@@ -10,5 +10,6 @@ config.status

 Makefile

 *.log

 autom4te.cache/

-dual_control_test

-.vagrant/

+*_test

+*_test

+

@@ -1,7 +1,7 @@

 MODULEFLAGS = -fPIC -fno-stack-protector

-MODULEOBJS = dual_control.o logging.o dc_syslog.o

-HEADERS = logging.h dc_syslog.h

-

+MODULEOBJS = dual_control.o logging.o token.o conversation.o

+TESTOBJS = $(patsubst %.o, t_%.o, $(MODULEOBJS))

+HEADERS = logging.h test_support.h token.h

 MODULELIB = pam_dual_control.so

 UNAME_S := $(shell uname -s)

@@ -15,6 +15,9 @@ dual_control.a: $(MODULEOBJS)

 $(MODULEOBJS): %.o: %.c $(HEADERS)

 	$(CC) -c $(CFLAGS) $(CPPFLAGS) $(MODULEFLAGS) $< -o $@

+$(TESTOBJS): t_%.o: %.c $(HEADERS)

+	$(CC) -c $(CFLAGS) $(CPPFLAGS) $(MODULEFLAGS) -D UNIT_TEST $< -o $@

+

 .PHONY: clean

 clean:

 	@rm -f *.o *.a

@@ -24,15 +27,21 @@ clean:

 distclean: clean

 	@rm -f Makefile config.h

-dual_control_test: dual_control_test.c dual_control.o

+dual_control_test: dual_control_test.c t_dual_control.o

 	$(CC) $(CFLAGS) $(CPPFLAGS) -lpam -o $@ $^

-logging_test: logging_test.c logging.o

+

+logging_test: logging_test.c t_logging.o

+	$(CC) $(CFLAGS) $(CPPFLAGS) -lpam -o $@ $^

+

+token_test: token_test.c t_token.o

 	$(CC) $(CFLAGS) $(CPPFLAGS) -lpam -o $@ $^

 .PHONY: test

-test: dual_control_test logging_test

-	@./dual_control_test > /dev/null

-	@./logging_test > /dev/null

+test: dual_control_test logging_test token_test

+	@./dual_control_test

+	@./logging_test

+	@./token_test

+	@echo all tests passed

 .PHONY: install

 install: $(MODULEOBJS)

@@ -1,11 +1,13 @@

 [![Build Status](https://travis-ci.org/cjdev/dual-control.svg?branch=master)](https://travis-ci.org/cjdev/dual-control)

 # Dual Control

+Dual Control is a PAM module that requires a user to input a generated token from another user before being granted sudo access. The module also requires that the user input the reason for his or her access request and, via `syslog`, captures all this information for future reference.

-Goal: To remove all non-firefighting developer write-access to production boxes

+At **CJ Engineering**, we will be implementing Dual Control on our production boxes to ensure that a single engineer cannot gain write access without meeting the above-stated requirements.

-For ZFR

+Dual Control is an open source project licensed under the [GNU General Public License](https://github.com/cjdev/dual-control/blob/master/COPYING). As it stands, Dual Control is written only for machines running Linux. However, we graciously welcome contributions, particularly those related to portability to other operating systems.

+## For ZFR

 * setup a native project

   * for Linux (docker, virtualbox)

 * installer

deleted file mode 100644

@@ -1,17 +0,0 @@

-#include <stdarg.h>

-#include "dc_syslog.h"

-

-void dc_openlog(const char *ident, int logopt, int facility) {

-    openlog(ident, logopt, facility);

-}

-

-void dc_syslog(int priority, const char *format, ...) {

-    va_list varargs;

-    va_start(varargs, format);

-    vsyslog(priority, format, varargs);

-    va_end(varargs);

-}

-void dc_closelog(void) {

-    closelog();

-}

-

deleted file mode 100644

@@ -1,10 +0,0 @@

-#ifndef _DC_SYSLOG_H

-#define _DC_SYSLOG_H

-

-#include <syslog.h>

-

-void dc_openlog(const char *ident, int logopt, int facility);

-void dc_syslog(int priority, const char *message, ...);

-void dc_closelog(void);

-

-#endif

@@ -1,23 +1,39 @@

 #include <security/pam_appl.h>

 #include <security/pam_modules.h>

-#include <stdio.h>

+#include <string.h>

+#include <stdlib.h>

+

 #include "logging.h"

 #include "token.h"

