From 2541fa25ca4c6505196ed11515f7cce6ef87c2f1 Mon Sep 17 00:00:00 2001 From: Daniel Oaks Date: Sun, 20 Dec 2015 13:07:13 +1000 Subject: [PATCH 1/4] irctest.client_tests.test_sasl: Support skipping unsupported mechanism tests --- irctest/client_tests/test_sasl.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/irctest/client_tests/test_sasl.py b/irctest/client_tests/test_sasl.py index 4f823e9..79f25a7 100644 --- a/irctest/client_tests/test_sasl.py +++ b/irctest/client_tests/test_sasl.py @@ -16,6 +16,13 @@ IRX9cyi2wdYg9mUUYyh9GKdBCYHGUJAiCA== """ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): + def checkMechanismSupport(self, mechanism): + if not hasattr(self.controller, 'supported_sasl_mechanisms'): + return + if mechanism in self.controller.supported_sasl_mechanisms: + return + self.skipTest('SASL Mechanism not supported: {}'.format(mechanism)) + def testPlain(self): auth = authentication.Authentication( mechanisms=[authentication.Mechanisms.plain], @@ -108,6 +115,7 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): ecdsa_key=ECDSA_KEY, ) m = self.negotiateCapabilities(['sasl'], auth=auth) + self.checkMechanismSupport('ECDSA-NIST256P-CHALLENGE') self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['ECDSA-NIST256P-CHALLENGE'])) self.sendLine('AUTHENTICATE +') m = self.getMessage() From 9301f5e50e81904e6eff9c770b5a4401ff1e6829 Mon Sep 17 00:00:00 2001 From: Daniel Oaks Date: Sun, 20 Dec 2015 13:29:05 +1000 Subject: [PATCH 2/4] client_tests.test_sasl: Make supported mechanism list mandatory --- irctest/client_tests/test_sasl.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/irctest/client_tests/test_sasl.py b/irctest/client_tests/test_sasl.py index 79f25a7..6dc7a3d 100644 --- a/irctest/client_tests/test_sasl.py +++ b/irctest/client_tests/test_sasl.py @@ -17,8 +17,6 @@ IRX9cyi2wdYg9mUUYyh9GKdBCYHGUJAiCA== class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): def checkMechanismSupport(self, mechanism): - if not hasattr(self.controller, 'supported_sasl_mechanisms'): - return if mechanism in self.controller.supported_sasl_mechanisms: return self.skipTest('SASL Mechanism not supported: {}'.format(mechanism)) @@ -30,6 +28,7 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): password='sesame', ) m = self.negotiateCapabilities(['sasl'], auth=auth) + self.checkMechanismSupport('PLAIN') self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['PLAIN'])) self.sendLine('AUTHENTICATE +') m = self.getMessage() @@ -47,6 +46,7 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): password='sesame', ) m = self.negotiateCapabilities(['sasl=EXTERNAL'], auth=auth) + self.checkMechanismSupport('PLAIN') self.assertEqual(self.acked_capabilities, {'sasl'}) if m == Message([], None, 'CAP', ['END']): # IRCv3.2-style @@ -66,6 +66,7 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): authstring = base64.b64encode(b'\x00'.join( [b'foo', b'foo', b'bar'*200])).decode() m = self.negotiateCapabilities(['sasl'], auth=auth) + self.checkMechanismSupport('PLAIN') self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['PLAIN'])) self.sendLine('AUTHENTICATE +') m = self.getMessage() @@ -92,6 +93,7 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): authstring = base64.b64encode(b'\x00'.join( [b'foo', b'foo', b'quux'*148])).decode() m = self.negotiateCapabilities(['sasl'], auth=auth) + self.checkMechanismSupport('PLAIN') self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['PLAIN'])) self.sendLine('AUTHENTICATE +') m = self.getMessage() @@ -144,5 +146,6 @@ class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper password='sesame', ) m = self.negotiateCapabilities(['sasl=EXTERNAL'], auth=auth) + self.checkMechanismSupport('PLAIN') self.assertEqual(self.acked_capabilities, {'sasl'}) self.assertEqual(m, Message([], None, 'CAP', ['END'])) From 7b3d88d5639afc1e5898cb6ae340ccaec45b95e2 Mon Sep 17 00:00:00 2001 From: Daniel Oaks Date: Sun, 20 Dec 2015 13:29:16 +1000 Subject: [PATCH 3/4] controllers: Add supported SASL mechanism lists --- irctest/controllers/limnoria.py | 2 ++ irctest/controllers/sopel.py | 1 + 2 files changed, 3 insertions(+) diff --git a/irctest/controllers/limnoria.py b/irctest/controllers/limnoria.py index 1b096ab..ca01b9e 100644 --- a/irctest/controllers/limnoria.py +++ b/irctest/controllers/limnoria.py @@ -23,6 +23,8 @@ class LimnoriaController(BaseClientController, DirectoryBasedController): pass with self.open_file('conf/users.conf'): pass + self.supported_sasl_mechanisms = [ + 'PLAIN', 'ECDSA-NIST256P-CHALLENGE', 'EXTERNAL'] def run(self, hostname, port, auth): # Runs a client with the config given as arguments diff --git a/irctest/controllers/sopel.py b/irctest/controllers/sopel.py index de30383..280d55a 100644 --- a/irctest/controllers/sopel.py +++ b/irctest/controllers/sopel.py @@ -22,6 +22,7 @@ class SopelController(BaseClientController): super().__init__() self.filename = next(tempfile._get_candidate_names()) + '.cfg' self.proc = None + self.supported_sasl_mechanisms = ['PLAIN'] def kill(self): if self.proc: self.proc.kill() From 07e160758e8a68e5da23cef25991161dabb498a5 Mon Sep 17 00:00:00 2001 From: Daniel Oaks Date: Sun, 20 Dec 2015 13:31:29 +1000 Subject: [PATCH 4/4] client_tests.test_sasl: Split out mechanism test --- irctest/client_tests/test_sasl.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/irctest/client_tests/test_sasl.py b/irctest/client_tests/test_sasl.py index 6dc7a3d..2a55203 100644 --- a/irctest/client_tests/test_sasl.py +++ b/irctest/client_tests/test_sasl.py @@ -15,12 +15,14 @@ IRX9cyi2wdYg9mUUYyh9GKdBCYHGUJAiCA== -----END EC PRIVATE KEY----- """ -class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): +class SaslMechanismCheck: def checkMechanismSupport(self, mechanism): if mechanism in self.controller.supported_sasl_mechanisms: return self.skipTest('SASL Mechanism not supported: {}'.format(mechanism)) +class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper, + SaslMechanismCheck): def testPlain(self): auth = authentication.Authentication( mechanisms=[authentication.Mechanisms.plain], @@ -138,7 +140,8 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): m = self.negotiateCapabilities(['sasl'], False) self.assertEqual(m, Message([], None, 'CAP', ['END'])) -class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper): +class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper, + SaslMechanismCheck): def testPlainNotAvailable(self): auth = authentication.Authentication( mechanisms=[authentication.Mechanisms.plain],