diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/backupstorefix/testbackupstorefix.cpp | 3 | ||||
-rwxr-xr-x | test/backupstorefix/testfiles/testbackupstorefix.pl.in | 2 | ||||
-rw-r--r-- | test/basicserver/testbasicserver.cpp | 128 | ||||
-rwxr-xr-x[-rw-r--r--] | test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh | 0 | ||||
-rw-r--r-- | test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf | 1 | ||||
-rwxr-xr-x[-rw-r--r--] | test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh | 0 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv3-insecure-daemon.conf | 9 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv3-seclevel2-sha1.conf | 1 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv3-seclevel2-sha256.conf | 1 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv4-noseclevel.conf (renamed from test/basicserver/testfiles/srv4.conf) | 1 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv4-seclevel1.conf | 7 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv4-seclevel2-insecure.conf | 7 | ||||
-rw-r--r-- | test/basicserver/testfiles/srv4-seclevel2-secure.conf | 7 | ||||
-rw-r--r-- | test/bbackupd/testbbackupd.cpp | 213 |
14 files changed, 287 insertions, 93 deletions
diff --git a/test/backupstorefix/testbackupstorefix.cpp b/test/backupstorefix/testbackupstorefix.cpp index 6099f133..ac1d0c14 100644 --- a/test/backupstorefix/testbackupstorefix.cpp +++ b/test/backupstorefix/testbackupstorefix.cpp @@ -671,8 +671,7 @@ int test(int argc, const char *argv[]) char name[256]; while(::fgets(line, sizeof(line), f) != 0) { - if(StartsWith("WARNING: This version of Box Backup overrides the " - "system-wide SSLSecurityLevel", line)) + if(StartsWith("WARNING: SSLSecurityLevel not set.", line)) { continue; } diff --git a/test/backupstorefix/testfiles/testbackupstorefix.pl.in b/test/backupstorefix/testfiles/testbackupstorefix.pl.in index 177b3b70..483087f7 100755 --- a/test/backupstorefix/testfiles/testbackupstorefix.pl.in +++ b/test/backupstorefix/testfiles/testbackupstorefix.pl.in @@ -154,7 +154,7 @@ elsif($ARGV[0] eq 'reroot') chomp $line; $line =~s/\[FILENAME NOT ENCRYPTED\]//; next if $line =~ /^WARNING: \*\*\*\* BackupStoreFilename encoded with Clear encoding \*\*\*\*/; - next if $line =~ /^WARNING: This version of Box Backup overrides the system-wide SSLSecurityLevel/; + next if $line =~ /^WARNING: SSLSecurityLevel not set./; my ($id,$type,$name) = split / /, $line; $count++; if($name !~ /\Alost\+found0/) diff --git a/test/basicserver/testbasicserver.cpp b/test/basicserver/testbasicserver.cpp index 4aeded6c..9285dfc9 100644 --- a/test/basicserver/testbasicserver.cpp +++ b/test/basicserver/testbasicserver.cpp @@ -15,18 +15,17 @@ #include <typeinfo> -#include "Test.h" -#include "Daemon.h" +#include "CollectInBufferStream.h" #include "Configuration.h" -#include "ServerStream.h" -#include "SocketStream.h" +#include "Daemon.h" #include "IOStreamGetLine.h" +#include "ServerControl.h" +#include "ServerStream.h" #include "ServerTLS.h" -#include "CollectInBufferStream.h" - +#include "SocketStream.h" +#include "Test.h" #include "TestContext.h" #include "autogen_TestProtocol.h" -#include "ServerControl.h" #include "MemLeakFindOn.h" @@ -98,7 +97,7 @@ void testservers_connection(SocketStream &rStream) while(!getline.IsEOF()) { std::string line; - while(!getline.GetLine(line)) + while(!getline.GetLine(line, false, SHORT_TIMEOUT)) ; if(line == "QUIT") { @@ -208,11 +207,16 @@ const ConfigurationVerify *testserver::GetConfigVerify() const } }; + static ConfigurationVerifyKey