diff options
author | jpadkins <jacobpadkins@gmail.com> | 2017-04-03 20:08:07 +0300 |
---|---|---|
committer | jpadkins <jacobpadkins@gmail.com> | 2017-04-03 20:08:07 +0300 |
commit | 5a438a9d0a7a0f58a827184af64bd1cfabc8b7c1 (patch) | |
tree | 9a1be610914fae50ffa5a4abc6f54316aac6ca16 /check/magma/servers | |
parent | 629c94ff079176dd7f124e2ba519b72ce1ca6361 (diff) | |
parent | f1bb314aba2d5c0f51e6c299c370d8e8b434181f (diff) |
Merge branch 'develop' of https://github.com/lavabit/magma into feature/more-camel-tests
Diffstat (limited to 'check/magma/servers')
-rw-r--r-- | check/magma/servers/http/http_check.c | 9 | ||||
-rw-r--r-- | check/magma/servers/http/http_check_network.c | 22 | ||||
-rw-r--r-- | check/magma/servers/imap/imap_check.c | 12 | ||||
-rw-r--r-- | check/magma/servers/imap/imap_check_network.c | 83 | ||||
-rw-r--r-- | check/magma/servers/pop/pop_check.c | 4 | ||||
-rw-r--r-- | check/magma/servers/pop/pop_check_network.c | 52 | ||||
-rw-r--r-- | check/magma/servers/smtp/checkers_check.c | 40 | ||||
-rw-r--r-- | check/magma/servers/smtp/smtp_check.c | 28 | ||||
-rw-r--r-- | check/magma/servers/smtp/smtp_check.h | 4 | ||||
-rw-r--r-- | check/magma/servers/smtp/smtp_check_network.c | 46 |
10 files changed, 122 insertions, 178 deletions
diff --git a/check/magma/servers/http/http_check.c b/check/magma/servers/http/http_check.c index e9df914c..53d5b222 100644 --- a/check/magma/servers/http/http_check.c +++ b/check/magma/servers/http/http_check.c @@ -21,9 +21,6 @@ START_TEST (check_http_network_basic_tcp_s) { else if (status() && !check_http_network_basic_sthread(errmsg, server->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } log_test("HTTP / NETWORK / BASIC / TCP / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -44,9 +41,6 @@ START_TEST (check_http_network_basic_tls_s) { else if (status() && !check_http_network_basic_sthread(errmsg, server->network.port, true)) { outcome = false; } - else { - errmsg = NULL; - } log_test("HTTP / NETWORK / BASIC / TLS / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -67,9 +61,6 @@ START_TEST (check_http_network_options_s) { else if (status() && !check_http_network_options_sthread(errmsg, server->network.port, true)) { outcome = false; } - else { - errmsg = NULL; - } log_test("HTTP / NETWORK / OPTIONS / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); diff --git a/check/magma/servers/http/http_check_network.c b/check/magma/servers/http/http_check_network.c index b4928eb0..5675d664 100644 --- a/check/magma/servers/http/http_check_network.c +++ b/check/magma/servers/http/http_check_network.c @@ -111,31 +111,26 @@ bool_t check_http_network_basic_sthread(stringer_t *errmsg, uint32_t port, bool_ client_t *client = NULL; // Test the connection. - if (!(client = client_connect("localhost", port)) || (secure && (client_secure(client) == -1)) || - client_status(client) != 1) { - + if (!(client = client_connect("localhost", port)) || (secure && (client_secure(client) == -1)) || client_status(client) != 1) { st_sprint(errmsg, "Failed to connect with the HTTP server."); client_close(client); return false; } // Test submitting a GET request. - else if (client_write(client, PLACER("GET / HTTP/1.1\r\nHost: localhost\r\n\r\n", 35)) != 35 || client_status(client) != 1 || - !(content_length = check_http_content_length_get(client, errmsg))) { - + else if (client_write(client, PLACER("GET / HTTP/1.1\r\nHost: localhost\r\n\r\n", 35)) != 35 || + client_status(client) != 1 || !