new file mode 100644

@@ -0,0 +1,25 @@

+#ifndef _BECOME_H

+#define _BECOME_H

+

+#include "user.h"

+#include "sys_unistd.h"

+

+class become

+{

+ private:

+    unistd unistd_;

+ public:

+ become(user user, unistd &unistd) :

+    unistd_ (unistd)

+    {

+        uid_t uid = user.uid();

+        unistd_.seteuid(uid);

+    }

+

+    ~become()

+    {

+        unistd_.seteuid(0);

+    }

+};

+

+#endif

new file mode 100644

@@ -0,0 +1,66 @@

+#include "become.h"

+#include "sys_unistd.h"

+#include "sys_pwd.h"

+#include "user.h"

+#include "test_util.h"

+

+template<class T>

+std::shared_ptr<T> share (T *t)

+{

+    return std::shared_ptr<T> (t);

+}

+

+class mock_unistd : public unistd_ifc

+{

+private:

+    uid_t expected_euid_;

+public:

+    mutable uid_t actual_uid;

+    mock_unistd (uid_t expected_euid)

+        : expected_euid_ (expected_euid)

+    {}

+

+    int seteuid (uid_t euid) const override

+    {

+        actual_uid = euid;

+        return euid == expected_euid_ ? 0 : -1;

+    }

+};

+

+class fake_user : public user_ifc

+{

+private:

+    uid_t uid_;

+public:

+    fake_user (uid_t uid) : uid_ (uid)

+    {}

+    uid_t uid() const override

+    {

+        return uid_;

+    }

+};

+

+int become_calls_seteuid_with_right_arguments ()

+{

+    uid_t expected_uid = 1000;

+    std::shared_ptr<mock_unistd> mock_unistd  = share (new class mock_unistd(expected_uid));

+    unistd fake_unistd (mock_unistd);

+    user fake_user (share (new class fake_user(expected_uid)));

+

+    become become_ (fake_user, fake_unistd);

+

+    check (mock_unistd->actual_uid == expected_uid, "become does not seteuid");

+

+    succeed();

+}

+

+bool run_tests()

+{

+    test (become_calls_seteuid_with_right_arguments);

+    succeed();

+}

+

+int main (int argc, char *argv[])

+{

+    return !run_tests();

+}

@@ -76,4 +76,3 @@ dual_control dual_control::create (const dual_control_configuration

     return dual_control (std::shared_ptr<dual_control_ifc> (new impl (

                              configuration)));

 }

-

@@ -46,7 +46,7 @@ dual_control initialize()

     totp_generator generator = totp_generator (time, code_digits);

     random_source rand (random_source::create (fstreams));

     tokens tokens (tokens::create (fstreams, generator, rand));

-    validator validator (validator::create (directory, tokens));

+    validator validator (validator::create (directory, tokens, unistd));

     pam pam (pam::create());

     conversation conversation (conversation::create (pam));

     sys_syslog sys_syslog (sys_syslog::create());

@@ -13,6 +13,8 @@

 #include <vector>

 #include "validator.h"

+#include "become.h"

+#include "sys_unistd.h"

 namespace

 {

@@ -21,14 +23,19 @@ class impl : public validator_ifc

 private:

     directory directory_;

     tokens tokens_;

+    unistd unistd_;

 public:

     impl (const directory &directory,

-          const tokens tokens) :

+          const tokens tokens,

+          const unistd unistd) :

         directory_ (directory),

-        tokens_ (tokens) {}

+        tokens_ (tokens),

+        unistd_ (unistd)

+    {}

     bool validate (const std::string &requester_user_name,

                    const std::string &authorizer_user_name,

-                   const std::string &token, const std::string &reason) override

+                   const std::string &token,

+                   const std::string &reason) override

     {

         std::vector<user> found_user = directory_.find_user (authorizer_user_name);

@@ -48,17 +55,19 @@ public:

             return false;

         }

-        std::string user_token = tokens_.token (found_user[0]);

+        auto user_ = found_user[0];

+        become become_(user_, unistd_);

+

+        std::string user_token = tokens_.token (user_);

         return user_token == token;

     }

 };

 }

 validator validator::create (const directory &directory,

-                             const tokens &tokens)

+                             const tokens &tokens,

+                             const unistd &unistd)

 {

-    std::shared_ptr<validator_ifc> delegate (new impl (directory,

-            tokens));

+    std::shared_ptr<validator_ifc> delegate (new impl (directory, tokens, unistd));

     return validator (delegate);

 }

-

@@ -18,6 +18,7 @@

 #include "user.h"

 #include "token.h"

 #include "generator.h"

+#include "sys_unistd.h"

 class validator_ifc

 {

@@ -50,8 +51,8 @@ public:

                                     authorizer_token, reason);

     }

     static validator create (const directory &directory,

-                             const tokens &token_supplier);

+                             const tokens &token_supplier,

+                             const unistd &unistd);

 };

 #endif

-

@@ -16,13 +16,51 @@

 #include "user.h"

 #include "test_util.h"

 #include "token.h"

