1/*
2 Copyright (c) 2007-2017 Contributors as noted in the AUTHORS file
3
4 This file is part of libzmq, the ZeroMQ core engine in C++.
5
6 libzmq is free software; you can redistribute it and/or modify it under
7 the terms of the GNU Lesser General Public License (LGPL) as published
8 by the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 As a special exception, the Contributors give you permission to link
12 this library with independent modules to produce an executable,
13 regardless of the license terms of these independent modules, and to
14 copy and distribute the resulting executable under terms of your choice,
15 provided that you also meet, for each linked independent module, the
16 terms and conditions of the license of that module. An independent
17 module is a module which is not derived from or based on this library.
18 If you modify this library, you must extend this exception to your
19 version of the library.
20
21 libzmq is distributed in the hope that it will be useful, but WITHOUT
22 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
23 FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
24 License for more details.
25
26 You should have received a copy of the GNU Lesser General Public License
27 along with this program. If not, see <http://www.gnu.org/licenses/>.
28*/
29
30#include "testutil.hpp"
31#include "testutil_unity.hpp"
32
33#if defined(ZMQ_HAVE_WINDOWS)
34#include <winsock2.h>
35#include <ws2tcpip.h>
36#include <stdexcept>
37#define close closesocket
38#else
39#include <sys/socket.h>
40#include <netinet/in.h>
41#include <arpa/inet.h>
42#include <unistd.h>
43#endif
44
45#include <stdlib.h>
46#include <string.h>
47
48static void zap_handler (void *zap_)
49{
50 // Process ZAP requests forever
51 while (true) {
52 char *version = s_recv (zap_);
53 if (!version)
54 break; // Terminating
55 char *sequence = s_recv (zap_);
56 char *domain = s_recv (zap_);
57 char *address = s_recv (zap_);
58 char *routing_id = s_recv (zap_);
59 char *mechanism = s_recv (zap_);
60 char *username = s_recv (zap_);
61 char *password = s_recv (zap_);
62
63 TEST_ASSERT_EQUAL_STRING ("1.0", version);
64 TEST_ASSERT_EQUAL_STRING ("PLAIN", mechanism);
65 TEST_ASSERT_EQUAL_STRING ("IDENT", routing_id);
66
67 send_string_expect_success (zap_, version, ZMQ_SNDMORE);
68 send_string_expect_success (zap_, sequence, ZMQ_SNDMORE);
69 if (streq (username, "admin") && streq (password, "password")) {
70 send_string_expect_success (zap_, "200", ZMQ_SNDMORE);
71 send_string_expect_success (zap_, "OK", ZMQ_SNDMORE);
72 send_string_expect_success (zap_, "anonymous", ZMQ_SNDMORE);
73 send_string_expect_success (zap_, "", 0);
74 } else {
75 send_string_expect_success (zap_, "400", ZMQ_SNDMORE);
76 send_string_expect_success (zap_, "Invalid username or password",
77 ZMQ_SNDMORE);
78 send_string_expect_success (zap_, "", ZMQ_SNDMORE);
79 send_string_expect_success (zap_, "", 0);
80 }
81 free (version);
82 free (sequence);
83 free (domain);
84 free (address);
85 free (routing_id);
86 free (mechanism);
87 free (username);
88 free (password);
89 }
90 TEST_ASSERT_SUCCESS_ERRNO (zmq_close (zap_));
91}
92
93void *zap_thread;
94
95char my_endpoint[MAX_SOCKET_STRING];
96
97static void setup_zap_handler ()
98{
99 // Spawn ZAP handler
100 // We create and bind ZAP socket in main thread to avoid case
101 // where child thread does not start up fast enough.