root_keys[] = + { + ssl_security_level_key, + }; + static ConfigurationVerify verify = { "root", /* mName */ verifyserver, /* mpSubConfigurations */ - 0, /* mpKeys */ + root_keys, // mpKeys ConfigTest_Exists | ConfigTest_LastEntry, 0 }; @@ -449,7 +453,7 @@ void TestStreamReceive(TestProtocolClient &protocol, int value, bool uncertainst TEST_THAT(count == (24273*3)); // over 64 k of data, definately } -bool test_security_level(int cert_level) +bool test_security_level(int cert_level, int test_level, bool expect_failure_on_connect = false) { int old_num_failures = num_failures; @@ -460,21 +464,24 @@ bool test_security_level(int cert_level) context.Initialise(false /* client */, "testfiles/clientCerts.pem", "testfiles/clientPrivKey.pem", - "testfiles/clientTrustedCAs.pem"); + "testfiles/clientTrustedCAs.pem", + test_level); // SecurityLevel } else if(cert_level == 1) { context.Initialise(false /* client */, "testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem", "testfiles/seclevel2-sha1/bbackupd/1234567-key.pem", - "testfiles/seclevel2-sha1/ca/roots/serverCA.pem"); + "testfiles/seclevel2-sha1/ca/roots/serverCA.pem", + test_level); // SecurityLevel } else if(cert_level == 2) { context.Initialise(false /* client */, "testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem", "testfiles/seclevel2-sha256/bbackupd/1234567-key.pem", - "testfiles/seclevel2-sha256/ca/roots/serverCA.pem"); + "testfiles/seclevel2-sha256/ca/roots/serverCA.pem", + test_level); // SecurityLevel } else { @@ -483,7 +490,17 @@ bool test_security_level(int cert_level) } SocketStreamTLS conn; - conn.Open(context, Socket::TypeINET, "localhost", 2003); + + if(expect_failure_on_connect) + { + TEST_CHECK_THROWS( + conn.Open(context, Socket::TypeINET, "localhost", 2003), + ConnectionException, TLSPeerWeakCertificate); + } + else + { + conn.Open(context, Socket::TypeINET, "localhost", 2003); + } return (num_failures == old_num_failures); // no new failures -> good } @@ -495,7 +512,25 @@ bool test_ancient_certificates() int old_num_failures = num_failures; // Level -1 (allow weaker, with warning) should pass with any certificates: - TEST_THAT(test_security_level(0)); // cert_level + TEST_THAT(test_security_level(0, -1)); // cert_level, test_level + + // We do not test level 0 (system-wide default) because the system + // may have it set high, and our old certificate will not be usable + // in that case, and the user has no way to fix that, so it's not a + // useful test. + + // Level 1 (allow weaker, without a warning) should pass with any certificates: + TEST_THAT(test_security_level(0, 1)); // cert_level, test_level + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + // Level 2 (disallow weaker, without a warning) should NOT pass with old certificates: + TEST_CHECK_THROWS( + test_security_level(0, 2), // cert_level, test_level + ServerException, TLSServerWeakCertificate); +#else + // We have no way to increase the security level, so it should still pass: + test_security_level(0, 2); // cert_level, test_level +#endif return (num_failures == old_num_failures); // no new failures -> good } @@ -507,18 +542,58 @@ bool test_old_certificates() int old_num_failures = num_failures; // Level -1 (allow weaker, with warning) should pass with any certificates: - TEST_THAT(test_security_level(1)); // cert_level + TEST_THAT(test_security_level(1, -1)); // cert_level, test_level + + // We do not test level 0 (system-wide default) because the system + // may have it set high, and our old certificate will not be usable + // in that case, and the user has no way to fix that, so it's not a + // useful test. + + // Level 1 (allow weaker, without a warning) should pass with any certificates: + TEST_THAT(test_security_level(1, 1)); // cert_level, test_level + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + // Level 2 (disallow weaker, without a warning) should NOT pass with old certificates: + TEST_CHECK_THROWS( + test_security_level(1, 2), // cert_level, test_level + ServerException, TLSServerWeakCertificate); +#else + // We have no way to increase the security level, so it should still pass: + test_security_level(1, 2); // cert_level, test_level +#endif return (num_failures == old_num_failures); // no new failures -> good } -bool test_new_certificates() +bool test_new_certificates(bool expect_failure_level_2) { int old_num_failures = num_failures; // Level -1 (allow weaker, with warning) should pass with any certificates: - TEST_THAT(test_security_level(2)); // cert_level + TEST_THAT(test_security_level(2, -1)); // cert_level, test_level + + // Level 0 (system dependent). This will fail if the user (or their + // distro) sets the system-wide security level very high. We check + // this because *we* may need to update Box Backup if this happens + // again, as it did when Debian increased the default level. + // Newly generated certificates may need to be strengthened. + // And we may need to update the documentation. + TEST_THAT(test_security_level(2, 0)); // cert_level, test_level + + // Level 1 (allow weaker, without a warning) should pass with any certificates: + TEST_THAT(test_security_level(2, 1)); // cert_level, test_level + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + // Level 2 (disallow weaker, without a warning) should pass with new certificates, + // but might fail to connect to a peer with weak (insecure) certificates: + TEST_THAT(test_security_level(2, 2, expect_failure_level_2)); + // cert_level, test_level, expect_failure +#else + // We have no way to increase the security level, so it should not fail to connect to a + // daemon with weak certificates: + test_security_level(2, 2, false); // cert_level, test_level, expect_failure +#endif return (num_failures == old_num_failures); // no new failures -> good } @@ -718,6 +793,7 @@ int test(int argc, const char *argv[]) "testfiles/clientCerts.pem", "testfiles/clientPrivKey.pem", "testfiles/clientTrustedCAs.pem"); + // SecurityLevel == -1 by default (old security + warnings) SocketStreamTLS conn1; conn1.Open(context, Socket::TypeINET, "localhost", 2003); @@ -786,7 +862,19 @@ int test(int argc, const char *argv[]) pid = LaunchServer(cmd, "testfiles/srv3.pid"); TEST_THAT(pid != -1 && pid != 0); - TEST_THAT(test_new_certificates()); + TEST_THAT(test_new_certificates(false)); // !expect_failure_level_2 + TEST_THAT(KillServer(pid)); + + // Start a daemon using old, insecure certificates. We should get an error when we + // try to connect to it: + + cmd = TEST_EXECUTABLE " --test-daemon-args="; + cmd += test_args; + cmd += " srv3 testfiles/srv3-insecure-daemon.conf"; + pid = LaunchServer(cmd, "testfiles/srv3.pid"); + + TEST_THAT(pid != -1 && pid != 0); + TEST_THAT(test_new_certificates(true)); // expect_failure_level_2 TEST_THAT(KillServer(pid)); } @@ -795,7 +883,7 @@ int test(int argc, const char *argv[]) { std::string cmd = TEST_EXECUTABLE " --test-daemon-args="; cmd += test_args; - cmd += " srv4 testfiles/srv4.conf"; + cmd += " srv4 testfiles/srv4-seclevel1.conf"; int pid = LaunchServer(cmd, "testfiles/srv4.pid"); TEST_THAT(pid != -1 && pid != 0); diff --git a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh index 48e8cf8e..48e8cf8e 