(content_length = check_http_content_length_get(client, errmsg))) { if (st_empty(errmsg)) st_sprint(errmsg, "Failed to return a valid GET response."); client_close(client); return false; } // Test the response. else if (check_http_content_length_test(client, content_length, errmsg)) { - if (st_empty(errmsg)) st_sprint(errmsg, "The content length and actual body length of the GET response did not match."); client_close(client); return false; } client_close(client); - return true; } @@ -153,17 +148,14 @@ bool_t check_http_network_options_sthread(stringer_t *errmsg, uint32_t port, boo }; // Test the connection. - if (!(client = client_connect("localhost", port)) || (secure && (client_secure(client) == -1)) || - client_status(client) != 1) { - + if (!(client = client_connect("localhost", port)) || (secure && (client_secure(client) == -1)) || client_status(client) != 1) { st_sprint(errmsg, "Failed to connect with the HTTP server."); client_close(client); return false; } - // Test OPTIONS - else if (client_write(client, PLACER("OPTIONS /portal/camel HTTP/1.1\r\n\r\n", 34)) != 34 || client_status(client) != 1 || - !check_http_options(client, options, errmsg)) { - + // Test OPTIONS. + else if (client_write(client, PLACER("OPTIONS /portal/camel HTTP/1.1\r\n\r\n", 34)) != 34 || + client_status(client) != 1 || !check_http_options(client, options, errmsg)) { client_close(client); return false; } diff --git a/check/magma/servers/imap/imap_check.c b/check/magma/servers/imap/imap_check.c index 59477577..a74b30d2 100644 --- a/check/magma/servers/imap/imap_check.c +++ b/check/magma/servers/imap/imap_check.c @@ -20,9 +20,6 @@ START_TEST (check_imap_network_basic_tcp_s) { else if (status() && !check_imap_network_basic_sthread(errmsg, server->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } log_test("IMAP / NETWORK / BASIC / TCP / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -43,9 +40,6 @@ START_TEST (check_imap_network_basic_tls_s) { else if (status() && !check_imap_network_basic_sthread(errmsg, server->network.port, true)) { outcome = false; } - else { - errmsg = NULL; - } log_test("IMAP / NETWORK / BASIC / TLS / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -66,9 +60,6 @@ START_TEST (check_imap_network_search_s) { else if (status() && !check_imap_network_search_sthread(errmsg, server->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } log_test("IMAP / NETWORK / SEARCH / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -89,9 +80,6 @@ START_TEST (check_imap_network_fetch_s) { else if (status() && !check_imap_network_fetch_sthread(errmsg, server->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } log_test("IMAP / NETWORK / FETCH / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); diff --git a/check/magma/servers/imap/imap_check_network.c b/check/magma/servers/imap/imap_check_network.c index d5316589..3c0cdd94 100644 --- a/check/magma/servers/imap/imap_check_network.c +++ b/check/magma/servers/imap/imap_check_network.c @@ -191,6 +191,8 @@ bool_t check_imap_network_basic_sthread(stringer_t *errmsg, uint32_t port, bool_ return false; } + /// HIGH: Test other IMAP commands, like LIST, CREATE, TAG, APPEND. + // Test the LOGOUT command. else if (client_print(client, "A5 LOGOUT\r\n") <= 0 || !check_imap_client_read_end(client, "A5") || client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("A5 OK"))) { @@ -211,65 +213,62 @@ bool_t check_imap_network_search_sthread(stringer_t *errmsg, uint32_t port, bool client_t *client = NULL; stringer_t *tag = NULL, *success = NULL; chr_t *commands[] = { - "SEARCH ALL\r\n", - "SEARCH ANSWERED\r\n", -// "SEARCH BCC\r\n", -// "SEARCH BEFORE 01-Apr-2017\r\n", -// "SEARCH BODY Hello\r\n", -// "SEARCH CC\r\n", -// "SEARCH DELETED\r\n", -// "SEARCH FLAGGED\r\n", -// "SEARCH FROM ladar@lavabit.com\r\n", -// "SEARCH HEADER lavabit\r\n", -// "SEARCH KEYWORD Seen\r\n", -// "SEARCH LARGER 1024\r\n", -// "SEARCH NEW\r\n", -// "SEARCH NOT Seen\r\n", -// "SEARCH OLD\r\n", -// "SEARCH ON 23-Mar-2017\r\n", -// "SEARCH OR Seen Flagged\r\n", -// "SEARCH RECENT\r\n", -// "SEARCH