Browse code
dual control does
Greg Wiley authored on 03/05/2017 00:35:28
Showing 6 changed files
Showing 6 changed files
... | ... |
@@ -60,13 +60,13 @@ int impl::authenticate (const pam_request &request) |
60 | 60 |
{ |
61 | 61 |
conversation_result input (conversation_.initiate (request)); |
62 | 62 |
|
63 |
- sessions_.user_name (request); |
|
63 |
+ std::string requester = sessions_.user_name (request); |
|
64 | 64 |
|
65 | 65 |
auto requester_user_name = sessions_.user_name (request); |
66 |
- int auth_result = validator_.validate ("anyone", input.user_name, |
|
66 |
+ int auth_result = validator_.validate (requester, input.user_name, |
|
67 | 67 |
input.token) ? PAM_SUCCESS : PAM_AUTH_ERR; |
68 | 68 |
|
69 |
- logger_.log (auth_result, input.user_name, input.token); |
|
69 |
+ logger_.log (auth_result, requester_user_name, input.user_name, input.token); |
|
70 | 70 |
return auth_result; |
71 | 71 |
} |
72 | 72 |
} |
... | ... |
@@ -18,6 +18,7 @@ |
18 | 18 |
#include "conversation.h" |
19 | 19 |
#include "logger.h" |
20 | 20 |
#include "test_util.h" |
21 |
+#include "session.h" |
|
21 | 22 |
|
22 | 23 |
template<class T> |
23 | 24 |
std::shared_ptr<T> share (T *t) |
... | ... |
@@ -42,27 +43,49 @@ void use_logger (dual_control_configuration &config, logger_ifc *value) |
42 | 43 |
config.logger = logger (logger::delegate (value)); |
43 | 44 |
} |
44 | 45 |
|
46 |
+void use_sessions (dual_control_configuration &config, sessions_ifc *value) |
|
47 |
+{ |
|
48 |
+ config.sessions = sessions (sessions::delegate (value)); |
|
49 |
+} |
|
50 |
+ |
|
51 |
+class fake_sessions : public sessions_ifc { |
|
52 |
+ private: |
|
53 |
+ std::string user_; |
|
54 |
+ public: |
|
55 |
+ fake_sessions(const std::string &user) : user_(user) {} |
|
56 |
+ std::string user_name (const pam_request &request) const { |
|
57 |
+ return user_; |
|
58 |
+ } |
|
59 |
+ |
|
60 |
+}; |
|
61 |
+ |
|
45 | 62 |
class mock_logger : public logger_ifc |
46 | 63 |
{ |
47 | 64 |
private: |
48 | 65 |
int result_; |
49 |
- std::string user_name_; |
|
66 |
+ std::string requester_user_name_; |
|
67 |
+ std::string authorizer_user_name_; |
|
50 | 68 |
std::string token_; |
51 | 69 |
public: |
52 |
- void log (int result, const std::string &user_name, |
|
70 |
+ void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name, |
|
53 | 71 |
const std::string &token) |
54 | 72 |
{ |
55 | 73 |
result_ = result; |
56 |
- user_name_ = user_name; |
|
74 |
+ requester_user_name_ = requester_user_name; |
|
75 |
+ authorizer_user_name_ = authorizer_user_name; |
|
57 | 76 |
token_ = token; |
58 | 77 |
} |
59 | 78 |
int logged_result() |
60 | 79 |
{ |
61 | 80 |
return result_; |
62 | 81 |
} |
63 |
- std::string logged_user_name() |
|
82 |
+ std::string logged_requester() |
|
83 |
+ { |
|
84 |
+ return requester_user_name_; |
|
85 |
+ } |
|
86 |
+ std::string logged_authorizer() |
|
64 | 87 |
{ |
65 |
- return user_name_; |
|
88 |
+ return authorizer_user_name_; |
|
66 | 89 |
} |
67 | 90 |
std::string logged_token() |
68 | 91 |
{ |
... | ... |
@@ -87,15 +110,16 @@ public: |
87 | 110 |
class fake_validator : public validator_ifc |
88 | 111 |
{ |
89 | 112 |
private: |
90 |
- std::string user_; |
|
113 |
+ std::string requester_; |
|
114 |
+ std::string authorizer_; |
|
91 | 115 |
std::string token_; |
92 | 116 |
public: |
93 |
- fake_validator (const std::string &user, |
|
94 |
- const std::string &token): user_ (user), token_ (token) {} |
|
95 |
- bool validate (const std::string &requester, const std::string &user, |
|
117 |
+ fake_validator (const std::string &requester, const std::string &authorizer, |
|
118 |
+ const std::string &token): requester_(requester), authorizer_(authorizer), token_ (token) {} |
|
119 |
+ bool validate (const std::string &requester, const std::string &authorizer, |
|