100644..100755 --- a/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh +++ b/test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf index e8f2c104..671a13ac 100644 --- a/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf @@ -6,6 +6,7 @@ KeysFile = ./bbackupd/1234567-FileEncKeys.raw CertificateFile = ./bbackupd/1234567-cert.pem PrivateKeyFile = ./bbackupd/1234567-key.pem TrustedCAsFile = ./bbackupd/serverCA.pem +SSLSecurityLevel = 2 DataDirectory = /home/chris/boxbackup/test/basicserver/testfiles/seclevel2 diff --git a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh index 48e8cf8e..48e8cf8e 100644..100755 --- a/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh +++ b/test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh diff --git a/test/basicserver/testfiles/srv3-insecure-daemon.conf b/test/basicserver/testfiles/srv3-insecure-daemon.conf new file mode 100644 index 00000000..09cf352d --- /dev/null +++ b/test/basicserver/testfiles/srv3-insecure-daemon.conf @@ -0,0 +1,9 @@ +Server +{ + PidFile = testfiles/srv3.pid + ListenAddresses = inet:localhost,unix:testfiles/srv3.sock + CertificateFile = testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem + PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem + TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem +} + diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha1.conf b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf index 01e0fe6d..93c0f99f 100644 --- a/test/basicserver/testfiles/srv3-seclevel2-sha1.conf +++ b/test/basicserver/testfiles/srv3-seclevel2-sha1.conf @@ -6,3 +6,4 @@ Server PrivateKeyFile = testfiles/seclevel2-sha1/bbstored/localhost-key.pem TrustedCAsFile = testfiles/seclevel2-sha1/ca/roots/clientCA.pem } + diff --git a/test/basicserver/testfiles/srv3-seclevel2-sha256.conf b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf index 4db52361..58c267d4 100644 --- a/test/basicserver/testfiles/srv3-seclevel2-sha256.conf +++ b/test/basicserver/testfiles/srv3-seclevel2-sha256.conf @@ -6,3 +6,4 @@ Server PrivateKeyFile = testfiles/seclevel2-sha256/bbstored/localhost-key.pem TrustedCAsFile = testfiles/seclevel2-sha256/ca/roots/clientCA.pem } + diff --git a/test/basicserver/testfiles/srv4.conf b/test/basicserver/testfiles/srv4-noseclevel.conf index f05dff75..db22e95f 100644 --- a/test/basicserver/testfiles/srv4.conf +++ b/test/basicserver/testfiles/srv4-noseclevel.conf @@ -3,4 +3,3 @@ Server PidFile = testfiles/srv4.pid ListenAddresses = unix:testfiles/srv4.sock,inet:localhost } - diff --git a/test/basicserver/testfiles/srv4-seclevel1.conf b/test/basicserver/testfiles/srv4-seclevel1.conf new file mode 100644 index 00000000..cd90566c --- /dev/null +++ b/test/basicserver/testfiles/srv4-seclevel1.conf @@ -0,0 +1,7 @@ +Server +{ + PidFile = testfiles/srv4.pid + ListenAddresses = unix:testfiles/srv4.sock,inet:localhost +} + +SSLSecurityLevel = 1 diff --git a/test/basicserver/testfiles/srv4-seclevel2-insecure.conf b/test/basicserver/testfiles/srv4-seclevel2-insecure.conf new file mode 100644 index 00000000..5d8b1149 --- /dev/null +++ b/test/basicserver/testfiles/srv4-seclevel2-insecure.conf @@ -0,0 +1,7 @@ +Server +{ + PidFile = testfiles/srv4.pid + ListenAddresses = unix:testfiles/srv4.sock,inet:localhost +} + +SSLSecurityLevel = 2 diff --git a/test/basicserver/testfiles/srv4-seclevel2-secure.conf b/test/basicserver/testfiles/srv4-seclevel2-secure.conf new file mode 100644 index 00000000..5d8b1149 --- /dev/null +++ b/test/basicserver/testfiles/srv4-seclevel2-secure.conf @@ -0,0 +1,7 @@ +Server +{ + PidFile = testfiles/srv4.pid + ListenAddresses = unix:testfiles/srv4.sock,inet:localhost +} + +SSLSecurityLevel = 2 diff --git a/test/bbackupd/testbbackupd.cpp b/test/bbackupd/testbbackupd.cpp index d55b5d8d..deff53e2 100644 --- a/test/bbackupd/testbbackupd.cpp +++ b/test/bbackupd/testbbackupd.cpp @@ -12,43 +12,44 @@ // do not include MinGW's dirent.h on Win32, // as we override some of it in lib/win32. +#include <limits.h> +#include <stdio.h> +#include <string.h> + #ifndef WIN32 #include <dirent.h> #endif -#include <stdio.