2 files changed, 104 insertions, 1 deletions

diff --git a/syz-hub/hub.go b/syz-hub/hub.go
index 242d44a6a..11211be57 100644
--- a/syz-hub/hub.go
+++ b/syz-hub/hub.go
@@ -117,7 +117,7 @@ func (hub *Hub) Sync(a *HubSyncArgs, r *HubSyncRes) error {
 }
 
 func (hub *Hub) auth(client, key, manager string) (string, error) {
-	if key, ok := hub.keys[client]; !ok || key != key {
+	if expectedKey, ok := hub.keys[client]; !ok || key != expectedKey {
 		Logf(0, "connect from unauthorized client %v", client)
 		return "", fmt.Errorf("unauthorized manager")
 	}
diff --git a/syz-hub/hub_test.go b/syz-hub/hub_test.go
new file mode 100644
index 000000000..ec9350798
--- /dev/null
+++ b/syz-hub/hub_test.go
@@ -0,0 +1,103 @@
+// Copyright 2018 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package main
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestAuth(t *testing.T) {
+	hub := &Hub{
+		keys: map[string]string{
+			"foo": "1234",
+			"bar": "abcd",
+		},
+	}
+	tests := []struct {
+		client  string
+		key     string
+		manager string
+		result  string
+		ok      bool
+	}{
+		{
+			client:  "",
+			key:     "",
+			manager: "",
+			result:  "",
+			ok:      false,
+		},
+		{
+			client:  "",
+			key:     "1234",
+			manager: "manager",
+			result:  "",
+			ok:      false,
+		},
+		{
+			client:  "foo",
+			key:     "",
+			manager: "foo",
+			result:  "",
+			ok:      false,
+		},
+		{
+			client:  "foo",
+			key:     "123",
+			manager: "foo",
+			result:  "",
+			ok:      false,
+		},
+		{
+			client:  "foo",
+			key:     "abcd",
+			manager: "foo",
+			result:  "",
+			ok:      false,
+		},
+		{
+			client:  "foo",
+			key:     "1234",
+			manager: "foo",
+			result:  "foo",
+			ok:      true,
+		},
+		{
+			client:  "foo",
+			key:     "1234",
+			manager: "foo-suffix",
+			result:  "foo-suffix",
+			ok:      true,
+		},
+		{
+			client:  "foo",
+			key:     "1234",
+			manager: "",
+			result:  "foo",
+			ok:      true,
+		},
+		{
+			client:  "foo",
+			key:     "1234",
+			manager: "bar",
+			result:  "",
+			ok:      false,
+		},
+	}
+	for _, test := range tests {
+		t.Run(fmt.Sprintf("%q/%q/%q", test.client, test.key, test.manager), func(t *testing.T) {
+			manager, err := hub.auth(test.client, test.key, test.manager)
+			if !test.ok && err == nil {
+				t.Fatalf("auth is expected to fail, but it did not")
+			}
+			if test.ok && err != nil {
+				t.Fatalf("auth is not expected to fail, but it did: %v", err)
+			}
+			if manager != test.result {
+				t.Fatalf("got bad manager %q, want %q", manager, test.result)
+			}
+		})
+	}
+}