@@ -2,8 +2,9 @@ CXXFLAGS += -fPIC -fno-stack-protector -std=c++14

 CFLAGS += -fPIC -fno-stack-protector

 OBJS = dual_control.o request.o dual_control_integrate.o validator.o conversation.o user.o \

-	   sys_unistd.o sys_pwd.o

-TESTS = dual_control_test validator_test conversation_test request_test user_test

+		sys_unistd.o sys_pwd.o token.o sys_fstream.o sys_syslog.o logger.o

+TESTS = dual_control_test validator_test conversation_test request_test user_test token_test \

+		logger_test

 TESTOBJS = $(patsubst %,%.o,$(TESTS))

 SRCS := $(OBJS:.o=.cc) $(TESTOBJS:.o=.cc)

@@ -72,68 +72,3 @@ conversation create_conversation (pam &pam)

     return conversation (std::shared_ptr<conversation_ifc> (new impl (pam)));

 }

-/*

-int (*conv)(int num_msg, const struct pam_message **msg,

-                struct pam_response **resp, void *appdata_ptr)

-   */

-

-/*

-pam_token_conversation::pam_token_conversation (pam_handle_t *pamh,

-        const pam_p pam)

-{

-    pam_conversation_p pam_conversation;

-    int get_conversation_result = pam->get_conversation (pamh,

-                                  pam_conversation);

-

-    if (get_conversation_result != 0) {

-        return;

-    }

-

-    struct pam_message prompt;

-

-    std::string message ("Dual control token: ");

-

-    prompt.msg = const_cast<char *> (message.c_str());

-

-    prompt.msg_style = PAM_PROMPT_ECHO_OFF;

-

-    std::vector<const struct pam_message *> prompts (1);

-

-    prompts[0] = &prompt;

-

-    std::vector<struct pam_response *> answers (1);

-

-    int conversation_result = pam_conversation->conv (prompts, answers);

-

-    if (conversation_result) {

-        return;

-    }

-

-    if (answers[0]->resp_retcode) {

-        return;

-    }

-

-    std::string answer (answers[0]->resp);

-    std::string::iterator delim = std::find (answer.begin(), answer.end(), ':');

-

-    if (delim == answer.end()) {

-        return;

-    }

-

-    std::string user_name (answer.begin(), delim);

-    std::string token (delim + 1, answer.end());

-    user_ = user_name;

-    token_ = token;

-}

-

-std::string pam_token_conversation::token()

-{

-    return token_;

-}

-

-std::string pam_token_conversation::user_name()

-{

-    return user_;

-}

-*/

-

@@ -17,6 +17,7 @@

 #include "dual_control.h"

 #include "conversation.h"

 #include "validator.h"

+#include "logger.h"

 int dual_control_ifc::authenticate (const pam_request &request)

 {

@@ -39,7 +39,7 @@ void use_conversation (dual_control_configuration &config,

 void use_logger (dual_control_configuration &config, logger_ifc *value)

 {

-    config.logger = logger (share (value));

+    config.logger = logger (logger::delegate (value));

 }

 class mock_logger : public logger_ifc

new file mode 100755

@@ -0,0 +1,25 @@

+#!/bin/bash

+

+

+for f in "${@}"; do

+  astyle -q --options=$(dirname $0)/astylerc $f

+  echo "" >> $f

+  if ! grep -q 'Copyright.*CJ' $f; then

+      cat << EOF > $f.temp_

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+EOF

+  fi

+  cat -s $f >> $f.temp_

+  mv $f.temp_ $f

+done

+

new file mode 100644

@@ -0,0 +1,64 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#include <syslog.h>

+#include <security/pam_modules.h>

+

+#include "sys_syslog.h"

+#include "logger.h"

+

+namespace

+{

+class impl : public logger_ifc

+{

+private:

+    sys_syslog syslog_;

+public:

+    impl (const sys_syslog &sys_syslog) : syslog_ (sys_syslog) {}

+    void log (int result, const std::string &user_name,

+              const std::string &token)

+    {

+        std::string message;

+        int facility;

+        int priority;

+

+        switch (result) {

+        case PAM_SUCCESS:

+            facility = LOG_AUTHPRIV;

+            priority = LOG_NOTICE;

+            message = user_name + " " + token + " " + "success";

