From 39b9f77dbccecad50fb355cffb0e8e432e28f825 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Tue, 6 Nov 2018 22:29:44 +0100 Subject: sid: sid_test: handle large ias correctly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In string format, the “identifier authority” is quirky: from 1 << 32 on the spec requires that exactly 12 hex digits be printed. --- sid_test.ml | 152 +++++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 125 insertions(+), 27 deletions(-) (limited to 'sid_test.ml') diff --git a/sid_test.ml b/sid_test.ml index 9b61b40..e7b6c24 100644 --- a/sid_test.ml +++ b/sid_test.ml @@ -5,6 +5,8 @@ open OUnit module U64 = Stdint.Uint64 module U32 = Stdint.Uint32 +let max_ident_auth = U64.of_string "0x0000_ffff_ffff_ffff" + (* let () = Printexc.record_backtrace true ;; *) @@ -37,8 +39,6 @@ let create_etoomany_fail () = | None -> () | Some s -> assert_failure ("Sid.create succeeded on invalid sa array") -let max_ident_auth = U64.of_string "0x0000_ffff_ffff_ffff" - let create_iatoobig_fail () = let sas = Array.make 2 U32.one in let ia = U64.add max_ident_auth U64.one in @@ -104,12 +104,19 @@ let sf_parse_trailing_ok () = assert_equal (Sid.to_string s) "S-1-0-0" let sf_parse_maxint_ok () = - let s = unwrap_of_string - (Printf.sprintf "S-1-281474976710655-%s-%s" + let s1 = unwrap_of_string + (Printf.sprintf "S-1-%s-%s-%s" + (U32.to_string U32.max_int) + (U32.to_string U32.max_int) + (U32.to_string U32.max_int)) + and s2 = unwrap_of_string + (Printf.sprintf "S-1-%s-%s-%s" + (U64.to_string_hex max_ident_auth) (U32.to_string U32.max_int) (U32.to_string U32.max_int)) in - assert_equal (Sid.to_string s) "S-1-281474976710655-4294967295-4294967295" + assert_equal (Sid.to_string s1) "S-1-4294967295-4294967295-4294967295"; + assert_equal (Sid.to_string s2) "S-1-0xffffffffffff-4294967295-4294967295" let sf_parse_oobia_fail () = match Sid.of_string @@ -117,8 +124,8 @@ let sf_parse_oobia_fail () = with | Ok _ -> assert_failure "unexpectedly parsed the out of bounds subauth" | Error e -> - assert_equal e "Invalid SID: identifier authority cannot fit 6 B \ - (281474976710655)" + assert_equal e "input malformed: identifier authority from 2³² on must \ + be hex-encoded (value=18446744073709551615)" let sf_parse_oobsa_fail () = match Sid.of_string @@ -148,11 +155,96 @@ let sf_parse_too_long_ok () = (Printf.sprintf "[%s] ≠ [%s]" (Sid.to_string s2) (Sid.to_string l)) (Sid.equal s2 l) +let sf_parse_iaxx_ok () = + (* ias > UINT32_MAX → hexdigits; proof that MS are a bunch of weirdos *) + let result = unwrap_of_string "S-1-0x0070c51cf00d-13-37" + and expect = + match Xxd.bytes_of "0102 0070 c51c f00d 0d00 0000 2500 0000" + (* vvcc iiii iiii iiii ssss ssss *) + |> Sid.PacketRep.decode + with + | Ok s -> s + | Error e -> assert_failure (Printf.sprintf "error decoding SID: %s" e) + in + assert_bool + (Printf.sprintf "[%s] ≠ [%s]" (Sid.to_string result) (Sid.to_string expect)) + (Sid.equal result expect) + +let sf_parse_iaxxoob_fail () = + (* ias <= UINT32_MAX → decimal; hex not allowed *) + match Sid.of_string "S-1-0x0000deadbeef-17-01" with + | Error e -> + let expect = "input malformed: identifier authority