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <limits.h> -#include <string.h> - -#ifdef HAVE_SYS_WAIT_H - #include <sys/wait.h> +#ifdef WIN32 + #include <process.h> #endif #ifdef HAVE_PWD_H #include <pwd.h> #endif -#ifdef HAVE_SYS_XATTR_H - #include <cerrno> - #include <sys/xattr.h> -#endif - #ifdef HAVE_SIGNAL_H #include <signal.h> #endif -#ifdef WIN32 - #include <process.h> -#endif - -#include <map> +#include <sys/stat.h> +#include <sys/types.h> #ifdef HAVE_SYSCALL #include <sys/syscall.h> #endif +#ifdef HAVE_SYS_WAIT_H + #include <sys/wait.h> +#endif + +#ifdef HAVE_SYS_XATTR_H + #include <cerrno> + #include <sys/xattr.h> +#endif + +#include <map> + #include "BackupClientCryptoKeys.h" #include "BackupClientContext.h" #include "BackupClientFileAttributes.h" @@ -100,7 +101,6 @@ #define TIME_TO_WAIT_FOR_BACKUP_OPERATION 12 #define SHORT_TIMEOUT 5000 #define BACKUP_ERROR_DELAY_SHORTENED 10 -#define DEFAULT_BBACKUPD_CONFIG_FILE "testfiles/bbackupd.conf" void wait_for_backup_operation(const char* message) { @@ -414,24 +414,7 @@ bool configure_bbackupd(BackupDaemon& bbackupd, const std::string& config_file) return true; } -bool kill_running_daemons() -{ - bool success = true; - - if(FileExists("testfiles/bbstored.pid")) - { - TEST_THAT_OR(KillServer("testfiles/bbstored.pid", true), success = false); - } - - if(FileExists("testfiles/bbackupd.pid")) - { - TEST_THAT_OR(KillServer("testfiles/bbackupd.pid", true), success = false); - } - - return success; -} - -bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, +bool prepare_test_with_client_daemon(BackupDaemon& bbackupd, bool do_unpack_files = true, bool do_start_bbstored = true, const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") { @@ -490,13 +473,13 @@ bool setup_test_bbackupd(BackupDaemon& bbackupd, bool do_unpack_files = true, #define SETUP_WITHOUT_FILES() \ SETUP_TEST_BBACKUPD(); \ BackupDaemon bbackupd; \ - TEST_THAT_OR(setup_test_bbackupd(bbackupd, false), FAIL); \ + TEST_THAT_OR(prepare_test_with_client_daemon(bbackupd, false), FAIL); \ TEST_THAT_OR(::mkdir("testfiles/TestDir1", 0755) == 0, FAIL); #define SETUP_WITH_BBSTORED() \ SETUP_TEST_BBACKUPD(); \ BackupDaemon bbackupd; \ - TEST_THAT_OR(setup_test_bbackupd(bbackupd), FAIL); + TEST_THAT_OR(prepare_test_with_client_daemon(bbackupd), FAIL); #define TEARDOWN_TEST_BBACKUPD() \ TEST_THAT(bbackupd_pid == 0 || StopClient()); \ @@ -987,7 +970,7 @@ bool test_entry_deleted(BackupStoreDirectory& rDir, return flags && BackupStoreDirectory::Entry::Flags_Deleted; } -bool compare(BackupQueries::ReturnCode::Type expected_status, +bool compare_external(BackupQueries::ReturnCode::Type expected_status, const std::string& bbackupquery_options = "", const std::string& compare_options = "-acQ", const std::string& bbackupd_conf_file = "testfiles/bbackupd.conf") @@ -1012,7 +995,7 @@ bool compare(BackupQueries::ReturnCode::Type expected_status, return (returnValue == expected_system_result); } -bool compare_local(BackupQueries::ReturnCode::Type expected_status, +bool compare_in_process(BackupQueries::ReturnCode::Type