📄 test_auth_digest.c
字号:
su_root_break(root);}static void init_as(auth_status_t *as){ memset(as, 0, sizeof *as); as->as_home->suh_size = (sizeof *as); su_home_init(as->as_home); as->as_method = "REGISTER"; as->as_status = 500; as->as_phrase = "Infernal Error";}static void deinit_as(auth_status_t *as){ su_home_deinit(as->as_home); memset(as, 0, sizeof *as);}static void reinit_as(auth_status_t *as){ deinit_as(as); init_as(as);}/* Test digest authentication client and server */int test_digest_client(){ BEGIN(); { char challenge[] = PROTOCOL " 401 Unauthorized\r\n" "Call-ID:0e3dc2b2-dcc6-1226-26ac-258b5ce429ab\r\n" "CSeq:32439043 REGISTER\r\n" "From:surf3.ims3.so.noklab.net <sip:surf3@ims3.so.noklab.net>;tag=I8hFdg0H3OK\r\n" "To:<sip:surf3@ims3.so.noklab.net>\r\n" "Via:SIP/2.0/UDP 10.21.36.70:23800;branch=z9hG4bKJjKGu9vIHqf;received=10.21.36.70;rport\r\n" "WWW-Authenticate:DIGEST algorithm=MD5,nonce=\"h7wIpP+atU+/+Zau5UwLMA==\",realm=\"ims3.so.noklab.net\"\r\n" "Content-Length:0\r\n" "Security-Server:digest\r\n" "r\n"; char request[] = "REGISTER sip:ims3.so.noklab.net " PROTOCOL "\r\n" "Via: SIP/2.0/UDP 10.21.36.70:23800;rport;branch=z9hG4bKRE18GFwa3AS\r\n" "Max-Forwards: 80\r\n" "From: surf3.ims3.so.noklab.net <sip:surf3@ims3.so.noklab.net>;tag=I8hFdg0H3OK\r\n" "To: <sip:surf3@ims3.so.noklab.net>\r\n" "Call-ID: 0e3dc2b2-dcc6-1226-26ac-258b5ce429ab\r\n" "CSeq: 32439044 REGISTER\r\n" "Contact: <sip:10.21.36.70:23800>\r\n" "Expires: 3600\r\n" "Supported: timer, 100rel\r\n" "Security-Client: digest\r\n" "Security-Verify: digest;d-ver=\"1234\"\r\n" "Content-Length: 0\r\n" "r\n"; msg_t *m1, *m2; sip_t *sip; auth_client_t *aucs = NULL; sip_request_t *rq; su_home_t *home; su_root_t *root; char *srcdir, *s, *testpasswd; auth_mod_t *am; auth_status_t as[1]; sip_www_authenticate_t *au; auth_challenger_t ach[1] = {{ 401, "Authorization required", sip_www_authenticate_class, sip_authentication_info_class }}; auth_challenger_t pach[1] = {{ 407, "Proxy Authorization required", sip_proxy_authenticate_class, sip_proxy_authentication_info_class }}; TEST_1(home = su_home_new(sizeof(*home))); TEST_1(m1 = read_message(MSG_DO_EXTRACT_COPY, challenge)); TEST_1(sip = sip_object(m1)); TEST_1(aucs == NULL); TEST(auc_challenge(&aucs, home, sip->sip_www_authenticate, sip_authorization_class), 1); TEST_1(aucs != NULL); msg_destroy(m1); TEST(auc_all_credentials(&aucs, "DIGEST", "\"ims3.so.noklab.net\"", "surf3.private@ims3.so.noklab.net", "1234"), 1); TEST_1(m2 = read_message(MSG_DO_EXTRACT_COPY, request)); TEST_1(sip = sip_object(m2)); TEST_P(sip->sip_authorization, NULL); TEST_1(rq = sip->sip_request); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, rq->rq_url, sip->sip_payload), 1); TEST_1(sip->sip_authorization); TEST_S(msg_params_find(sip->sip_authorization->au_params, "response="), "\"860f5ecc9990772e16937750ced9594d\""); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); TEST_S(msg_params_find(sip->sip_authorization->au_params, "response="), "\"9ce0d6a5869b4e09832d5b705453cbfc\""); srcdir = getenv("srcdir"); if (srcdir == NULL) { srcdir = su_strdup(home, argv0); if ((s = strrchr(srcdir, '/'))) *s = '\0'; else srcdir = "."; } TEST_1(testpasswd = su_sprintf(home, "%s/testpasswd", srcdir)); TEST_1(root = su_root_create(NULL)); TEST_1(am = auth_mod_create(NULL, AUTHTAG_METHOD("Digest"), AUTHTAG_REALM("ims3.so.noklab.net"), AUTHTAG_DB(testpasswd), AUTHTAG_OPAQUE("+GNywA=="), TAG_END())); init_as(as); auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 401); TEST_1(au = sip_authorization_make(home, "Digest username=\"user1\", " "nonce=\"3wWGOvaWn3n+hFv8PK2ABQ==\", " "opaque=\"+GNywA==\", " "uri=\"sip:3000@194.2.188.133\", " "response=\"26e8b9aaacfca2d6" "8770fab1ec04e2c7\", " "realm=\"ims3.so.noklab.net\"")); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 