From a29dce2ec770519aa3924f61b9d6b42b8ec3a6aa Mon Sep 17 00:00:00 2001 From: Trond Norbye Date: Tue, 10 May 2016 13:22:01 +0200 Subject: [PATCH] MB-19570: Remove support for CRAM-MD5 Change-Id: I95445e57581b502e99864f808cc18a51ca809182 Reviewed-on: http://review.couchbase.org/63866 Tested-by: buildbot Reviewed-by: Dave Rigby --- CMakeLists.txt | 2 - cbsasl/cbsasl_internal.h | 1 - cbsasl/cram-md5/cram-md5.cc | 186 ------------------ cbsasl/cram-md5/cram-md5.h | 61 ------ cbsasl/mechanismfactory.cc | 27 +-- cbsasl/user.cc | 2 - docs/sasl.md | 161 +-------------- .../cbsasl_client_server_test/cbsasl_test.cc | 4 - tests/cbsasl_server_tests/sasl_server_test.cc | 76 +------ tests/testapp/testapp_sasl.cc | 9 - tests/testapp/testapp_sasl.h | 1 - 11 files changed, 6 insertions(+), 524 deletions(-) delete mode 100644 cbsasl/cram-md5/cram-md5.cc delete mode 100644 cbsasl/cram-md5/cram-md5.h diff --git a/CMakeLists.txt b/CMakeLists.txt index fcb93fdd0..37cffe4d4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -180,8 +180,6 @@ LIST(APPEND CBSASL_SOURCES ${Memcached_SOURCE_DIR}/cbsasl/cbsasl_internal.h ${Memcached_SOURCE_DIR}/cbsasl/client.cc ${Memcached_SOURCE_DIR}/cbsasl/common.cc - ${Memcached_SOURCE_DIR}/cbsasl/cram-md5/cram-md5.cc - ${Memcached_SOURCE_DIR}/cbsasl/cram-md5/cram-md5.h ${Memcached_SOURCE_DIR}/cbsasl/log.cc ${Memcached_SOURCE_DIR}/cbsasl/mechanismfactory.cc ${Memcached_SOURCE_DIR}/cbsasl/mechanismfactory.h diff --git a/cbsasl/cbsasl_internal.h b/cbsasl/cbsasl_internal.h index a403264d0..2b04fab23 100644 --- a/cbsasl/cbsasl_internal.h +++ b/cbsasl/cbsasl_internal.h @@ -23,7 +23,6 @@ enum class Mechanism { PLAIN, - CRAM_MD5, SCRAM_SHA1, SCRAM_SHA256, SCRAM_SHA512, diff --git a/cbsasl/cram-md5/cram-md5.cc b/cbsasl/cram-md5/cram-md5.cc deleted file mode 100644 index 3aaebcef6..000000000 --- a/cbsasl/cram-md5/cram-md5.cc +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright 2013 Couchbase, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "cram-md5.h" -#include "cbsasl/pwfile.h" -#include "cbsasl/util.h" -#include -#include -#include -#include - -#define NONCE_LENGTH 8 -#define DIGEST_LENGTH 16 - -CramMd5ServerBackend::CramMd5ServerBackend() - : MechanismBackend(MECH_NAME_CRAM_MD5) { - /* Generate a challenge */ - std::array nonce; - if (cbsasl_secure_random(nonce.data(), nonce.size()) != CBSASL_OK) { - throw std::bad_alloc(); - } - - cbsasl_hex_encode(digest.data(), nonce.data(), nonce.size()); -} - -cbsasl_error_t CramMd5ServerBackend::start(cbsasl_conn_t* conn, - const char* input, - unsigned inputlen, - const char** output, - unsigned* outputlen) { - if (inputlen != 0 || output == nullptr || outputlen == nullptr) { - return CBSASL_BADPARAM; - } - - if (conn->get_cnonce_fn != nullptr) { - // Allow the user to override the nonce - const char *cnonce = nullptr; - unsigned int len; - - if (conn->get_cnonce_fn(conn->get_cnonce_ctx, CBSASL_CB_CNONCE, - &cnonce, &len) != 0) { - return CBSASL_FAIL; - } - - if (len != DIGEST_LENGTH) { - return CBSASL_BADPARAM; - } - - memcpy(digest.data(), cnonce, len); - } - - *output = digest.data(); - *outputlen = (unsigned)digest.size(); - - return CBSASL_CONTINUE; -} - -cbsasl_error_t CramMd5ServerBackend::step(cbsasl_conn_t* conn, - const char* input, - unsigned inputlen, - const char** output, - unsigned* outputlen) { - unsigned int userlen; - std::array newdigest; - std::array md5string; - - if (inputlen <= 33) { - return CBSASL_BADPARAM; - } - - userlen = inputlen - (DIGEST_LENGTH * 2) - 1; - conn->server->username.assign(input, userlen); - - Couchbase::User user; - if (!find_user(conn->server->username, user)) { - return