+            break;

+

+        case PAM_AUTH_ERR:

+            facility = LOG_AUTHPRIV;

+            priority = LOG_NOTICE;

+            message = user_name + " " + token + " " + "fail";

+            break;

+

+        default:

+            facility = LOG_AUTH;

+            priority = LOG_ERR;

+            message = user_name + " pam returned error";

+            break;

+        }

+

+        syslog_.openlog ("dual-control", 0, facility);

+        syslog_.syslog (priority, message.c_str());

+        syslog_.closelog();

+    }

+};

+}

+

+logger logger::create (const sys_syslog &sys_syslog)

+{

+    return logger (delegate (new impl (sys_syslog)));

+}

+

@@ -15,6 +15,8 @@

 #include <memory>

 #include <string>

+#include "sys_syslog.h"

+

 class logger_ifc

 {

 public:

@@ -25,17 +27,20 @@ public:

 class logger : public logger_ifc

 {

+public:

+    typedef std::shared_ptr<logger_ifc> delegate;

 private:

-    std::shared_ptr<logger_ifc> delegate_;

+    delegate delegate_;

 public:

-    logger (const std::shared_ptr<logger_ifc> &delegate) : delegate_

+    logger (const delegate &delegate) : delegate_

         (delegate) {}

-    logger() : logger (std::shared_ptr<logger_ifc> (new logger_ifc)) {}

+    logger() : logger (delegate (new logger_ifc)) {}

     void log (int result, const std::string &user_name,

               const std::string &token)

     {

         delegate_->log (result, user_name, token);

     }

+    static logger create (const sys_syslog &sys_syslog);

 };

 #endif

new file mode 100644

@@ -0,0 +1,211 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#include <syslog.h>

+#include <security/pam_modules.h>

+

+#include <iostream>

+

+#include "sys_syslog.h"

+#include "logger.h"

+#include "test_util.h"

+

+class mock_syslog : public sys_syslog_ifc

+{

+public:

+    int facility;

+    std::string message;

+    int priority;

+    bool closed;

+    std::string ident;

+    mock_syslog() : closed (false), facility (-1000), priority (-1000) {}

+    void openlog (const char *ident, int logopt, int facility)

+    {

+        this->facility = facility;

+        this->ident = ident;

+    }

+    void vsyslog (int priority, const char *message, va_list args)

+    {

+        this->priority = priority;

+        this->message = message;

+    }

+    void closelog()

+    {

+        this->closed = true;

+    }

+

+};

+

+int logs_success()

+{

+    //given

+    mock_syslog *capture = new mock_syslog;

+    sys_syslog::delegate test_delegate (capture);

+    sys_syslog test_syslog (test_delegate);

+    logger logger = logger::create (test_syslog);

+    std::string user ("user");

+    std::string token ("token");

+

+    //when

+    logger.log (PAM_SUCCESS, user, token);

+

+    //then

+    check (capture->facility == LOG_AUTHPRIV, "facility does not match");

+    check (capture->message == user + " " + token + " " + "success",

+           "message does not match");

+    check (capture->priority == LOG_NOTICE, "priority does not match");

+    check (capture->closed, "syslog not closed");

+    check (capture->ident == "dual-control", "dual-control");

+    succeed();

+}

+

+int logs_failure()

+{

+    //given

+    mock_syslog *capture = new mock_syslog;

+    sys_syslog::delegate test_delegate (capture);

+    sys_syslog test_syslog (test_delegate);

+    logger logger = logger::create (test_syslog);

+    std::string user ("user");

+    std::string token ("token");

+

+    //when

+    logger.log (PAM_AUTH_ERR, user, token);

+

+    //then

+    check (capture->facility == LOG_AUTHPRIV, "facility does not match");

+    check (capture->message == user + " " + token + " " + "fail",

+           "message does not match");

+    check (capture->priority == LOG_NOTICE, "priority does not match");

+    check (capture->closed, "syslog not closed");

+    check (capture->ident == "dual-control", "dual-control");

+    succeed();

+}

+

+int logs_pam_service_error()

+{

+    //given

+    mock_syslog *capture = new mock_syslog;

+    sys_syslog::delegate test_delegate (capture);

+    sys_syslog test_syslog (test_delegate);

+    logger logger = logger::create (test_syslog);