+#include "sys_unistd.h"

+

+template<class T>

+std::shared_ptr<T> share (T *t)

+{

+    return std::shared_ptr<T> (t);

+}

+

+class mock_unistd : public unistd_ifc

+{

+private:

+    uid_t expected_euid_;

+public:

+    mutable std::vector<uid_t> actual_uids;

+    mock_unistd (uid_t expected_euid)

+        : expected_euid_ (expected_euid)

+    {}

+

+    int seteuid (uid_t euid) const override

+    {

+        actual_uids.push_back(euid);

+        return (euid == expected_euid_ || euid == 0) ? 0 : -1;

+    }

+};

+

+class fake_user : public user_ifc

+{

+private:

+    uid_t uid_;

+public:

+    fake_user (uid_t uid) : uid_ (uid)

+    {}

+    uid_t uid() const override

+    {

+        return uid_;

+    }

+};

 class fake_directory : public directory_ifc

 {

 private:

     std::string user_name_;

+    uid_t uid_;

 public:

-    fake_directory (const std::string &user_name) : user_name_ (user_name)

+    fake_directory (const std::string &user_name, const uid_t uid = -1) : user_name_ (user_name), uid_ (uid)

     {

     }

     fake_directory() : user_name_ ("_NOT_A_USER") {}

@@ -32,7 +70,7 @@ public:

         std::vector<user> result;

         if (user_name == user_name_) {

-            result.push_back (user());

+            result.push_back (user(share (new fake_user (uid_))));

         }

         return result;

@@ -52,12 +90,6 @@ public:

     }

 };

-template<class T>

-std::shared_ptr<T> share (T *t)

-{

-    return std::shared_ptr<T> (t);

-}

-

 bool validator_validates()

 {

@@ -66,14 +98,20 @@ bool validator_validates()

     tokens tokens (share (new

                           fake_tokens (token)));

     std::string user_name = "msmith";

-    directory directory (share (new fake_directory (user_name)));

-    validator validator = validator::create (directory, tokens);

+

+    uid_t expected_uid = 1000;

+    directory directory (share (new fake_directory (user_name, expected_uid)));

+    std::shared_ptr<mock_unistd> mock_unistd = share (new class mock_unistd(expected_uid));

+    class unistd unistd (mock_unistd);

+    validator validator = validator::create (directory, tokens, unistd);

+    std::vector<uid_t> expected_uids {expected_uid, 0};

     // when

     bool actual = validator.validate ("requester", user_name, token, "reason");

     // then

     check (actual, "should be valid");

+    check (mock_unistd->actual_uids == expected_uids, "should drop permissions");

     succeed();

 }

@@ -85,7 +123,8 @@ bool validator_fails_unknown_user()

     tokens tokens (share (new

                           fake_tokens));

     directory directory (share (new fake_directory));

-    validator validator = validator::create (directory, tokens);

+    class unistd unistd (share (new unistd_ifc()));

+    validator validator = validator::create (directory, tokens, unistd);

     // when

     bool actual = validator.validate ("requester", "notuser", token, "reason");

@@ -103,7 +142,8 @@ bool validator_fails_incorrect_token()

                           fake_tokens));

     std::string user_name = "msmith";

     directory directory (share (new fake_directory (user_name)));

-    validator validator = validator::create (directory, tokens);

+    class unistd unistd (share (new unistd_ifc()));

+    validator validator = validator::create (directory, tokens, unistd);

     // when

     bool actual = validator.validate ("requester", user_name, "token",

@@ -123,7 +163,8 @@ bool validator_fails_with_own_token()

     directory directory (share (new fake_directory (authorizer_user_name)));

     tokens tokens (share (new

                           fake_tokens (authorizer_token)));

-    validator validator = validator::create (directory, tokens);

+    class unistd unistd (share (new unistd_ifc()));

+    validator validator = validator::create (directory, tokens, unistd);

     // when

     bool actual = validator.validate (requester_user_name, authorizer_user_name,

@@ -144,7 +185,8 @@ bool validator_fails_with_unknown_requester()

     directory directory (share (new fake_directory (authorizer_user_name)));

     tokens tokens (share (new

                           fake_tokens (authorizer_token)));

-    validator validator = validator::create (directory, tokens);

+    class unistd unistd (share (new unistd_ifc()));

+    validator validator = validator::create (directory, tokens, unistd);

     // when

     bool actual = validator.validate (requester_user_name, authorizer_user_name,

@@ -165,7 +207,8 @@ bool validator_fails_on_empty_reason()

     directory directory (share (new fake_directory (authorizer_user_name)));

     tokens tokens (share (new

                           fake_tokens (authorizer_token)));

-    validator validator = validator::create (directory, tokens);

+    class unistd unistd (share (new unistd_ifc()));

+    validator validator = validator::create (directory, tokens, unistd);

     //when

     bool actual = validator.validate (requester_user_name, authorizer_user_name,

@@ -191,4 +234,3 @@ int main (int argc, char *argv[])

 {

     return !run_tests();

 }

-