Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / d5aee7572eaf6bd0486f3419557ad9a315e35b36 / . / tests / test_authkeys.c
blob: 25b8862dcdf497a7990ec598a8515ccab499ee29 [file] [log] [blame]
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]1/**
2 * @file test_authkeys.c
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]3 * @author Roman Janota <janota@cesnet.cz>
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]4 * @brief libnetconf2 SSH authentication using mocked system authorized_keys
5 *
6 * @copyright
7 * Copyright (c) 2023 CESNET, z.s.p.o.
8 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
15
16#define _GNU_SOURCE
17
18#include <errno.h>
19#include <pthread.h>
20#include <setjmp.h>
21#include <stdarg.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25
26#include <cmocka.h>
27
romanabe69902024-08-13 14:43:49 +0200[diff] [blame]28#include "ln2_test.h"
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]29
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]30struct test_authkey_data {
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]31 const char *pubkey_path;
32 const char *privkey_path;
33 int expect_ok;
34};
35
romanabe69902024-08-13 14:43:49 +0200[diff] [blame]36int TEST_PORT = 10050;
37const char *TEST_PORT_STR = "10050";
38
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]39static void *
40server_thread(void *arg)
41{
42 int ret;
43 NC_MSG_TYPE msgtype;
44 struct nc_session *session;
45 struct nc_pollsession *ps;
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]46 struct ln2_test_ctx *test_ctx = arg;
47 struct test_authkey_data *test_data = test_ctx->test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]48
49 ps = nc_ps_new();
50 assert_non_null(ps);
51
52 /* accept a session and add it to the poll session structure */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]53 pthread_barrier_wait(&test_ctx->barrier);
54 msgtype = nc_accept(NC_ACCEPT_TIMEOUT, test_ctx->ctx, &session);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]55
56 /* only continue if we expect to authenticate successfully */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]57 if (test_data->expect_ok) {
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]58 assert_int_equal(msgtype, NC_MSG_HELLO);
59 } else {
60 assert_int_equal(msgtype, NC_MSG_ERROR);
61 nc_ps_free(ps);
62 return NULL;
63 }
64
65 ret = nc_ps_add_session(ps, session);
66 assert_int_equal(ret, 0);
67
68 do {
69 ret = nc_ps_poll(ps, NC_PS_POLL_TIMEOUT, NULL);
70 assert_int_equal(ret & NC_PSPOLL_RPC, NC_PSPOLL_RPC);
71 } while (!(ret & NC_PSPOLL_SESSION_TERM));
72
73 nc_ps_clear(ps, 1, NULL);
74 nc_ps_free(ps);
75 return NULL;
76}
77
78static void *
79client_thread(void *arg)
80{
81 int ret;
82 struct nc_session *session = NULL;
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]83 struct ln2_test_ctx *test_ctx = arg;
84 struct test_authkey_data *test_data = test_ctx->test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]85
86 /* skip all hostkey and known_hosts checks */
87 nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_SKIP);
88
89 /* set directory where to search for modules */
90 ret = nc_client_set_schema_searchpath(MODULES_DIR);
91 assert_int_equal(ret, 0);
92
93 /* add client's key pair */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]94 ret = nc_client_ssh_add_keypair(test_data->pubkey_path, test_data->privkey_path);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]95 assert_int_equal(ret, 0);
96
97 /* set ssh username */
98 ret = nc_client_ssh_set_username("test");
99 assert_int_equal(ret, 0);
100
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]101 pthread_barrier_wait(&test_ctx->barrier);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]102 /* connect */
Jan Kundrátf8d9e8d2024-04-08 12:13:02 +0200[diff] [blame]103 session = nc_connect_ssh("127.0.0.1", TEST_PORT, NULL);
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]104 if (test_data->expect_ok) {
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]105 assert_non_null(session);
106 } else {
107 assert_null(session);
108 }
109
110 nc_session_free(session, NULL);
111 return NULL;
112}
113
114static void
115test_nc_authkey_ok(void **arg)
116{
117 int ret, i;
118 pthread_t tids[2];
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]119 struct test_authkey_data *test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]120
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]121 test_data = (*(struct ln2_test_ctx **)arg)->test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]122
123 /* set the path to the test's authorized_keys file */
124 ret = nc_server_ssh_set_authkey_path_format(TESTS_DIR "/data/authorized_keys");
125 assert_int_equal(ret, 0);
126
127 /* set pubkey and privkey path, the pubkey matches the one in authorized keys */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]128 test_data->pubkey_path = TESTS_DIR "/data/id_ed25519.pub";
129 test_data->privkey_path = TESTS_DIR "/data/id_ed25519";
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]130
131 /* expect ok result */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]132 test_data->expect_ok = 1;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]133
134 /* client */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]135 ret = pthread_create(&tids[0], NULL, client_thread, *arg);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]136 assert_int_equal(ret, 0);
137
138 /* server */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]139 ret = pthread_create(&tids[1], NULL, server_thread, *arg);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]140 assert_int_equal(ret, 0);
141
142 for (i = 0; i < 2; i++) {
143 pthread_join(tids[i], NULL);
144 }
145}
146
147static void
148test_nc_authkey_bad_key(void **arg)
149{
