Browse code
logger logs reason
jbalcita authored on 10/05/2017 18:04:22
Showing 5 changed files
Showing 5 changed files
... | ... |
@@ -66,7 +66,7 @@ int impl::authenticate (const pam_request &request) |
66 | 66 |
input.token, input.reason) ? PAM_SUCCESS : PAM_AUTH_ERR; |
67 | 67 |
|
68 | 68 |
logger_.log (auth_result, requester_user_name, input.user_name, |
69 |
- input.token); |
|
69 |
+ input.token, input.reason); |
|
70 | 70 |
return auth_result; |
71 | 71 |
} |
72 | 72 |
} |
... | ... |
@@ -12,6 +12,8 @@ |
12 | 12 |
#include <security/pam_modules.h> |
13 | 13 |
#include <string> |
14 | 14 |
|
15 |
+#include "trace.h" |
|
16 |
+ |
|
15 | 17 |
#include "request.h" |
16 | 18 |
#include "dual_control.h" |
17 | 19 |
#include "validator.h" |
... | ... |
@@ -68,15 +70,17 @@ private: |
68 | 70 |
std::string requester_user_name_; |
69 | 71 |
std::string authorizer_user_name_; |
70 | 72 |
std::string token_; |
73 |
+ std::string reason_; |
|
71 | 74 |
public: |
72 | 75 |
void log (int result, const std::string &requester_user_name, |
73 | 76 |
const std::string &authorizer_user_name, |
74 |
- const std::string &token) |
|
77 |
+ const std::string &token, const std::string &reason) override |
|
75 | 78 |
{ |
76 | 79 |
result_ = result; |
77 | 80 |
requester_user_name_ = requester_user_name; |
78 | 81 |
authorizer_user_name_ = authorizer_user_name; |
79 | 82 |
token_ = token; |
83 |
+ reason_ = reason; |
|
80 | 84 |
} |
81 | 85 |
int logged_result() |
82 | 86 |
{ |
... | ... |
@@ -94,6 +98,9 @@ public: |
94 | 98 |
{ |
95 | 99 |
return token_; |
96 | 100 |
} |
101 |
+ std::string logged_reason() { |
|
102 |
+ return reason_; |
|
103 |
+ } |
|
97 | 104 |
}; |
98 | 105 |
|
99 | 106 |
class fake_conversation : public conversation_ifc |
... | ... |
@@ -101,12 +108,14 @@ class fake_conversation : public conversation_ifc |
101 | 108 |
private: |
102 | 109 |
std::string user_name_; |
103 | 110 |
std::string token_; |
111 |
+ std::string reason_; |
|
104 | 112 |
public: |
105 | 113 |
fake_conversation (const std::string &user_name, |
106 |
- const std::string &token) : user_name_ (user_name), token_ (token) {} |
|
114 |
+ const std::string &token, const std::string &reason) : |
|
115 |
+ user_name_ (user_name), token_ (token), reason_(reason) {} |
|
107 | 116 |
conversation_result initiate (const pam_request &request) |
108 | 117 |
{ |
109 |
- return {user_name_, token_}; |
|
118 |
+ return {user_name_, token_, reason_}; |
|
110 | 119 |
} |
111 | 120 |
}; |
112 | 121 |
|
... | ... |
@@ -122,7 +131,7 @@ public: |
122 | 131 |
const std::string &token, const std::string &reason): requester_ (requester), authorizer_ (authorizer), |
123 | 132 |
token_ (token), reason_(reason) {} |
124 | 133 |
bool validate (const std::string &requester, const std::string &authorizer, |
125 |
- const std::string &token, const std::string &reason) |
|
134 |
+ const std::string &token, const std::string &reason) override |
|
126 | 135 |
{ |
127 | 136 |
return requester_ == requester && authorizer_ == authorizer |
128 | 137 |
&& token_ == token; |
... | ... |
@@ -159,7 +168,7 @@ int authenticate_validates_with_received_token() |
159 | 168 |
std::string reason("reason"); |
160 | 169 |
use_validator (configuration, new fake_validator (requester, authorizer, |
161 | 170 |
token, reason)); |
162 |
- use_conversation (configuration, new fake_conversation (authorizer, token)); |
|
171 |
+ use_conversation (configuration, new fake_conversation (authorizer, token, reason)); |
|
163 | 172 |
use_sessions (configuration, new fake_sessions (requester)); |
164 | 173 |
dual_control dc (dual_control::create (configuration)); |
165 | 174 |
pam_handle_t *handle (0); |
... | ... |
@@ -178,10 +187,11 @@ int authenticate_fails_with_wrong_user() |
178 | 187 |
// given |
179 | 188 |
dual_control_configuration configuration; |
180 | 189 |
std::string token ("token"); |
190 |
