Browse code
refactor dual control protocol
Greg Wiley authored on 19/04/2017 19:16:35
Showing 7 changed files
Showing 7 changed files
- dual_control.cc
- dual_control.h
- dual_control_integrate.cc
- dual_control_test.cc
- request.cc
- request.h
- request_test.cc
... | ... |
@@ -1,7 +1,22 @@ |
1 |
+#include <string> |
|
2 |
+#include <vector> |
|
3 |
+#include <security/pam_modules.h> |
|
4 |
+ |
|
5 |
+#include "request.h" |
|
1 | 6 |
#include "dual_control.h" |
2 | 7 |
#include "conversation.h" |
3 | 8 |
#include "validator.h" |
4 | 9 |
|
10 |
+int dual_control_ifc::authenticate (const pam_request &request) |
|
11 |
+{ |
|
12 |
+ return PAM_SERVICE_ERR; |
|
13 |
+} |
|
14 |
+ |
|
15 |
+int dual_control_ifc::setcred ( const pam_request &request) |
|
16 |
+{ |
|
17 |
+ return PAM_SERVICE_ERR; |
|
18 |
+} |
|
19 |
+ |
|
5 | 20 |
class impl : public dual_control_ifc |
6 | 21 |
{ |
7 | 22 |
private: |
... | ... |
@@ -10,10 +25,8 @@ private: |
10 | 25 |
logger logger_; |
11 | 26 |
public: |
12 | 27 |
impl (const dual_control_configuration &configuration); |
13 |
- int authenticate (pam_handle *handle, int flags, |
|
14 |
- const std::vector<const std::string> &arguments ); |
|
15 |
- int setcred (pam_handle *handle, int flags, |
|
16 |
- const std::vector<const std::string> &arguments); |
|
28 |
+ int authenticate (const pam_request &request); |
|
29 |
+ int setcred (const pam_request &request); |
|
17 | 30 |
}; |
18 | 31 |
|
19 | 32 |
impl::impl (const dual_control_configuration &configuration) : |
... | ... |
@@ -21,14 +34,12 @@ impl::impl (const dual_control_configuration &configuration) : |
21 | 34 |
validator_ (configuration.validator), |
22 | 35 |
logger_ (configuration.logger) {} |
23 | 36 |
|
24 |
-int impl::setcred (pam_handle *handle, int flags, |
|
25 |
- const std::vector<const std::string> &arguments) |
|
37 |
+int impl::setcred (const pam_request &request) |
|
26 | 38 |
{ |
27 | 39 |
return PAM_SUCCESS; |
28 | 40 |
} |
29 | 41 |
|
30 |
-int impl::authenticate (pam_handle *handle, int flags, |
|
31 |
- const std::vector<const std::string> &arguments) |
|
42 |
+int impl::authenticate (const pam_request &request) |
|
32 | 43 |
{ |
33 | 44 |
|
34 | 45 |
conversation_result conversation = conversations_.initiate_conversation(); |
... | ... |
@@ -45,6 +56,7 @@ int impl::authenticate (pam_handle *handle, int flags, |
45 | 56 |
dual_control create_dual_control (const dual_control_configuration |
46 | 57 |
&configuration) |
47 | 58 |
{ |
48 |
- return dual_control (new impl (configuration)); |
|
59 |
+ return dual_control (std::shared_ptr<dual_control_ifc> (new impl ( |
|
60 |
+ configuration))); |
|
49 | 61 |
} |
50 | 62 |
|
... | ... |
@@ -7,31 +7,47 @@ |
7 | 7 |
#ifndef _DUAL_CONTROL_H |
8 | 8 |
#define _DUAL_CONTROL_H |
9 | 9 |
|
10 |
-#include <string> |
|
11 | 10 |
#include <memory> |
12 |
-#include <vector> |
|
13 |
-#include <security/pam_modules.h> |
|
14 | 11 |
|
12 |
+#include "request.h" |
|
15 | 13 |
#include "validator.h" |
16 | 14 |
#include "conversation.h" |
17 | 15 |
#include "logger.h" |
18 | 16 |
|
17 |
+struct dual_control_configuration { |
|
18 |
+ validator validator; |
|
19 |
+ conversations conversations; |
|
20 |
+ logger logger; |
