From 0f622add7f432498a74f221374085e7f417cd95c Mon Sep 17 00:00:00 2001
From: leitner <leitner>
Date: Fri, 8 May 2015 04:33:04 +0000
Subject: [PATCH] start working on test suite

---
 Makefile        |  9 ++++--
 README.security |  4 +++
 test/bind.c     | 46 ++++++++++++++++++++++++++++++
 test/ebind.c    | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 131 insertions(+), 2 deletions(-)
 create mode 100644 test/bind.c
 create mode 100644 test/ebind.c

diff --git a/Makefile b/Makefile
index 0bdfca9..68008c4 100644
--- a/Makefile
+++ b/Makefile
@@ -43,7 +43,6 @@ tls_cipherprio.o fmt_tls_alert_pkt.o fmt_tls_handshake_cert.o \
 fmt_tls_handshake_certs_header.o fmt_tls_serverhellodone.o \
 tls_accept.o tls_connect.o tls_doread.o tls_dowrite.o
 
-
 DIET=/opt/diet/bin/diet -Os
 CROSS=
 #CROSS=i686-mingw32-
@@ -100,13 +99,19 @@ tinyldap_debug: tinyldap.c
 acl: acl.c ldap.a asn1.a
 	$(DIET) $(CC) $(CFLAGS) -o acl acl.c -I. ldap.a asn1.a -lowfat $(LIBS)
 
+.PHONY: test
+test: test/bind test/ebind
+	make -C test
+
+test/%: test/%.c asn1.a ldap.a
+	$(DIET) $(CC) $(CFLAGS) -o $@ $^ ldap.a asn1.a -lowfat $(LIBS)
 
 .PHONY: clean tar
 clean:
 	rm -f t t[1-9] *.[ao] bindrequest tinyldap ldapclient \
 parse tinyldap_standalone tinyldap_debug ldapclient_str addindex \
 dumpidx idx2ldif md5password ldapdelete dumpacls asn1dump acl \
-*.da *.bbg *.bb *.gcov gmon.out *.gcda *.gcno
+*.da *.bbg *.bb *.gcov gmon.out *.gcda *.gcno test/bind bind/ebind
 
 tar: clean
 	cd ..; tar cvvf tinyldap.tar.bz2 tinyldap --use=bzip2 --exclude capture --exclude CVS --exclude exp.ldif --exclude polyp* --exclude rfc*
diff --git a/README.security b/README.security
index 0568a9e..f18f4a3 100644
--- a/README.security
+++ b/README.security
@@ -6,3 +6,7 @@ Other than that, tinyldap does not trust anyone :-)
 
 tinyldap can (and should) be run as non-root, via tcpserver, in a chroot
 jail.
+
+If you worry about memory consumption, set resource limits before
+running tinyldap, e.g. with softlimit from daemontools or limit/ulimit
+in your shell.
diff --git a/test/bind.c b/test/bind.c
new file mode 100644
index 0000000..f1e9112
--- /dev/null
+++ b/test/bind.c
@@ -0,0 +1,46 @@
+#include "ldap.h"
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <stdio.h>
+
+static int ldapbind(const char* u,const char* p,int messageid) {
+  char outbuf[1024];
+  int s=100;
+  if (!u) u="";
+  if (!p) p="";
+  if (strlen(u)>100 || strlen(p)>100)
+    return 0;
+  size_t len=fmt_ldapbindrequest(outbuf+s,3,u,p);
+  size_t hlen=fmt_ldapmessage(0,messageid,BindRequest,len);
+  fmt_ldapmessage(outbuf+s-hlen,messageid,BindRequest,len);
+  if ((size_t)write(1,outbuf+s-hlen,len+hlen)!=len+hlen) return 0;;
+  return 1;
+}
+
+int main(int argc,char* argv[]) {
+  int messageid=0;
+  const char* user=0;
+  const char* passwd=0;
+  for (;;) {
+    int c=getopt(argc,argv,"u:p:m:");
+    if (c==-1) break;
+    switch (c) {
+    case 'u':
+      user=optarg;
+      break;
+    case 'p':
+      passwd=optarg;
+      break;
+    case 'm':
+      messageid=atoi(optarg);
+      if (messageid<0) {
+	puts("messageid must be a positive integer");
+	return 1;
+      }
+      break;
+    }
+  }
+  ldapbind(user,passwd,messageid);
+}
diff --git a/test/ebind.c b/test/ebind.c
new file mode 100644
index 0000000..4557e72
--- /dev/null
+++ b/test/ebind.c
@@ -0,0 +1,74 @@
+#include "ldap.h"
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <stdio.h>
+
+int main(int argc,char* argv[]) {
+  char buf[1000];
+  char* max;
+  char* want;
+  ssize_t i;
+  int expecterror=0;
+
+  for (;;) {
+    int c=getopt(argc,argv,"e");
+    if (c==-1) break;
+    switch (c) {
+    case 'e': expecterror=1; break;
+    }
+  }
+
+  i=read(0,buf,0xe);
+  if (i!=0xe) {
+    puts("short read");
+    return 1;
+  }
+  max=buf+i;
+  size_t res,Len;
+  unsigned long messageid,op,result;
+  if (buf[0]!='0' || (res=scan_asn1length(buf+1,buf+1000,&Len))==0) {
+    puts("parse error");
+    return 1;
+  }
+  if (Len>1000)  {
+    puts("response > 1000 bytes");
+    return 1;
+  }
+  want=buf+res+1+Len;
+  while (max<want) {
+    i=read(0,max,want-max);
+    if (i!=want-max) {
+      puts("read error");
+      return 1;
+    }
+    max+=i;
+  }
+  res=scan_ldapmessage(buf,max,&messageid,&op,&Len);
+  if (res==0) {
+    puts("scan_ldapmessage failed");
+    return 1;
+  }
+  if (Len>1000 || Len+res>1000)  {
+    puts("Response > 1000 bytes");
+    return 1;
+  }
+  if (op!=BindResponse) {
+    puts("op != BindResponse");
+    return 1;
+  }
+  struct string matcheddn,errormessage,referral;
+  res=scan_ldapbindresponse(buf+res,max,&result,&matcheddn,&errormessage,&referral);
+  if (!res) {
+    puts("scan_ldapbindresponse failed");
+    return 1;
+  }
+  if (result) {
+    printf("error: \"%.*s\"\n",(int)errormessage.l,errormessage.s);
+    if (expecterror) return 0;
+    return 1;
+  }
+  if (expecterror) return 1;
+  return 0;
+}