+ std::string reason("reason"); |
|
181 | 191 |
use_validator (configuration, new fake_validator ("requester", "user", |
182 |
- token, "reason")); |
|
192 |
+ token, reason)); |
|
183 | 193 |
use_conversation (configuration, new fake_conversation ("wrong user", |
184 |
- token)); |
|
194 |
+ token, reason)); |
|
185 | 195 |
dual_control dc (dual_control::create (configuration)); |
186 | 196 |
|
187 | 197 |
// when |
... | ... |
@@ -201,7 +211,7 @@ int authenticate_fails_with_wrong_token() |
201 | 211 |
use_validator (configuration, new fake_validator (requester, authorizer, |
202 | 212 |
"token", "reason")); |
203 | 213 |
use_conversation (configuration, new fake_conversation (authorizer, |
204 |
- "wrong token")); |
|
214 |
+ "wrong token", "reason")); |
|
205 | 215 |
dual_control dc (dual_control::create (configuration)); |
206 | 216 |
|
207 | 217 |
// when |
... | ... |
@@ -222,7 +232,7 @@ int logs_authentication() |
222 | 232 |
std::string reason("reason"); |
223 | 233 |
use_validator (configuration, new fake_validator (requester, authorizer, |
224 | 234 |
token, reason)); |
225 |
- use_conversation (configuration, new fake_conversation (authorizer, token)); |
|
235 |
+ use_conversation (configuration, new fake_conversation (authorizer, token, reason)); |
|
226 | 236 |
use_sessions (configuration, new fake_sessions (requester)); |
227 | 237 |
mock_logger *test_logger; |
228 | 238 |
use_logger (configuration, test_logger = new mock_logger); |
... | ... |
@@ -235,11 +245,14 @@ int logs_authentication() |
235 | 245 |
check (test_logger->logged_result() == PAM_SUCCESS, |
236 | 246 |
"logged result should be success"); |
237 | 247 |
check (test_logger->logged_requester() == requester, |
238 |
- "logged user name should be user"); |
|
248 |
+ "logged requester should be requester"); |
|
239 | 249 |
check (test_logger->logged_authorizer() == authorizer, |
240 |
- "logged user name should be user"); |
|
250 |
+ "logged authorizer should be authorizer"); |
|
241 | 251 |
check (test_logger->logged_token() == token, |
242 | 252 |
"logged token should be token"); |
253 |
+ std::cout <<test_logger->logged_reason() << std::endl; |
|
254 |
+ check (test_logger->logged_reason() == reason, |
|
255 |
+ "logged reason should be reason"); |
|
243 | 256 |
succeed(); |
244 | 257 |
} |
245 | 258 |
|
... | ... |
@@ -253,7 +266,7 @@ int logs_authentication_failure() |
253 | 266 |
std::string reason ("reason"); |
254 | 267 |
use_validator (configuration, new fake_validator (requester, authorizer, |
255 | 268 |
"not the received token", reason)); |
256 |
- use_conversation (configuration, new fake_conversation (authorizer, token)); |
|
269 |
+ use_conversation (configuration, new fake_conversation (authorizer, token, reason)); |
|
257 | 270 |
use_sessions (configuration, new fake_sessions (requester)); |
258 | 271 |
mock_logger *test_logger; |
259 | 272 |
use_logger (configuration, test_logger = new mock_logger); |
... | ... |
@@ -25,7 +25,7 @@ public: |
25 | 25 |
impl (const sys_syslog &sys_syslog) : syslog_ (sys_syslog) {} |
26 | 26 |
void log (int result, const std::string &requester_user_name, |
27 | 27 |
const std::string &authorizer_user_name, |
28 |
- const std::string &token) |
|
28 |
+ const std::string &token, const std::string &reason) override |
|
29 | 29 |
{ |
30 | 30 |
std::string message; |
31 | 31 |
int facility; |
... | ... |
@@ -36,21 +36,21 @@ public: |
36 | 36 |
facility = LOG_AUTHPRIV; |
37 | 37 |
priority = LOG_NOTICE; |
38 | 38 |
message = requester_user_name + " " + authorizer_user_name + |
39 |
- " " + "success"; |
|
39 |
+ " " + "reason" + " " + "success"; |
|
40 | 40 |
break; |
41 | 41 |
|
42 | 42 |
case PAM_AUTH_ERR: |
43 | 43 |
facility = LOG_AUTHPRIV; |
44 | 44 |
priority = LOG_NOTICE; |
45 | 45 |
message = requester_user_name + " " + authorizer_user_name + |
46 |
- " " + "fail"; |
|
46 |
+ " " + reason + " " + "fail"; |
|
47 | 47 |