|
21 |
+}; |
|
22 |
+ |
|
19 | 23 |
class dual_control_ifc |
20 | 24 |
{ |
21 | 25 |
public: |
22 | 26 |
virtual ~dual_control_ifc() {} |
23 |
- virtual int authenticate (pam_handle_t *handle, int flags, |
|
24 |
- const std::vector<const std::string> &arguments ) = 0; |
|
25 |
- virtual int setcred (pam_handle_t *handle, int flags, |
|
26 |
- const std::vector<const std::string> &arguments) = 0; |
|
27 |
+ virtual int authenticate (const pam_request &request); |
|
28 |
+ virtual int setcred (const pam_request &request); |
|
27 | 29 |
}; |
28 |
-typedef std::shared_ptr<dual_control_ifc> dual_control; |
|
29 | 30 |
|
30 |
-struct dual_control_configuration { |
|
31 |
- validator validator; |
|
32 |
- conversations conversations; |
|
33 |
- logger logger; |
|
31 |
+class dual_control : public dual_control_ifc |
|
32 |
+{ |
|
33 |
+private: |
|
34 |
+ std::shared_ptr<dual_control_ifc> delegate_; |
|
35 |
+public: |
|
36 |
+ dual_control (std::shared_ptr<dual_control_ifc> delegate) : delegate_ |
|
37 |
+ (delegate) {} |
|
38 |
+ dual_control() : dual_control (std::shared_ptr<dual_control_ifc> |
|
39 |
+ (new dual_control_ifc)) {} |
|
40 |
+ int authenticate (const pam_request &request) |
|
41 |
+ { |
|
42 |
+ return delegate_->authenticate (request); |
|
43 |
+ } |
|
44 |
+ int setcred (const pam_request &request) |
|
45 |
+ { |
|
46 |
+ return delegate_->setcred (request); |
|
47 |
+ } |
|
48 |
+ |
|
34 | 49 |
}; |
50 |
+ |
|
35 | 51 |
dual_control create_dual_control (const dual_control_configuration |
36 | 52 |
&configuration); |
37 | 53 |
|
... | ... |
@@ -6,7 +6,7 @@ |
6 | 6 |
#include <memory> |
7 | 7 |
#include <vector> |
8 | 8 |
|
9 |
-#include "argument.h" |
|
9 |
+#include "request.h" |
|
10 | 10 |
#include "dual_control.h" |
11 | 11 |
|
12 | 12 |
extern dual_control dc; |
... | ... |
@@ -14,8 +14,7 @@ extern dual_control dc; |
14 | 14 |
PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, |
15 | 15 |
const char **argv) |
16 | 16 |
{ |
17 |
- std::vector<const std::string> arguments = convert_arguments (argc, argv); |
|
18 |
- return dc->authenticate (pamh, flags, arguments); |
|
17 |
+ return dc->authenticate (pam_request (pamh, flags, argc, argv)); |
|
19 | 18 |
} |
20 | 19 |
|
21 | 20 |
PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, |
... | ... |
@@ -1,6 +1,7 @@ |
1 | 1 |
#include <security/pam_modules.h> |
2 | 2 |
#include <string> |
3 | 3 |
|
4 |
+#include "request.h" |
|
4 | 5 |
#include "dual_control.h" |
5 | 6 |
#include "validator.h" |
6 | 7 |
#include "conversation.h" |
... | ... |
@@ -86,16 +87,19 @@ public: |
86 | 87 |
} |
87 | 88 |
}; |
88 | 89 |
|
90 |
+pam_request req() |
|
91 |
+{ |
|
92 |
+ return pam_request (0, 0, 0, 0); |
|
93 |
+} |
|
94 |
+ |
|
89 | 95 |
int setcred_returns_success() |
90 | 96 |
{ |
91 | 97 |
//given |
92 | 98 |
dual_control_configuration configuration; |
93 |
- pam_handle *pamh (0); |
|
94 | 99 |
dual_control dc (create_dual_control (configuration)); |
95 |
- std::vector<const std::string> arguments; |
|
96 | 100 |
|
97 | 101 |
//when |
98 |
- int result = dc->setcred (pamh, 0, arguments); |
|
102 |
+ int result = dc.setcred (req()); |
|
99 | 103 |
|
100 | 104 |
//then |
101 | 105 |
