1 /* zxidssofinalizetest.c - Test Processing of a7n by zxid_sso_finalize()
2 * Copyright (c) 2006-2007 Symlabs (symlabs@symlabs.com), All Rights Reserved.
3 * Author: Sampo Kellomaki (sampo@iki.fi)
4 * This is confidential unpublished proprietary source code of the author.
5 * NO WARRANTY, not even implied warranties. Contains trade secrets.
6 * Distribution prohibited unless authorized in writing.
7 * Licensed under Apache License 2.0, see file COPYING.
8 * $Id: zxidssofinalizetest.c,v 1.6 2009-11-24 23:53:40 sampo Exp $
9 *
10 * 1.7.2006, started --Sampo
11 * 9.2.2007, improved to make basis of a test suite tool --Sampo
12 *
13 * Test encoding and decoding SAML 2.0 assertions and other related stuff.
14 */
15
16 #include <signal.h>
17 #include <fcntl.h>
18 #include <netdb.h>
19 #include <string.h>
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <errno.h>
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <sys/wait.h>
26 #include <openssl/x509.h>
27
28 #include "errmac.h"
29
30 #include "zx.h"
31 #include "zxid.h"
32 #include "c/zxidvers.h"
33 #include "c/zx-data.h"
34 #include "c/zx-const.h"
35 #include "c/zx-ns.h"
36
37 int read_all_fd(int fd, char* p, int want, int* got_all);
38 int write_all_fd(int fd, char* p, int pending);
39
40 CU8* help =
41 "zxidssofinalizetest - Test processing a7n by zxid_sso_finalize() - R" ZXID_REL "\n\
42 Copyright (c) 2007 Symlabs (symlabs@symlabs.com), All Rights Reserved.\n\
43 Author: Sampo Kellomaki (sampo@iki.fi)\n\
44 NO WARRANTY, not even implied warranties. Licensed under Apache License v2.0\n\
45 See http://www.apache.org/licenses/LICENSE-2.0\n\
46 Send well researched bug reports to the author. Home: zxid.org\n\
47 \n\
48 Usage: zxidssofinalizetest [options] <a7n.xml\n\
49 -v Verbose messages.\n\
50 -q Be extra quiet.\n\
51 -d Turn on debugging.\n\
52 -license Show licensing and NO WARRANTY details.\n\
53 -h This help message\n\
54 -- End of options\n";
55
56 #define DIE(reason) MB fprintf(stderr, "%s\n", reason); exit(2); ME
57
58 int ak_buf_size = 0;
59 int verbose = 1;
60 extern int errmac_debug;
61 int timeout = 0;
62 int gcthreshold = 0;
63 int leak_free = 0;
64 extern int assert_nonfatal;
65 int drop_uid = 0;
66 int drop_gid = 0;
67 char* rand_path;
68 char* egd_path;
69 char symmetric_key[1024];
70 int symmetric_key_len;
71 int n_iter = 1;
72
73 /* Called by: main x8, zxbusd_main, zxbuslist_main, zxbustailf_main, zxcall_main, zxcot_main, zxdecode_main */
opt(int * argc,char *** argv,char *** env)74 void opt(int* argc, char*** argv, char*** env)
75 {
76 if (*argc <= 1) goto argerr;
77
78 while (1) {
79 ++(*argv); --(*argc);
80
81 if (!(*argc) || ((*argv)[0][0] != '-')) break; /* probably the remote host and port */
82
83 switch ((*argv)[0][1]) {
84 case '-': if ((*argv)[0][2]) break;
85 ++(*argv); --(*argc);
86 DD("End of options by --");
87 return; /* -- ends the options */
88
89 case 'n': if ((*argv)[0][2]) break;
90 ++(*argv); --(*argc);
91 if (!(*argc)) break;
92 n_iter = atoi((*argv)[0]);
93 continue;
94
95 case 't': if ((*argv)[0][2]) break;
96 ++(*argv); --(*argc);
97 if (!(*argc)) break;
98 timeout = atoi((*argv)[0]);
99 continue;
100
101 case 'd':
102 switch ((*argv)[0][2]) {
103 case '\0':
104 ++errmac_debug;
105 continue;
106 case 'i': if ((*argv)[0][3]) break;
107 ++(*argv); --(*argc);
108 if (!(*argc)) break;
109 errmac_instance = (*argv)[0];
110 continue;
111 }
112 break;
113
114 case 'v':
115 switch ((*argv)[0][2]) {
116 case '\0':
117 ++verbose;
118 continue;
119 }
120 break;
121
122 case 'q':
123 switch ((*argv)[0][2]) {
124 case '\0':
125 verbose = 0;
126 continue;
127 }
128 break;
129
130 case 'e':
131 switch ((*argv)[0][2]) {
132 case 'g': if ((*argv)[0][3] != 'd' || (*argv)[0][4]) break;
133 ++(*argv); --(*argc);
134 if (!(*argc)) break;
135 egd_path = (*argv)[0];
136 continue;
137 }
138 break;
139
140 case 'r':
141 switch ((*argv)[0][2]) {
142 case 'f':
143 /*AK_TS(LEAK, 0, "memory leaks enabled");*/
144 #if 1
