONCE = "foobaz";`
Packit	ae5a87
Packit	ae5a87	`is($sasl->mechanism, 'DIGEST-MD5', 'sasl mechanism');`
Packit	ae5a87	`my $server = $sasl->server_new("ldap","elwood.innosoft.com", { no_integrity => 1 });`
Packit	ae5a87	`is($server->mechanism, 'DIGEST-MD5', 'conn mechanism');`
Packit	ae5a87
Packit	ae5a87	`## simple success without authzid`
Packit	ae5a87	`{`
Packit	ae5a87	`my $expected_ss = join ",",`
Packit	ae5a87	`'algorithm=md5-sess',`
Packit	ae5a87	`'charset=utf-8',`
Packit	ae5a87	`'cipher="rc4,3des,des,rc4-56,rc4-40"',`
Packit	ae5a87	`'maxbuf=16777215',`
Packit	ae5a87	`'nonce="80338e79d2ca9b9c090ebaaa2ef293c7"',`
Packit	ae5a87	`'qop="auth"',`
Packit	ae5a87	`'realm="elwood.innosoft.com"';`
Packit	ae5a87
Packit	ae5a87	`my $ss;`
Packit	ae5a87	`$server->server_start('', sub { $ss = shift });`
Packit	ae5a87	`is($ss, $expected_ss, 'server_start');`
Packit	ae5a87
Packit	ae5a87	`my $c1 = join ",", qw(`
Packit	ae5a87	`charset=utf-8`
Packit	ae5a87	`cnonce="3858f62230ac3c915f300c664312c63f"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`nc=00000001`
Packit	ae5a87	`nonce="80338e79d2ca9b9c090ebaaa2ef293c7"`
Packit	ae5a87	`qop=auth`
Packit	ae5a87	`realm="elwood.innosoft.com"`
Packit	ae5a87	`response=39ab7388b1f52492b1b87cda55177d04`
Packit	ae5a87	`username="gbarr"`
Packit	ae5a87	`);`
Packit	ae5a87
Packit	ae5a87	`my $s1;`
Packit	ae5a87	`$server->server_step($c1, sub { $s1 = shift });`
Packit	ae5a87	`ok $server->is_success, "This is the first and only step";`
Packit	ae5a87	`ok !$server->error, "no error" or diag $server->error;`
Packit	ae5a87	`ok !$server->need_step, "over";`
Packit	ae5a87	`is $server->property('ssf'), 0, "auth doesn't provide any protection";`
Packit	ae5a87	`is($s1, "rspauth=dbf4b44d397bafd53be835344988ec9d", "rspauth matches");`
Packit	ae5a87	`}`
Packit	ae5a87
Packit	ae5a87	`# try with an authname`
Packit	ae5a87	`{`
Packit	ae5a87	`my $expected_ss = join ",",`
Packit	ae5a87	`'algorithm=md5-sess',`
Packit	ae5a87	`'charset=utf-8',`
Packit	ae5a87	`'cipher="rc4,3des,des,rc4-56,rc4-40"',`
Packit	ae5a87	`'maxbuf=16777215',`
Packit	ae5a87	`'nonce="80338e79d2ca9b9c090ebaaa2ef293c7"',`
Packit	ae5a87	`'qop="auth"',`
Packit	ae5a87	`'realm="elwood.innosoft.com"';`
Packit	ae5a87
Packit	ae5a87	`my $ss;`
Packit	ae5a87	`$server->server_start('', sub { $ss = shift });`
Packit	ae5a87	`is($ss, $expected_ss, 'server_start');`
Packit	ae5a87	`ok !$server->is_success, "not success yet";`
Packit	ae5a87	`ok !$server->error, "no error" or diag $server->error;`
Packit	ae5a87	`ok $server->need_step, "we need one more step";`
Packit	ae5a87
Packit	ae5a87	`$authname = 'meme';`
Packit	ae5a87
Packit	ae5a87	`my $c1 = join ",", qw(`
Packit	ae5a87	`authzid="meme"`
Packit	ae5a87	`charset=utf-8`
Packit	ae5a87	`cnonce="3858f62230ac3c915f300c664312c63f"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`nc=00000002`