CBSASL_NOUSER; - } - - std::string password; - try { - const auto& meta = user.getPassword(Mechanism::PLAIN); - password.assign(meta.getPassword()); - } catch (...) { - // There is no plain text password for the user - return CBSASL_PWERR; - } - - unsigned int digest_len; - if (HMAC(EVP_md5(), (unsigned char*)password.data(), - (int)password.length(), - (unsigned char*)digest.data(), digest.size(), - newdigest.data(), &digest_len) == NULL || - digest_len != DIGEST_LENGTH) { - return CBSASL_PWERR; - } - - cbsasl_hex_encode(md5string.data(), (const char*)newdigest.data(), - digest_len); - - if (cbsasl_secure_compare(md5string.data(), md5string.size(), - &(input[userlen + 1]), - (DIGEST_LENGTH * 2)) != 0) { - return CBSASL_PWERR; - } - - *output = nullptr; - *outputlen = 0; - return CBSASL_OK; -} - -cbsasl_error_t CramMd5ClientBackend::start(cbsasl_conn_t* conn, - const char* input, - unsigned inputlen, - const char** output, - unsigned* outputlen) { - - if (output == nullptr || outputlen == nullptr) { - return CBSASL_BADPARAM; - } - - *output = nullptr; - *outputlen = 0; - - return CBSASL_OK; -} - -cbsasl_error_t CramMd5ClientBackend::step(cbsasl_conn_t* conn, - const char* input, - unsigned inputlen, - const char** output, - unsigned* outputlen) { - - - const char* usernm = nullptr; - unsigned int usernmlen; - - auto* client = conn->client.get(); - if (cbsasl_get_username(client->get_username, client->get_username_ctx, - &usernm, &usernmlen) != CBSASL_OK) { - return CBSASL_FAIL; - } - - cbsasl_secret_t* pass; - if (cbsasl_get_password(client->get_password, conn, - client->get_password_ctx, &pass) != CBSASL_OK) { - return CBSASL_FAIL; - } - - std::array md5string; - try { - buffer.resize(usernmlen + 1 + md5string.size(), 1); - } catch (std::bad_alloc&) { - return CBSASL_NOMEM; - } - - std::array digest; - unsigned int digest_len; - if (HMAC(EVP_md5(), (unsigned char*)pass->data, pass->len, - (unsigned char*)input, inputlen, - digest.data(), &digest_len) == nullptr || - digest_len != digest.size()) { - return CBSASL_FAIL; - } - - cbsasl_hex_encode(md5string.data(), (char*)digest.data(), digest.size()); - - memcpy(buffer.data(), usernm, usernmlen); - buffer[usernmlen] = ' '; - memcpy(buffer.data() + usernmlen + 1, md5string.data(), md5string.size()); - - *output = buffer.data(); - *outputlen = unsigned(buffer.size()); - return CBSASL_CONTINUE; -} diff --git a/cbsasl/cram-md5/cram-md5.h b/cbsasl/cram-md5/cram-md5.h deleted file mode 100644 index 4c1f6d71e..000000000 --- a/cbsasl/cram-md5/cram-md5.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 2015 Couchbase, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#pragma once - -#include -#include -#include "cbsasl/cbsasl.h" -#include "cbsasl/cbsasl_internal.h" - -#define MECH_NAME_CRAM_MD5 "CRAM-MD5" -#define DIGEST_LENGTH 16 - -class CramMd5ServerBackend : public MechanismBackend { -public: - CramMd5ServerBackend(); - - virtual cbsasl_error_t start(cbsasl_conn_t* conn, const char* input, - unsigned inputlen, - const char** output, - unsigned* outputlen) override; - - virtual cbsasl_error_t step(cbsasl_conn_t* conn, const char* input, - unsigned inputlen, const char** output, - unsigned* outputlen) override; - -private: - std::array digest; -}; - -class CramMd5ClientBackend : public MechanismBackend { -public: - CramMd5ClientBackend() - : MechanismBackend(MECH_NAME_CRAM_MD5) { - - } - - virtual cbsasl_error_t start(cbsasl_conn_t* conn, const char* input, - unsigned inputlen, - const char** output, - unsigned* outputlen) override; - - virtual cbsasl_error_t step(cbsasl_conn_t* conn, const char* input, - unsigned inputlen, const char** output, - unsigned* outputlen) override; - -private: - std::vector buffer; -}; diff --git a/cbsasl/mechanismfactory.cc b/cbsasl/mechanismfactory.cc index eb3f8a54e..480b59ed2 100644 --- a/cbsasl/mechanismfactory.cc +++ b/cbsasl/mechanismfactory.cc @@ -15,7 +15,6 @@ * limitations under the License. */ #include "config.h" -#include "cram-md5/cram-md5.h" #include "mechanismfactory.h" #include "plain/plain.h" #include "scram-sha/scram-sha.h" @@ -155,24 +154,6 @@ class Scram1MechInfo : public MechInfo { } }; -class CramMd5MechInfo : public MechInfo { -public: - CramMd5MechInfo() - : MechInfo(MECH_NAME_CRAM_MD5, true, Mechanism::CRAM_MD5) { } - - virtual UniqueMechanismBackend createServerBackend() override { - return UniqueMechanismBackend(new CramMd5ServerBackend); - } - - virtual UniqueMechanismBackend createClientBackend() override { - return UniqueMechanismBackend(new CramMd5ClientBackend); - } - - virtual bool isMechanismSupported() override { - return true; - } -}; - class PlainMechInfo : public MechInfo { public: PlainMechInfo() @@ -194,14 +175,12 @@ class PlainMechInfo : public MechInfo { static Scram512MechInfo scram512MechInfo; static Scram256MechInfo scram256MechInfo; static Scram1MechInfo scram1MechInfo; -static CramMd5MechInfo cramMd5MechInfo; static PlainMechInfo plainMechInfo; -static std::array availableMechs = { +static std::array availableMechs = { &scram512MechInfo, &scram256MechInfo, &scram1MechInfo, - &cramMd5MechInfo, &plainMechInfo }; @@ -399,8 +378,6 @@ Mechanism MechanismFactory::toMechanism(const std::string mech) { toupper); if (mech == MECH_NAME_PLAIN) { return Mechanism::PLAIN; - } else if (mech == MECH_NAME_CRAM_MD5) { - return Mechanism::CRAM_MD5; } else if (mech == MECH_NAME_SCRAM_SHA1) { return Mechanism::SCRAM_SHA1; } else if (mech == MECH_NAME_SCRAM_SHA256) { @@ -416,8 +393,6 @@ std::string MechanismFactory::toString(const Mechanism& mech) { switch (mech) { case Mechanism::PLAIN: return MECH_NAME_PLAIN; - case Mechanism::CRAM_MD5: - return MECH_NAME_CRAM_MD5; case Mechanism::SCRAM_SHA1: return MECH_NAME_SCRAM_SHA1; case Mechanism::SCRAM_SHA256: diff --git a/cbsasl/user.cc b/cbsasl/user.cc index 3a0492627..a6a05b83a 100644 --- a/cbsasl/user.cc +++ b/cbsasl/user.cc @@ -148,7 +148,6 @@ void Couchbase::User::generateSecrets(const Mechanism& mech) { salt.resize(Crypto::SHA1_DIGEST_SIZE); break; case Mechanism::PLAIN: - case Mechanism::CRAM_MD5: case Mechanism::UNKNOWN: throw std::logic_error("Couchbase::User::generateSecrets invalid algorithm"); } @@ -185,7 +184,6 @@ void Couchbase::User::generateSecrets(const Mechanism& mech, algorithm = Crypto::Algorithm::SHA1; break; case Mechanism::PLAIN: - case Mechanism::CRAM_MD5: case Mechanism::UNKNOWN: throw std::logic_error("Couchbase::User::generateSecrets invalid algorithm"); } diff --git a/docs/sasl.md b/docs/sasl.md index 7237df318..e9723f754 100644 --- a/docs/sasl.md +++ b/docs/sasl.md @@ -122,6 +122,8 @@ supporting `SCRAM-SHA1`, `CRAM-MD5` and `PLAIN`: Opaque (12-15): 0x00000000 CAS (16-23): 0x00000000 +Note: CRAM-MD5 is no longer supported by Couchbase Server + ## 0x21 SASL_AUTH The SASL_AUTH request initiates the SASL authentication, and contains the @@ -237,165 +239,6 @@ clear text in the first message, and no SASL_STEP messages is used. Opaque (12-15): 0x00000000 CAS (16-23): 0x00000000 -## Example session using CRAM-MD5 authentication - -In CRAM-MD5 the client starts by sending no data to the server, and -the server returns a nonce that the client should be using. The client -must use the SASL_STEP packet to send the hashed password back to the -server which in turn validates the login. - - Byte/ 0 | 1 | 2 | 3 | - / | | | | - |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7| - +---------------+---------------+---------------+---------------+ - 0| 0x80 | 0x21 | 0x00 | 0x08 | - +---------------+---------------+---------------+---------------+ - 4| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 8| 0x00 | 0x00 | 0x00 | 0x08 | - +---------------+---------------+---------------+---------------+ - 12| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 16| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 20| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 24| 0x43 ('C') | 0x52 ('R') | 0x41 ('A') | 0x4d ('M') | - +---------------+---------------+---------------+---------------+ - 28| 0x2d ('-') | 0x4d ('M') | 0x44 ('D') | 0x35 ('5') | - +---------------+---------------+---------------+---------------+ - Total 32 bytes (24 bytes header, 8 bytes key) - - Field (offset) (value) - Magic (0) : 0x80 - Opcode (1) : 0x21 - Key length (2,3) : 0x0008 - Extra length (4) : 0x00 - Data type (5) : 0x00 - Vbucket (6,7) : 0x0000 - Total body (8-11) : 0x00000008 - Opaque (12-15): 0x00000000 - CAS (16-23): 0x00000000 - - Byte/ 0 | 1 | 2 | 3 | - / | | | | - |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7| - +---------------+---------------+---------------+---------------+ - 0| 0x81 | 0x21 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 4| 0x00 | 0x00 | 0x00 | 0x21 | - +---------------+---------------+---------------+---------------+ - 8| 0x00 | 0x00 | 0x00 | 0x10 | - +---------------+---------------+---------------+---------------+ - 12| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 16| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 20| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 24| 0x35 ('5') | 0x34 ('4') | 0x36 ('6') | 0x36 ('6') | - +---------------+---------------+---------------+---------------+ - 28| 0x32 ('2') | 0x30 ('0') | 0x62 ('b') | 0x38 ('8') | - +---------------+---------------+---------------+---------------+ - 32| 0x61 ('a') | 0x62 ('b') | 0x34 ('4') | 0x39 ('9') | - +---------------+---------------+---------------+---------------+ - 36| 0x66 ('f') | 0x38 ('8') | 0x61 ('a') | 0x38 ('8') | - +---------------+---------------+---------------+---------------+ - Total 40 bytes (24 bytes header and 16 value) - - Field (offset) (value) - Magic (0) : 0x81 - Opcode (1) : 0x21 - Key length (2,3) : 0x0000 - Extra length (4) : 0x00 - Data type (5) : 0x00 - Status (6,7) : 0x0021 - Total body (8-11) : 0x00000010 - Opaque (12-15): 0x00000000 - CAS (16-23): 0x00000000 - - Byte/ 0 | 1 | 2 | 3 | - / | | | | - |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7| - +---------------+---------------+---------------+---------------+ - 0| 0x80 | 0x22 | 0x00 | 0x08 | - +---------------+---------------+---------------+---------------+ - 4| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 8| 0x00 | 0x00 | 0x00 | 0x2d | - +---------------+---------------+---------------+---------------+ - 12| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 16| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 20| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 24| 0x43 ('C') | 0x52 ('R') | 0x41 ('A') | 0x4d ('M') | - +---------------+---------------+---------------+---------------+ - 28| 0x2d ('-') | 0x4d ('M') | 0x44 ('D') | 0x35 ('5') | - +---------------+---------------+---------------+---------------+ - 32| 0x75 ('u') | 0x73 ('s') | 0x65 ('e') | 0x72 ('r') | - +---------------+---------------+---------------+---------------+ - 36| 0x20 (' ') | 0x32 ('2') | 0x31 ('1') | 0x61 ('a') | - +---------------+---------------+---------------+---------------+ - 40| 0x36 ('6') | 0x32 ('2') | 0x34 ('4') | 0x62 ('b') | - +---------------+---------------+---------------+---------------+ - 44| 0x38 ('8') | 0x38 ('8') | 0x30 ('0') | 0x30 ('0') | - +---------------+---------------+---------------+---------------+ - 48| 0x63 ('c') | 0x32 ('2') | 0x32 ('2') | 0x30 ('0') | - +---------------+---------------+---------------+---------------+ - 52| 0x63 ('c') | 0x34 ('4') | 0x38 ('8') | 0x35 ('5') | - +---------------+---------------+---------------+---------------+ - 56| 0x39 ('9') | 0x33 ('3') | 0x62 ('b') | 0x62 ('b') | - +---------------+---------------+---------------+---------------+ - 60| 0x38 ('8') | 0x61 ('a') | 0x62 ('b') | 0x61 ('a') | - +---------------+---------------+---------------+---------------+ - 64| 0x33 ('3') | 0x39 ('9') | 0x34 ('4') | 0x61 ('a') | - +---------------+---------------+---------------+---------------+ - 68| 0x33 ('3') | - +---------------+ - Total 69 bytes (24 bytes header, 8 bytes key and 37 value) - - Field (offset) (value) - Magic (0) : 0x80 - Opcode (1) : 0x22 - Key length (2,3) : 0x0008 - Extra length (4) : 0x00 - Data type (5) : 0x00 - Vbucket (6,7) : 0x0000 - Total body (8-11) : 0x0000002d - Opaque (12-15): 0x00000000 - CAS (16-23): 0x00000000 - - Byte/ 0 | 1 | 2 | 3 | - / | | | | - |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7| - +---------------+---------------+---------------+---------------+ - 0| 0x81 | 0x22 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 4| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 8| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 12| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 16| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - 20| 0x00 | 0x00 | 0x00 | 0x00 | - +---------------+---------------+---------------+---------------+ - Total 24 bytes - - Field (offset) (value) - Magic (0) : 0x81 - Opcode (1) : 0x22 - Key length (2,3) : 0x0000 - Extra length (4) : 0x00 - Data type (5) : 0x00 - Status (6,7) : 0x0000 - Total body (8-11) : 0x00000000 - Opaque (12-15): 0x00000000 - CAS (16-23): 0x00000000 - ## Example session using SCRAM-SHA1 authentication When using SCRAM-SHA1 the client initiates the authentication by diff --git a/tests/cbsasl_client_server_test/cbsasl_test.cc b/tests/cbsasl_client_server_test/cbsasl_test.cc index 27ecc7528..9c032a689 100644 --- a/tests/cbsasl_client_server_test/cbsasl_test.cc +++ b/tests/cbsasl_client_server_test/cbsasl_test.cc @@ -216,10 +216,6 @@ TEST_F(SaslClientServerTest, PLAIN) { test_auth("PLAIN"); } -TEST_F(SaslClientServerTest, CRAM_MD5) { - test_auth("CRAM-MD5"); -} - TEST_F(SaslClientServerTest, SCRAM_SHA1) { if (Couchbase::Crypto::isSupported(Couchbase::Crypto::Algorithm::SHA1)) { test_auth("SCRAM-SHA1"); diff --git a/tests/cbsasl_server_tests/sasl_server_test.cc b/tests/cbsasl_server_tests/sasl_server_test.cc index 498dc9bd5..919bc52a1 100644 --- a/tests/cbsasl_server_tests/sasl_server_test.cc +++ b/tests/cbsasl_server_tests/sasl_server_test.cc @@ -94,7 +94,7 @@ class SaslServerTest : public ::testing::Test { #ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1 mechanisms.append("SCRAM-SHA1 "); #endif - mechanisms.append("CRAM-MD5 PLAIN"); + mechanisms.append("PLAIN"); } static void TearDownTestCase() { @@ -103,29 +103,6 @@ class SaslServerTest : public ::testing::Test { } protected: - static void construct_cram_md5_credentials(char* buffer, - unsigned* bufferlen, - const char* user, - unsigned userlen, - const char* pass, - unsigned passlen, - const char* challenge, - unsigned challengelen) { - unsigned char