test_auth_digest.c

this is simple sip stack.

      reinit_as(as);
      auth_mod_check_client(am, as, sip->sip_authorization, ach);
      TEST(as->as_status, 0);
    }

    reinit_as(as); auth_mod_destroy(am); aucs = NULL;

    TEST_1(am = auth_mod_create(NULL, 
				AUTHTAG_METHOD("Digest"),
				AUTHTAG_REALM("ims3.so.noklab.net"),
				AUTHTAG_DB(testpasswd),
				AUTHTAG_ALGORITHM("MD5-sess"),
				AUTHTAG_QOP("auth-int"),
				TAG_END()));

    reinit_as(as);
    auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401);

    TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, 
		       sip_authorization_class), 1);
    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "user1", "secret"), 1);
    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    reinit_as(as);
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);
    auth_mod_destroy(am); aucs = NULL;

    TEST_1(am = auth_mod_create(NULL, 
				AUTHTAG_METHOD("Digest"),
				AUTHTAG_REALM("ims3.so.noklab.net"),
				AUTHTAG_DB(testpasswd),
				AUTHTAG_ALGORITHM("MD5-sess"),
				AUTHTAG_QOP("auth,auth-int"),
				AUTHTAG_FORBIDDEN(1),
				AUTHTAG_ANONYMOUS(1),
				TAG_END()));

    reinit_as(as);
    auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401);

    TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, 
		       sip_authorization_class), 1);
    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "user1", "secret"), 1);
    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    reinit_as(as);
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);

    au = (void*)msg_header_copy(msg_home(m2), (void*)sip->sip_authorization);

    /* Test with invalid qop (bug #2329) */
    msg_params_replace(msg_home(m2), (void *)&au->au_params, 
		       "qop=\"auth,auth-int\"");
    reinit_as(as);
    auth_mod_check_client(am, as, au, ach);
    TEST(as->as_status, 400);

    reinit_as(as);
    as->as_body = "foo"; as->as_bodylen = 3;
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 403);

    reinit_as(as);
    as->as_body = ""; as->as_bodylen = 0;
    as->as_method = "OPTIONS";
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 403);

    /* Test staleness check */
    offset = 2 * 3600;
    reinit_as(as);
    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 401);
    TEST_1(au = (void *)as->as_response); TEST_1(au->au_params);
    TEST_S(msg_params_find(au->au_params, "stale="), "true");
    aucs = NULL;

    /* Test anonymous operation */
    reinit_as(as);
    auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401);
    TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, 
		       sip_authorization_class), 1);
    reinit_as(as);

    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "anonymous", ""), 1);
    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);
    auth_mod_destroy(am); aucs = NULL;

    /* Test Basic authentication scheme */
    TEST_1(am = auth_mod_create(root, 
				AUTHTAG_METHOD("Basic"),
				AUTHTAG_REALM("ims3.so.noklab.net"),
				AUTHTAG_DB(testpasswd),
				TAG_END()));

    reinit_as(as);    
    auth_mod_check_client(am, as, NULL, ach); 
    TEST(as->as_status, 401);
    
    TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, 
		       sip_authorization_class), 1);
    reinit_as(as);    

    TEST(auc_all_credentials(&aucs, "Basic", "\"ims3.so.noklab.net\"", 
			     "user1", "secret"), 1);
    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 0);

    auth_mod_destroy(am); deinit_as(as); aucs = NULL;

    /* Test asynchronous operation */
    aucs = NULL;
    TEST_1(am = auth_mod_create(root, 
				AUTHTAG_METHOD("Delayed+Digest"),
				AUTHTAG_REALM("ims3.so.noklab.net"),
				AUTHTAG_DB(testpasswd),
				AUTHTAG_ALGORITHM("MD5-sess"),
				AUTHTAG_QOP("auth-int"),
				AUTHTAG_REMOTE((void *)"http://localhost:9"),
				TAG_END()));

    reinit_as(as);
    as->as_callback = test_callback;
    as->as_magic = root;
    auth_mod_check_client(am, as, NULL, ach);
    TEST(as->as_status, 100);
    su_root_run(root);
    TEST(as->as_status, 401);
    
    TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, 
		       sip_authorization_class), 1);

    reinit_as(as);
    as->as_callback = test_callback;
    as->as_magic = root;

    TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", 
			     "user1", "secret"), 1);
    msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
    TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, 
			   (url_t *)"sip:surf3@ims3.so.noklab.net", 
			   sip->sip_payload), 1);
    TEST_1(sip->sip_authorization);

    auth_mod_check_client(am, as, sip->sip_authorization, ach);
    TEST(as->as_status, 100);
    su_root_run(root);
    TEST(as->as_status, 0);

    auth_mod_destroy(am); aucs = NULL;

    deinit_as(as);
    msg_destroy(m2);

    su_root_destroy(root);

    su_home_unref(home);
  }

  END();
}

#if HAVE_FLOCK
#include <sys/file.h>
#endif

#include <sofia-sip/auth_plugin.h>

char tmppasswd[] = "/tmp/test_auth_digest.XXXXXX";

#include <unistd.h>

static void rmtmp(void)
{
  if (tmppasswd[0])
    unlink(tmppasswd);
}

char const passwd[] =
  "# Comment\n"
  "malformed line\n"
  "user1:secret:\n"
  /* user2 has password "secret", too */
  "user2:realm:4cbc2aff0b5b2b33675c0731c0db1c14\n"
  /* duplicate user. fun */
  "user1:secret:realm\n"
  /* empty line */
  "\n";