+#include "conversation.h"

 PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {

-    printf("Authentication\n");

+    const char *returned_token = ask_for_token(pamh);

+

+    int returned_token_length = strlen(returned_token);

+    char working_token[returned_token_length + 1];

+    strcpy(working_token, returned_token);

+    char *colon = strchr(working_token, ':');

+    if(!colon) {

+        return PAM_AUTH_ERR;

+    }

+

+    *colon = 0;

+    char *user = working_token;

+    char *token = colon + 1;

-    int returned_validation = validate_token("str");

+    int returned_validation = validate_token(user, token);

     if (returned_validation) {

         log_success();

         return PAM_SUCCESS;

     } else {

+        log_failure();

         return PAM_AUTH_ERR;

     }

 }

 PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {

-    printf("Set cred\n");

     return PAM_SUCCESS;

 }

+

@@ -4,25 +4,45 @@

 #include "conversation.h"

 #include "token.h"

+#include "test_util.h"

+const char *validated_user = "";

+const char *validated_token = "";

 const char *token_to_return = "";

+int validation_to_return = 0;

+int log_success_invoked = 0;

+int log_failure_invoked = 0;

+int at_least_one_failed_test = 0;

 pam_handle_t *passed_pam_handle = NULL;

+

+RESET_VARS_START

+validated_user = "";

+validated_token = "";

+validation_to_return = 1;

+passed_pam_handle = NULL;

+log_success_invoked = 0;

+log_failure_invoked = 0;

+RESET_VARS_END

+

 const char *ask_for_token(pam_handle_t *pamh) {

     passed_pam_handle = pamh;

     return token_to_return;

 }

-int validation_to_return = 0;

-int validate_token(const char *token) {

+

+int validate_token(const char *user, const char *token) {

+    validated_user = user;

+    validated_token = token;

     return validation_to_return;

 }

-

-int log_success_invoked = 0;

 void log_success() {

     log_success_invoked = 1;

 }

+void log_failure() {

+    log_failure_invoked = 1;

+}

 int pam_sm_setcred_returns_success() {

     //given

@@ -31,19 +51,45 @@ int pam_sm_setcred_returns_success() {

     int result = pam_sm_setcred(NULL, 0, 0, NULL);

     //then

-    return result == PAM_SUCCESS;

+    checkint(PAM_SUCCESS, result, "function return");

+    succeed();

+

+}

+

+int pam_sm_authenticate_validates_with_received_token() {

+    // given

+    token_to_return = "user:pin";

+    pam_handle_t *handle = (pam_handle_t*)"";

+

+    // when

+    pam_sm_authenticate(handle, 0, 0, NULL);

+

+    // then

+    checkstr("pin",validated_token, "validated token");

+    checkstr("user",validated_user, "validated user");

+    check(passed_pam_handle == handle, "incorrect handle");

+    succeed();

 }

 int pam_sm_authenticate_success_invokes_log_success() {

     // given

     validation_to_return = 1;

-    log_success_invoked = 0;

     //when

    pam_sm_authenticate(NULL, 0, 0, NULL);

    return log_success_invoked;

 }

+int pam_sm_authenticate_fail_invokes_log_failure() {

+    // given

+    validation_to_return = 0;

+

+    //when

+   pam_sm_authenticate(NULL, 0, 0, NULL);

+   check(log_failure_invoked, "log failure should be invoked");

+   succeed();

+}

+

 int succeeds_with_valid_token() {

     //given

     validation_to_return = 1;

@@ -66,35 +112,17 @@ int fails_with_invalid_token() {

     return result == PAM_AUTH_ERR;

 }

-int main(int argc, char* argv[]) {

-    int test1_result = succeeds_with_valid_token();

-    if (!test1_result) {

-        fprintf(stderr, "succeds with valid token failed\n");

-    }

-

-    int test3_result = pam_sm_setcred_returns_success();

-    if (!test3_result) {

-        fprintf(stderr, "set cred failed\n");

-    }

-

-    int test4_result = pam_sm_authenticate_success_invokes_log_success();

-    if (!test4_result) {

-        fprintf(stderr, "authenticate invokes log_success failed\n");

-    }

-

-    int test5_result = fails_with_invalid_token();

-    if (!test5_result) {

-        fprintf(stderr, "fails with invalid token failed\n");

-    }

-

-

-

-    if (test1_result && test3_result && test4_result && test5_result) {

-        fprintf(stderr, "success\n");