SEEN\r\n", -// "SEARCH SENTBEFORE 23-Mar-2017\r\n", -// "SEARCH SENTON 23-Mar-2017\r\n", -// "SEARCH SENTSINCE 01-Jan-2017\r\n", -// "SEARCH SINCE 01-Jan-2017\r\n", -// "SEARCH SMALLER 30960\r\n", -// "SEARCH SUBJECT lavabit\r\n", -// "SEARCH TEXT lavabit\r\n", -// "SEARCH TO ladar@lavabit.com\r\n", -// "SEARCH UID 1\r\n", -// "SEARCH UNANSWERED\r\n", -// "SEARCH UNDELETED\r\n", -// "SEARCH UNDRAFT\r\n", -// "SEARCH UNFLAGGED\r\n", -// "SEARCH UNKEYWORD Seen\r\n", - "SEARCH UNSEEN\r\n" + "SEARCH 1 ALL\r\n", + "SEARCH 1 ANSWERED\r\n", + "SEARCH 1 BCC\r\n", + "SEARCH 1 BEFORE 01-Apr-2017\r\n", + "SEARCH 1 BODY Hello\r\n", + "SEARCH 1 CC\r\n", + "SEARCH 1 DELETED\r\n", + "SEARCH 1 FLAGGED\r\n", + "SEARCH 1 FROM ladar@lavabit.com\r\n", + "SEARCH 1 HEADER lavabit\r\n", + "SEARCH 1 KEYWORD Seen\r\n", + "SEARCH 1 LARGER 1024\r\n", + "SEARCH 1 NEW\r\n", + "SEARCH 1 NOT Seen\r\n", + "SEARCH 1 OLD\r\n", + "SEARCH 1 ON 23-Mar-2017\r\n", + "SEARCH 1 OR Seen Flagged\r\n", + "SEARCH 1 RECENT\r\n", + "SEARCH 1 SEEN\r\n", + "SEARCH 1 SENTBEFORE 23-Mar-2017\r\n", + "SEARCH 1 SENTON 23-Mar-2017\r\n", + "SEARCH 1 SENTSINCE 01-Jan-2017\r\n", + "SEARCH 1 SINCE 01-Jan-2017\r\n", + "SEARCH 1 SMALLER 30960\r\n", + "SEARCH 1 SUBJECT lavabit\r\n", + "SEARCH 1 TEXT lavabit\r\n", + "SEARCH 1 TO ladar@lavabit.com\r\n", + "SEARCH 1 UID 1\r\n", + "SEARCH 1 UNANSWERED\r\n", + "SEARCH 1 UNDELETED\r\n", + "SEARCH 1 UNDRAFT\r\n", + "SEARCH 1 UNFLAGGED\r\n", + "SEARCH 1 UNKEYWORD Seen\r\n", + "SEARCH 1 UNSEEN\r\n" }; // Check the initial response. if (!(client = client_connect("localhost", port)) || (secure && (client_secure(client) == -1)) || !net_set_timeout(client->sockd, 20, 20) || client_read_line(client) <= 0 || (client->status != 1) || st_cmp_cs_starts(&(client->line), NULLER("* OK"))) { - st_sprint(errmsg, "Failed to connect with the IMAP server."); client_close(client); return false; } // Test the LOGIN command. else if (!check_imap_client_login(client, "princess", "password", "A0", errmsg)) { - client_close(client); return false; } // Test the SELECT command. else if (!check_imap_client_select(client, "Inbox", "A1", errmsg)) { - client_close(client); return false; } - // Test each of the commands. + // Test each of the SEARCH commands. for (uint32_t i = 0; i < sizeof(commands)/sizeof(chr_t*); i++) { tag_num = i + 2; @@ -292,8 +291,8 @@ bool_t check_imap_network_search_sthread(stringer_t *errmsg, uint32_t port, bool return false; } - st_free(tag); st_free(success); + st_free(tag); } // Test the CLOSE and LOGOUT commands; @@ -326,20 +325,17 @@ bool_t check_imap_network_fetch_sthread(stringer_t *errmsg, uint32_t port, bool_ if (!(client = client_connect("localhost", port)) || (secure && (client_secure(client) == -1)) || !net_set_timeout(client->sockd, 20, 20) || client_read_line(client) <= 0 || (client->status != 1) || st_cmp_cs_starts(&(client->line), NULLER("* OK"))) { - st_sprint(errmsg, "Failed to connect with the IMAP server."); client_close(client); return false; } // Test the LOGIN command. else if (!check_imap_client_login(client, "princess", "password", "A0", errmsg)) { - client_close(client); return false; } // Test the SELECT command. else if (!check_imap_client_select(client, "Inbox", "A1", errmsg)) { - client_close(client); return false; } @@ -350,7 +346,6 @@ bool_t check_imap_network_fetch_sthread(stringer_t *errmsg, uint32_t port, bool_ if (!(tag = st_alloc(uint32_digits(tag_num) + 2)) || (st_sprint(tag, "A%u", tag_num) != uint32_digits(tag_num) + 1) || !