expected_status, BackupProtocolCallable& client, const std::string& compare_options = "acQ") { @@ -1079,10 +1062,21 @@ bool touch_and_wait(const std::string& filename) TLSContext sTlsContext; -#define TEST_COMPARE(...) \ - TEST_THAT(compare(BackupQueries::ReturnCode::__VA_ARGS__)); -#define TEST_COMPARE_LOCAL(...) \ - TEST_THAT(compare_local(BackupQueries::ReturnCode::__VA_ARGS__)); +#define TEST_COMPARE(expected_status) \ + BOX_INFO("Running external compare, expecting " #expected_status); \ + TEST_THAT(compare_external(BackupQueries::ReturnCode::expected_status)); +#define TEST_COMPARE_EXTRA(expected_status, ...) \ + BOX_INFO("Running external compare, expecting " #expected_status); \ + TEST_THAT(compare_external(BackupQueries::ReturnCode::expected_status, __VA_ARGS__)); + +#define TEST_COMPARE_LOCAL(expected_status, client) \ + BOX_INFO("Running compare in-process, expecting " #expected_status); \ + TEST_THAT(compare_in_process(BackupQueries::ReturnCode::expected_status, client)); +#define TEST_COMPARE_LOCAL_EXTRA(expected_status, client, compare_options) \ + BOX_INFO("Running compare in-process, expecting " #expected_status); \ + TEST_THAT(compare_in_process(BackupQueries::ReturnCode::expected_status, client, \ + compare_options)); + bool search_for_file(const std::string& filename) { @@ -1463,7 +1457,7 @@ bool test_ssl_keepalives() KeepAliveBackupProtocolLocal connection(0x01234567, "test", "backup/01234567/", 0, false); MockBackupDaemon bbackupd(connection); - TEST_THAT_OR(setup_test_bbackupd(bbackupd), FAIL); + TEST_THAT_OR(prepare_test_with_client_daemon(bbackupd), FAIL); // Test that sending a keepalive actually works, when the timeout has expired, // but doesn't send anything at the beginning: @@ -1948,9 +1942,9 @@ bool test_bbackupd_exclusions() bbackupd.RunSyncNow(); TEST_THAT(!bbackupd.StorageLimitExceeded()); - // Check that the contents of the store are the same - // as the contents of the disc - TEST_COMPARE(Compare_Same, "-c testfiles/bbackupd-exclude.conf"); + // Check that the contents of the store are the same + // as the contents of the disc + TEST_COMPARE_EXTRA(Compare_Same, "-c testfiles/bbackupd-exclude.conf"); BOX_TRACE("done."); // BLOCK @@ -2060,7 +2054,7 @@ bool test_bbackupd_responds_to_connection_failure() MockBackupProtocolLocal client(0x01234567, "test", "backup/01234567/", 0, false); MockBackupDaemon bbackupd(client); - TEST_THAT_OR(setup_test_bbackupd(bbackupd, false, false), FAIL); + TEST_THAT_OR(prepare_test_with_client_daemon(bbackupd, false, false), FAIL); TEST_THAT(::system("rm -f testfiles/notifyran.store-full.*") == 0); std::auto_ptr<BackupClientContext> apClientContext; @@ -2290,11 +2284,11 @@ bool test_read_only_dirs_can_be_restored() #endif bbackupd.RunSyncNow(); - TEST_COMPARE(Compare_Same, "", "-cEQ Test1 testfiles/TestDir1"); + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1 testfiles/TestDir1"); // check that we can restore it TEST_THAT(restore("Test1", "testfiles/restore1")); - TEST_COMPARE(Compare_Same, "", "-cEQ Test1 testfiles/restore1"); + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1 testfiles/restore1"); // Try a restore with just the remote directory name, // check that it uses the same name in the local @@ -2302,7 +2296,7 @@ bool test_read_only_dirs_can_be_restored() TEST_THAT(::mkdir("testfiles/restore-test", 0700) == 0); TEST_THAT(bbackupquery("\"lcd testfiles/restore-test\" " "\"restore Test1\"")); - TEST_COMPARE(Compare_Same, "", "-cEQ Test1 " + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1 " "testfiles/restore-test/Test1"); // put