break; |
48 | 48 |
|
49 | 49 |
default: |
50 | 50 |
facility = LOG_AUTH; |
51 | 51 |
priority = LOG_ERR; |
52 | 52 |
message = requester_user_name + " " + authorizer_user_name + |
53 |
- " pam returned error"; |
|
53 |
+ " " + reason + " " + "pam returned error"; |
|
54 | 54 |
break; |
55 | 55 |
} |
56 | 56 |
|
... | ... |
@@ -23,7 +23,8 @@ public: |
23 | 23 |
virtual ~logger_ifc() {} |
24 | 24 |
virtual void log (int result, const std::string &requester_user_name, |
25 | 25 |
const std::string &authorizer_user_name, |
26 |
- const std::string &token) {}; |
|
26 |
+ const std::string &token, |
|
27 |
+ const std::string &reason) {}; |
|
27 | 28 |
}; |
28 | 29 |
|
29 | 30 |
class logger |
... | ... |
@@ -38,9 +39,10 @@ public: |
38 | 39 |
logger() : logger (delegate (new logger_ifc)) {} |
39 | 40 |
void log (int result, const std::string &requester_user_name, |
40 | 41 |
const std::string &authorizer_user_name, |
41 |
- const std::string &token) |
|
42 |
+ const std::string &token, |
|
43 |
+ const std::string &reason) |
|
42 | 44 |
{ |
43 |
- delegate_->log (result, requester_user_name, authorizer_user_name, token); |
|
45 |
+ delegate_->log (result, requester_user_name, authorizer_user_name, token, reason); |
|
44 | 46 |
} |
45 | 47 |
static logger create (const sys_syslog &sys_syslog); |
46 | 48 |
}; |
... | ... |
@@ -54,13 +54,14 @@ int logs_success() |
54 | 54 |
std::string requester_user ("requester_user"); |
55 | 55 |
std::string authorizer_user ("authorizer_user"); |
56 | 56 |
std::string token ("token"); |
57 |
+ std::string reason("reason"); |
|
57 | 58 |
|
58 | 59 |
//when |
59 |
- logger.log (PAM_SUCCESS, requester_user, authorizer_user, token); |
|
60 |
+ logger.log (PAM_SUCCESS, requester_user, authorizer_user, token, reason); |
|
60 | 61 |
|
61 | 62 |
//then |
62 | 63 |
check (capture->facility == LOG_AUTHPRIV, "facility does not match"); |
63 |
- check (capture->message == requester_user + " " + authorizer_user + " " + |
|
64 |
+ check (capture->message == requester_user + " " + authorizer_user + " " + reason + " " + |
|
64 | 65 |
"success", |
65 | 66 |
"message does not match"); |
66 | 67 |
check (capture->priority == LOG_NOTICE, "priority does not match"); |
... | ... |
@@ -79,13 +80,14 @@ int logs_failure() |
79 | 80 |
std::string requester ("requestuser"); |
80 | 81 |
std::string authorizer ("authuser"); |
81 | 82 |
std::string token ("token"); |
83 |
+ std::string reason("reason"); |
|
82 | 84 |
|
83 | 85 |
//when |
84 |
- logger.log (PAM_AUTH_ERR, requester, authorizer, token); |
|
86 |
+ logger.log (PAM_AUTH_ERR, requester, authorizer, token, reason); |
|
85 | 87 |
|
86 | 88 |
//then |
87 | 89 |
check (capture->facility == LOG_AUTHPRIV, "facility does not match"); |
88 |
- check (capture->message == requester + " " + authorizer + " " |
|
90 |
+ check (capture->message == requester + " " + authorizer + " " + reason + " " |
|
89 | 91 |
+ "fail", |
90 | 92 |
"message does not match"); |
91 | 93 |
check (capture->priority == LOG_NOTICE, "priority does not match"); |
... | ... |
@@ -104,13 +106,14 @@ int logs_pam_service_error() |
104 | 106 |
std::string requester ("user"); |
105 | 107 |
std::string authorizer ("user"); |
106 | 108 |
std::string token ("token"); |
109 |
+ std::string reason("reason"); |
|
107 | 110 |
|
108 | 111 |
//when |
109 |
- logger.log (PAM_SERVICE_ERR, requester, authorizer, token); |
|
112 |
+ logger.log (PAM_SERVICE_ERR, requester, authorizer, token, reason); |
|
110 | 113 |
|
111 | 114 |
//then |
112 | 115 |
check (capture->facility == LOG_AUTH, "facility does not match"); |
113 |
- check (capture->message == requester + " " + authorizer + |
|
116 |
+ check (capture->message == requester + " " + authorizer + " " + reason + |
|
114 | 117 |
" pam returned error", |
115 | 118 |
"message does not match"); |
116 | 119 |
check (capture->priority == LOG_ERR, "priority does not match"); |