testbackupstore: test that client ID must match SSL certificate

boxbackup · Jun 8, 2018 · 6502c83 · 6502c83
1 parent d7330ca
commit 6502c83
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/lib/backupstore/StoreTestUtils.cpp b/lib/backupstore/StoreTestUtils.cpp
@@ -30,13 +30,13 @@
 #include "TLSContext.h"
 #include "Test.h"
 
-bool create_account(int soft, int hard)
+bool create_account(int soft, int hard, int account_id)
 {
 	std::string errs;
 	std::auto_ptr<Configuration> config(
 		Configuration::LoadAndVerify
 			("testfiles/bbstored.conf", &BackupConfigFileVerify, errs));
-	BackupStoreAccountControl control(*config, 0x01234567);
+	BackupStoreAccountControl control(*config, account_id);
 
 	Logger::LevelGuard guard(Logging::GetConsole(), Log::WARNING);
 	int result = control.CreateAccount(0, soft, hard);

diff --git a/lib/backupstore/StoreTestUtils.h b/lib/backupstore/StoreTestUtils.h
@@ -22,7 +22,7 @@ class SocketStreamTLS;
 class TLSContext;
 
 //! Creates the standard test account, for example after delete_account().
-bool create_account(int soft, int hard);
+bool create_account(int soft, int hard, int account_id = 0x01234567);
 
 //! Deletes the standard test account, for testing behaviour with no account.
 bool delete_account();

diff --git a/test/backupstore/testbackupstore.cpp b/test/backupstore/testbackupstore.cpp
@@ -2691,8 +2691,12 @@ bool test_login_without_account()
 	// normally use/ a local protocol, which bypasses BackupStoreDaemon.
 	SETUP_TEST_UNIFIED();
 
-	// Try logging in with a nonexistent (deleted) account, which should fail:
+	// Delete the account created by the test harness (0x01234567):
 	delete_account();
+
+	// Create another account, which doesn't match the SSL certificate:
+	create_account(1000, 2000, 0x01234568);
+
 	TEST_THAT_OR(StartServer(), FAIL);
 
 	// BLOCK
@@ -2704,10 +2708,14 @@ bool test_login_without_account()
 		std::auto_ptr<BackupProtocolVersion> serverVersion(protocol.QueryVersion(BACKUP_STORE_SERVER_VERSION));
 		TEST_THAT(serverVersion->GetVersion() == BACKUP_STORE_SERVER_VERSION);
 
-		// Login
+		// Try logging in with a nonexistent (deleted) account, which should fail:
 		TEST_COMMAND_RETURNS_ERROR(protocol, QueryLogin(0x01234567, 0),
 			Err_BadLogin);
 
+		// Try to login as an account that doesn't match the SSL certificate CommonName
+		TEST_COMMAND_RETURNS_ERROR(protocol, QueryLogin(0x01234568, 0),
+			Err_BadLogin);
+
 		// Finish the connection
 		protocol.QueryFinished();
 	}