102 void *handler = zmq_socket (get_test_context (), ZMQ_REP);
103 TEST_ASSERT_SUCCESS_ERRNO (zmq_bind (handler, "inproc://zeromq.zap.01"));
104 zap_thread = zmq_threadstart (&zap_handler, handler);
105}
106
107static void teardown_zap_handler ()
108{
109 // Wait until ZAP handler terminates
110 zmq_threadclose (zap_thread);
111}
112
113const char domain[] = "test";
114
115void *server;
116
117static void setup_server ()
118{
119 // Server socket will accept connections
120 server = test_context_socket (ZMQ_DEALER);
121 TEST_ASSERT_SUCCESS_ERRNO (
122 zmq_setsockopt (server, ZMQ_ROUTING_ID, "IDENT", 6));
123 TEST_ASSERT_SUCCESS_ERRNO (
124 zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, domain, strlen (domain)));
125 const int as_server = 1;
126 TEST_ASSERT_SUCCESS_ERRNO (
127 zmq_setsockopt (server, ZMQ_PLAIN_SERVER, &as_server, sizeof (int)));
128 bind_loopback_ipv4 (server, my_endpoint, sizeof my_endpoint);
129}
130
131static void teardown_server ()
132{
133 test_context_socket_close (server);
134}
135
136void setUp ()
137{
138 setup_test_context ();
139 setup_zap_handler ();
140 setup_server ();
141}
142
143void tearDown ()
144{
145 teardown_server ();
146 teardown_test_context ();
147 teardown_zap_handler ();
148}
149
150void test_plain_success ()
151{
152 // Check PLAIN security with correct username/password
153 void *client = test_context_socket (ZMQ_DEALER);
154 const char username[] = "admin";
155 TEST_ASSERT_SUCCESS_ERRNO (
156 zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, username, strlen (username)));
157 const char password[] = "password";
158 TEST_ASSERT_SUCCESS_ERRNO (
159 zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, password, strlen (password)));
160 TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
161 bounce (server, client);
162 test_context_socket_close (client);
163}
164
165void test_plain_client_as_server_fails ()
166{
167 // Check PLAIN security with badly configured client (as_server)
168 // This will be caught by the plain_server class, not passed to ZAP
169 void *client = test_context_socket (ZMQ_DEALER);
170 TEST_ASSERT_SUCCESS_ERRNO (
171 zmq_setsockopt (client, ZMQ_ZAP_DOMAIN, domain, strlen (domain)));
172 const int as_server = 1;
173 TEST_ASSERT_SUCCESS_ERRNO (
174 zmq_setsockopt (client, ZMQ_PLAIN_SERVER, &as_server, sizeof (int)));
175 TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
176 expect_bounce_fail (server, client);
177 test_context_socket_close_zero_linger (client);
178}
179
180void test_plain_wrong_credentials_fails ()
181{
182 // Check PLAIN security -- failed authentication
183 void *client = test_context_socket (ZMQ_DEALER);
184 const char username[] = "wronguser";
185 const char password[] = "wrongpass";
186 TEST_ASSERT_SUCCESS_ERRNO (
187 zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, username, strlen (username)));
188 TEST_ASSERT_SUCCESS_ERRNO (
189 zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, password, strlen (password)));
190 TEST_ASSERT_SUCCESS_ERRNO (zmq_connect (client, my_endpoint));
191 expect_bounce_fail (server, client);
192 test_context_socket_close_zero_linger (client);
193}
194
195void test_plain_vanilla_socket ()
196{
197 // Unauthenticated messages from a vanilla socket shouldn't be received
198 struct sockaddr_in ip4addr;
199 fd_t s;
200
201 unsigned short int port;
202 int rc = sscanf (my_endpoint, "tcp://127.0.0.1:%hu", &port);
203 TEST_ASSERT_EQUAL_INT (1, rc);
204
205 ip4addr.sin_family = AF_INET;
206 ip4addr.sin_port = htons (port);
207#if defined(ZMQ_HAVE_WINDOWS) && (_WIN32_WINNT < 0x0600)
208 ip4addr.sin_addr.s_addr = inet_addr ("127.0.0.1");
209#else
210 inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr);
211#endif
212
213 s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
214 rc = connect (s, reinterpret_cast<struct sockaddr *> (&ip4addr),
215 sizeof (ip4addr));
216 TEST_ASSERT_GREATER_THAN_INT (-1, rc);
217 // send anonymous ZMTP/1.0 greeting
218 send (s, "\x01\x00", 2, 0);
219 // send sneaky message that shouldn't be received
220 send (s, "\x08\x00sneaky\0", 9, 0);
221 int timeout = 250;
222 zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
223 char *buf = s_recv (server);
224 if (buf != NULL) {
225 printf ("Received unauthenticated message: %s\n", buf);
226 TEST_ASSERT_NULL (buf);
227 }
228 close (s);
229}
230
231int main (void)
232{
233 setup_test_environment ();
234
235 UNITY_BEGIN ();
236 RUN_TEST (test_plain_success);
237 RUN_TEST (test_plain_client_as_server_fails);
238 RUN_TEST (test_plain_wrong_credentials_fails);
239 RUN_TEST (test_plain_vanilla_socket);
240 return UNITY_END ();
241}
242