145 ERR("*** WARNING: You have turned memory frees to memory leaks. We will (eventually) run out of memory. Using -rf is not recommended. %d\n", 0);
146 #endif
147 ++leak_free;
148 continue;
149 #if 0
150 case 'e':
151 if ((*argv)[0][3]) break;
152 ++(*argv); --(*argc);
153 if ((*argc) < 4) break;
154 sscanf((*argv)[0], "%i", &abort_funcno);
155 ++(*argv); --(*argc);
156 sscanf((*argv)[0], "%i", &abort_line);
157 ++(*argv); --(*argc);
158 sscanf((*argv)[0], "%i", &abort_error_code);
159 ++(*argv); --(*argc);
160 sscanf((*argv)[0], "%i", &abort_iter);
161 fprintf(stderr, "Will force core upon %x:%x err=%d iter=%d\n",
162 abort_funcno, abort_line, abort_error_code, abort_iter);
163 continue;
164 #endif
165 case 'g':
166 if ((*argv)[0][3]) break;
167 ++(*argv); --(*argc);
168 if (!(*argc)) break;
169 gcthreshold = atoi((*argv)[0]);
170 if (!gcthreshold)
171 ERR("*** WARNING: You have disabled garbage collection. This may lead to increased memory consumption for scripts that handle a lot of PDUs or run for long time. Using `-rg 0' is not recommended. %d\n", 0);
172 continue;
173 case 'a':
174 if ((*argv)[0][3] == 0) {
175 /*AK_TS(ASSERT_NONFATAL, 0, "assert nonfatal enabled");*/
176 #if 1
177 ERR("*** WARNING: YOU HAVE TURNED ASSERTS OFF USING -ra FLAG. THIS MEANS THAT YOU WILL NOT BE ABLE TO OBTAIN ANY SUPPORT. IF PROGRAM NOW TRIES TO ASSERT IT MAY MYSTERIOUSLY AND UNPREDICTABLY CRASH INSTEAD, AND NOBODY WILL BE ABLE TO FIGURE OUT WHAT WENT WRONG OR HOW MUCH DAMAGE MAY BE DONE. USING -ra IS NOT RECOMMENDED. %d\n", assert_nonfatal);
178 #endif
179 ++assert_nonfatal;
180 continue;
181 }
182 if (!strcmp((*argv)[0],"-rand")) {
183 ++(*argv); --(*argc);
184 if (!(*argc)) break;
185 rand_path = (*argv)[0];
186 continue;
187 }
188 break;
189 }
190 break;
191
192 case 'k':
193 switch ((*argv)[0][2]) {
194 case '\0':
195 ++(*argv); --(*argc);
196 if (!(*argc)) break;
197 read_all_fd(atoi((*argv)[0]), symmetric_key, sizeof(symmetric_key), &symmetric_key_len);
198 D("Got %d characters of symmetric key", symmetric_key_len);
199 continue;
200 }
201 break;
202
203 case 'c': if ((*argv)[0][2]) break;
204 ++(*argv); --(*argc);
205 if (!(*argc)) break;
206 #ifndef ENCRYPTION
207 ERR("Encryption not compiled in. %d",0);
208 #endif
209 continue;
210
211 case 'u':
212 switch ((*argv)[0][2]) {
213 case 'i': if ((*argv)[0][3] != 'd' || (*argv)[0][4]) break;
214 ++(*argv); --(*argc);
215 if (!(*argc)) break;
216 sscanf((*argv)[0], "%i:%i", &drop_uid, &drop_gid);
217 continue;
218 }
219 break;
220
221 case 'l':
222 switch ((*argv)[0][2]) {
223 case 'i':
224 if (!strcmp((*argv)[0],"-license")) {
225 extern char* license;
226 fprintf(stderr, license);
227 exit(0);
228 }
229 break;
230 }
231 break;
232
233 }
234 /* fall thru means unrecognized flag */
235 if (*argc)
236 fprintf(stderr, "Unrecognized flag `%s'\n", (*argv)[0]);
237 argerr:
238 fprintf(stderr, help);
239 exit(3);
240 }
241 }
242
243 /* ============== M A I N ============== */
244
245 /* Called by: */
main(int argc,char ** argv,char ** env)246 int main(int argc, char** argv, char** env)
247 {
248 zxid_conf* cf;
249 zxid_cgi cgi;
250 zxid_ses ses;
251 struct zx_root_s* r;
252 int ret, got_all, len_so;
253 char buf[256*1024];
254 opt(&argc, &argv, &env);
255
256 len_so = read_all_fd(fdstdin, buf, sizeof(buf)-1, &got_all);
257 if (got_all <= 0) DIE("Missing data");
258 buf[got_all] = 0;
259
260 D("Decoding %d chars, n_iter(%d)\n", got_all, n_iter);
261
262 cf = zxid_new_conf_to_cf("PATH=/var/sfis/");
263
264 for (; n_iter; --n_iter) {
265 r = zx_dec_zx_root(cf->ctx, got_all, buf, "fin test"); /* *** n_decode=1000 */
266 if (!r)
267 DIE("Decode failure");
268
269 if (!r->Assertion)
270 DIE("No assertion in input");
271
272 ses->sigres = ZXSIG_NO_SIG;
273 ret = zxid_sp_sso_finalize(cf, &cgi, &ses, r->Assertion);
274 D("sso_finalize=%d", ret);
275
276 zx_FREE_root(cf->ctx, r, 0);
277 }
278 return 0;
279 }
280
281 /* EOF -- zxidssofinalizetest.c */
282