digest[DIGEST_LENGTH]; - memcpy(buffer, user, userlen); - buffer[userlen + 1] = ' '; - - unsigned int digest_len; - if (HMAC(EVP_md5(), (unsigned char*)pass, passlen, - (unsigned char*)challenge, challengelen, - digest, &digest_len) == NULL || digest_len != DIGEST_LENGTH) { - FAIL() << "HMAC md5 failed"; - } - - cbsasl_hex_encode(buffer + userlen + 1, (char*)digest, DIGEST_LENGTH); - *bufferlen = 1 + (DIGEST_LENGTH * 2) + userlen; - } - cbsasl_conn_t* conn; }; @@ -233,57 +210,10 @@ TEST_F(SaslServerTest, PlainNoNullAtAll) { free((void*)output); } -TEST_F(SaslServerTest, CramMD5) { - const char* challenge = nullptr; - unsigned challengelen = 0; - - ASSERT_EQ(CBSASL_CONTINUE, - cbsasl_server_start(conn, "CRAM-MD5", nullptr, 0, &challenge, - &challengelen)); - - const char* user = "mikewied"; - const char* pass = "mikepw"; - char creds[128]; - unsigned credslen = 0; - construct_cram_md5_credentials(creds, &credslen, user, - (unsigned int)strlen(user), pass, - (unsigned int)strlen(pass), - (const char* )challenge, challengelen); - const char *output; - unsigned outputlen; - - ASSERT_EQ(CBSASL_OK, - cbsasl_server_step(conn, creds, credslen, &output, &outputlen)); - free((char*)output); -} - -TEST_F(SaslServerTest, CramMD5WrongPassword) { - const char* challenge = nullptr; - unsigned challengelen = 0; - ASSERT_EQ(CBSASL_CONTINUE, - cbsasl_server_start(conn, "CRAM-MD5", nullptr, 0, &challenge, - &challengelen)); - - const char* user = "mikewied"; - const char* pass = "padpw"; - char creds[128]; - unsigned credslen = 0; - const char* output = NULL; - unsigned outputlen = 0; - construct_cram_md5_credentials(creds, &credslen, user, - (unsigned int)strlen(user), pass, - (unsigned int)strlen(pass), - (const char* )challenge, challengelen); - - ASSERT_EQ(CBSASL_PWERR, - cbsasl_server_step(conn, creds, credslen, &output, &outputlen)); - free((char*)output); -} - class SaslLimitMechServerTest : public SaslServerTest { protected: void SetUp() { - mechanisms = "CRAM-MD5"; + mechanisms = "PLAIN"; SaslServerTest::SetUp(); } }; @@ -296,5 +226,5 @@ TEST_F(SaslLimitMechServerTest, TestDisableMechList) { ")", &mechs, &len, &num); ASSERT_EQ(CBSASL_OK, err); std::string mechlist(mechs, len); - EXPECT_EQ(std::string("(CRAM-MD5)"), mechlist); + EXPECT_EQ(std::string("(PLAIN)"), mechlist); } diff --git a/tests/testapp/testapp_sasl.cc b/tests/testapp/testapp_sasl.cc index 6976e0f77..4e710b467 100644 --- a/tests/testapp/testapp_sasl.cc +++ b/tests/testapp/testapp_sasl.cc @@ -35,11 +35,6 @@ TEST_P(SaslTest, SinglePLAIN) { EXPECT_NO_THROW(conn.authenticate(bucket1, password1, "PLAIN")); } -TEST_P(SaslTest, SingleCRAM_MD5) { - MemcachedConnection& conn = getConnection(); - EXPECT_NO_THROW(conn.authenticate(bucket1, password1, "CRAM-MD5")); -} - #ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1 TEST_P(SaslTest, SingleSCRAM_SHA1) { MemcachedConnection& conn = getConnection(); @@ -73,10 +68,6 @@ TEST_P(SaslTest, TestSaslMixFrom_PLAIN) { testMixStartingFrom("PLAIN"); } -TEST_P(SaslTest, TestSaslMixFrom_CRAM_MD5) { - testMixStartingFrom("CRAM-MD5"); -} - #ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1 TEST_P(SaslTest, TestSaslMixFrom_SCRAM_SHA1) { testMixStartingFrom("SCRAM-SHA1"); diff --git a/tests/testapp/testapp_sasl.h b/tests/testapp/testapp_sasl.h index 7d1d7ec75..1e8cb2900 100644 --- a/tests/testapp/testapp_sasl.h +++ b/tests/testapp/testapp_sasl.h @@ -26,7 +26,6 @@ class SaslTest : public TestappClientTest { public: SaslTest() { mechanisms.push_back("PLAIN"); - mechanisms.push_back("CRAM-MD5"); #ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1 mechanisms.push_back("SCRAM-SHA1"); #endif