(success = st_merge("sn", tag, " OK"))) { - st_sprint(errmsg, "Failed to construct the tag or success strings. { i = %d }", i); st_cleanup(tag, success); client_close(client); @@ -359,7 +354,6 @@ bool_t check_imap_network_fetch_sthread(stringer_t *errmsg, uint32_t port, bool_ else if (client_print(client, "%s %s\r\n", st_char_get(tag), commands[i]) <= 0 || !check_imap_client_read_end(client, st_char_get(tag)) || client_status(client) != 1 || st_cmp_cs_starts(&(client->line), success)) { - st_sprint(errmsg, "Failed to return a successful status. { command = \"%s\" }", commands[i]); st_cleanup(tag, success); client_close(client); @@ -370,7 +364,6 @@ bool_t check_imap_network_fetch_sthread(stringer_t *errmsg, uint32_t port, bool_ } // Test the CLOSE and LOGOUT commands; if (!check_imap_client_close_logout(client, tag_num+1, errmsg)) { - client_close(client); return false; } diff --git a/check/magma/servers/pop/pop_check.c b/check/magma/servers/pop/pop_check.c index 6e3fb089..b3b1c45e 100644 --- a/check/magma/servers/pop/pop_check.c +++ b/check/magma/servers/pop/pop_check.c @@ -20,9 +20,6 @@ START_TEST (check_pop_network_basic_tcp_s) { else if (status() && !check_pop_network_basic_sthread(errmsg, tcp->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } log_test("POP / NETWORK / BASIC / TCP / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -42,7 +39,6 @@ START_TEST (check_pop_network_basic_tls_s) { } else if (status() && !check_pop_network_basic_sthread(errmsg, tls->network.port, true)) { outcome = false; - errmsg = NULL; } log_test("POP / NETWORK / BASIC / TLS / SINGLE THREADED:", errmsg); diff --git a/check/magma/servers/pop/pop_check_network.c b/check/magma/servers/pop/pop_check_network.c index b45c477d..348e683d 100644 --- a/check/magma/servers/pop/pop_check_network.c +++ b/check/magma/servers/pop/pop_check_network.c @@ -12,61 +12,71 @@ * @brief Calls client_read_line on a client until it reaches a period only line, returning * the number of messages in the inbox. * - * @param client The client_t* to read from (which should be connected to a POP server) - * @param size A uint64_t*. If not null, the total size of the lines read will be placed + * @param client The client_t pointer to read from (which should be connected to a POP server) + * @param size A uint64_t pointer. If not NULL, the total size of the lines read will be placed * at this address. - * @param token If not NULL and size if not NULL, then size will only be incremented after - * reaching a line that begins with token. + * @param token If not NULL, then the size variable will only include the number of bytes read after the token. * @return true if a line containing a single period is found, false if not. */ bool_t check_pop_client_read_end(client_t *client, uint64_t *size, chr_t *token) { - if (size) *size = 0; bool_t token_found = false; + if (size) *size = 0; + else if (!token) token_found = true; + + // There shouldn't be a token, if we aren't also supposed to be counting the number of bytes. + else if (!size && token) return false; + while (client_read_line(client) > 0) { + // Break when a line with just a period is found. if (!st_cmp_cs_eq(&(client->line), NULLER(".\r\n"))) return true; - else if (size && st_cmp_cs_starts(&(client->line), NULLER(token)) == 0) token_found = true; + + // If we have a size and a token, then keep checking for the token until its found. + else if (size && token && !token_found && st_cmp_cs_starts(&(client->line), NULLER(token)) == 0) token_found = true; if (size && token_found) *size += pl_length_get(client->line); } + return false; } /** - * Calls client_read_line on a client until it reaches a period only line, returning the - * number of messages in the inbox. + * @brief Calls client_read_line until it reaches a line containing only a period, then returns the number + * of messages it encountered. * - * @param client The client_t* to read from (which should be connected to a POP server). - * @param errmsg The stringer_t* to which error messages will be printed in event of an error. - * @return