401); { char const *username = au->au_params[0]; char const *nonce = au->au_params[1]; char const *opaque = au->au_params[2]; char const *uri = au->au_params[3]; char const *response = au->au_params[4]; char const *realm = au->au_params[5]; TEST_S(username, "username=\"user1\""); TEST_S(nonce, "nonce=\"3wWGOvaWn3n+hFv8PK2ABQ==\""); TEST_S(opaque, "opaque=\"+GNywA==\""); TEST_S(uri, "uri=\"sip:3000@194.2.188.133\""); TEST_S(response, "response=\"26e8b9aaacfca2d68770fab1ec04e2c7\""); TEST(msg_params_remove((msg_param_t *)au->au_params, "username"), 1); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 400); msg_params_add(home, (msg_param_t **)&au->au_params, username); TEST(msg_params_remove((msg_param_t *)au->au_params, "nonce"), 1); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 400); msg_params_add(home, (msg_param_t **) &au->au_params, nonce); TEST(msg_params_remove((msg_param_t *)au->au_params, "opaque"), 1); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 401); /* We use opaque to match authorization */ msg_params_add(home, (msg_param_t **) &au->au_params, opaque); TEST(msg_params_remove((msg_param_t *)au->au_params, "uri"), 1); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 400); msg_params_add(home, (msg_param_t **) &au->au_params, uri); TEST(msg_params_remove((msg_param_t *)au->au_params, "response"), 1); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 400); msg_params_add(home, (msg_param_t **)&au->au_params, response); TEST(msg_params_remove((msg_param_t *)au->au_params, "realm"), 1); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 401); /* au is ignored by auth_module */ msg_params_add(home, (msg_param_t **)&au->au_params, realm); reinit_as(as); auth_mod_check_client(am, as, au, ach); TEST(as->as_status, 401); } as->as_response = (msg_header_t *) sip_www_authenticate_make(as->as_home, "Unknown realm=\"huu haa\""); TEST_1(as->as_response); TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, sip_authorization_class), 1); aucs = NULL; reinit_as(as); auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401); TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, sip_authorization_class), 1); reinit_as(as); TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", "user1", "secret"), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); TEST_1(msg_params_find(sip->sip_authorization->au_params, "cnonce=") == 0); TEST_1(msg_params_find(sip->sip_authorization->au_params, "nc=") == 0); auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 0); TEST_1(as->as_info); /* challenge for next round */ auth_mod_destroy(am); aucs = NULL; TEST_1(am = auth_mod_create(NULL, AUTHTAG_METHOD("Digest"), AUTHTAG_REALM("ims3.so.noklab.net"), AUTHTAG_DB(testpasswd), AUTHTAG_ALGORITHM("MD5-sess"), AUTHTAG_QOP("auth"), AUTHTAG_OPAQUE("opaque=="), TAG_END())); reinit_as(as); auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401); { msg_auth_t *au = (msg_auth_t *)as->as_response; int i; char *equal; if (au->au_params) for (i = 0; au->au_params[i]; i++) { if (strncasecmp(au->au_params[i], "realm=", 6) == 0) continue; equal = strchr(au->au_params[i], '='); if (equal) msg_unquote(equal + 1, equal + 1); } TEST(auc_challenge(&aucs, home, au, sip_authorization_class), 1); reinit_as(as); } TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", "user1", "secret"), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 0); TEST_1(as->as_info == NULL); /* No challenge for next round */ /* Test with changed payload */ reinit_as(as); as->as_body = "foo"; as->as_bodylen = 3; auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 0); reinit_as(as); aucs = NULL; /* Test without opaque */ { msg_auth_t *au; char const *opaque; auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401); au = (void *)msg_header_dup(home, as->as_response); TEST_1(au); TEST_1(msg_params_find_slot((msg_param_t *)au->au_params, "opaque")); opaque = *msg_params_find_slot((msg_param_t *)au->au_params, "opaque"); TEST(msg_params_remove((msg_param_t *)au->au_params, "opaque"), 1); TEST(auc_challenge(&aucs, home, au, sip_authorization_class), 1); TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", "user1", "secret"), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); msg_params_add(home, (msg_param_t **)&sip->sip_authorization->au_params, opaque); reinit_as(as); auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 0); } reinit_as(as); auth_mod_destroy(am); aucs = NULL; /* Test without realm */ { msg_auth_t *au; TEST_1(am = auth_mod_create(NULL, AUTHTAG_METHOD("Digest"), AUTHTAG_DB(testpasswd), AUTHTAG_ALGORITHM("MD5-sess"), AUTHTAG_QOP("auth"), AUTHTAG_OPAQUE("opaque=="), TAG_END())); as->as_realm = NULL; auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 500); as->as_realm = "ims3.so.noklab.net"; auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401); au = (void *)msg_header_dup(home, as->as_response); TEST_1(au); TEST(auc_challenge(&aucs, home, au, sip_authorization_class), 1); TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", "user1", "secret"), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); reinit_as(as); as->as_realm = "ims3.so.noklab.net"; auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 0); } reinit_as(as); auth_mod_destroy(am); aucs = NULL; /* Test nextnonce */ { char const *nonce1, *nextnonce, *nonce2; TEST_1(am = auth_mod_create(NULL, AUTHTAG_METHOD("Digest"), AUTHTAG_REALM("ims3.so.noklab.net"), AUTHTAG_DB(testpasswd), AUTHTAG_ALGORITHM("MD5"), AUTHTAG_QOP("auth-int"), AUTHTAG_EXPIRES(90), /* Generate nextnonce if NEXT_EXPIRES in nonzero */ AUTHTAG_NEXT_EXPIRES(900), TAG_END())); reinit_as(as); auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401); TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, sip_authorization_class), 1); TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", "user1", "secret"), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); TEST_1(nonce1 = msg_header_find_param(sip->sip_authorization->au_common, "nonce")); reinit_as(as); auth_mod_check_client(am, as, sip->sip_authorization, ach); TEST(as->as_status, 0); /* We got authentication-info */ TEST_1(as->as_info); /* It contains nextnonce */ TEST_1(nextnonce = msg_header_find_param(as->as_info->sh_common, "nextnonce")); /* Store it in authenticator */ TEST(auc_info(&aucs, (msg_auth_info_t const *)as->as_info, sip_authorization_class), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); TEST_1(nonce2 = msg_header_find_param(sip->sip_authorization->au_common, "nonce")); /* * Make sure that server-side sends nextnonce in Authentication-info * header, nextnonce differs from nonce sent in Challenge */ TEST_1(strcmp(nonce1, nextnonce)); /* And client-side uses it */ TEST_S(nonce2, nextnonce); auth_mod_destroy(am); aucs = NULL; } TEST_1(am = auth_mod_create(NULL, AUTHTAG_METHOD("Digest"), AUTHTAG_REALM("ims3.so.noklab.net"), AUTHTAG_DB(testpasswd), AUTHTAG_ALGORITHM("MD5-sess"), AUTHTAG_QOP("auth-int"), TAG_END())); reinit_as(as); auth_mod_check_client(am, as, NULL, ach); TEST(as->as_status, 401); TEST(auc_challenge(&aucs, home, (msg_auth_t *)as->as_response, sip_authorization_class), 1); TEST(auc_all_credentials(&aucs, "Digest", "\"ims3.so.noklab.net\"", "user1", "secret"), 1); msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, (url_t *)"sip:surf3@ims3.so.noklab.net", sip->sip_payload), 1); TEST_1(sip->sip_authorization); reinit_as(as); auth_mod_check_client(am, as, sip->sip_authorization, ach);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -