lib/unittests: splitted general tests from bsock tests

- merged from dev/pstorz/master/tls-bsock-unitttests
- added cert test from dev/pstorz/master/tls-bsock-unitttests

core/src/lib/unittests/CMakeLists.txt

@@ -26,12 +26,14 @@ set (TEST_SRC
     alist_test.cc
     dlist_test.cc
     htable_test.cc
-    bsock_test.cc
    )
 
 
 add_definitions(-DTEST_SMALL_HTABLE)
 
+# where to find the certificates
+add_definitions(-DCERTDIR=\"${CMAKE_SOURCE_DIR}/../regress/configs/BASE/tls\")
+
 add_executable(test_lib
     ${TEST_SRC}
     )
@@ -52,3 +54,24 @@ set_property(TEST test_lib
    )
 
 add_dependencies(check test_lib)
+
+add_executable(test_bsock
+    bsock_test.cc
+    )
+target_link_libraries(test_bsock
+   bareos
+   ${JANSSON_LIBRARIES}
+   ${GTEST_LIBRARIES}
+   ${GTEST_MAIN_LIBRARIES}
+   )
+
+add_test(NAME test_bsock
+   COMMAND test_bsock
+   )
+
+set_property(TEST test_bsock
+   PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${CMAKE_BINARY_DIR}/src/lib"
+   PROPERTY ENVIRONMENT "GTEST_COLOR=yes"
+   )
+
+add_dependencies(check test_bsock)

core/src/lib/unittests/bsock_test.cc

@@ -32,8 +32,6 @@
 
 class UaContext {
   BareosSocket *UA_sock;
-  BareosDaemonType local_daemon_type_;
-  BareosDaemonType remote_daemon_type_;
 };
 class StorageResource;
 #include "dird/authenticate.h"
@@ -92,8 +90,10 @@ int create_accepted_server_socket(int port)
   }
   return new_socket;
 }
+
 void start_bareos_server(std::promise<bool> *promise, std::string console_name,
-                         std::string console_password, std::string server_address, int server_port, bool enable_tls_psk)
+                         std::string console_password, std::string server_address, int server_port,
+                         ConsoleResource *cons)
 
 {
   int newsockfd = create_accepted_server_socket(server_port);
@@ -102,8 +102,6 @@ void start_bareos_server(std::promise<bool> *promise, std::string console_name,
   BareosSocket *bs;
   bs = New(BareosSocketTCP);
   bs->sleep_time_after_authentication_error = 0;
-  bs->local_daemon_type_ = BareosDaemonType::kDirector;
-  bs->remote_daemon_type_ = BareosDaemonType::kConsole;
   bs->fd_ = newsockfd;
   bs->SetWho(bstrdup("client"));
   memset(&bs->peer_addr, 0, sizeof(bs->peer_addr));
@@ -112,20 +110,20 @@ void start_bareos_server(std::promise<bool> *promise, std::string console_name,
   s_password *password = new (s_password);
   password->encoding = p_encoding_md5;
   password->value = (char *)console_password.c_str();
-  ConsoleResource *cons = new (ConsoleResource);
-  cons->tls_psk.enable = enable_tls_psk;
 
   if (bs->recv() <= 0) {
     Dmsg1(10, _("Connection request from %s failed.\n"), bs->who());
-    //Bmicrosleep(5, 0); /* make user wait 5 seconds */
+    // Bmicrosleep(5, 0); /* make user wait 5 seconds */
     bs->close();
   }
   // Do a sanity check on the message received
   if (bs->message_length < MIN_MSG_LEN || bs->message_length > MAX_MSG_LEN) {
     Dmsg2(10, _("Invalid connection from %s. Len=%d\n"), bs->who(), bs->message_length);
-    //Bmicrosleep(5, 0); /* make user wait 5 seconds */
+    // Bmicrosleep(5, 0); /* make user wait 5 seconds */
     bs->close();
   }
+  bs->local_daemon_type_ = BareosDaemonType::kDirector;
+  bs->remote_daemon_type_ = BareosDaemonType::kConsole;
   Dmsg1(10, "Cons->Dir: %s", bs->msg);
   if (bs->AuthenticateInboundConnection(NULL, "Console", name, *password, cons)) {
     bs->fsend(_("1000 OK: %s Version: %s (%s)\n"), my_name, VERSION, BDATE);
@@ -139,7 +137,7 @@ void start_bareos_server(std::promise<bool> *promise, std::string console_name,
 }
 
 int connect_to_server(std::string console_name, std::string console_password,
-                      std::string server_address, int server_port, bool enable_tls_psk)
+                      std::string server_address, int server_port, DirectorResource *dir)
 {
   utime_t heart_beat = 0;
   char errmsg[1024];
@@ -150,16 +148,11 @@ int connect_to_server(std::string console_name, std::string console_password,
 
   char *name = (char *)console_name.c_str();
 
-  DirectorResource *dir = new (DirectorResource);
-  dir->address = (char *)server_address.c_str();
-  dir->DIRport = htons(server_port);
-  dir->tls_psk.enable = enable_tls_psk;
-
   s_password *password = new (s_password);
   password->encoding = p_encoding_md5;
   password->value = (char *)console_password.c_str();
 
-  BareosSocket *UA_sock = New(BareosSocketTCP);
+  BareosSocketTCP *UA_sock = New(BareosSocketTCP);
   UA_sock->sleep_time_after_authentication_error = 0;
   jcr.dir_bsock = UA_sock;
   UA_sock->local_daemon_type_ = BareosDaemonType::kConsole;
@@ -181,7 +174,7 @@ int connect_to_server(std::string console_name, std::string console_password,
     } else {
       UA_sock->close();
       Dmsg0(10, "Authenticate Connect to Server successful!\n");
-      if (enable_tls_psk) {
+      if (dir->tls_psk.enable) {
          Dmsg0(10, UA_sock->TlsEstablished() ? "Tls enabled\n" : "Tls failed to establish\n");
          return UA_sock->TlsEstablished();
       } else {
@@ -195,6 +188,34 @@ int connect_to_server(std::string console_name, std::string console_password,
   }
 }
 
+ConsoleResource *CreateAndInitializeNewConsoleResource()
+{
+  ConsoleResource *cons = new (ConsoleResource);
+  cons->tls_psk.enable = false;  // enable_tls_psk;
+  cons->tls_cert.certfile = new (std::string)(CERTDIR "/console.bareos.org-cert.pem");
+  cons->tls_cert.keyfile = new (std::string)(CERTDIR "/console.bareos.org-key.pem");
+  cons->tls_cert.CaCertfile = new (std::string)(CERTDIR "/bareos-ca.pem");
+  cons->tls_cert.enable = false;
+  cons->tls_cert.VerifyPeer = false;
+  cons->tls_cert.require = false;
+  return cons;
+}
+
+DirectorResource *CreateAndInitializeNewDirectorResource()
+{
+  DirectorResource *dir = new (DirectorResource);
+  dir->address = (char *)HOST;
+  dir->DIRport = htons(PORT);
+  dir->tls_psk.enable = false;
+  dir->tls_cert.certfile = new (std::string)(CERTDIR "/bareos-dir.bareos.org-cert.pem");
+  dir->tls_cert.keyfile = new (std::string)(CERTDIR "/bareos-dir.bareos.org-key.pem");
+  dir->tls_cert.CaCertfile = new (std::string)(CERTDIR "/bareos-ca.pem");
+  dir->tls_cert.enable = false;
+  dir->tls_cert.VerifyPeer = false;
+  dir->tls_cert.require = false;
+  return dir;
+}
+
 std::string client_cons_name;
 std::string client_cons_password;
 
@@ -215,13 +236,20 @@ TEST(bsock, auth_works)
   server_cons_name = client_cons_name;
   server_cons_password = client_cons_password;
 
+  ConsoleResource *cons = CreateAndInitializeNewConsoleResource();
+  DirectorResource *dir = CreateAndInitializeNewDirectorResource();
+
   InitForTest();
+
+  dir->tls_psk.enable = false;
+  cons->tls_psk.enable = false;
+
   Dmsg0(10, "starting listen thread...\n");
   std::thread server_thread(start_bareos_server, &promise, server_cons_name, server_cons_password,
-                            HOST, port, false);
+                            HOST, port, cons);
 
   Dmsg0(10, "connecting to server\n");
-  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, false));
+  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, dir));
 
   server_thread.join();
   ASSERT_TRUE(future.get());
@@ -240,13 +268,20 @@ TEST(bsock, auth_works_with_different_names)
   server_cons_name = "differentclientname";
   server_cons_password = client_cons_password;
 
+  ConsoleResource *cons = CreateAndInitializeNewConsoleResource();
+  DirectorResource *dir = CreateAndInitializeNewDirectorResource();
+
   InitForTest();
+
+  dir->tls_psk.enable = false;
+  cons->tls_psk.enable = false;
+
   Dmsg0(10, "starting listen thread...\n");
   std::thread server_thread(start_bareos_server, &promise, server_cons_name, server_cons_password,
-                            HOST, port, false);
+                            HOST, port, cons);
 
   Dmsg0(10, "connecting to server\n");
-  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, false));
+  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, dir));
 
   server_thread.join();
   ASSERT_TRUE(future.get());
@@ -263,15 +298,22 @@ TEST(bsock, auth_fails_with_different_passwords)
   client_cons_password = "verysecretpassword";
 
   server_cons_name = client_cons_name;
-  server_cons_password = "a_different_password";
+  server_cons_password = "othersecretpassword";
+
+  ConsoleResource *cons = CreateAndInitializeNewConsoleResource();
+  DirectorResource *dir = CreateAndInitializeNewDirectorResource();
 
   InitForTest();
+
+  dir->tls_psk.enable = false;
+  cons->tls_psk.enable = false;
+
   Dmsg0(10, "starting listen thread...\n");
   std::thread server_thread(start_bareos_server, &promise, server_cons_name, server_cons_password,
-                            HOST, port, false);
+                            HOST, port, cons);
 
   Dmsg0(10, "connecting to server\n");
-  ASSERT_FALSE(connect_to_server(client_cons_name, client_cons_password, HOST, port, false));
+  ASSERT_FALSE(connect_to_server(client_cons_name, client_cons_password, HOST, port, dir));
 
   server_thread.join();
   ASSERT_FALSE(future.get());
@@ -289,18 +331,27 @@ TEST(bsock, auth_works_with_tls_psk)
   server_cons_name = client_cons_name;
   server_cons_password = client_cons_password;
 
+  ConsoleResource *cons = CreateAndInitializeNewConsoleResource();
+  DirectorResource *dir = CreateAndInitializeNewDirectorResource();
+
   InitForTest();
+
+  dir->tls_psk.enable = true;
+  cons->tls_psk.enable = true;
+
   Dmsg0(10, "starting listen thread...\n");
   std::thread server_thread(start_bareos_server, &promise, server_cons_name, server_cons_password,
-                            HOST, port, true);
+                            HOST, port, cons);
 
   Dmsg0(10, "connecting to server\n");
-  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, true));
+  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, dir));
 
   server_thread.join();
   ASSERT_TRUE(future.get());
+
 }
 
+
 TEST(bsock, auth_fails_with_different_names_with_tls_psk)
 {
   port++;
@@ -313,14 +364,56 @@ TEST(bsock, auth_fails_with_different_names_with_tls_psk)
   server_cons_name = "differentclientname";
   server_cons_password = client_cons_password;
 
+  ConsoleResource *cons = CreateAndInitializeNewConsoleResource();
+  DirectorResource *dir = CreateAndInitializeNewDirectorResource();
+
   InitForTest();
+
+  dir->tls_psk.enable = true;
+  cons->tls_psk.enable = true;
+
   Dmsg0(10, "starting listen thread...\n");
   std::thread server_thread(start_bareos_server, &promise, server_cons_name, server_cons_password,
-                            HOST, port, true);
+                            HOST, port, cons);
 
   Dmsg0(10, "connecting to server\n");
-  ASSERT_FALSE(connect_to_server(client_cons_name, client_cons_password, HOST, port, true));
+  ASSERT_FALSE(connect_to_server(client_cons_name, client_cons_password, HOST, port, dir));
 
   server_thread.join();
   ASSERT_FALSE(future.get());
 }
+
+TEST(bsock, auth_works_with_tls_cert)
+{
+  port++;
+  std::promise<bool> promise;
+  std::future<bool> future = promise.get_future();
+
+  client_cons_name = "clientname";
+  client_cons_password = "verysecretpassword";
+
+  server_cons_name = client_cons_name;
+  server_cons_password = client_cons_password;
+
+  ConsoleResource *cons = CreateAndInitializeNewConsoleResource();
+  DirectorResource *dir = CreateAndInitializeNewDirectorResource();
+
+  InitForTest();
+
+  dir->tls_psk.enable = false;
+  cons->tls_psk.enable = false;
+
+  dir->tls_cert.enable = true;
+  cons->tls_cert.enable = true;
+
+
+  Dmsg0(10, "starting listen thread...\n");
+  std::thread server_thread(start_bareos_server, &promise, server_cons_name, server_cons_password,
+                            HOST, port, cons);
+
+  Dmsg0(10, "connecting to server\n");
+  ASSERT_TRUE(connect_to_server(client_cons_name, client_cons_password, HOST, port, dir));
+
+  server_thread.join();
+  ASSERT_TRUE(future.get());
+}