the permissions back to sensible values @@ -2512,7 +2506,7 @@ bool test_unicode_filenames_can_be_backed_up() // Check that bbackupquery can compare the dir when given // on the command line in system encoding. - TEST_COMPARE(Compare_Same, "", "-cEQ Test1/" + systemDirName + + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1/" + systemDirName + " testfiles/TestDir1/" + systemDirName); // Check that bbackupquery can restore the dir when given @@ -2521,7 +2515,7 @@ bool test_unicode_filenames_can_be_backed_up() "testfiles/restore-" + systemDirName)); // Compare to make sure it was restored properly. - TEST_COMPARE(Compare_Same, "", "-cEQ Test1/" + systemDirName + + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1/" + systemDirName + " testfiles/restore-" + systemDirName); std::string fileToUnlink = "testfiles/restore-" + @@ -2553,7 +2547,7 @@ bool test_unicode_filenames_can_be_backed_up() // Compare to make sure it was restored properly. The Get // command does restore attributes, so we don't need to // specify the -A option for this to succeed. - TEST_COMPARE(Compare_Same, "", "-cEQ Test1/" + systemDirName + + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1/" + systemDirName + " testfiles/restore-" + systemDirName); // Check that no read error has been reported yet @@ -2709,7 +2703,7 @@ bool test_delete_update_and_symlink_files() TEST_COMPARE(Compare_Same); // Try a quick compare, just for fun - TEST_COMPARE(Compare_Same, "", "-acqQ"); + TEST_COMPARE_EXTRA(Compare_Same, "", "-acqQ"); } TEARDOWN_TEST_BBACKUPD(); @@ -3198,8 +3192,8 @@ bool test_excluded_files_are_not_backed_up() BackupProtocolLocal2 client(0x01234567, "test", "backup/01234567/", 0, false); MockBackupDaemon bbackupd(client); - - TEST_THAT_OR(setup_test_bbackupd(bbackupd, + + TEST_THAT_OR(prepare_test_with_client_daemon(bbackupd, true, // do_unpack_files false // do_start_bbstored ), FAIL); @@ -3215,8 +3209,8 @@ bool test_excluded_files_are_not_backed_up() TEST_COMPARE_LOCAL(Compare_Same, client); // compare without exclusions, should find differences - // TEST_COMPARE(Compare_Different, "", "-acEQ"); - TEST_COMPARE_LOCAL(Compare_Different, client, "acEQ"); + // TEST_COMPARE_EXTRA(Compare_Different, "", "-acEQ"); + TEST_COMPARE_LOCAL_EXTRA(Compare_Different, client, "acEQ"); // check that the excluded files did not make it // into the store, and the included files did @@ -3619,7 +3613,7 @@ bool test_rename_operations() TEST_COMPARE(Compare_Same); // and again, but with quick flag - TEST_COMPARE(Compare_Same, "", "-acqQ"); + TEST_COMPARE_EXTRA(Compare_Same, "", "-acqQ"); // Rename some files -- one under the threshold, others above TEST_THAT(rename("testfiles/TestDir1/df324", @@ -3919,7 +3913,7 @@ bool test_restore_deleted_files() client.reset(); // Do a compare with the now undeleted files - TEST_COMPARE(Compare_Same, "", "-cEQ Test1/x1 " + TEST_COMPARE_EXTRA(Compare_Same, "", "-cEQ Test1/x1 " "testfiles/restore-Test1-x1-2"); } @@ -4044,6 +4038,55 @@ bool test_parse_syncallowscript_output() TEARDOWN_TEST_BBACKUPD(); } +bool check_output_log_file_for_ssl_security_level_warnings(const std::string& log_file_name, + const std::string& sentinel_value) +{ + int old_num_failures = num_failures; + + FileStream fs(log_file_name, O_RDONLY); + IOStreamGetLine getline(fs); + std::string line; + bool found_not_set = false, found_not_supported = false, found_sentinel = false; + + while(fs.StreamDataLeft()) + { + TEST_THAT(getline.GetLine(line, true, 30000)); // 30 seconds should be enough + TEST_THAT(line.size() >= 30); + if(line.size() < 