#include <vector>
#include <algorithm>
#include <string>
#include <security/pam_modules.h>
#include "conversation.h"
#include "test_util.h"
#include "pam.h"
class fake_pam_conversation : public pam_conversation {
private:
pam_response response_;
std::string answer_;
public:
fake_pam_conversation(const std::string &answer) : answer_(answer) {}
int conv(const std::vector<const struct pam_message *> &prompts, std::vector<struct pam_response *> &answers) {
if (prompts.size() != 1) {
throw std::string("test only supports one prompt");
}
response_.resp_retcode = 0;
response_.resp = const_cast<char *>(answer_.c_str());
answers.resize(1);
answers[0] = &response_;
return 0;
}
};
class fake_failing_conversation: public pam_conversation {
public:
int conv(const std::vector<const struct pam_message *> &prompts, std::vector<struct pam_response *> &answers) {
return 1;
}
};
class fake_failing_answer_conversation: public pam_conversation {
private:
pam_response response_;
std::string answer_;
public:
fake_failing_answer_conversation() : answer_("ok:1") {}
int conv(const std::vector<const struct pam_message *> &prompts, std::vector<struct pam_response *> &answers) {
if (prompts.size() != 1) {
throw std::string("test only supports one prompt");
}
response_.resp_retcode = 13;
response_.resp = const_cast<char *>(answer_.c_str());
answers.resize(1);
answers[0] = &response_;
return 0;
}
};
class match_prompt_text_conversation : public pam_conversation {
private:
pam_response response_;
std::string answer_;
std::string prompt_;
public:
match_prompt_text_conversation(const std::string &prompt) : prompt_(prompt), answer_("ok:123") {}
int conv(const std::vector<const struct pam_message *> &prompts, std::vector<struct pam_response *> &answers) {
if (prompt_ != prompts[0]->msg) {
throw std::string("prompt does not match");
}
response_.resp_retcode = 0;
response_.resp = const_cast<char *>(answer_.c_str());
answers.resize(1);
answers[0] = &response_;
return 0;
}
};
class match_prompt_style_conversation : public pam_conversation {
private:
pam_response response_;
std::string answer_;
int style_;
public:
match_prompt_style_conversation(int style) : style_(style), answer_("ok:123") {}
int conv(const std::vector<const struct pam_message *> &prompts, std::vector<struct pam_response *> &answers) {
if (style_ != prompts[0]->msg_style) {
throw std::string("style does not match");
}
response_.resp_retcode = 0;
response_.resp = const_cast<char *>(answer_.c_str());
answers.resize(1);
answers[0] = &response_;
return 0;
}
};
class fake_pam : public pam {
private:
std::shared_ptr<pam_conversation> conversation_;
public:
fake_pam(std::shared_ptr<pam_conversation> conversation) : conversation_(conversation) {}
fake_pam() {}
int get_conversation(pam_handle_t *pamh, std::shared_ptr<pam_conversation> &conversation) {
if (conversation_) {
conversation = conversation_;
return 0;
}
return 12;
}
};
int returns_correct_token() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_pam_conversation("user:code");
pam_p pam = (pam_p)new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.token() == "code", "returned incorrect token");
succeed();
}
int returns_correct_user_name() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_pam_conversation("sally:token");
pam_p pam = (pam_p)new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "sally", "returned incorrect user name");
succeed();
}
int returns_empty_user_and_token_when_no_colon() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_pam_conversation("sally");
pam_p pam = (pam_p)new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "", "did not return empty user name");
check(conversation.token() == "", "did not return empty token");
succeed();
}
int returns_empty_user_and_token_when_empty_answer() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_pam_conversation("");
pam_p pam = (pam_p)new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "", "did not return empty user name");
check(conversation.token() == "", "did not return empty token");
succeed();
}
int returns_empty_token_when_colon_end() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_pam_conversation("sally:");
pam_p pam = (pam_p)new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "sally", "did not return empty user name");
check(conversation.token() == "", "did not return empty token");
succeed();
}
int returns_empty_user_when_colon_begin() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_pam_conversation(":token");
pam_p pam = (pam_p)new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "", "did not return empty user name");
check(conversation.token() == "token", "did not return empty token");
succeed();
}
int returns_empty_user_and_token_when_pam_cant_create_conversation() {
// given
pam_handle_t *pamh;
pam_p pam = (pam_p)new fake_pam;
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "", "did not return empty user name");
check(conversation.token() == "", "did not return empty token");
succeed();
}
int prompts_user_with_correct_text() {
// given
pam_handle_t *pamh;
pam_conversation_p match_conversation = (pam_conversation_p) new match_prompt_text_conversation("Dual control token: ");
pam_p pam = (pam_p)new fake_pam(match_conversation);
// when / then
try {
pam_token_conversation conversation(pamh, pam);
succeed();
} catch (const std::string &x) {
fail();
}
}
int prompts_user_with_correct_style() {
// given
pam_handle_t *pamh;
pam_conversation_p match_conversation = (pam_conversation_p) new match_prompt_style_conversation(PAM_PROMPT_ECHO_OFF);
pam_p pam = (pam_p)new fake_pam(match_conversation);
// when / then
try {
pam_token_conversation conversation(pamh, pam);
succeed();
} catch (const std::string &x) {
fail();
}
}
int returns_empty_user_and_token_when_conversation_fails() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_failing_conversation;
pam_p pam = (pam_p) new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "", "did not return empty user name");
check(conversation.token() == "", "did not return empty token");
succeed();
}
int returns_empty_user_and_token_when_conversation_answer_fails() {
//given
pam_handle_t *pamh;
pam_conversation_p fake_conversation = (pam_conversation_p) new fake_failing_answer_conversation;
pam_p pam = (pam_p) new fake_pam(fake_conversation);
//when
pam_token_conversation conversation(pamh, pam);
//then
check(conversation.user_name() == "", "did not return empty user name");
check(conversation.token() == "", "did not return empty token");
succeed();
}
RESET_VARS_START
RESET_VARS_END
int run_tests() {
test(returns_correct_token);
test(returns_correct_user_name);
test(returns_empty_user_and_token_when_no_colon);
test(returns_empty_token_when_colon_end);
test(returns_empty_user_when_colon_begin);
test(returns_empty_user_and_token_when_empty_answer);
test(returns_empty_user_and_token_when_pam_cant_create_conversation);
test(prompts_user_with_correct_text);
test(prompts_user_with_correct_style);
test(returns_empty_user_and_token_when_conversation_fails);
test(returns_empty_user_and_token_when_conversation_answer_fails);
succeed();
}
int main(int argc, char *args[]) {
return !run_tests();
}