Packit	ae5a87	`nonce="80338e79d2ca9b9c090ebaaa2ef293c7"`
Packit	ae5a87	`qop=auth`
Packit	ae5a87	`realm="elwood.innosoft.com"`
Packit	ae5a87	`response=e01f51543754aa665cfa2c621d59ee9e`
Packit	ae5a87	`username="gbarr"`
Packit	ae5a87	`);`
Packit	ae5a87
Packit	ae5a87	`my $s1;`
Packit	ae5a87	`$server->server_step($c1, sub { $s1 = shift });`
Packit	ae5a87	`is($s1, "rspauth=d10458627b2b6bb553d796f4d805fdd1", "rspauth")`
Packit	ae5a87	`or diag $server->error;`
Packit	ae5a87	`ok $server->is_success, "success!";`
Packit	ae5a87	`ok !$server->error, "no error" or diag $server->error;`
Packit	ae5a87	`ok !$server->need_step, "over";`
Packit	ae5a87	`is $server->property('ssf'), 0, "auth doesn't provide any protection";`
Packit	ae5a87	`}`
Packit	ae5a87
Packit	ae5a87	`## using auth-conf (if available)`
Packit	ae5a87	`{`
Packit	ae5a87	`SKIP: {`
Packit	ae5a87	`skip "Crypt not available", 6`
Packit	ae5a87	`if $Authen::SASL::Perl::DIGEST_MD5::NO_CRYPT_AVAILABLE;`
Packit	ae5a87
Packit	ae5a87	`$server = $sasl->server_new("ldap","elwood.innosoft.com");`
Packit	ae5a87	`my $expected_ss = join ",",`
Packit	ae5a87	`'algorithm=md5-sess',`
Packit	ae5a87	`'charset=utf-8',`
Packit	ae5a87	`'cipher="rc4,3des,des,rc4-56,rc4-40"',`
Packit	ae5a87	`'maxbuf=16777215',`
Packit	ae5a87	`'nonce="80338e79d2ca9b9c090ebaaa2ef293c7"',`
Packit	ae5a87	`'qop="auth,auth-conf,auth-int"',`
Packit	ae5a87	`'realm="elwood.innosoft.com"';`
Packit	ae5a87
Packit	ae5a87	`my $ss;`
Packit	ae5a87	`$server->server_start('', sub { $ss = shift });`
Packit	ae5a87	`is($ss, $expected_ss, 'server_start');`
Packit	ae5a87
Packit	ae5a87	`my $c1 = join ",", qw(`
Packit	ae5a87	`charset=utf-8`
Packit	ae5a87	`cnonce="3858f62230ac3c915f300c664312c63f"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`nc=00000001`
Packit	ae5a87	`nonce="80338e79d2ca9b9c090ebaaa2ef293c7"`
Packit	ae5a87	`qop=auth-conf`
Packit	ae5a87	`realm="elwood.innosoft.com"`
Packit	ae5a87	`response=e3c8b38d9bd9556761253e9879c4a8a2`
Packit	ae5a87	`username="gbarr"`
Packit	ae5a87	`);`
Packit	ae5a87
Packit	ae5a87	`my $s1;`
Packit	ae5a87	`$server->server_step($c1, sub { $s1 = shift });`
Packit	ae5a87	`ok $server->is_success, "This is the first and only step";`
Packit	ae5a87	`ok !$server->error, "no error" or diag $server->error;`
Packit	ae5a87	`ok !$server->need_step, "over";`
Packit	ae5a87	`is($s1, "rspauth=1b1156d0e7f046bd0ea1476eb7d63a7b", "rspauth matches");`
Packit	ae5a87
Packit	ae5a87	`## we have negociated the conf layer`
Packit	ae5a87	`ok $server->property('ssf') > 1, "yes! secure layer set up";`
Packit	ae5a87	`};`
Packit	ae5a87	`}`
Packit	ae5a87	`## wrong challenge response`
Packit	ae5a87	`{`
Packit	ae5a87	`$server = $sasl->server_new("ldap","elwood.innosoft.com");`
Packit	ae5a87	`$server->server_start('');`
Packit	ae5a87
Packit	ae5a87	`my $c1 = join ",", qw(`
Packit	ae5a87	`charset=utf-8`
