Browse code
separated parsing and validation
Greg Wiley authored on 07/04/2017 22:46:35
Showing 5 changed files
Showing 5 changed files
... | ... |
@@ -1,12 +1,28 @@ |
1 | 1 |
#include <security/pam_appl.h> |
2 | 2 |
#include <security/pam_modules.h> |
3 |
+#include <string.h> |
|
4 |
+#include <stdlib.h> |
|
5 |
+ |
|
3 | 6 |
#include "logging.h" |
4 | 7 |
#include "token.h" |
5 | 8 |
#include "conversation.h" |
6 | 9 |
|
7 | 10 |
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { |
8 | 11 |
const char *returned_token = ask_for_token(pamh); |
9 |
- int returned_validation = validate_token(returned_token); |
|
12 |
+ |
|
13 |
+ int returned_token_length = strlen(returned_token); |
|
14 |
+ char working_token[returned_token_length + 1]; |
|
15 |
+ strcpy(working_token, returned_token); |
|
16 |
+ char *colon = strchr(working_token, ':'); |
|
17 |
+ if(!colon) { |
|
18 |
+ return PAM_AUTH_ERR; |
|
19 |
+ } |
|
20 |
+ |
|
21 |
+ *colon = 0; |
|
22 |
+ char *user = working_token; |
|
23 |
+ char *token = colon + 1; |
|
24 |
+ |
|
25 |
+ int returned_validation = validate_token(user, token); |
|
10 | 26 |
|
11 | 27 |
if (returned_validation) { |
12 | 28 |
log_success(); |
... | ... |
@@ -6,6 +6,7 @@ |
6 | 6 |
#include "token.h" |
7 | 7 |
#include "test_util.h" |
8 | 8 |
|
9 |
+const char *validated_user = ""; |
|
9 | 10 |
const char *validated_token = ""; |
10 | 11 |
const char *token_to_return = ""; |
11 | 12 |
int validation_to_return = 0; |
... | ... |
@@ -15,6 +16,7 @@ int at_least_one_failed_test = 0; |
15 | 16 |
pam_handle_t *passed_pam_handle = NULL; |
16 | 17 |
|
17 | 18 |
RESET_VARS_START |
19 |
+validated_user = ""; |
|
18 | 20 |
validated_token = ""; |
19 | 21 |
validation_to_return = 1; |
20 | 22 |
passed_pam_handle = NULL; |
... | ... |
@@ -27,7 +29,9 @@ const char *ask_for_token(pam_handle_t *pamh) { |
27 | 29 |
return token_to_return; |
28 | 30 |
} |
29 | 31 |
|
30 |
-int validate_token(const char *token) { |
|
32 |
+ |
|
33 |
+int validate_token(const char *user, const char *token) { |
|
34 |
+ validated_user = user; |
|
31 | 35 |
validated_token = token; |
32 | 36 |
return validation_to_return; |
33 | 37 |
} |
... | ... |
@@ -54,14 +58,15 @@ int pam_sm_setcred_returns_success() { |
54 | 58 |
|
55 | 59 |
int pam_sm_authenticate_validates_with_received_token() { |
56 | 60 |
// given |
57 |
- token_to_return = "mytoken"; |
|
61 |
+ token_to_return = "user:pin"; |
|
58 | 62 |
pam_handle_t *handle = (pam_handle_t*)""; |
59 | 63 |
|
60 | 64 |
// when |
61 | 65 |
pam_sm_authenticate(handle, 0, 0, NULL); |
62 | 66 |
|
63 | 67 |
// then |
64 |
- checkstr("mytoken",validated_token, "validated token"); |
|
68 |
+ checkstr("pin",validated_token, "validated token"); |
|
69 |
+ checkstr("user",validated_user, "validated user"); |
|
65 | 70 |
check(passed_pam_handle == handle, "incorrect handle"); |
66 | 71 |
succeed(); |
67 | 72 |
} |
... | ... |
@@ -45,26 +45,14 @@ int get_passwd(const char *user, struct passwd *passwd, buffer_t buffer) { |
45 | 45 |
return (found_passwd != 0); |
46 | 46 |
} |
47 | 47 |
|
48 |
-int validate_token(const char *token) { |
|
48 |
+int validate_token(const char *user, const char *token) { |
|
49 |
+ |
|
49 | 50 |
|
50 | 51 |
char *filepath = 0; |
51 | 52 |
char *working_token = 0; |
52 | 53 |
buffer_t buffer = allocate_buffer(); |
53 | 54 |
|
54 | 55 |
int ok = 0; |
55 |
- |
|
56 |
- int token_length = strlen(token); |
|
57 |
- working_token = (char *) malloc((token_length + 1) * sizeof(char)); |
|
58 |
- strcpy(working_token, token); |
|
59 |
- char *colon = strchr(working_token, ':'); |
|
60 |
- if (!colon) { |
|
61 |
- goto finally; |
|
62 |
- } |
|
63 |
- |
|
64 |
- *colon = 0; |
|
65 |
- char *user = working_token; |
|
66 |
- char *user_token = colon + 1; |
|
67 |
- |
|
68 | 56 |
struct passwd passwd; |
69 | 57 |
int user_found = get_passwd(user, &passwd, buffer); |
70 | 58 |
|
... | ... |
@@ -97,7 +85,7 @@ int validate_token(const char *token) { |
97 | 85 |
fclose(fp); |
98 | 86 |
|
99 | 87 |
// check if token matches |
100 |
- if(strcmp(user_token, fetched_token)) { |
|
88 |
+ if(strcmp(token, fetched_token)) { |
|
101 | 89 |
goto finally; |
102 | 90 |
} |
103 | 91 |
|
... | ... |
@@ -74,7 +74,7 @@ int validate_compares_to_user_token() { |
74 | 74 |
// given |
75 | 75 |
|
76 | 76 |
// when |
77 |
- int valid = validate_token("msmith:123456"); |
|
77 |
+ int valid = validate_token("msmith", "123456"); |
|
78 | 78 |
|
79 | 79 |
// then |
80 | 80 |
check(valid, "expected result to be valid"); |
... | ... |
@@ -87,7 +87,7 @@ int validates_from_the_right_user() { |
87 | 87 |
//given |
88 | 88 |
|
89 | 89 |
//when |
90 |
- int valid = validate_token("jbalcita:12346"); |
|
90 |
+ int valid = validate_token("jbalcita", "12346"); |
|
91 | 91 |
|
92 | 92 |
//then |
93 | 93 |
check(!valid, "expected result to be invalid"); |
... | ... |
@@ -98,7 +98,7 @@ int validates_user_specific_token() { |
98 | 98 |
//given |
99 | 99 |
|
100 | 100 |
//when |
101 |
- int valid = validate_token("msmith:654321"); |
|
101 |
+ int valid = validate_token("msmith", "654321"); |
|
102 | 102 |
|
103 | 103 |
//then |
104 | 104 |
check(!valid, "expected result to be invalid"); |