checkint (PAM_SUCCESS, result, "function return"); |
... | ... |
@@ -116,7 +120,7 @@ int authenticate_validates_with_received_token() |
116 | 120 |
std::vector<const std::string> arguments; |
117 | 121 |
|
118 | 122 |
// when |
119 |
- int actual = dc->authenticate (handle, 0, arguments); |
|
123 |
+ int actual = dc.authenticate (req()); |
|
120 | 124 |
|
121 | 125 |
// then |
122 | 126 |
check (actual == PAM_SUCCESS, "should be success"); |
... | ... |
@@ -132,11 +136,9 @@ int authenticate_fails_with_wrong_user() |
132 | 136 |
use_conversations (configuration, new fake_conversations ("wrong user", |
133 | 137 |
token)); |
134 | 138 |
dual_control dc (create_dual_control (configuration)); |
135 |
- pam_handle_t *handle (0); |
|
136 |
- std::vector<const std::string> arguments; |
|
137 | 139 |
|
138 | 140 |
// when |
139 |
- int actual = dc->authenticate (handle, 0, arguments); |
|
141 |
+ int actual = dc.authenticate (req()); |
|
140 | 142 |
|
141 | 143 |
// then |
142 | 144 |
check (actual == PAM_AUTH_ERR, "should be auth err"); |
... | ... |
@@ -152,11 +154,9 @@ int authenticate_fails_with_wrong_token() |
152 | 154 |
use_conversations (configuration, new fake_conversations (user, |
153 | 155 |
"wrong token")); |
154 | 156 |
dual_control dc (create_dual_control (configuration)); |
155 |
- pam_handle_t *handle (0); |
|
156 |
- std::vector<const std::string> arguments; |
|
157 | 157 |
|
158 | 158 |
// when |
159 |
- int actual = dc->authenticate (handle, 0, arguments); |
|
159 |
+ int actual = dc.authenticate (req()); |
|
160 | 160 |
|
161 | 161 |
// then |
162 | 162 |
check (actual == PAM_AUTH_ERR, "should be auth err"); |
... | ... |
@@ -174,11 +174,9 @@ int logs_authentication() |
174 | 174 |
mock_logger *test_logger; |
175 | 175 |
use_logger (configuration, test_logger = new mock_logger); |
176 | 176 |
dual_control dc (create_dual_control (configuration)); |
177 |
- pam_handle_t *handle (0); |
|
178 |
- std::vector<const std::string> arguments; |
|
179 | 177 |
|
180 | 178 |
//when |
181 |
- dc->authenticate (handle, 0, arguments); |
|
179 |
+ dc.authenticate (req()); |
|
182 | 180 |
|
183 | 181 |
//then |
184 | 182 |
check (test_logger->logged_result() == PAM_SUCCESS, |
... | ... |
@@ -202,11 +200,9 @@ int logs_authentication_failure() |
202 | 200 |
mock_logger *test_logger; |
203 | 201 |
use_logger (configuration, test_logger = new mock_logger); |
204 | 202 |
dual_control dc (create_dual_control (configuration)); |
205 |
- pam_handle_t *handle (0); |
|
206 |
- std::vector<const std::string> arguments; |
|
207 | 203 |
|
208 | 204 |
//when |
209 |
- dc->authenticate (handle, 0, arguments); |
|
205 |
+ dc.authenticate (req()); |
|
210 | 206 |
|
211 | 207 |
//then |
212 | 208 |
check (test_logger->logged_result() == PAM_AUTH_ERR, |
... | ... |
@@ -3,41 +3,14 @@ |
3 | 3 |
|
4 | 4 |
#include "request.h" |
5 | 5 |
|
6 |
- |
|
7 |
-/* |
|
8 |
- * #ifndef ARGUMENT_H |
|
9 |
-#define ARGUMENT_H |
|
10 |
- |
|
11 |
-#include <string> |
|
12 |
-#include <vector> |
|
13 |
-#include <security/pam_modules.h> |
|
14 |
- |
|
15 |
-class pam_request { |
|
16 |
- int argc_; |
|
17 |
- char **argv_; |
|
18 |
- int flags_; |
|
19 |
- pam_handle *handle_; |
|
20 |
- public: |
|
21 |
