[CalendarServer-changes] [4781] PyOpenDirectory/branches/users/gaya/addigestauth/test_auth.py

source_changes at macosforge.org source_changes at macosforge.org
Thu Nov 19 12:44:57 PST 2009


Revision: 4781
          http://trac.macosforge.org/projects/calendarserver/changeset/4781
Author:   gaya at apple.com
Date:     2009-11-19 12:44:55 -0800 (Thu, 19 Nov 2009)
Log Message:
-----------
Test OD with all qops and algorithms

Modified Paths:
--------------
    PyOpenDirectory/branches/users/gaya/addigestauth/test_auth.py

Modified: PyOpenDirectory/branches/users/gaya/addigestauth/test_auth.py
===================================================================
--- PyOpenDirectory/branches/users/gaya/addigestauth/test_auth.py	2009-11-19 19:06:49 UTC (rev 4780)
+++ PyOpenDirectory/branches/users/gaya/addigestauth/test_auth.py	2009-11-19 20:44:55 UTC (rev 4781)
@@ -122,7 +122,7 @@
 attempts = 100
 
 
-def doAuthDigest(username, password, qop, algorithm):
+def doAuthDigest(username, password, qop, algorithm, cipher):
     failures = 0
     
     realm = "host.example.com"
@@ -132,7 +132,6 @@
     uri = "http://host.example.com"
     method = "GET"
     entity = "00000000000000000000000000000000"
-    cipher = "rc4"
     maxbuf = "65536"
 
     result = opendirectory.queryRecordsWithAttribute_list(
@@ -183,30 +182,21 @@
                 uri = auth["digest-uri"]
                 
             qopstr = auth.get("qop", False)
-            if qopstr:
-                qops = qopstr.split(",")
-                if "auth-conf" in qops:
-                    qop = "auth-conf"
-                elif "auth-int" in qops:
-                    qop = "auth-int"
-                elif "quth" in qops:
-                    qop = "auth"
-                else:
-                    qop = qops[0]
+            if qop not in qopstr.split(","):
+                print "WARINING: input qop=%s not in AD challenge qop=\"%s\"" % (qop, qopstr,)
                     
             if auth.get("realm", False):
                 realm = auth["realm"]
-            if auth.get("algorithm", False):
-                algorithm = auth["algorithm"]
             
-            cipherstr = auth.get("cipher", False)
-            if cipherstr:
-                ciphers = cipherstr.split(",")
-                if "rc4" in ciphers:
-                    cipher = "rc4"
-                else:
-                    cipher = ciphers[0]
+            algostr = auth.get("algorithm", "")
+            if algorithm.lower() != algostr.lower():
+                print "WARINING: input algorithm=%s not in AD challenge algorithm=%s" % (algorithm, algostr,)
             
+            cipherstr = auth.get("cipher", "")
+            if cipher.lower() not in cipherstr.lower().split(","):
+                print "WARINING: input cipher=%s not in AD challenge cipher=\"%s\"" % (cipher, cipherstr,)
+                
+             
             if auth.get("maxbuf", False):
                 maxbuf = auth["maxbuf"]
                 
@@ -221,8 +211,8 @@
         
         
         expected = calcResponse(
-                    calcHA1(algorithm, username, realm, password, nonce, cnonce),
-                    algorithm, nonce, nc, cnonce, qop, method, uri, entity
+                    calcHA1(algorithm.lower(), username, realm, password, nonce, cnonce),
+                    algorithm.lower(), nonce, nc, cnonce, qop, method, uri, entity
                 )
         
         if qop:
@@ -232,9 +222,7 @@
                                                                               nonce, cnonce, nc, qop, 
                                                                               cipher, maxbuf, uri, expected ))
         else:
-            response = ('Digest username="%s", realm="%s", '
-                    'nonce="%s", digest-uri="%s", '
-                    'response=%s, algorithm=%s' % (username, realm, nonce, uri, expected, algorithm, ))
+            response = ('Digest username="%s", uri="%s", response=%s' % (username, uri, expected, ))
         
         print "    Challenge: %s" % (challenge,)
         print "    Response:  %s" % (response, )
@@ -307,15 +295,23 @@
 od = opendirectory.odInit(search)
 
 doAuthBasic(user, pswd)
-doAuthDigest(user, pswd, None, "md5")
+doAuthDigest(user, pswd, "auth-conf", "md5-sess", "rc4")
+doAuthDigest(user, pswd, "auth-conf", "MD5-sess", "RC4")
 
 # to test, bind your client to an Open Directory master that contains the user specified below
 
 user = "testuser"
 pswd = "test"
 doAuthBasic(user, pswd)
-doAuthDigest(user, pswd, None, "md5")
-doAuthDigest(user, pswd, "auth-int", "md5")
-doAuthDigest(user, pswd, "auth-int", "md5-sess")
-doAuthDigest(user, pswd, "auth-conf", "md5-sess")
+doAuthDigest(user, pswd, None, "md5", None)
+#doAuthDigest(user, pswd, None, "md5-sess", "rc4")  # fails
 
+doAuthDigest(user, pswd, "auth", "md5", "rc4")
+doAuthDigest(user, pswd, "auth", "md5-sess", "rc4")
+
+doAuthDigest(user, pswd, "auth-int", "md5", "rc4")
+doAuthDigest(user, pswd, "auth-int", "md5-sess", "rc4")
+
+#doAuthDigest(user, pswd, "auth-conf", "md5", "rc4") # fails
+doAuthDigest(user, pswd, "auth-conf", "md5-sess", "rc4")
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091119/6470d941/attachment-0001.html>


More information about the calendarserver-changes mailing list