+    std::string user ("user");

+    std::string token ("token");

+

+    //when

+    logger.log (PAM_SERVICE_ERR, user, token);

+

+    //then

+    check (capture->facility == LOG_AUTH, "facility does not match");

+    check (capture->message == user + " pam returned error",

+           "message does not match");

+    check (capture->priority == LOG_ERR, "priority does not match");

+    check (capture->closed, "syslog not closed");

+    check (capture->ident == "dual-control", "dual-control");

+    succeed();

+}

+

+RESET_VARS_START

+RESET_VARS_END

+

+int run_tests()

+{

+    test (logs_success);

+    test (logs_failure);

+    test (logs_pam_service_error);

+    succeed();

+}

+

+int main (int numargs, char **args)

+{

+    return !run_tests();

+}

+

+/*

+int logged_priority = -1000;

+const char *logged_message = "";

+void fake_syslog (int priority, const char *message, ...)

+{

+    logged_priority = priority;

+    logged_message = message;

+}

+

+int close_log_invoked = 0;

+void fake_closelog (void)

+{

+    close_log_invoked = 1;

+}

+

+int opened_facility = -1000;

+const char *opened_program_name = "";

+int opened_logopt = -1000;

+void fake_openlog (const char *ident, int logopt, int facility)

+{

+    opened_facility = facility;

+    opened_program_name = ident;

+    opened_logopt = logopt;

+}

+

+RESET_VARS_START

+logged_priority = -1000;

+close_log_invoked = 0;

+opened_facility = -1000;

+const char *opened_program_name = "";

+int opened_logopt = -1000;

+RESET_VARS_END

+

+int test_log_success()

+{

+    // given

+

+    // when

+    log_success();

+

+    // then

+    checkint (LOG_AUTHPRIV, opened_facility, "facility");

+    checkint (LOG_NOTICE, logged_priority, "priority");

+    checkint (0, opened_logopt, "logopt");

+    check (close_log_invoked, "log closed");

+    checkstr ("pam_dual_control", opened_program_name, "program name");

+    checkstr ("dual control succeeded", logged_message, "logged message");

+    succeed();

+}

+

+int test_log_failure()

+{

+    //given

+

+    //when

+    log_failure();

+

+    //then

+    checkint (LOG_AUTHPRIV, opened_facility, "facility");

+    checkint (LOG_NOTICE, logged_priority, "priority");

+    checkint (0, opened_logopt, "logopt");

+    check (close_log_invoked, "log closed");

+    checkstr ("pam_dual_control", opened_program_name, "program name");

+    checkstr ("dual control failed", logged_message, "logged message");

+    succeed();

+}

+

+int test_runner()

+{

+    test (test_log_success);

+    test (test_log_failure);

+    succeed();

+}

+

+int main (int numargs, char **args)

+{

+    return !test_runner();

+}

+*/

+

deleted file mode 100644

@@ -1,32 +0,0 @@

-/* Copyright (C) CJ Affiliate

- *

- * You may use, distribute and modify this code under  the

- * terms of the  GNU General Public License  version 2  or

- * later.

- *

- * You should have received a copy of the license with this

- * file. If not, you will find a copy in the "LICENSE" file

- * at https://github.com/cjdev/dual-control.

- */

-

-#include <syslog.h>

-

-#include "logging.h"

-#include "test_support.h"

-

-static const char program_name[] = "pam_dual_control";

-

-void log_success()

-{

-    openlog (program_name, 0, LOG_AUTHPRIV);

-    syslog (LOG_NOTICE, "dual control succeeded");

-    closelog();

-}

-

-void log_failure()

-{

-    openlog (program_name, 0, LOG_AUTHPRIV);

-    syslog (LOG_NOTICE, "dual control failed");

-    closelog();

-}

-

deleted file mode 100644

@@ -1,96 +0,0 @@

-/* Copyright (C) CJ Affiliate

- *

- * You may use, distribute and modify this code under  the

- * terms of the  GNU General Public License  version 2  or

- * later.

- *

- * You should have received a copy of the license with this

- * file. If not, you will find a copy in the "LICENSE" file

- * at https://github.com/cjdev/dual-control.

