search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Document HDB backends
[heimdal.git] / lib / ntlm / test_commonauth.c
blob89b8c7e57b57d406b3dbf8f958b7553c12bfdb45
1 /*
2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <unistd.h>
39 #include <roken.h>
40 #include <err.h>
41 #include "heim-auth.h"
42
43 static int
44 test_sasl_digest_md5(void)
45 {
46 heim_digest_t ctx;
47 const char *user, *challenge, *resp;
48 char *r;
49
50 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
51 abort();
52
53 if (heim_digest_parse_challenge(ctx, "realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"))
54 abort();
55
56 /* check that server detects changing QOP */
57 if (!heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth-int"))
58 errx(1, "don't detect changing qop");
59
60 /* should pass */
61 if (heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth"))
62 abort();
63
64 if ((user = heim_digest_get_key(ctx, "username")) == NULL)
65 abort();
66 if (strcmp(user, "chris") != 0)
67 abort();
68
69 /*
70 * check password
71 */
72
73 heim_digest_set_key(ctx, "password", "secret");
74
75 if (heim_digest_verify(ctx, &r))
76 abort();
77
78 if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
79 abort();
80
81 free(r);
82
83 /*
84 * Also check userhash
85 */
86
87 r = heim_digest_userhash("chris", "elwood.innosoft.com", "secret");
88 if (strcmp(r, "eb5a750053e4d2c34aa84bbc9b0b6ee7") != 0)
89 abort();
90
91 heim_digest_set_key(ctx, "userhash", r);
92 free(r);
93
94 if (heim_digest_verify(ctx, &r))
95 abort();
96
97 if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
98 abort();
99
100 free(r);
101
102 /* check that it failes */
103
104 heim_digest_set_key(ctx, "username", "notright");
105 heim_digest_set_key(ctx, "password", "secret");
106
107 if (heim_digest_verify(ctx, &r) == 0)
108 abort();
109
110 if ((user = heim_digest_get_key(ctx, "username")) == NULL)
111 abort();
112 if (strcmp(user, "notright") != 0)
113 abort();
114
115
116 /* Done */
117
118 heim_digest_release(ctx);
119
120
121 /*
122 * Check heim_digest_generate_challenge()
123 */
124
125 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
126 abort();
127
128 heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com");
129 heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
130 heim_digest_set_key(ctx, "serverQOP", "auth,auth-int");
131
132 challenge = heim_digest_generate_challenge(ctx);
133 if (challenge == NULL)
134 abort();
135
136 if (heim_digest_parse_challenge(ctx, challenge))
137 abort();
138
139 /* check that server detects changing QOP */
140 if (!heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth-conf"))
141 abort();
142
143 if (heim_digest_parse_response(ctx, "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth"))
144 abort();
145
146 heim_digest_set_key(ctx, "password", "secret");
147
148 if (heim_digest_verify(ctx, &r))
149 abort();
150
151 if (strcmp(r, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
152 abort();
153
154 free(r);
155
156 heim_digest_release(ctx);
157
158 /*
159 * Validate heim_digest_service_response()
160 */
161
162 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
163 abort();
164
165 heim_digest_set_key(ctx, "clientNonce", "OA6MHXh6VqTrRk");
166 heim_digest_set_key(ctx, "clientQOP", "auth");
167 heim_digest_set_key(ctx, "clientNC", "00000001");
168 heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
169 heim_digest_set_key(ctx, "clientURI", "imap/elwood.innosoft.com");
170 heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com");
171 heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
172 heim_digest_set_key(ctx, "H(A1)", "a2549853149b0536f01f0b850c643c57");
173
174 resp = heim_digest_server_response(ctx);
175
176 if (resp == NULL || strcmp(resp, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
177 abort();
178
179 heim_digest_release(ctx);
180
181 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
182 abort();
183
184 heim_digest_set_key(ctx, "clientNonce", "OA6MHXh6VqTrRk");
185 heim_digest_set_key(ctx, "clientQOP", "auth");
186 heim_digest_set_key(ctx, "clientNC", "00000001");
187 heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
188 heim_digest_set_key(ctx, "clientURI", "imap/elwood.innosoft.com");
189 heim_digest_set_key(ctx, "serverRealm", "elwood.innosoft.com");
190 heim_digest_set_key(ctx, "serverNonce", "OA6MG9tEQGm2hh");
191 heim_digest_set_key(ctx, "password", "secret");
192 heim_digest_set_key(ctx, "username", "chris");
193
194 resp = heim_digest_server_response(ctx);
195
196 if (resp == NULL || strcmp(resp, "rspauth=ea40f60335c427b5527b84dbabcdfffd") != 0)
197 abort();
198
199 heim_digest_release(ctx);
200
201 return 0;
202 }
203
204 static int
205 test_http_digest_md5(void)
206 {
207 heim_digest_t ctx, ctx2;
208 const char *user, *chal, *resp;
209 char *serverresp, *serverresp2;
210
211 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
212 abort();
213
