diff options
author | Tom Yu <tlyu@mit.edu> | 2013-12-31 19:43:28 -0500 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2013-12-31 20:40:35 -0500 |
commit | dae7693f8bf970d89d4c697f3d66a7d458281b93 (patch) | |
tree | 4c5e593626eba96a4775ad5d501ad67bbf7f4279 | |
parent | 30589b2a1636de9f9b68591f0e546cb0fa21989f (diff) | |
download | krb5-dae7693f8bf970d89d4c697f3d66a7d458281b93.tar.gz krb5-dae7693f8bf970d89d4c697f3d66a7d458281b93.tar.xz krb5-dae7693f8bf970d89d4c697f3d66a7d458281b93.zip |
Test bogus KDC-REQs
Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
from failures in decode_krb5_as_req() and decode_krb5_tgs_req(). Also
send an encoding that isn't a valid KDC-REQ.
ticket: 7811 (new)
target_version: 1.12.1
tags: pullup
-rw-r--r-- | src/tests/Makefile.in | 1 | ||||
-rw-r--r-- | src/tests/t_bogus_kdc_req.py | 44 |
2 files changed, 45 insertions, 0 deletions
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index a412ba9a8e..2bd7a5ce1d 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -128,6 +128,7 @@ check-pytests:: t_init_creds t_localauth $(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \ -i au.log $(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS) clean:: $(RM) gcred hist hrealm kdbtest plugorder responder s2p diff --git a/src/tests/t_bogus_kdc_req.py b/src/tests/t_bogus_kdc_req.py new file mode 100644 index 0000000000..b6208ca685 --- /dev/null +++ b/src/tests/t_bogus_kdc_req.py @@ -0,0 +1,44 @@ +#!/usr/bin/python + +import base64 +import socket +from k5test import * + +realm = K5Realm() + +# Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req() +# and krb5_is_tgs_req(), to make sure that the KDC recovers correctly +# from failures in decode_krb5_as_req() and decode_krb5_tgs_req(). + +s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +a = (hostname, realm.portbase) + + +# Bogus AS-REQ + +x1 = base64.b16decode('6AFF') +s.sendto(x1, a) + +# Make sure kinit still works. + +realm.kinit(realm.user_princ, password('user')) + +# Bogus TGS-REQ + +x2 = base64.b16decode('6CFF') +s.sendto(x2, a) + +# Make sure kinit still works. + +realm.kinit(realm.user_princ, password('user')) + +# Not a KDC-REQ, even a little bit + +x3 = base64.b16decode('FFFF') +s.sendto(x3, a) + +# Make sure kinit still works. + +realm.kinit(realm.user_princ, password('user')) + +success('Bogus KDC-REQ test') |