96 | 120 |
const std::string &token) |
97 | 121 |
{ |
98 |
- return user_ == user && token_ == token; |
|
122 |
+ return requester_ == requester && authorizer_ == authorizer && token_ == token; |
|
99 | 123 |
} |
100 | 124 |
}; |
101 | 125 |
|
... | ... |
@@ -123,10 +147,12 @@ int authenticate_validates_with_received_token() |
123 | 147 |
{ |
124 | 148 |
// given |
125 | 149 |
dual_control_configuration configuration; |
126 |
- std::string user ("user"); |
|
127 |
- std::string token ("token"); |
|
128 |
- use_validator (configuration, new fake_validator (user, token)); |
|
129 |
- use_conversation (configuration, new fake_conversation (user, token)); |
|
150 |
+ std::string requester("requester"); |
|
151 |
+ std::string authorizer("authorizer"); |
|
152 |
+ std::string token("token"); |
|
153 |
+ use_validator (configuration, new fake_validator (requester, authorizer, token)); |
|
154 |
+ use_conversation (configuration, new fake_conversation (authorizer, token)); |
|
155 |
+ use_sessions(configuration, new fake_sessions(requester)); |
|
130 | 156 |
dual_control dc (dual_control::create (configuration)); |
131 | 157 |
pam_handle_t *handle (0); |
132 | 158 |
std::vector<std::string> arguments; |
... | ... |
@@ -144,7 +170,7 @@ int authenticate_fails_with_wrong_user() |
144 | 170 |
// given |
145 | 171 |
dual_control_configuration configuration; |
146 | 172 |
std::string token ("token"); |
147 |
- use_validator (configuration, new fake_validator ("user", token)); |
|
173 |
+ use_validator (configuration, new fake_validator ("requester", "user", token)); |
|
148 | 174 |
use_conversation (configuration, new fake_conversation ("wrong user", |
149 | 175 |
token)); |
150 | 176 |
dual_control dc (dual_control::create (configuration)); |
... | ... |
@@ -161,9 +187,10 @@ int authenticate_fails_with_wrong_token() |
161 | 187 |
{ |
162 | 188 |
// given |
163 | 189 |
dual_control_configuration configuration; |
164 |
- std::string user ("user"); |
|
165 |
- use_validator (configuration, new fake_validator (user, "token")); |
|
166 |
- use_conversation (configuration, new fake_conversation (user, |
|
190 |
+ std::string requester("requester"); |
|
191 |
+ std::string authorizer("authorizer"); |
|
192 |
+ use_validator (configuration, new fake_validator (requester, authorizer, "token")); |
|
193 |
+ use_conversation (configuration, new fake_conversation (authorizer, |
|
167 | 194 |
"wrong token")); |
168 | 195 |
dual_control dc (dual_control::create (configuration)); |
169 | 196 |
|
... | ... |
@@ -179,10 +206,12 @@ int logs_authentication() |
179 | 206 |
{ |
180 | 207 |
//given |
181 | 208 |
dual_control_configuration configuration; |
182 |
- std::string user ("user"); |
|
209 |
+ std::string requester("requester"); |
|
210 |
+ std::string authorizer("authorizer"); |
|
183 | 211 |
std::string token ("token"); |
184 |
- use_validator (configuration, new fake_validator (user, token)); |
|
185 |
- use_conversation (configuration, new fake_conversation (user, token)); |
|
212 |
+ use_validator (configuration, new fake_validator (requester, authorizer, token)); |
|
213 |
+ use_conversation (configuration, new fake_conversation (authorizer, token)); |
|
214 |
+ use_sessions(configuration, new fake_sessions(requester)); |
|
186 | 215 |
mock_logger *test_logger; |
187 | 216 |
use_logger (configuration, test_logger = new mock_logger); |
188 | 217 |
dual_control dc (dual_control::create (configuration)); |
... | ... |
@@ -193,7 +222,9 @@ int logs_authentication() |
193 | 222 |
//then |
194 | 223 |
check (test_logger->logged_result() == PAM_SUCCESS, |
195 | 224 |
"logged result should be success"); |
196 |
- check (test_logger->logged_user_name() == user, |
|
225 |
+ check (test_logger->logged_requester() == requester, |
|
226 |
+ "logged user name should be user"); |
|