-        return 0;

-    } else {

-        return 1;

-    }

+int runtests() {

+    test(pam_sm_authenticate_validates_with_received_token);

+    test(pam_sm_setcred_returns_success);

+    test(pam_sm_authenticate_success_invokes_log_success);

+    test(pam_sm_authenticate_fail_invokes_log_failure);

+    test(succeeds_with_valid_token);

+    test(fails_with_invalid_token);

+    succeed();

 }

+int main(int argc, char* argv[]) {

+   return !runtests();

+}

@@ -1,12 +1,21 @@

+#include <syslog.h>

+

 #include "logging.h"

-#include "dc_syslog.h"

+#include "test_support.h"

 static const char program_name[] = "pam_dual_control";

 void log_success() {

-    dc_openlog(program_name, 0, LOG_AUTHPRIV);

-    dc_syslog(LOG_NOTICE, "dual control succeeded");

-    dc_closelog();

+    openlog(program_name, 0, LOG_AUTHPRIV);

+    syslog(LOG_NOTICE, "dual control succeeded");

+    closelog();

+}

+

+void log_failure() {

+    openlog(program_name, 0, LOG_AUTHPRIV);

+    syslog(LOG_NOTICE, "dual control failed");

+    closelog();

 }

+

@@ -2,6 +2,6 @@

 #define __DUAL_CONTROL_LOGGING

 void log_success();

-void log_fail();

+void log_failure();

 #endif

deleted file mode 100755

Binary files a/logging_test and /dev/null differ

@@ -1,53 +1,41 @@

 #include <stdio.h>

 #include <string.h>

+#include <syslog.h>

-#include "dc_syslog.h"

 #include "logging.h"

+#include "test_util.h"

 int logged_priority = -1000;

 const char *logged_message = "";

-void dc_syslog(int priority, const char *message, ...) {

+void fake_syslog(int priority, const char *message, ...) {

     logged_priority = priority;

     logged_message = message;

 }

 int close_log_invoked = 0;

-void dc_closelog(void) {

+void fake_closelog(void) {

     close_log_invoked = 1;

 }

 int opened_facility = -1000;

 const char *opened_program_name = "";

 int opened_logopt = -1000;

-void dc_openlog(const char *ident, int logopt, int facility) {

+void fake_openlog(const char *ident, int logopt, int facility) {

     opened_facility = facility;

     opened_program_name = ident;

     opened_logopt = logopt;

 }

-

-#define check(assertion, msg) \

-    if (!(assertion)) { \

-      fprintf(stderr, "assertion failed: %s\n", msg); \

-      return 0; \

-    }

-

-#define checkint(expected, actual, name) \

-    check(expected == actual, name " should be " #expected)

-

-#define checkstr(expected, actual, name) \

-    check(!strcmp(actual, expected), name " should be '" expected "'")

-

-#define succeed() return 1

+RESET_VARS_START

+logged_priority = -1000;

+close_log_invoked = 0;

+opened_facility = -1000;

+const char *opened_program_name = "";

+int opened_logopt = -1000;

+RESET_VARS_END

 int test_log_success() {

     // given

-    opened_facility = -1000;

-    opened_program_name = "";

-    opened_logopt = -1000;

-    logged_priority = -1000;

-    logged_message = "";

-    close_log_invoked = 0;

     // when

     log_success();

@@ -59,17 +47,32 @@ int test_log_success() {

     check(close_log_invoked, "log closed");

     checkstr("pam_dual_control", opened_program_name, "program name");

     checkstr("dual control succeeded", logged_message, "logged message");

+    succeed();

+}

+

+int test_log_failure() {

+    //given

+    //when

+    log_failure();

+

+    //then

+    checkint(LOG_AUTHPRIV, opened_facility, "facility");

+    checkint(LOG_NOTICE, logged_priority, "priority");

+    checkint(0, opened_logopt, "logopt");

+    check(close_log_invoked, "log closed");

+    checkstr("pam_dual_control", opened_program_name, "program name");

+    checkstr("dual control failed", logged_message, "logged message");

     succeed();

 }

+int test_runner() {

+    test(test_log_success);

+    test(test_log_failure);

+    succeed();

+}

 int main(int numargs, char **args) {

-    if(test_log_success()) {

-        fprintf(stderr, "Success!\n");

-        return 0;

-    } else {

-        return 1;

-    }

+    return !test_runner();

