diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-12-27 18:37:19 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-12-27 18:37:19 +0000 |
| commit | 14a806d6c13afdfb2f44dce64e50bffa6cb6869c (patch) | |
| tree | c50d129d0e3e2c6eb6d26d2f2e49241fe08b1ec3 /test | |
| parent | 4533e306fc21e0dc3cce32db0e2bfa146a5dd78c (diff) | |
Authenticator gsasl: client support. Bug 2349
Diffstat (limited to 'test')
| -rw-r--r-- | test/confs/3820 | 52 | ||||
| l--------- | test/confs/3821 | 1 | ||||
| -rw-r--r-- | test/confs/3828 | 66 | ||||
| l--------- | test/confs/3829 | 1 | ||||
| -rw-r--r-- | test/log/3828 | 12 | ||||
| -rw-r--r-- | test/scripts/3820-Gnu-SASL/3821 | 10 | ||||
| -rw-r--r-- | test/scripts/3828-gsasl-plaintext/3828 | 16 | ||||
| -rw-r--r-- | test/scripts/3828-gsasl-plaintext/REQUIRES | 2 | ||||
| -rw-r--r-- | test/scripts/3829-gsasl-scram-plus/3829 | 8 | ||||
| -rw-r--r-- | test/scripts/3829-gsasl-scram-plus/REQUIRES | 2 |
10 files changed, 167 insertions, 3 deletions
diff --git a/test/confs/3820 b/test/confs/3820 index a0206f3a0..023ed751d 100644 --- a/test/confs/3820 +++ b/test/confs/3820 @@ -2,17 +2,47 @@ SERVER= +.ifdef TRUSTED +.include DIR/aux-var/tls_conf_prefix +.else .include DIR/aux-var/std_conf_prefix +.endif primary_hostname = myhost.test.ex +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} # ----- Main settings ----- +acl_smtp_rcpt = accept +queue_only + + +begin routers + +client_r: + driver = accept + condition = ${if !eq {SERVER}{server}} + transport = smtp + +begin transports + +smtp: + driver = smtp + hosts = 127.0.0.1 + allow_localhost + port = PORT_D +.ifdef TRUSTED + hosts_require_tls = * + tls_verify_certificates = DIR/aux-fixed/cert1 + tls_verify_cert_hostnames = : +.endif + hosts_require_auth = * # ----- Authentication ----- begin authenticators +.ifndef TRUSTED sasl1: driver = gsasl public_name = ANONYMOUS @@ -23,11 +53,22 @@ sasl2: driver = gsasl public_name = PLAIN server_set_id = $auth1 - server_condition = false + server_condition = ${if eq {$auth3}{pencil}} + + client_condition = ${if eq {plain}{$local_part}} + client_username = ph10 + client_password = pencil +.endif sasl3: driver = gsasl +.ifdef TRUSTED + public_name = SCRAM-SHA-1-PLUS + server_advertise_condition = ${if def:tls_in_cipher} + server_channelbinding = true +.else public_name = SCRAM-SHA-1 +.endif # will need to give library salt, stored-key, server-key, itercount # @@ -35,13 +76,18 @@ sasl3: # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT. It _might_ take # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode. - server_scram_iter = 4096 # unclear if the salt is given in binary or base64 to the library server_scram_salt = QSXCR+Q6sek8bf92 server_password = pencil - server_condition = true server_set_id = $auth1 + client_condition = ${if eq {scram_sha_1}{$local_part}} + client_username = ph10 + client_password = pencil +.ifdef TRUSTED + client_channelbinding = true +.endif + # End diff --git a/test/confs/3821 b/test/confs/3821 new file mode 120000 index 000000000..d8f3286c4 --- /dev/null +++ b/test/confs/3821 @@ -0,0 +1 @@ +3820