less than 2³² must \ + not be hex-encoded (value=3735928559)" + in + assert_equal + ~msg:(Printf.sprintf "[%s] ≠ [%s]" e expect) + e expect + | Ok s -> + assert_failure + (Printf.sprintf "malformed SID decoded unexpectedly: %s" + (Sid.to_string s)) + +let sf_parse_iaxxinval_fail () = + (* ias <= UINT32_MAX → decimal; hex not allowed *) + match Sid.of_string "S-1-0xEA75BADB10OD-17-01" with + | Error e -> + let expect = "Invalid SID [S-1-0xEA75BADB10OD-17-01]: expected \ + hexadecimal digit at position 16 while parsing ident \ + auth, got ‘O’" + in + assert_equal + ~msg:(Printf.sprintf "[%s] ≠ [%s]" e expect) + e expect + | Ok s -> + assert_failure + (Printf.sprintf "malformed SID decoded unexpectedly: %s" + (Sid.to_string s)) + +let sf_parse_iaxxshort_fail () = + (* too few digits, need exactly 12 *) + match Sid.of_string "S-1-0xdeadbeef-17-01" with + | Error e -> + let expect = "Invalid SID [S-1-0xdeadbeef-17-01]: expected \ + hexadecimal digit at position 14 while parsing ident \ + auth, got ‘-’" + in + assert_equal + ~msg:(Printf.sprintf "[%s] ≠ [%s]" e expect) + e expect + | Ok s -> + assert_failure + (Printf.sprintf "malformed SID decoded unexpectedly: %s" + (Sid.to_string s)) + +let sf_parse_iaxxlong_fail () = + (* too many digits, need exactly 12 *) + match Sid.of_string "S-1-0xC01DC01DB100D-17-01" with + | Error e -> + let expect = "Invalid SID [S-1-0xC01DC01DB100D-17-01]: expected ‘-’ \ + at position 18, found ‘D’" + in + assert_equal + ~msg:(Printf.sprintf "[%s] ≠ [%s]" e expect) + e expect + | Ok s -> + assert_failure + (Printf.sprintf "malformed SID decoded unexpectedly: %s" + (Sid.to_string s)) + +let sf_print_iaxx_ok () = + (* hex ia must be padded to 12 digits *) + let str = "S-1-0x0070c51cf00d-13-37" in + let sid = unwrap_of_string str in + assert_equal + ~msg:(Printf.sprintf "[%s] ≠ [%s]" (Sid.to_string sid) str) + (Sid.to_string sid) str + let pr_encode_null_ok () = let x = Sid.WellKnown.null |> Sid.PacketRep.encode - |> Xxd.xxd_of_bytes ~blocklen:2 + |> Xxd.of_bytes ~blocklen:2 in let expect = "0101 0000 0000 0000 0000 0000" in (* vvcc iiii iiii iiii ssss ssss *) @@ -164,10 +256,10 @@ let pr_encode_be_ok () = let sid = "S-1-0-42" in let sle = unwrap_of_string sid |> Sid.PacketRep.encode - |> Xxd.xxd_of_bytes ~blocklen:2 + |> Xxd.of_bytes ~blocklen:2 and sbe = unwrap_of_string sid - |> Sid.PacketRep.encode ~endian:Big - |> Xxd.xxd_of_bytes ~blocklen:2 + |> Sid.PacketRep.encode ~endian:Sid.PacketRep.Big + |> Xxd.of_bytes ~blocklen:2 in let expect_le = "0101 0000 0000 0000 2a00 0000" and expect_be = "0101 0000 0000 0000 0000 002a" in @@ -183,7 +275,7 @@ let pr_encode_all_ok () = let x = Sid.WellKnown.everyone |> Sid.PacketRep.encode - |> Xxd.xxd_of_bytes ~blocklen:2 + |> Xxd.of_bytes ~blocklen:2 in let expect = "0101 0000 0000 0001 0000 0000" in (* vvcc iiii iiii iiii ssss ssss *) @@ -194,8 +286,8 @@ let pr_encode_all_ok () = let pr_decode_all_ok () = let s = match - Xxd.bytes_of_xxd "0101 0000 0000 0001 0000 0000" - (* vvcc iiii iiii iiii ssss ssss *) + Xxd.bytes_of "0101 0000 0000 0001 0000 0000" + (* vvcc iiii iiii iiii ssss ssss *) |> Sid.PacketRep.decode with | Ok s -> s @@ -212,7 +304,7 @@ let pr_decode_all_ok () = let pr_decode_be_ok () = let sid = unwrap_of_string "S-1-1-1-2-3-4-5-6-7-8-9-10-11-12-13-14-15" and sle = - match Xxd.bytes_of_xxd + match Xxd.bytes_of "010f 0000 0000 0001 \ 0100 0000 0200 0000 0300 0000 0400 0000 \ 0500 0000 0600 0000 0700 0000 0800 0000 \ @@ -225,13 +317,13 @@ let pr_decode_be_ok () = assert_failure (Printf.sprintf "error decoding SID: %s" e) and sbe = - match Xxd.bytes_of_xxd + match Xxd.bytes_of "010f 0000 0000 0001 \ 0000 0001 0000 0002 0000 0003 0000 0004 \ 0000 0005 0000 0006 0000 0007 0000 0008 \ 0000 0009 0000 000a 0000 000b 0000 000c \ 0000 000d 0000 000e 0000 000f" - |> Sid.PacketRep.decode ~endian:Big + |> Sid.PacketRep.decode ~endian:Sid.PacketRep.Big with | Ok s -> s | Error e -> @@ -246,8 +338,8 @@ let pr_decode_be_ok () = (Sid.equal sid sbe) let pr_decode_version_fail () = - let b = Xxd.bytes_of_xxd "0201 0000 0000 0001 0000 0000" in - (* vvcc iiii iiii iiii ssss ssss *) + let b = Xxd.bytes_of "0201 0000 0000 0001 0000 0000" in + (* vvcc iiii iiii iiii ssss ssss *) match Sid.PacketRep.decode b with | Error e -> let expect = "input malformed: expected SID version=0x01, got 0x02" in @@ -260,8 +352,8 @@ let pr_decode_version_fail () = (Sid.to_string s)) let pr_decode_sacount_fail () = - let b = Xxd.bytes_of_xxd "0110 0000 0000 0001 0000 0000" in - (* vvcc iiii iiii iiii ssss ssss *) + let b = Xxd.bytes_of "0110 0000 0000 0001 0000 0000" in + (* vvcc iiii iiii iiii ssss ssss *) match Sid.PacketRep.decode b with | Error e -> let expect = "input malformed: up to 15 subAuthority elements \ @@ -275,8 +367,8 @@ let pr_decode_sacount_fail () = (Sid.to_string s)) let pr_decode_short_fail () = - let b = Xxd.bytes_of_xxd "0105 0000 0000 00" in - (* vvcc iiii iiii ii…… *) + let b = Xxd.bytes_of "0105 0000 0000 00" in + (* vvcc iiii iiii ii…… *) match Sid.PacketRep.decode b with | Error e -> let expect = "bad input size: expected 8–68 B, got 7 B" in @@ -296,7 +388,7 @@ let pr_decode_long_fail () = 0b00 0000 0c00 0000 0d00 0000 0e00 0000 \ 0f00 0000 1000 0000" in - let b = Xxd.bytes_of_xxd r in + let b = Xxd.bytes_of r in match Sid.PacketRep.decode b with | Error e -> let expect = "bad input size: expected 8–68 B, got 72 B" in @@ -310,9 +402,9 @@ let pr_decode_long_fail () = let pr_decode_odd_fail () = match - Xxd.bytes_of_xxd "0101 0000 0000 0000 0100 0000 0200" - (* vvcc iiii iiii iiii ssss ssss ssss … - upper half word missing *) + Xxd.bytes_of "0101 0000 0000 0000 0100 0000 0200" + (* vvcc iiii iiii iiii ssss ssss ssss … + upper half word missing *) |> Sid.PacketRep.decode with | Error e -> @@ -339,6 +431,12 @@ let string_format_test = "string-format-syntax" >::: ; "parse-oobsa-fail" >:: sf_parse_oobsa_fail ; "parse-long-ok" >:: sf_parse_long_ok ; "parse-too-long-ok" >:: sf_parse_too_long_ok + ; "parse-iaxx-ok" >:: sf_parse_iaxx_ok + ; "parse-iaxxoob-fail" >:: sf_parse_iaxxoob_fail + ; "parse-iaxxinval-fail" >:: sf_parse_iaxxinval_fail + ; "parse-iaxxshort-fail" >:: sf_parse_iaxxshort_fail + ; "parse-iaxxlong-fail" >:: sf_parse_iaxxlong_fail + ; "print-iaxx-ok" >:: sf_print_iaxx_ok ] let packet_rep_test = "packet-rep" >::: -- cgit v1.2.3