30) + { + continue; + } + + if(StartsWith("SSLSecurityLevel not set. Your connection may not " + "be secure.", line.substr(30))) + { + found_not_set = true; + } + else if(StartsWith("SSLSecurityLevel is set, but this Box Backup " + "is not compiled with OpenSSL 1.1 or higher", line.substr(30))) + { + found_not_supported = true; + } + else if(StartsWith(sentinel_value, line.substr(30))) + { + found_sentinel = true; + break; + } + } + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + TEST_THAT(!found_not_set); // We should set it in bbackupd-config + TEST_THAT(!found_not_supported); // And this message should never be logged +#else + TEST_THAT(!found_not_supported); // We should not set it in bbackupd-config + TEST_THAT(!found_not_set); // And this message should never be logged +#endif + + TEST_THAT(found_sentinel); // Otherwise we're looking for the wrong thing! + + return (num_failures == old_num_failures); // no new failures -> good +} + bool test_bbackupd_config_script() { @@ -4075,7 +4118,7 @@ bool test_bbackupd_config_script() // Open the generated config file and add a StorePort line: { FileStream conf_file("testfiles/tmp/bbackupd.conf", O_WRONLY | O_APPEND); - conf_file.IOStream::Write("StorePort = 22011\n"); + conf_file.Write("StorePort = 22011\n"); conf_file.Close(); } @@ -4122,8 +4165,8 @@ bool test_bbackupd_config_script() TEST_RETURN_COMMAND(system(cmd.c_str()), 0, cmd) bbstored_pid = StartDaemon(bbstored_pid, BBSTORED " " + bbstored_args + - " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf", - "testfiles/bbstored.pid"); + " -o testfiles/tmp/bbstored.log testfiles/tmp/bbstored.conf", "testfiles/bbstored.pid", + 22011); { Capture capture; @@ -4131,7 +4174,7 @@ bool test_bbackupd_config_script() BackupDaemon bbackupd; TEST_THAT( - setup_test_bbackupd( + prepare_test_with_client_daemon( bbackupd, true, // do_unpack_files false, // !do_start_bbstored @@ -4139,10 +4182,43 @@ bool test_bbackupd_config_script() ); bbackupd.RunSyncNow(); + + std::vector<Capture::Message> messages = capture.GetMessages(); + TEST_THAT(!messages.empty()); + if (!messages.empty()) + { + bool found_not_set = false, found_not_supported = false; + for(std::vector<Capture::Message>::iterator i = messages.begin(); + i != messages.end(); i++) + { + if(StartsWith("SSLSecurityLevel not set. Your connection may not " + "be secure.", i->message)) + { + found_not_set = true; + } + else if(StartsWith("SSLSecurityLevel is set, but this Box Backup " + "is not compiled with OpenSSL 1.1 or higher", i->message)) + { + found_not_supported = true; + } + } + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + TEST_THAT(!found_not_set); // We should set it in bbackupd-config + TEST_THAT(!found_not_supported); // And this message should never be logged +#else + TEST_THAT(!found_not_supported); // We should not set it in bbackupd-config + TEST_THAT(!found_not_set); // And this message should never be logged +#endif + } } - TEST_THAT(compare(BackupQueries::ReturnCode::Compare_Same, + TEST_THAT(compare_external(BackupQueries::ReturnCode::Compare_Same, "-otestfiles/tmp/bbackupquery.log", "-acQ", "testfiles/tmp/bbackupd.conf")); + TEST_THAT(check_output_log_file_for_ssl_security_level_warnings("testfiles/tmp/bbackupquery.log", + "Connecting to store")); + TEST_THAT(check_output_log_file_for_ssl_security_level_warnings("testfiles/tmp/bbstored.log", + "Forked child process")); TEST_THAT(StopServer()); #endif // !WIN32 @@ -4150,7 +4226,6 @@ bool test_bbackupd_config_script() TEARDOWN_TEST_BBACKUPD(); } - int test(int argc, const char *argv[]) { // SSL library |