150 int ret, i;
151 pthread_t tids[2];
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]152 struct test_authkey_data *test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]153
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]154 test_data = (*(struct ln2_test_ctx **)arg)->test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]155
156 /* set the path to the test's authorized_keys file */
157 ret = nc_server_ssh_set_authkey_path_format(TESTS_DIR "/data/authorized_keys");
158 assert_int_equal(ret, 0);
159
160 /* set pubkey and privkey path, the pubkey doesn't match the one in authorized keys */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]161 test_data->pubkey_path = TESTS_DIR "/data/id_ecdsa521.pub";
162 test_data->privkey_path = TESTS_DIR "/data/id_ecdsa521";
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]163
164 /* expect fail */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]165 test_data->expect_ok = 0;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]166
167 /* client */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]168 ret = pthread_create(&tids[0], NULL, client_thread, *arg);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]169 assert_int_equal(ret, 0);
170
171 /* server */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]172 ret = pthread_create(&tids[1], NULL, server_thread, *arg);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]173 assert_int_equal(ret, 0);
174
175 for (i = 0; i < 2; i++) {
176 pthread_join(tids[i], NULL);
177 }
178}
179
180static void
181test_nc_authkey_bad_path(void **arg)
182{
183 int ret, i;
184 pthread_t tids[2];
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]185 struct ln2_test_ctx *test_ctx;
186 struct test_authkey_data *test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]187
188 assert_non_null(arg);
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]189 test_ctx = *arg;
190 test_data = test_ctx->test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]191
192 /* set the path to the test's authorized_keys file */
193 ret = nc_server_ssh_set_authkey_path_format(TESTS_DIR "/some/bad/path");
194 assert_int_equal(ret, 0);
195
196 /* set pubkey and privkey path, the pubkey doesn't match the one in authorized keys */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]197 test_data->pubkey_path = TESTS_DIR "/data/id_ed25519.pub";
198 test_data->privkey_path = TESTS_DIR "/data/id_ed25519";
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]199
200 /* expect fail */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]201 test_data->expect_ok = 0;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]202
203 /* client */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]204 ret = pthread_create(&tids[0], NULL, client_thread, test_ctx);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]205 assert_int_equal(ret, 0);
206
207 /* server */
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]208 ret = pthread_create(&tids[1], NULL, server_thread, test_ctx);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]209 assert_int_equal(ret, 0);
210
211 for (i = 0; i < 2; i++) {
212 pthread_join(tids[i], NULL);
213 }
214}
215
216static int
217setup_f(void **state)
218{
219 int ret;
220 struct lyd_node *tree = NULL;
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]221 struct ln2_test_ctx *test_ctx;
222 struct test_authkey_data *test_data;
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]223
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]224 ret = ln2_glob_test_setup(&test_ctx);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]225 assert_int_equal(ret, 0);
226
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]227 test_data = calloc(1, sizeof *test_data);
228 assert_non_null(test_data);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]229
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]230 test_ctx->test_data = test_data;
231 test_ctx->free_test_data = ln2_glob_test_free_test_data;
232 *state = test_ctx;
233
234 ret = nc_server_config_add_ssh_hostkey(test_ctx->ctx, "endpt", "hostkey", TESTS_DIR "/data/server.key", NULL, &tree);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]235 assert_int_equal(ret, 0);
236
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]237 ret = nc_server_config_add_address_port(test_ctx->ctx, "endpt", NC_TI_SSH, "127.0.0.1", TEST_PORT, &tree);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]238 assert_int_equal(ret, 0);
239
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]240 ret = nc_server_config_add_ssh_user_authkey(test_ctx->ctx, "endpt", "test", &tree);
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]241 assert_int_equal(ret, 0);
242
243 /* configure the server based on the data */
244 ret = nc_server_config_setup_data(tree);
245 assert_int_equal(ret, 0);
246
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]247 lyd_free_all(tree);
248
249 return 0;
250}
251
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]252int
253main(void)
254{
255 const struct CMUnitTest tests[] = {
roman2ca058f2024-08-14 10:35:36 +0200[diff] [blame]256 cmocka_unit_test_setup_teardown(test_nc_authkey_ok, setup_f, ln2_glob_test_teardown),
257 cmocka_unit_test_setup_teardown(test_nc_authkey_bad_key, setup_f, ln2_glob_test_teardown),
258 cmocka_unit_test_setup_teardown(test_nc_authkey_bad_path, setup_f, ln2_glob_test_teardown),
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]259 };
260
romanabe69902024-08-13 14:43:49 +0200[diff] [blame]261 /* try to get ports from the environment, otherwise use the default */
262 if (ln2_glob_test_get_ports(1, &TEST_PORT, &TEST_PORT_STR)) {
263 return 1;
264 }
265
roman60c4ddd2023-12-21 11:02:37 +0100[diff] [blame]266 setenv("CMOCKA_TEST_ABORT", "1", 1);
267 return cmocka_run_group_tests(tests, NULL, NULL);
268}