a uint32_t containing the number of messages in the inbox. + * @param client The client_t pointer to read from (which should be connected to a POP server). + * @param errmsg The stringer_t pointer to which error messages will be printed in event of an error. + * @return an uint32_t containing the number of messages in the inbox. */ uint64_t check_pop_client_read_list(client_t *client, stringer_t *errmsg) { placer_t fragment = pl_null(); uint64_t counter = 1, sequence = 0; - client_read_line(client); - while (client_read_line(client) > 0) { + /// LOW: Parse out the total message number from the first line returned and check against that at the end of the + /// function, returning an error if it and the counter do not match. + if (client_read_line(client) <= 0 || !pl_starts_with_char(client->line, '+')) { + st_sprint(errmsg, "The message list response failed to return a valid response."); + return 0; + } + while (client_read_line(client) > 0 && !pl_starts_with_char(client->line, '.')) { - if (pl_starts_with_char(client->line, '.')) { - return counter-2; - } - else if (tok_get_st(&(client->line), ' ', 0, &fragment) >= 0 && !uint64_conv_pl(fragment, &sequence) == 0) { - if (sequence != counter) return 0; - } - else { + // If the sequence number doesn't match our counter variable, we'll indicate an error. + if (tok_get_st(&(client->line), ' ', 0, &fragment) >= 0 && !uint64_conv_pl(fragment, &sequence) == 0 && sequence != counter) { + st_sprint(errmsg, "The message sequence appears to have skipped, because the internal counter no longer matches the sequence."); return 0; } counter++; } - return 0; + return counter - 1; } +/// LOW: This should use stringer parameters. bool_t check_pop_client_auth(client_t *client, chr_t *user, chr_t *pass, stringer_t *errmsg) { if (client_print(client, "USER %s\r\n", user) != (ns_length_get(user) + 7) || client_read_line(client) <= 0 || diff --git a/check/magma/servers/smtp/checkers_check.c b/check/magma/servers/smtp/checkers_check.c index 664e7186..2b96f48d 100644 --- a/check/magma/servers/smtp/checkers_check.c +++ b/check/magma/servers/smtp/checkers_check.c @@ -10,7 +10,6 @@ bool_t check_smtp_checkers_greylist_sthread(stringer_t *errmsg) { uint64_t now; connection_t con; - server_t *server = NULL; client_t *client = NULL; smtp_inbound_prefs_t prefs; stringer_t *value = NULL, *addr = MANAGEDBUF(128), *key = MANAGEDBUF(256); @@ -18,29 +17,15 @@ bool_t check_smtp_checkers_greylist_sthread(stringer_t *errmsg) { mm_wipe(&con, sizeof(connection_t)); mm_wipe(&prefs, sizeof(smtp_inbound_prefs_t)); + // Setup. We run the check with the bypass flag first, then remove it and try again. + prefs.usernum = 1; + prefs.greytime = 1; con.smtp.bypass = true; - con.smtp.authenticated = true; con.smtp.mailfrom = NULLER("check@example.com"); - if (!(server = servers_get_by_protocol(HTTP, false))) { - st_sprint(errmsg, "The SMTP greylist check couldn't find a valid SMTP server instance."); - return false; - } - - else if (!(client = client_connect("localhost", server->network.port))) { - st_sprint(errmsg, "The SMTP greylist check couldn't setup a socket connection for testing address resolution."); - return false; - } - - // The connection needs a valid network socket or the address lookup will fail randomly. - con.network.sockd = client->sockd; - con.network.reverse.ip = mm_alloc(sizeof(ip_t)); ip_str_addr("127.0.0.1", con.network.reverse.ip); - prefs.usernum = 1; - prefs.greytime = 1; - if (!(addr = con_addr_reversed(&con, addr)) || st_sprint(key, "magma.greylist.%lu.%.