 }

new file mode 100644

@@ -0,0 +1,48 @@

+/* Include this in a module that will be under test coverage

+ *

+ */

+

+#ifndef _TEST_SUPPORT_H

+#define _TEST_SUPPORT_H

+#include <stdlib.h>

+#include <stdio.h>

+#include <pwd.h>

+#include <sys/stat.h>

+// SYSLOG

+void fake_openlog(const char *ident, int logopt, int facility);

+void fake_syslog(int priority, const char *format, ...);

+void fake_closelog(void);

+

+// PWD

+int fake_getpwnam_r(const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result);

+

+// SYS_STAT

+int fake_stat(const char *path, struct stat *stat);

+

+// STDIO

+FILE *fake_fopen(const char *path, const char *mode);

+char *fake_fgets(char *buf, int n, FILE *fp);

+int fake_fclose(FILE *fp);

+

+

+#ifdef UNIT_TEST

+// SYSLOG

+#define openlog(IDENT, LOGOPT, FACILITY) fake_openlog(IDENT, LOGOPT, FACILITY)

+#define syslog(PRIORITY, ...) fake_syslog(PRIORITY, __VA_ARGS__)

+#define closelog() fake_closelog()

+

+// PWD

+#define getpwnam_r(USER, PASSWD, BUFFER, BUFSIZE, PRESULT) fake_getpwnam_r(USER, PASSWD, BUFFER, BUFSIZE, PRESULT)

+

+// SYS_STAT

+#define stat(PATH, STRUCT) fake_stat(PATH, STRUCT)

+

+// STDIO

+#define fopen(PATH, MODE) fake_fopen(PATH, MODE)

+#define fgets(DEST, DEST_SIZE, FILE_HANDLE) fake_fgets(DEST, DEST_SIZE, FILE_HANDLE)

+#define fclose(FILE_HANDLE) fake_fclose(FILE_HANDLE)

+

+#endif

+

+#endif

+

new file mode 100644

@@ -0,0 +1,36 @@

+#ifndef _TESTUTIL_H

+#define _TESTUTIL_H

+

+#include <string.h>

+#include <stdio.h>

+#define check(assertion, msg) \

+    if (!(assertion)) { \

+      fprintf(stderr, "assertion failed: %s\n", msg); \

+      return 0; \

+    }

+

+#define checkint(expected, actual, name) \

+    check(expected == actual, name " should be " #expected)

+

+#define checkstr(expected, actual, name) \

+    check(!strcmp(expected, actual), name " should be '" expected "'")

+

+#define RESET_VARS_START void __reset_vars() {

+

+#define RESET_VARS_END }

+

+#define test(NAME) \

+    { \

+      __reset_vars(); \

+      int result = NAME (); \

+      if (!result) { \

+          fprintf(stderr, "test failed: %s\n", #NAME); \

+          return 0; \

+      } \

+    }

+

+#define succeed() return 1

+#define fail() return 0

+

+#endif

+

new file mode 100644

@@ -0,0 +1,103 @@

+#include <stdlib.h>

+#include <string.h>

+#include <security/pam_modules.h>

+#include <pwd.h>

+#include <unistd.h>

+#include <stdio.h>

+#include <sys/stat.h>

+

+#include "token.h"

+#include "test_support.h"

+

+typedef struct buffer {

+    size_t size;

+    char *mem;

+} buffer_t;

+

+buffer_t allocate_buffer() {

+    buffer_t buffer;

+

+    buffer.size = (size_t) sysconf(_SC_GETPW_R_SIZE_MAX);

+    buffer.mem = (char *) malloc(buffer.size * sizeof(char));

+

+    return buffer;

+

+}

+

+void free_buffer(buffer_t *buffer) {

+    free(buffer->mem);

+    buffer->mem = 0;

+    buffer->size = 0;

+}

+

+char *use_buffer(buffer_t buffer) {

+    return buffer.mem;

+}

+

+size_t buffer_size(buffer_t buffer) {

+    return buffer.size;

+}

+

+

+int get_passwd(const char *user, struct passwd *passwd, buffer_t buffer) {

+    struct passwd *found_passwd = 0;

+    getpwnam_r(user, passwd, use_buffer(buffer), buffer_size(buffer), &found_passwd);

+    return (found_passwd != 0);

+}

+

+int validate_token(const char *user, const char *token) {

+

+

+    char *filepath = 0;

+    char *working_token = 0;

+    buffer_t buffer = allocate_buffer();

+

+    int ok = 0;

+    struct passwd passwd;

+    int user_found = get_passwd(user, &passwd, buffer);

+

+    // check if user is known

+    if(!user_found) {

+       goto finally;

+    }

+

+    const char *directory = passwd.pw_dir;

+

+    int dir_len = strlen(directory);

+    int fname_len = strlen(".dual_control");

+    filepath = (char *)malloc((dir_len + 1 + fname_len + 1) * sizeof(char));

+

+    strcpy(filepath, directory);

+    strcat(filepath, "/");

+    strcat(filepath, ".dual_control");

+

+    struct stat file_stat;

+    int check_file = stat(filepath, &file_stat);

+    if (check_file) {

+        goto finally;

+    }

+

+    // read the file and grab token

+    char fetched_token[7];

+    FILE *fp = 0;

+    fp = fopen(filepath, "r");

+    fgets(fetched_token, 7, fp);

+    fclose(fp);

+

+    // check if token matches

+    if(strcmp(token, fetched_token)) {

+        goto finally;

+    }

+

+    ok = 1;

+

+    finally:

+

+    free(filepath);

+    free(working_token);

+    free_buffer(&buffer);

+

+    return ok;

+}

+

+

@@ -1,6 +1,6 @@

 #ifndef _TOKEN_H

 #define _TOKEN_H

-int validate_token(const char *token);

+int validate_token(const char *user, const char *token);

 #endif

new file mode 100644

@@ -0,0 +1,120 @@

+#include <string.h>

+#include <pwd.h>

+#include <stdio.h>

+#include <sys/stat.h>

+

+#include "token.h"

+#include "test_util.h"

+

+const char *fake_user = "";

+const char *fake_user_token = "";

+

+// all the fake system calls

+char *fake_home_dir = "";

+int fake_getpwnam_r(const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) {

+  strcpy(buffer, fake_home_dir);

+  pwd->pw_dir = buffer;

+  int ok = !strcmp(nam, fake_user);

+  *result = ok ? pwd : 0;

+  return !ok;

+}

+

+

+char *fake_stat_path = "";

+int fake_stat(const char *path, struct stat *stat) {

+    return (strcmp(fake_stat_path, path));

+}

+

+char *fake_fopen_path = "";

+char *fake_fopen_mode = "";

+FILE *_fhandle = 0;

+FILE *fake_fopen(const char *path, const char *mode) {

+    static FILE handle;

+    int path_matches = !strcmp(fake_fopen_path, path);

+    int mode_matches = !strcmp(fake_fopen_mode, mode);

+    if(path_matches && mode_matches) {

+        _fhandle = &handle;

+        return &handle;

+    } else {

+        _fhandle = 0;

+        return 0;

+    }

+}

+

+char *fake_fgets(char *buf, int n, FILE *fp) {

+    if (_fhandle == fp && fp != 0) {

+       strncpy(buf, fake_user_token, n - 1);

+        return buf;

+    } else {

+        return 0;

+    }

+}

+

+int fake_fclose(FILE *fp) {

+    return 0;

+}

+

+

+// STDIO

+

+

+

+RESET_VARS_START

+fake_user = "msmith";

+fake_user_token = "123456";

+fake_home_dir = "/home/msmith";

+fake_stat_path = "/home/msmith/.dual_control";

+fake_fopen_path = fake_stat_path;

+fake_fopen_mode = "r";

+RESET_VARS_END

+

+

+int validate_compares_to_user_token() {

+

+    // given

+

+    // when

+    int valid = validate_token("msmith", "123456");

+

+    // then

+    check(valid, "expected result to be valid");

+

+    succeed();

+

+}

+

+int validates_from_the_right_user() {

+    //given

+

+    //when

+    int valid = validate_token("jbalcita", "12346");

+

+    //then

+    check(!valid, "expected result to be invalid");

+    succeed();

+}

+

+int validates_user_specific_token() {

+    //given

+

+    //when

+    int valid = validate_token("msmith", "654321");

+

+    //then

+    check(!valid, "expected result to be invalid");

+    succeed();

+}

+

+int runtests() {

+    test(validate_compares_to_user_token);

+    test(validates_from_the_right_user);

+    test(validates_user_specific_token);

+    succeed();

+}

+

+int main(int argc, char **argv) {

+    int rval = !runtests();

+    return rval;

+}

+

+