[28133] in CVS-changelog-for-Kerberos-V5
krb5 commit: Test bogus KDC-REQs
daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Dec 31 20:48:26 2013
Date: Tue, 31 Dec 2013 20:48:21 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201401010148.s011mLX2030442@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/dae7693f8bf970d89d4c697f3d66a7d458281b93
commit dae7693f8bf970d89d4c697f3d66a7d458281b93
Author: Tom Yu <tlyu@mit.edu>
Date: Tue Dec 31 19:43:28 2013 -0500
Test bogus KDC-REQs
Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
from failures in decode_krb5_as_req() and decode_krb5_tgs_req(). Also
send an encoding that isn't a valid KDC-REQ.
ticket: 7811 (new)
target_version: 1.12.1
tags: pullup
src/tests/Makefile.in | 1 +
src/tests/t_bogus_kdc_req.py | 44 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+), 0 deletions(-)
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index a412ba9..2bd7a5c 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -128,6 +128,7 @@ check-pytests:: t_init_creds t_localauth
$(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \
-i au.log
$(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
clean::
$(RM) gcred hist hrealm kdbtest plugorder responder s2p
diff --git a/src/tests/t_bogus_kdc_req.py b/src/tests/t_bogus_kdc_req.py
new file mode 100644
index 0000000..b6208ca
--- /dev/null
+++ b/src/tests/t_bogus_kdc_req.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python
+
+import base64
+import socket
+from k5test import *
+
+realm = K5Realm()
+
+# Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
+# and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
+# from failures in decode_krb5_as_req() and decode_krb5_tgs_req().
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+a = (hostname, realm.portbase)
+
+
+# Bogus AS-REQ
+
+x1 = base64.b16decode('6AFF')
+s.sendto(x1, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+# Bogus TGS-REQ
+
+x2 = base64.b16decode('6CFF')
+s.sendto(x2, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+# Not a KDC-REQ, even a little bit
+
+x3 = base64.b16decode('FFFF')
+s.sendto(x3, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+success('Bogus KDC-REQ test')
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