227 |
+ check (test_logger->logged_authorizer() == authorizer, |
|
197 | 228 |
"logged user name should be user"); |
198 | 229 |
check (test_logger->logged_token() == token, |
199 | 230 |
"logged token should be token"); |
... | ... |
@@ -204,11 +235,13 @@ int logs_authentication_failure() |
204 | 235 |
{ |
205 | 236 |
//given |
206 | 237 |
dual_control_configuration configuration; |
207 |
- std::string user ("user"); |
|
208 |
- std::string token ("token"); |
|
209 |
- use_validator (configuration, new fake_validator (user, |
|
238 |
+ std::string requester("requester"); |
|
239 |
+ std::string authorizer("authorizer"); |
|
240 |
+ std::string token("token"); |
|
241 |
+ use_validator (configuration, new fake_validator (requester, authorizer, |
|
210 | 242 |
"not the received token")); |
211 |
- use_conversation (configuration, new fake_conversation (user, token)); |
|
243 |
+ use_conversation (configuration, new fake_conversation (authorizer, token)); |
|
244 |
+ use_sessions(configuration, new fake_sessions(requester)); |
|
212 | 245 |
mock_logger *test_logger; |
213 | 246 |
use_logger (configuration, test_logger = new mock_logger); |
214 | 247 |
dual_control dc (dual_control::create (configuration)); |
... | ... |
@@ -219,7 +252,9 @@ int logs_authentication_failure() |
219 | 252 |
//then |
220 | 253 |
check (test_logger->logged_result() == PAM_AUTH_ERR, |
221 | 254 |
"logged result should be success"); |
222 |
- check (test_logger->logged_user_name() == user, |
|
255 |
+ check (test_logger->logged_requester() == requester, |
|
256 |
+ "logged user name should be user"); |
|
257 |
+ check (test_logger->logged_authorizer() == authorizer, |
|
223 | 258 |
"logged user name should be user"); |
224 | 259 |
check (test_logger->logged_token() == token, |
225 | 260 |
"logged token should be token"); |
... | ... |
@@ -23,7 +23,7 @@ private: |
23 | 23 |
sys_syslog syslog_; |
24 | 24 |
public: |
25 | 25 |
impl (const sys_syslog &sys_syslog) : syslog_ (sys_syslog) {} |
26 |
- void log (int result, const std::string &user_name, |
|
26 |
+ void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name, |
|
27 | 27 |
const std::string &token) |
28 | 28 |
{ |
29 | 29 |
std::string message; |
... | ... |
@@ -34,19 +34,19 @@ public: |
34 | 34 |
case PAM_SUCCESS: |
35 | 35 |
facility = LOG_AUTHPRIV; |
36 | 36 |
priority = LOG_NOTICE; |
37 |
- message = user_name + " " + token + " " + "success"; |
|
37 |
+ message = requester_user_name + " " + authorizer_user_name + " " + token + " " + "success"; |
|
38 | 38 |
break; |
39 | 39 |
|
40 | 40 |
case PAM_AUTH_ERR: |
41 | 41 |
facility = LOG_AUTHPRIV; |
42 | 42 |
priority = LOG_NOTICE; |
43 |
- message = user_name + " " + token + " " + "fail"; |
|
43 |
+ message = authorizer_user_name + " " + token + " " + "fail"; |
|
44 | 44 |
break; |
45 | 45 |
|
46 | 46 |
default: |
47 | 47 |
facility = LOG_AUTH; |
48 | 48 |
priority = LOG_ERR; |
49 |
- message = user_name + " pam returned error"; |
|
49 |
+ message = authorizer_user_name + " pam returned error"; |
|
50 | 50 |
break; |
51 | 51 |
} |
52 | 52 |
|
... | ... |
@@ -21,7 +21,7 @@ class logger_ifc |
21 | 21 |
{ |
22 | 22 |
public: |
23 | 23 |
virtual ~logger_ifc() {} |
24 |
- virtual void log (int result, const std::string &user_name, |
|
24 |
+ virtual void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name, |
|
25 | 25 |
const std::string &token) {}; |
26 | 26 |
}; |
27 | 27 |
|
... | ... |
@@ -35,10 +35,10 @@ public: |
35 | 35 |
logger (const delegate &delegate) : delegate_ |
36 | 36 |
(delegate) {} |
37 | 37 |
logger() : logger (delegate (new logger_ifc)) {} |
38 |
- void log (int result, const std::string &user_name, |
|
38 |
+ void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name, |
|
39 | 39 |
const std::string &token) |
40 | 40 |
{ |
41 |