*s", prefs.usernum, st_length_int(addr), st_char_get(addr)) <= 0) { @@ -58,12 +43,14 @@ bool_t check_smtp_checkers_greylist_sthread(stringer_t *errmsg) { return false; } + // Run the check with bypass disabled. else if ((con.smtp.bypass = false) || smtp_check_greylist(&con, &prefs) != 0) { st_sprint(errmsg, "The SMTP greylist function failed to return 0 after the initial try."); client_close(client); return false; } + // Check that an immediate resubmission fails. else if (smtp_check_greylist(&con, &prefs) != 0) { st_sprint(errmsg, "The SMTP greylist check function failed to return 0 when resubmitted too fast."); client_close(client); @@ -95,9 +82,9 @@ bool_t check_smtp_checkers_greylist_sthread(stringer_t *errmsg) { bool_t check_smtp_checkers_regex_sthread(stringer_t *errmsg) { + int_t result = 0; struct re_pattern_buffer regbuff; - mm_wipe(®buff, sizeof(struct re_pattern_buffer)); - chr_t *expressions[] = { + chr_t *error = MEMORYBUF(1024), *expressions[] = { "\\/\\^From\\:\\.\\*\\(gmxmagazin\\\\\\@gmx\\\\\\-gmbh\\\\\\.de\\|mailings\\\\\\@gmx\\\\\\-gmbh\\\\\\.de\\|\\.\\*gmxred\\.\\*\\|elsa", "online836745\\@telkomsa\\.net\\,\\ adbplc78\\@gmail\\.com\\,\\ inside\\.all\\@uol\\.com\\.br\\,\\ a2\\-shark1\\.uol\\", "ashley\\ madison\\ married\\ affair\\ wives\\ pleasurable\\ gal\\ nsa\\ fun\\ dangerous\\ risky\\ scared\\ cost\\", @@ -152,9 +139,16 @@ bool_t check_smtp_checkers_regex_sthread(stringer_t *errmsg) { "bra\\" }; - for (size_t i = 0; i < (sizeof(expressions)/sizeof(chr_t*)); i++) { - if (regcomp(®buff, expressions[i], REG_ICASE) != 0) { - st_sprint(errmsg, "Regular expression compilation failed. { expression = %s }", expressions[i]); + /// MEDIUM: This check is disabled pending further investigation. + return true; + + mm_wipe(®buff, sizeof(struct re_pattern_buffer)); + + for (size_t i = 0; i < (sizeof(expressions) / sizeof(chr_t*)); i++) { + if ((result = regcomp(®buff, expressions[i], REG_ICASE)) != 0) { + regerror(result, ®buff, error, 1024); + st_sprint(errmsg, "Regular expression compilation failed. { expression = %s / code = %i / error = %s }", + expressions[i], result, error); return false; } } diff --git a/check/magma/servers/smtp/smtp_check.c b/check/magma/servers/smtp/smtp_check.c index a0b7e8d3..836d3072 100644 --- a/check/magma/servers/smtp/smtp_check.c +++ b/check/magma/servers/smtp/smtp_check.c @@ -21,9 +21,6 @@ START_TEST (check_smtp_network_basic_tcp_s) { else if (status() && !check_smtp_network_basic_sthread(errmsg, server->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } log_test("SMTP / NETWORK / BASIC / TCP / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -44,9 +41,6 @@ START_TEST (check_smtp_network_basic_tls_s) { else if (status() && !check_smtp_network_basic_sthread(errmsg, server->network.port, true)) { outcome = false; } - else { - errmsg = NULL; - } log_test("SMTP / NETWORK / BASIC / TLS / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -59,8 +53,7 @@ START_TEST (check_smtp_accept_store_message_s) { bool_t outcome = true; stringer_t *errmsg = MANAGEDBUF(2048); - outcome = check_smtp_accept_message_sthread(errmsg); - if (outcome) errmsg = NULL; + if (status()) outcome = check_smtp_accept_message_sthread(errmsg); log_test("SMTP / ACCEPT / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -73,8 +66,7 @@ START_TEST (check_smtp_checkers_greylist_s) { bool_t outcome = true; stringer_t *errmsg = MANAGEDBUF(1024); - outcome = check_smtp_checkers_greylist_sthread(errmsg); - if (outcome) errmsg = NULL; + if (status()) outcome = check_smtp_checkers_greylist_sthread(errmsg); log_test("SMTP / CHECKERS / GREYLIST / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -93,8 +85,6 @@ START_TEST (check_smtp_checkers_filters_s) { if (status() && outcome) outcome = check_smtp_checkers_filters_sthread(errmsg, SMTP_FILTER_ACTION_LABEL, 3); if (status() && outcome) outcome = check_smtp_checkers_filters_sthread(errmsg, SMTP_FILTER_ACTION_MARK_READ, 4); - if (outcome) errmsg = NULL; - log_test("SMTP / CHECKERS / FILTERS / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); } @@ -114,9 +104,10 @@ START_TEST (check_smtp_network_auth_plain_s) { else if (status() && !check_smtp_network_auth_sthread(errmsg, server->network.port, false)) { outcome = false; } - else { - errmsg = NULL; - } + + /// LOW: Add a variation of this test which takes place over TCP and thus fails specifically because the connection + /// lacks transport security (aka TLS). In other words, test for valid credentials first, and that it works via TLS, + /// before ensuring the same inputs fail via TCP. log_test("SMTP / NETWORK / AUTH PLAIN / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); @@ -137,9 +128,10 @@ START_TEST (check_smtp_network_auth_login_s) { else if (status() && !check_smtp_network_auth_sthread(errmsg, server->network.port, true)) { outcome = false; } - else { - errmsg = NULL; - } + + /// LOW: Add a variation of this test which takes place over TCP and thus fails specifically because the connection + /// lacks transport security (aka TLS). In other words, test for valid credentials first, and that it works via TLS, + /// before ensuring the same inputs fail via TCP. log_test("SMTP / NETWORK / AUTH LOGIN / SINGLE THREADED:", errmsg); ck_assert_msg(outcome, st_char_get(errmsg)); diff --git a/check/magma/servers/smtp/smtp_check.h b/check/magma/servers/smtp/smtp_check.h index 0e55dfbf..845b9f43 100644 --- a/check/magma/servers/smtp/smtp_check.h +++ b/check/magma/servers/smtp/smtp_check.h @@ -18,8 +18,8 @@ bool_t check_smtp_checkers_filters_sthread(stringer_t *errmsg, int_t action, int /// smtp_check_network.c bool_t check_smtp_client_read_end(client_t *client); bool_t check_smtp_client_mail_rcpt_data(client_t *client, chr_t *from, chr_t *to, stringer_t *errmsg); -bool_t check_smtp_client_auth_plain(client_t *client, chr_t *pass, stringer_t *errmsg); -bool_t check_smtp_client_auth_login(client_t *client, chr_t *user, chr_t *pass, stringer_t *errmsg); +bool_t check_smtp_client_auth_plain(client_t *client, stringer_t *auth); +bool_t check_smtp_client_auth_login(client_t *client, stringer_t *user, stringer_t *pass); bool_t check_smtp_client_quit(client_t *client, stringer_t *errmsg); bool_t check_smtp_network_basic_sthread(stringer_t *errmsg, uint32_t port, bool_t secure); bool_t check_smtp_network_auth_sthread(stringer_t *errmsg, uint32_t port, bool_t login); diff --git a/check/magma/servers/smtp/smtp_check_network.c b/check/magma/servers/smtp/smtp_check_network.c index 0a68fbed..2f75098f 100644 --- a/check/magma/servers/smtp/smtp_check_network.c +++ b/check/magma/servers/smtp/smtp_check_network.c @@ -34,7 +34,7 @@ bool_t check_smtp_client_read_end(client_t *client) { bool_t check_smtp_client_mail_rcpt_data(client_t *client, chr_t *from, chr_t *to, stringer_t *errmsg) { chr_t *line_from = "MAIL FROM: <%s>\r\n", *line_to = "RCPT TO: <%s>\r\n"; - size_t size_from = ns_length_get(line_from) + ns_length_get(from) -2, size_to = ns_length_get(line_to) + ns_length_get(to) -2; + size_t size_from = ns_length_get(line_from) + ns_length_get(from) - 2, size_to = ns_length_get(line_to) + ns_length_get(to) - 2; // Issue MAIL command. if (client_print(client, line_from, from) != size_from || !check_smtp_client_read_end(client) || @@ -69,15 +69,11 @@ bool_t check_smtp_client_mail_rcpt_data(client_t *client, chr_t *from, chr_t *to * and error * @return True if no errors, false otherwise */ -bool_t check_smtp_client_auth_plain(client_t *client, chr_t *auth, stringer_t *errmsg) { +bool_t check_smtp_client_auth_plain(client_t *client, stringer_t *auth) { - chr_t *line_auth = "AUTH PLAIN %s\r\n"; - - if (client_print(client, line_auth, auth) != (ns_length_get(line_auth) + ns_length_get(auth)) -2 || + if (client_print(client, "AUTH PLAIN %.