- pam_request(pam_handle *handle, int flags, int argc, char **argv) |
|
22 |
- : handle_(handle), |
|
23 |
- flags_(flags), |
|
24 |
- argc_(argc), |
|
25 |
- argv_(argv) {} |
|
26 |
- std::vector<std::string> arguments(); |
|
27 |
- int flags() { return flags_; } |
|
28 |
- pam_handle *handle() {return handle_; } |
|
29 |
-}; |
|
30 |
- |
|
31 |
-#endif |
|
32 |
- |
|
33 |
-*/ |
|
34 |
- |
|
35 |
-std::vector<std::string> pam_request::arguments() { |
|
6 |
+std::vector<std::string> pam_request::arguments() |
|
7 |
+{ |
|
36 | 8 |
std::vector<std::string> rval; |
37 |
- for(int i= 0; i < argc_; i++) { |
|
38 |
- rval.push_back(argv_[i]); |
|
9 |
+ |
|
10 |
+ for (int i= 0; i < argc_; i++) { |
|
11 |
+ rval.push_back (argv_[i]); |
|
39 | 12 |
} |
13 |
+ |
|
40 | 14 |
return rval; |
41 | 15 |
} |
42 | 16 |
|
43 |
- |
... | ... |
@@ -5,20 +5,27 @@ |
5 | 5 |
#include <vector> |
6 | 6 |
#include <security/pam_modules.h> |
7 | 7 |
|
8 |
-class pam_request { |
|
9 |
- int argc_; |
|
10 |
- const char **argv_; |
|
11 |
- int flags_; |
|
12 |
- pam_handle *handle_; |
|
13 |
- public: |
|
14 |
- pam_request(pam_handle *handle, int flags, int argc, const char **argv) |
|
15 |
- : handle_(handle), |
|
16 |
- flags_(flags), |
|
17 |
- argc_(argc), |
|
18 |
- argv_(argv) {} |
|
19 |
- std::vector<std::string> arguments(); |
|
20 |
- int flags() { return flags_; } |
|
21 |
- pam_handle *handle() {return handle_; } |
|
8 |
+class pam_request |
|
9 |
+{ |
|
10 |
+ int argc_; |
|
11 |
+ const char **argv_; |
|
12 |
+ int flags_; |
|
13 |
+ pam_handle *handle_; |
|
14 |
+public: |
|
15 |
+ pam_request (pam_handle *handle, int flags, int argc, const char **argv) |
|
16 |
+ : handle_ (handle), |
|
17 |
+ flags_ (flags), |
|
18 |
+ argc_ (argc), |
|
19 |
+ argv_ (argv) {} |
|
20 |
+ std::vector<std::string> arguments(); |
|
21 |
+ int flags() |
|
22 |
+ { |
|
23 |
+ return flags_; |
|
24 |
+ } |
|
25 |
+ pam_handle *handle() |
|
26 |
+ { |
|
27 |
+ return handle_; |
|
28 |
+ } |
|
22 | 29 |
}; |
23 | 30 |
|
24 | 31 |
#endif |
... | ... |
@@ -5,82 +5,56 @@ |
5 | 5 |
#include "request.h" |
6 | 6 |
#include "test_util.h" |
7 | 7 |
|
8 |
-bool construction_happy() { |
|
8 |
+bool construction_happy() |
|
9 |
+{ |
|
9 | 10 |
// given |
10 |
- pam_handle *handle = reinterpret_cast<pam_handle *>(975); |
|
11 |
+ pam_handle *handle = reinterpret_cast<pam_handle *> (975); |
|
11 | 12 |
int flags = 0x23; |
12 | 13 |
const char *arg = "an argument"; |
13 | 14 |
|
14 | 15 |
// when |
15 |
- pam_request actual(handle, flags, 1, &arg); |
|
16 |
+ pam_request actual (handle, flags, 1, &arg); |
|
16 | 17 |
|
17 | 18 |
// then |
18 |
- check(handle == actual.handle(), "handle does not match"); |
|
19 |
- check(flags == actual.flags(), "flags does not match"); |
|
19 |
+ check (handle == actual.handle(), "handle does not match"); |
|
20 |
+ check (flags == actual.flags(), "flags does not match"); |
|
20 | 21 |
std::vector<std::string> expected_args; |
21 |
- expected_args.push_back(arg); |
|
22 |
- check(expected_args == actual.arguments(), "arguments does not match"); |
|
22 |
+ expected_args.push_back (arg); |
|
23 |
+ check (expected_args == actual.arguments(), "arguments does not match"); |
|
23 | 24 |