- */

-

-#include <cstdio>

-#include <cstring>

-#include <syslog.h>

-

-#include "logging.h"

-#include "test_util.h"

-

-int logged_priority = -1000;

-const char *logged_message = "";

-void fake_syslog (int priority, const char *message, ...)

-{

-    logged_priority = priority;

-    logged_message = message;

-}

-

-int close_log_invoked = 0;

-void fake_closelog (void)

-{

-    close_log_invoked = 1;

-}

-

-int opened_facility = -1000;

-const char *opened_program_name = "";

-int opened_logopt = -1000;

-void fake_openlog (const char *ident, int logopt, int facility)

-{

-    opened_facility = facility;

-    opened_program_name = ident;

-    opened_logopt = logopt;

-}

-

-RESET_VARS_START

-logged_priority = -1000;

-close_log_invoked = 0;

-opened_facility = -1000;

-const char *opened_program_name = "";

-int opened_logopt = -1000;

-RESET_VARS_END

-

-int test_log_success()

-{

-    // given

-

-    // when

-    log_success();

-

-    // then

-    checkint (LOG_AUTHPRIV, opened_facility, "facility");

-    checkint (LOG_NOTICE, logged_priority, "priority");

-    checkint (0, opened_logopt, "logopt");

-    check (close_log_invoked, "log closed");

-    checkstr ("pam_dual_control", opened_program_name, "program name");

-    checkstr ("dual control succeeded", logged_message, "logged message");

-    succeed();

-}

-

-int test_log_failure()

-{

-    //given

-

-    //when

-    log_failure();

-

-    //then

-    checkint (LOG_AUTHPRIV, opened_facility, "facility");

-    checkint (LOG_NOTICE, logged_priority, "priority");

-    checkint (0, opened_logopt, "logopt");

-    check (close_log_invoked, "log closed");

-    checkstr ("pam_dual_control", opened_program_name, "program name");

-    checkstr ("dual control failed", logged_message, "logged message");

-    succeed();

-}

-

-int test_runner()

-{

-    test (test_log_success);

-    test (test_log_failure);

-    succeed();

-}

-

-int main (int numargs, char **args)

-{

-    return !test_runner();

-}

-

new file mode 100644

@@ -0,0 +1,35 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#include <memory>

+#include <fstream>

+

+#include "sys_fstream.h"

+

+namespace

+{

+class impl : public fstreams_ifc

+{

+public:

+    pstream open_fstream (const std::string &file_path)

+    {

+        return pstream (new std::ifstream (file_path));

+    }

+};

+

+}

+

+fstreams fstreams::create()

+{

+    static fstreams singleton (delegate (new impl));

+    return singleton;

+}

+

new file mode 100644

@@ -0,0 +1,45 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#ifndef SYS_FSTREAM_H

+#define SYS_FSTREAM_H

+

+#include <memory>

+#include <sstream>

+

+class fstreams_ifc

+{

+public:

+    typedef std::shared_ptr<std::istream> pstream;

+    virtual pstream open_fstream (const std::string &file_path)

+    {

+        return pstream (new std::istringstream (""));

+    }

+};

+

+class fstreams : public fstreams_ifc

+{

+public:

+    typedef std::shared_ptr<fstreams_ifc> delegate;

+private:

+    delegate delegate_;

+public:

+    fstreams (const delegate &delegate) : delegate_ (delegate) {}

+    fstreams() : fstreams (delegate (new fstreams_ifc)) {}

+    pstream open_fstream (const std::string &file_path)

+    {

+        return delegate_->open_fstream (file_path);

+    }

+    static fstreams create();

+};

+

+#endif

+

new file mode 100644

@@ -0,0 +1,43 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#include <syslog.h>

+

+#include "sys_syslog.h"

+

+namespace

+{

+class impl : public sys_syslog_ifc

+{

+public:

+    void openlog (const char *ident, int logopt, int facility)

+    {

+        ::openlog (ident, logopt, facility);

+    }

+

+    void vsyslog (int priority, const char *message, va_list args)

+    {

+        ::vsyslog (priority, message, args);

+    }

+

+    void closelog()

+    {

+        ::closelog();

+    }

+};

+}

+

+sys_syslog sys_syslog::create()

+{

+    static sys_syslog singleton (sys_syslog::delegate (new impl));

+    return singleton;

+}

+

new file mode 100644

@@ -0,0 +1,60 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#ifndef SYS_SYSLOG_H