*s\r\n", st_length_int(auth), st_char_get(auth)) != st_length_get(auth) + 13 || !check_smtp_client_read_end(client) || client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("235"))) { - - st_sprint(errmsg, "Failed to return a successful status after submitting credentials"); return false; } @@ -88,30 +84,22 @@ bool_t check_smtp_client_auth_plain(client_t *client, chr_t *auth, stringer_t *e * @brief Submits the AUTH LOGIN command to the passed client using the passed parameters * @param client A client_t* connected to an SMTP server that has had the HELO/EHLO command * already submitted - * @param user A chr_t* containing the username of the user - * @param pass A chr_t* containing the password of the user - * @param errmsg A stringer_t* that will have the error message printed to it in the event of - * and error - * @return True if no errors, false otherwise + * @param user A NULL string containing the username of the user. + * @param pass A NULL string containing the password of the user. + * @return true if no errors, false otherwise */ -bool_t check_smtp_client_auth_login(client_t *client, chr_t *user, chr_t *pass, stringer_t *errmsg) { +bool_t check_smtp_client_auth_login(client_t *client, stringer_t *user, stringer_t *pass) { if (client_write(client, PLACER("AUTH LOGIN\r\n", 12)) != 12 || !check_smtp_client_read_end(client) || client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("334"))) { - - st_sprint(errmsg, "Failed to return a proceed status code after AUTH LOGIN."); return false; } - else if (client_print(client, "%s\r\n", user) != ns_length_get(user) + 2 || !check_smtp_client_read_end(client) || - client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("334"))) { - - st_sprint(errmsg, "Failed to return a proceed status code after submitting username."); + else if (client_print(client, "%.*s\r\n", st_length_int(user), st_char_get(user)) != st_length_get(user) + 2 || + !check_smtp_client_read_end(client) || client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("334"))) { return false; } - else if (client_print(client, "%s\r\n", pass) != ns_length_get(pass) + 2 || !check_smtp_client_read_end(client) || - client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("235"))) { - - st_sprint(errmsg, "Failed to return a successful status after submitting credentials."); + else if (client_print(client, "%.*s\r\n", st_length_int(pass), st_char_get(pass)) != st_length_get(pass) + 2 || + !check_smtp_client_read_end(client) || client_status(client) != 1 || st_cmp_cs_starts(&(client->line), NULLER("235"))) { return false; } @@ -250,16 +238,16 @@ bool_t check_smtp_network_auth_sthread(stringer_t *errmsg, uint32_t port, bool_t return false; } // Issue AUTH with incorrect credentials. - else if ((login ? check_smtp_client_auth_login(client, "bWFnbWE=", "aW52YWxpZHBhc3N3b3Jk", errmsg) - : check_smtp_client_auth_plain(client, "bWFnbWEAbWFnbWEAaW52YWxpZHBhc3N3b3Jk", errmsg))) { - + else if ((login ? check_smtp_client_auth_login(client, NULLER("bWFnbWE="), NULLER("aW52YWxpZHBhc3N3b3Jk")) + : check_smtp_client_auth_plain(client, NULLER("bWFnbWEAbWFnbWEAaW52YWxpZHBhc3N3b3Jk")))) { + st_sprint(errmsg, "Invalid credentials appear to have authenticated when they should have failed."); client_close(client); return false; } // Issue AUTH with correct credentials. - else if (!(login ? check_smtp_client_auth_login(client, "bWFnbWE=", "cGFzc3dvcmQ=", errmsg) - : check_smtp_client_auth_plain(client, "bWFnbWEAbWFnbWEAcGFzc3dvcmQ=", errmsg))) { - + else if (!(login ? check_smtp_client_auth_login(client, NULLER("bWFnbWE="), NULLER("cGFzc3dvcmQ=")) + : check_smtp_client_auth_plain(client, NULLER("bWFnbWEAbWFnbWEAcGFzc3dvcmQ=")))) { + st_sprint(errmsg, "Failed to authenticate even though we supplied valid credentials."); client_close(client); return false; } |