succeed(); |
24 | 25 |
} |
25 | 26 |
|
27 |
+bool multiple_arguments() |
|
28 |
+{ |
|
29 |
+ // given |
|
30 |
+ const char *arg1 = "arg1"; |
|
31 |
+ const char *arg2 = "arg2"; |
|
32 |
+ const char *arg3 = "arg3"; |
|
33 |
+ const char *argv[] = {arg1,arg2, arg3}; |
|
34 |
+ |
|
35 |
+ // when |
|
36 |
+ pam_request actual (0, 0, 3, argv); |
|
26 | 37 |
|
27 |
-//int convert_single_argument_to_cplusplus() |
|
28 |
-//{ |
|
29 |
-// //given |
|
30 |
-// int nargs = 1; |
|
31 |
-// const char *arg = "blah"; |
|
32 |
-// const char **argv = &arg; |
|
33 |
-// |
|
34 |
-// //when |
|
35 |
-// std::vector<const std::string> actual = convert_arguments (nargs, argv); |
|
36 |
-// |
|
37 |
-// //then |
|
38 |
-// std::vector<std::string> temp (1); |
|
39 |
-// temp[0] = arg; |
|
40 |
-// std::vector<const std::string> expected (temp.begin(), temp.end()); |
|
41 |
-// |
|
42 |
-// check (actual == expected, "did not convert to c++"); |
|
43 |
-// succeed(); |
|
44 |
-//} |
|
45 |
-// |
|
46 |
-//int convert_no_arguments_to_cplusplus() |
|
47 |
-//{ |
|
48 |
-// //given |
|
49 |
-// int nargs = 0; |
|
50 |
-// const char **argv = 0; |
|
51 |
-// |
|
52 |
-// //when |
|
53 |
-// std::vector<const std::string> actual = convert_arguments (nargs, argv); |
|
54 |
-// |
|
55 |
-// //then |
|
56 |
-// std::vector<const std::string> expected; |
|
57 |
-// |
|
58 |
-// check (actual == expected, "did not convert to c++"); |
|
59 |
-// succeed(); |
|
60 |
-//} |
|
61 |
-// |
|
62 |
-//int convert_multiple_arguments_to_cplusplus() |
|
63 |
-//{ |
|
64 |
-// //given |
|
65 |
-// int nargs = 3; |
|
66 |
-// const char *arg1 = "one"; |
|
67 |
-// const char *arg2 = "two"; |
|
68 |
-// const char *arg3 = "three"; |
|
69 |
-// const char *argv[] = {arg1,arg2,arg3}; |
|
70 |
-// |
|
71 |
-// //when |
|
72 |
-// std::vector<const std::string> actual = convert_arguments (nargs, argv); |
|
73 |
-// |
|
74 |
-// //then |
|
75 |
-// std::vector<std::string> temp; |
|
76 |
-// temp.push_back (arg1); |
|
77 |
-// temp.push_back (arg2); |
|
78 |
-// temp.push_back (arg3); |
|
79 |
-// std::vector<const std::string> expected (temp.begin(), temp.end()); |
|
80 |
-// |
|
81 |
-// check (actual == expected, "did not convert to c++"); |
|
82 |
-// succeed(); |
|
83 |
-//} |
|
38 |
+ // then |
|
39 |
+ std::vector<std::string> expected_args; |
|
40 |
+ expected_args.push_back (arg1); |
|
41 |
+ expected_args.push_back (arg2); |
|
42 |
+ expected_args.push_back (arg3); |
|
43 |
+ check (expected_args == actual.arguments(), "arguments does not match"); |
|
44 |
+ succeed(); |
|
45 |
+} |
|
46 |
+ |
|
47 |
+bool zero_arguments() |
|
48 |
+{ |
|
49 |
+ |
|
50 |
+ // when |
|
51 |
+ pam_request actual (0, 0, 0, 0); |
|
52 |
+ |
|
53 |
+ // then |
|
54 |
+ check (std::vector<std::string> (0) == actual.arguments(), |
|
55 |
+ "arguments does not match"); |
|
56 |
+ succeed(); |
|
57 |
+} |
|
84 | 58 |
|
85 | 59 |
RESET_VARS_START |
86 | 60 |
RESET_VARS_END |
... | ... |
@@ -88,6 +62,8 @@ RESET_VARS_END |
88 | 62 |
int run_tests() |
89 | 63 |
{ |
90 | 64 |
test (construction_happy); |
65 |
+ test (multiple_arguments); |
|
66 |
+ test (zero_arguments); |
|
91 | 67 |
succeed(); |
92 | 68 |
} |
93 | 69 |
|