Packit	ae5a87	`cnonce="3858f62230ac3c915f300c664312c63f"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`nc=00000001`
Packit	ae5a87	`nonce="80338e79d2ca9b9c090ebaaa2ef293c7"`
Packit	ae5a87	`qop=auth-conf`
Packit	ae5a87	`realm="elwood.innosoft.com"`
Packit	ae5a87	`response=nottherightone`
Packit	ae5a87	`username="gbarr"`
Packit	ae5a87	`);`
Packit	ae5a87
Packit	ae5a87	`$server->server_step($c1);`
Packit	ae5a87	`ok !$server->is_success, "Bad challenge";`
Packit	ae5a87
Packit	ae5a87	`if ($Authen::SASL::Perl::DIGEST_MD5::NO_CRYPT_AVAILABLE) {`
Packit	ae5a87	`like $server->error, qr/Client qop not supported/, $server->error;`
Packit	ae5a87	`}`
Packit	ae5a87	`else {`
Packit	ae5a87	`like $server->error, qr/incorrect.*response/i, $server->error;`
Packit	ae5a87	`}`
Packit	ae5a87	`}`
Packit	ae5a87
Packit	ae5a87	`## multiple digest-uri;`
Packit	ae5a87	`{`
Packit	ae5a87	`$server = $sasl->server_new("ldap","elwood.innosoft.com");`
Packit	ae5a87	`$server->server_start('');`
Packit	ae5a87
Packit	ae5a87	`my $c1 = join ",", qw(`
Packit	ae5a87	`charset=utf-8`
Packit	ae5a87	`cnonce="3858f62230ac3c915f300c664312c63f"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`nc=00000001`
Packit	ae5a87	`nonce="80338e79d2ca9b9c090ebaaa2ef293c7"`
Packit	ae5a87	`qop=auth-conf`
Packit	ae5a87	`realm="elwood.innosoft.com"`
Packit	ae5a87	`response=e3c8b38d9bd9556761253e9879c4a8a2`
Packit	ae5a87	`username="gbarr"`
Packit	ae5a87	`);`
Packit	ae5a87
Packit	ae5a87	`$server->server_step($c1);`
Packit	ae5a87	`ok !$server->is_success, "Bad challenge";`
Packit	ae5a87	`like $server->error, qr/Bad.*challenge/i, $server->error;`
Packit	ae5a87	`}`
Packit	ae5a87
Packit	ae5a87	`## nonce-count;`
Packit	ae5a87	`{`
Packit	ae5a87	`$server = $sasl->server_new("ldap","elwood.innosoft.com");`
Packit	ae5a87	`$server->server_start('');`
Packit	ae5a87
Packit	ae5a87	`my $c1 = join ",", qw(`
Packit	ae5a87	`charset=utf-8`
Packit	ae5a87	`cnonce="3858f62230ac3c915f300c664312c63f"`
Packit	ae5a87	`digest-uri="ldap/elwood.innosoft.com"`
Packit	ae5a87	`nc=00000001`
Packit	ae5a87	`nonce="80338e79d2ca9b9c090ebaaa2ef293c7"`
Packit	ae5a87	`qop=auth-conf`
Packit	ae5a87	`realm="elwood.innosoft.com"`
Packit	ae5a87	`response=e3c8b38d9bd9556761253e9879c4a8a2`
Packit	ae5a87	`username="gbarr"`
Packit	ae5a87	`);`
Packit	ae5a87
Packit	ae5a87	`SKIP: {`
Packit	ae5a87	`skip "no crypt available", 4`
Packit	ae5a87	`if $Authen::SASL::Perl::DIGEST_MD5::NO_CRYPT_AVAILABLE;`
Packit	ae5a87	`$server->server_step($c1);`
Packit	ae5a87	`ok $server->is_success, "first is success";`
Packit	ae5a87	`ok ! $server->error, "no error";`
Packit	ae5a87
Packit	ae5a87	`$server->server_step($c1);`
Packit	ae5a87	`ok !$server->is_success, "replay attack";`
Packit	ae5a87	`like $server->error, qr/nonce-count.*match/i, $server->error;`
Packit	ae5a87	`}`
Packit	ae5a87	`}`

source-git / perl-Authen-SASL

Source Code

Blame t/server/digest_md5.t