/* Test digest authentication client and server */
int test_module_io()
{
  auth_mod_t *am, am0[1];
  auth_passwd_t *apw, *apw2;
  int tmpfd;

  BEGIN();

#ifndef _WIN32
  tmpfd = mkstemp(tmppasswd); TEST_1(tmpfd != -1);
#else
  tmpfd = open(tmppasswd, O_WRONLY); TEST_1(tmpfd != -1);
#endif
  atexit(rmtmp);		/* Make sure temp file is unlinked */

  TEST(write(tmpfd, passwd, strlen(passwd)), strlen(passwd));
  TEST(close(tmpfd), 0);

  /* Test file reading operation */
  am = auth_mod_create(NULL, 
		       AUTHTAG_METHOD("Digest"),
		       AUTHTAG_REALM("realm"),
		       AUTHTAG_DB(tmppasswd),
		       AUTHTAG_ALGORITHM("MD5-sess"),
		       AUTHTAG_QOP("auth-int"),
		       TAG_END()); TEST_1(am);

  apw = auth_mod_getpass(am, "user1", NULL); TEST_1(apw);
  TEST_S(apw->apw_realm, "realm");

  apw = auth_mod_getpass(am, "user2", NULL); TEST_1(apw);
  TEST_S(apw->apw_hash, "4cbc2aff0b5b2b33675c0731c0db1c14");
  
  apw2 = apw;

  *am0 = *am;

  TEST_1(auth_readdb_if_needed(am) == 0);

  apw = auth_mod_getpass(am, "user2", NULL); TEST_1(apw);
  TEST(apw, apw2);

  apw = auth_mod_addpass(am, "user3", "realm"); TEST_1(apw);
  /* user3 with password fisu */
  apw->apw_hash = "056595147630692bb29d1855089bc95b";

  {
    char const user3[] = "user3:realm:7df96b4718bd933af4883c8b73c96318\n";
    tmpfd = open(tmppasswd, O_WRONLY|O_APPEND, 0); TEST_1(tmpfd != -1);
    /* user3 with password fish */
    TEST(write(tmpfd, user3, strlen(user3)), strlen(user3));
    TEST_1(close(tmpfd) == 0);
  }

#if HAVE_FLOCK
  /* Test flock(). */
  tmpfd = open(tmppasswd, O_RDONLY);

  TEST_1(flock(tmpfd, LOCK_EX) != -1);

  TEST_1(auth_readdb_if_needed(am) == 0);

  /* there should be no changes in user table */
  apw = auth_mod_getpass(am, "user2", NULL); TEST_1(apw);
  TEST(apw, apw2);

  TEST_1(flock(tmpfd, LOCK_UN) != -1);
#endif

  TEST_1(auth_readdb_if_needed(am) == 0);

  apw = auth_mod_getpass(am, "user2", "realm"); TEST_1(apw);
  TEST_1(apw != apw2);

  /* Local user3 overrides non-local */
  apw = auth_mod_getpass(am, "user3", "realm"); TEST_1(apw);
  TEST_S(apw->apw_hash, "7df96b4718bd933af4883c8b73c96318");

  /* Test truncating */
  {
    char const user1[] = "user1:secret:\n";
    tmpfd = open(tmppasswd, O_WRONLY|O_TRUNC, 0); TEST_1(tmpfd != -1);
    TEST(write(tmpfd, user1, strlen(user1)), strlen(user1));
    TEST_1(close(tmpfd) == 0);
  }

  TEST_1(auth_readdb_if_needed(am) == 0);

  apw = auth_mod_getpass(am, "user2", "realm"); TEST_1(apw == NULL);

  /* Non-local user3 is kept in database */
  apw = auth_mod_getpass(am, "user3", "realm"); TEST_1(apw);
  TEST_S(apw->apw_hash, "056595147630692bb29d1855089bc95b");

  auth_mod_destroy(am);

  if (unlink(tmppasswd) == 0)
    tmppasswd[0] = '\0';

  END();
}

#include <sofia-sip/su_log.h>

extern su_log_t iptsec_log[];

static
void usage(void)
{
  fprintf(stderr, "usage: %s [-v] [-l n]\n", name);
}

int main(int argc, char *argv[])
{
  int retval = 0;
  int i;

  argv0 = argv[0];

  su_init();

  for (i = 1; argv[i]; i++) {
    if (argv[i] && strcmp(argv[i], "-v") == 0)
      tstflags |= tst_verbatim;
    else if (strncmp(argv[i], "-l", 2) == 0) {
      int level = 3;
      char *rest = NULL;

      if (argv[i][2])
	level = strtol(argv[i] + 2, &rest, 10);
      else if (argv[i + 1])
	level = strtol(argv[i + 1], &rest, 10), i++;
      else
	level = 3, rest = "";

      if (rest == NULL || *rest)
	usage();
      
      su_log_set_level(iptsec_log, level);
    } else {
      usage();
    }
  }

  if ((TSTFLAGS & tst_verbatim))
    su_log_soft_set_level(iptsec_log, 9);
  else
    su_log_soft_set_level(iptsec_log, 0);

  retval |= test_digest();
  retval |= test_digest_client();

  retval |= test_module_io();

  su_deinit();

  return retval;
}