+#define SYS_SYSLOG_H

+

+#include <memory>

+#include <cstdarg>

+#include <syslog.h>

+

+class sys_syslog_ifc

+{

+public:

+    virtual void openlog (const char *ident, int logopt, int facility) {}

+    virtual void vsyslog (int priority, const char *message, va_list args) {}

+    virtual void closelog() {}

+};

+

+class sys_syslog : public sys_syslog_ifc

+{

+public:

+    typedef std::shared_ptr<sys_syslog_ifc> delegate;

+private:

+    delegate delegate_;

+public:

+    sys_syslog (const delegate &delegate) : delegate_ (delegate) {}

+    sys_syslog() : sys_syslog (delegate (new sys_syslog_ifc)) {}

+    void openlog (const char *ident, int logopt, int facility)

+    {

+        delegate_->openlog (ident, logopt, facility);

+    }

+    void syslog (int priority, const char *format, ...)

+    {

+        va_list vargs;

+        va_start (vargs, format);

+        vsyslog (priority, format, vargs);

+        va_end (vargs);

+    }

+    void vsyslog (int priority, const char *message, va_list vargs)

+    {

+        delegate_->vsyslog (priority, message, vargs);

+    }

+    void closelog()

+    {

+        delegate_->closelog();

+    }

+

+    static sys_syslog create();

+};

+

+#endif

+

@@ -1,7 +1,7 @@

 /* Copyright (C) CJ Affiliate

  *

  * You may use, distribute and modify this code under  the

- * terms of the  GNU General Public License  version 2  or

+ * terms of the  GNU General Public License version 2  or

  * later.

  *

  * You should have received a copy of the license with this

@@ -9,17 +9,43 @@

  * at https://github.com/cjdev/dual-control.

  */

-#include <cstdlib>

-#include <cstring>

-#include <security/pam_modules.h>

-#include <pwd.h>

-#include <unistd.h>

-#include <cstdio>

-#include <sys/stat.h>

 #include <string>

 #include <vector>

 #include <memory>

 #include <fstream>

-#include "test_support.h"

+#include "token.h"

+#include "user.h"

+#include "sys_fstream.h"

+

+namespace

+{

+class user_token_supplier_impl : public user_token_supplier_ifc

+{

+private:

+    fstreams fstreams_;

+public:

+    user_token_supplier_impl (fstreams &fstreams) :

+        fstreams_ (fstreams) {}

+    std::string token (user &user)

+    {

+        const std::string file_path (user.home_directory() + "/.dual_control");

+        std::vector<char> line (7);

+

+        fstreams::pstream stream (fstreams_.open_fstream (file_path));

+

+        if (!stream->good()) {

+            return "";

+        }

+

+        stream->getline (line.data(), line.size());

+        return std::string (line.data());

+    }

+};

+}

+user_token_supplier user_token_supplier::create (fstreams &fstreams)

+{

+    return user_token_supplier (user_token_supplier::delegate

+                                (new user_token_supplier_impl (fstreams)));

+}

@@ -11,15 +11,18 @@

 #ifndef _TOKEN_H

 #define _TOKEN_H

+

 #include <string>

 #include <memory>

-#include <iostream>

+

 #include "user.h"

+#include "sys_fstream.h"

 class user_token_supplier_ifc

 {

 public:

-    virtual std::string token (const user &user)

+    virtual ~user_token_supplier_ifc() {}

+    virtual std::string token (user &user)

     {

         return "";

     }

@@ -27,17 +30,20 @@ public:

 class user_token_supplier : public user_token_supplier_ifc

 {

+public:

+    typedef std::shared_ptr<user_token_supplier_ifc> delegate;

 private:

-    std::shared_ptr<user_token_supplier_ifc> delegate_;

+    delegate delegate_;

 public:

-    user_token_supplier (std::shared_ptr<user_token_supplier_ifc> delegate) :

+    user_token_supplier (delegate delegate) :

         delegate_ (delegate) {}

     user_token_supplier() : user_token_supplier (

-            std::shared_ptr<user_token_supplier_ifc> (new user_token_supplier_ifc)) {}

-    std::string token (const user &user)

+            delegate (new user_token_supplier_ifc)) {}

+    std::string token (user &user)