- delegate_->log (result, user_name, token); |
|
41 |
+ delegate_->log (result, requester_user_name, authorizer_user_name, token); |
|
42 | 42 |
} |
43 | 43 |
static logger create (const sys_syslog &sys_syslog); |
44 | 44 |
}; |
... | ... |
@@ -51,15 +51,16 @@ int logs_success() |
51 | 51 |
sys_syslog::delegate test_delegate (capture); |
52 | 52 |
sys_syslog test_syslog (test_delegate); |
53 | 53 |
logger logger = logger::create (test_syslog); |
54 |
- std::string user ("user"); |
|
54 |
+ std::string requester_user ("requester_user"); |
|
55 |
+ std::string authorizer_user ("authorizer_user"); |
|
55 | 56 |
std::string token ("token"); |
56 | 57 |
|
57 | 58 |
//when |
58 |
- logger.log (PAM_SUCCESS, user, token); |
|
59 |
+ logger.log (PAM_SUCCESS, requester_user, authorizer_user, token); |
|
59 | 60 |
|
60 | 61 |
//then |
61 | 62 |
check (capture->facility == LOG_AUTHPRIV, "facility does not match"); |
62 |
- check (capture->message == user + " " + token + " " + "success", |
|
63 |
+ check (capture->message == requester_user + " " + authorizer_user + " " + token + " " + "success", |
|
63 | 64 |
"message does not match"); |
64 | 65 |
check (capture->priority == LOG_NOTICE, "priority does not match"); |
65 | 66 |
check (capture->closed, "syslog not closed"); |
... | ... |
@@ -74,15 +75,16 @@ int logs_failure() |
74 | 75 |
sys_syslog::delegate test_delegate (capture); |
75 | 76 |
sys_syslog test_syslog (test_delegate); |
76 | 77 |
logger logger = logger::create (test_syslog); |
77 |
- std::string user ("user"); |
|
78 |
+ std::string requester ("requestuser"); |
|
79 |
+ std::string authorizer ("authuser"); |
|
78 | 80 |
std::string token ("token"); |
79 | 81 |
|
80 | 82 |
//when |
81 |
- logger.log (PAM_AUTH_ERR, user, token); |
|
83 |
+ logger.log (PAM_AUTH_ERR, requester, authorizer, token); |
|
82 | 84 |
|
83 | 85 |
//then |
84 | 86 |
check (capture->facility == LOG_AUTHPRIV, "facility does not match"); |
85 |
- check (capture->message == user + " " + token + " " + "fail", |
|
87 |
+ check (capture->message == authorizer + " " + token + " " + "fail", |
|
86 | 88 |
"message does not match"); |
87 | 89 |
check (capture->priority == LOG_NOTICE, "priority does not match"); |
88 | 90 |
check (capture->closed, "syslog not closed"); |
... | ... |
@@ -97,15 +99,16 @@ int logs_pam_service_error() |
97 | 99 |
sys_syslog::delegate test_delegate (capture); |
98 | 100 |
sys_syslog test_syslog (test_delegate); |
99 | 101 |
logger logger = logger::create (test_syslog); |
100 |
- std::string user ("user"); |
|
102 |
+ std::string requester ("user"); |
|
103 |
+ std::string authorizer ("user"); |
|
101 | 104 |
std::string token ("token"); |
102 | 105 |
|
103 | 106 |
//when |
104 |
- logger.log (PAM_SERVICE_ERR, user, token); |
|
107 |
+ logger.log (PAM_SERVICE_ERR, requester, authorizer, token); |
|
105 | 108 |
|
106 | 109 |
//then |
107 | 110 |
check (capture->facility == LOG_AUTH, "facility does not match"); |
108 |
- check (capture->message == user + " pam returned error", |
|
111 |
+ check (capture->message == authorizer + " pam returned error", |
|
109 | 112 |
"message does not match"); |
110 | 113 |
check (capture->priority == LOG_ERR, "priority does not match"); |
111 | 114 |
check (capture->closed, "syslog not closed"); |
... | ... |
@@ -29,10 +29,12 @@ public: |
29 | 29 |
|
30 | 30 |
class sessions |
31 | 31 |
{ |
32 |
+ public: |
|
33 |
+ typedef std::shared_ptr<sessions_ifc> delegate; |
|
32 | 34 |
private: |
33 |
- std::shared_ptr<sessions_ifc> delegate_; |
|
35 |
+ delegate delegate_; |
|
34 | 36 |
public: |
35 |
- sessions (std::shared_ptr<sessions_ifc> delegate = |
|
37 |
+ sessions (delegate delegate = |
|
36 | 38 |
std::make_shared<sessions_ifc>()) : delegate_ (delegate) {} |
37 | 39 |
std::string user_name (const pam_request &request) const |
38 | 40 |
{ |