\ No newline at end of file diff --git a/test/confs/3828 b/test/confs/3828 new file mode 100644 index 000000000..aa9db9467 --- /dev/null +++ b/test/confs/3828 @@ -0,0 +1,66 @@ +# Exim test configuration 3828 + +SERVER= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +queue_only + + +begin routers + +client_r: + driver = accept + condition = ${if !eq {SERVER}{server}} + transport = smtp + +begin transports + +smtp: + driver = smtp + hosts = 127.0.0.1 + allow_localhost + port = PORT_D + hosts_require_auth = * + +# ----- Authentication ----- + +begin authenticators + +.ifndef OPT +sasl1: + driver = plaintext + public_name = PLAIN + server_prompts = : + server_condition = ${if and {{eq{$auth2}{ph10}}{eq{$auth3}{mysecret}}}} + server_set_id = $auth2 + +sasl2: + driver = gsasl + public_name = PLAIN + client_condition = ${if eq {plain}{$local_part}} + client_username = ph10 + client_password = mysecret + +.else +sasl3: + driver = gsasl + public_name = PLAIN + server_condition = ${if and {{eq{$auth1}{ph10}}{eq{$auth3}{mysecret}}}} + server_set_id = $auth1 + +sasl4: + driver = plaintext + public_name = PLAIN + client_condition = ${if eq {plain}{$local_part}} + client_send = ^ph10^mysecret + +.endif + + +# End diff --git a/test/confs/3829 b/test/confs/3829 new file mode 120000 index 000000000..d8f3286c4 --- /dev/null +++ b/test/confs/3829 @@ -0,0 +1 @@ +3820
\ No newline at end of file diff --git a/test/log/3828 b/test/log/3828 new file mode 100644 index 000000000..038a795d7 --- /dev/null +++ b/test/log/3828 @@ -0,0 +1,12 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => plain@test.ex R=client_r T=smtp H=127.0.0.1 [127.0.0.1] A=sasl2 C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => plain@test.ex R=client_r T=smtp H=127.0.0.1 [127.0.0.1] A=sasl4 C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=sasl1:ph10 S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=sasl3:ph10 S=sss id=E10HmaZ-0005vi-00@myhost.test.ex diff --git a/test/scripts/3820-Gnu-SASL/3821 b/test/scripts/3820-Gnu-SASL/3821 new file mode 100644 index 000000000..e43f4765a --- /dev/null +++ b/test/scripts/3820-Gnu-SASL/3821 @@ -0,0 +1,10 @@ +# GSASL PLAIN & SCRAM authentication - gsasl client versus gsasl server +# +exim -DSERVER=server -bd -oX PORT_D +**** +exim -odi plain@test.ex +**** +exim -odi scram_sha_1@test.ex +**** +killdaemon +no_msglog_check diff --git a/test/scripts/3828-gsasl-plaintext/3828 b/test/scripts/3828-gsasl-plaintext/3828 new file mode 100644 index 000000000..a30888f3d --- /dev/null +++ b/test/scripts/3828-gsasl-plaintext/3828 @@ -0,0 +1,16 @@ +# GSASL PLAIN authentication: gsasl driver vs. plaintext driver +# +# gsasl client against plaintext server +exim -DSERVER=server -bd -oX PORT_D +**** +exim -odi plain@test.ex +**** +killdaemon +# +# plaintext client against gsasl server +exim -DSERVER=server -DOPT=y -bd -oX PORT_D +**** +exim -odi -DOPT=y plain@test.ex +**** +killdaemon +no_msglog_check diff --git a/test/scripts/3828-gsasl-plaintext/REQUIRES b/test/scripts/3828-gsasl-plaintext/REQUIRES new file mode 100644 index 000000000..905a62278 --- /dev/null +++ b/test/scripts/3828-gsasl-plaintext/REQUIRES @@ -0,0 +1,2 @@ +authenticator gsasl +authenticator plaintext diff --git a/test/scripts/3829-gsasl-scram-plus/3829 b/test/scripts/3829-gsasl-scram-plus/3829 new file mode 100644 index 000000000..8938b1f42 --- /dev/null +++ b/test/scripts/3829-gsasl-scram-plus/3829 @@ -0,0 +1,8 @@ +# GSASL SCRAM-SHA-1-PLUS +# +exim -DSERVER=server -DTRUSTED -bd -oX PORT_D +**** +exim -odi -DTRUSTED scram_sha_1@test.ex +**** +killdaemon +no_msglog_check diff --git a/test/scripts/3829-gsasl-scram-plus/REQUIRES b/test/scripts/3829-gsasl-scram-plus/REQUIRES new file mode 100644 index 000000000..9c2ca0551 --- /dev/null +++ b/test/scripts/3829-gsasl-scram-plus/REQUIRES @@ -0,0 +1,2 @@ +authenticator gsasl +feature _HAVE_TLS |