214 if (heim_digest_parse_challenge(ctx, "realm=\"testrealm@host.com\","
215 "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\","
216 "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""))
217 abort();
218
219 if (heim_digest_parse_response(ctx, "username=\"Mufasa\","
220 "realm=\"testrealm@host.com\","
221 "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\","
222 "uri=\"/dir/index.html\","
223 "response=\"1949323746fe6a43ef61f9606e7febea\","
224 "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""))
225 abort();
226
227 if ((user = heim_digest_get_key(ctx, "username")) == NULL)
228 abort();
229 if (strcmp(user, "Mufasa") != 0)
230 abort();
231
232 if ((user = heim_digest_get_key(ctx, "clientUsername")) == NULL)
233 abort();
234 if (strcmp(user, "Mufasa") != 0)
235 abort();
236
237 heim_digest_set_key(ctx, "password", "CircleOfLife");
238
239 if (heim_digest_verify(ctx, NULL))
240 abort();
241
242 /* Verify failure */
243
244 heim_digest_set_key(ctx, "username", "Oskar");
245
246 if (heim_digest_verify(ctx, NULL) == 0)
247 abort();
248
249 heim_digest_release(ctx);
250
251 /*
252 * Check myself
253 */
254
255 /* server */
256 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
257 abort();
258
259 heim_digest_set_key(ctx, "serverRealm", "myrealmhahaha");
260 heim_digest_set_key(ctx, "serverQOP", "auth,auth-int");
261
262 chal = heim_digest_generate_challenge(ctx);
263 if (chal == NULL)
264 abort();
265
266 /* client */
267 if ((ctx2 = heim_digest_create(1, HEIM_DIGEST_TYPE_RFC2831)) == NULL)
268 abort();
269
270 if (heim_digest_parse_challenge(ctx2, chal))
271 abort();
272
273 heim_digest_set_key(ctx2, "username", "lha");
274 heim_digest_set_key(ctx2, "password", "passw0rd");
275 heim_digest_set_key(ctx2, "uri", "/uri");
276
277 resp = heim_digest_create_response(ctx2, &serverresp);
278 if (resp == NULL)
279 abort();
280
281 /* server */
282 if (heim_digest_parse_response(ctx, resp))
283 abort();
284
285 heim_digest_set_key(ctx, "password", "passw0rd");
286 heim_digest_verify(ctx, &serverresp2);
287
288
289 /* client */
290 if (strcmp(serverresp, serverresp2) != 0)
291 abort();
292
293 heim_digest_release(ctx);
294 heim_digest_release(ctx2);
295
296 /*
297 * check prefix
298 */
299
300 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
301 abort();
302
303 if (heim_digest_parse_challenge(ctx, "Digest realm=\"testrealm@host.com\","
304 "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\","
305 "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""))
306 abort();
307
308 heim_digest_release(ctx);
309
310 /*
311 * check prefix
312 */
313
314 if ((ctx = heim_digest_create(1, HEIM_DIGEST_TYPE_AUTO)) == NULL)
315 abort();
316
317 if (heim_digest_parse_challenge(ctx, "Digest realm=\"testrealm@host.com\","
318 "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\","
319 "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""))
320 abort();
321
322 heim_digest_release(ctx);
323
324 return 0;
325 }
326
327 static int
328 test_cram_md5(void)
329 {
330 const char *chal = "<1896.697170952@postoffice.reston.mci.net>";
331 const char *secret = "tanstaaftanstaaf";
332 const char *resp = "b913a602c7eda7a495b4e6e7334d3890";
333 heim_CRAM_MD5_STATE state;
334 heim_cram_md5 ctx;
335 char *t;
336
337 const uint8_t *prestate = (uint8_t *)
338 "\x87\x1E\x24\x10\xB4\x0C\x72\x5D\xA3\x95\x2D\x5B\x8B\xFC\xDD\xE1"
339 "\x29\x90\xCB\xA7\x66\xF6\xB3\x40\xE8\xAC\x48\x2C\xE4\xE3\xA4\x40";
340
341 /*
342 * Test prebuild blobs
343 */
344
345 if (sizeof(state) != 32)
346 abort();
347
348 heim_cram_md5_export("foo", &state);
349
350 if (memcmp(prestate, &state, 32) != 0)
351 abort();
352
353 /*
354 * Check example
355 */
356
357
358 if (heim_cram_md5_verify(chal, secret, resp) != 0)
359 abort();
360
361
362 /*
363 * Do it ourself
364 */
365
366 t = heim_cram_md5_create(chal, secret);
367 if (t == NULL)
368 abort();
369
370 if (strcmp(resp, t) != 0)
371 abort();
372
373 heim_cram_md5_export(secret, &state);
374 /* here you can store the memcpy-ed version of state somewhere else */
375
376 ctx = heim_cram_md5_import(&state, sizeof(state));
377
378 memset(&state, 0, sizeof(state));
379
380 if (heim_cram_md5_verify_ctx(ctx, chal, resp) != 0)
381 abort();
382
383 heim_cram_md5_free(ctx);
384
385 free(t);
386
387 return 0;
388 }
389
390 static int
391 test_apop(void)
392 {
393 const char *chal = "<1896.697170952@dbc.mtview.ca.us>";
394 const char *secret = "tanstaaf";
395 const char *resp = "c4c9334bac560ecc979e58001b3e22fb";
396 char *t;
397
398 t = heim_apop_create(chal, secret);
399 if (t == NULL)
400 abort();
401
402 if (strcmp(resp, t) != 0)
403 abort();
404
405 if (heim_apop_verify(chal, secret, resp) != 0)
406 abort();
407
408 free(t);
409
410 return 0;
411 }
412
413
414 int
415 main(int argc, char **argv)
416 {
417 int ret = 0;
418
419 ret |= test_sasl_digest_md5();
420 ret |= test_http_digest_md5();
421 ret |= test_cram_md5();
422 ret |= test_apop();
423
424 return ret;
425 }
Heimdal