Browse code
session gets user from pam
Greg Wiley authored on 02/05/2017 23:31:41
Showing 9 changed files
Showing 9 changed files
- Makefile.in
- conversation_test.cc
- dual_control.cc
- session.cc
- session.h
- session_test.cc
- sys_pam.cc
- sys_pam.h
- test_util.h
... | ... |
@@ -3,7 +3,7 @@ CFLAGS += -fPIC -fno-stack-protector |
3 | 3 |
LDFLAGS = -lpam |
4 | 4 |
|
5 | 5 |
INTEGRATION_OBJS = sys_syslog.o sys_fstream.o sys_unistd.o sys_pwd.o pam.o dual_control_integrate.o |
6 |
-OBJS = dual_control.o request.o validator.o conversation.o user.o token.o logger.o |
|
6 |
+OBJS = dual_control.o request.o validator.o conversation.o user.o token.o logger.o session.o |
|
7 | 7 |
TESTS = dual_control_test validator_test conversation_test request_test user_test token_test \ |
8 | 8 |
logger_test session_test |
9 | 9 |
TESTOBJS = $(patsubst %,%.o,$(TESTS)) |
... | ... |
@@ -82,7 +82,7 @@ private: |
82 | 82 |
pam_handle *expected_handle_; |
83 | 83 |
conversation_data conversation_data_; |
84 | 84 |
int get_response_; |
85 |
- pam_conv conv_; |
|
85 |
+ mutable pam_conv conv_; |
|
86 | 86 |
public: |
87 | 87 |
fake_pam (pam_handle *expected_handle, |
88 | 88 |
const conversation_data &conversation_data) |
... | ... |
@@ -91,7 +91,7 @@ public: |
91 | 91 |
get_response_ (PAM_SUCCESS) |
92 | 92 |
{} |
93 | 93 |
fake_pam (int get_response) : get_response_ (get_response) {} |
94 |
- int get_conv (pam_handle *handle, const pam_conv **out) |
|
94 |
+ int get_conv (pam_handle *handle, const pam_conv **out) const |
|
95 | 95 |
{ |
96 | 96 |
if (get_response_ != PAM_SUCCESS) { |
97 | 97 |
return get_response_; |
... | ... |
@@ -101,7 +101,7 @@ public: |
101 | 101 |
throw std::string ("unexpected handle"); |
102 | 102 |
} |
103 | 103 |
|
104 |
- conv_.appdata_ptr = reinterpret_cast<void *> (&conversation_data_); |
|
104 |
+ conv_.appdata_ptr = (void*) (&conversation_data_); |
|
105 | 105 |
conv_.conv = fake_conv; |
106 | 106 |
*out = &conv_; |
107 | 107 |
return PAM_SUCCESS; |
... | ... |
@@ -17,6 +17,7 @@ |
17 | 17 |
#include "dual_control.h" |
18 | 18 |
#include "conversation.h" |
19 | 19 |
#include "validator.h" |
20 |
+#include "session.h" |
|
20 | 21 |
#include "logger.h" |
21 | 22 |
|
22 | 23 |
int dual_control_ifc::authenticate (const pam_request &request) |
... | ... |
@@ -37,6 +38,7 @@ private: |
37 | 38 |
conversation conversation_; |
38 | 39 |
validator validator_; |
39 | 40 |
logger logger_; |
41 |
+ session session_; |
|
40 | 42 |
public: |
41 | 43 |
impl (const dual_control_configuration &configuration); |
42 | 44 |
int authenticate (const pam_request &request); |
... | ... |
@@ -57,7 +59,10 @@ int impl::authenticate (const pam_request &request) |
57 | 59 |
{ |
58 | 60 |
conversation_result input (conversation_.initiate (request)); |
59 | 61 |
|
60 |
- int auth_result = validator_.validate ("", input.user_name, |
|
62 |
+ session_.user_name(request); |
|
63 |
+ |
|
64 |
+ auto requester_user_name = session_.user_name(request); |
|
65 |
+ int auth_result = validator_.validate ("anyone", input.user_name, |
|
61 | 66 |
input.token) ? PAM_SUCCESS : PAM_AUTH_ERR; |
62 | 67 |
|
63 | 68 |
logger_.log (auth_result, input.user_name, input.token); |
64 | 69 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,26 @@ |
1 |
+#include <memory> |
|
2 |
+#include <string> |
|
3 |
+ |
|
4 |
+#include "session.h" |
|
5 |
+#include "sys_pam.h" |
|
6 |
+#include "request.h" |
|
7 |
+ |
|
8 |
+namespace |
|
9 |
+{ |
|
10 |
+class impl : public session_ifc { |
|
11 |
+ private: |
|
12 |
+ pam pam_; |
|
13 |
+ public: |
|
14 |
+ impl(const pam &pam) : pam_(pam) {} |
|
15 |
+ std::string user_name (const pam_request &request) const { |
|
16 |
+ const char *user_name; |
|
17 |
+ pam_.get_user(request.handle(), &user_name); |
|
18 |
+ return user_name; |
|
19 |
+ } |
|
20 |
+}; |
|
21 |
+ |
|
22 |
+} |
|
23 |
+ |
|
24 |
+session session::create(const pam &pam) { |
|
25 |
+ return session(std::make_shared<impl>(pam)); |
|
26 |
+} |
0 | 27 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,29 @@ |
1 |
+#ifndef _SESSION_H_ |
|
2 |
+#define _SESSION_H_ |
|
3 |
+ |
|
4 |
+#include <string> |
|
5 |
+ |
|
6 |
+#include "request.h" |
|
7 |
+#include "sys_pam.h" |
|
8 |
+ |
|
9 |
+class session_ifc { |
|
10 |
+ public: |
|
11 |
+ virtual ~session_ifc () {} |
|
12 |
+ virtual std::string user_name (const pam_request &request) const { |
|
13 |
+ return ""; |
|
14 |
+ } |
|
15 |
+}; |
|
16 |
+ |
|
17 |
+class session { |
|
18 |
+ private: |
|
19 |
+ std::shared_ptr<session_ifc> delegate_; |
|
20 |
+ public: |
|
21 |
+ session(std::shared_ptr<session_ifc> delegate = std::make_shared<session_ifc>()) : delegate_(delegate) {} |
|
22 |
+ std::string user_name (const pam_request &request) const { |
|
23 |
+ return delegate_->user_name(request); |
|
24 |
+ } |
|
25 |
+ static session create(const pam &pam); |
|
26 |
+}; |
|
27 |
+ |
|
28 |
+#endif |
|
29 |
+ |
0 | 30 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,43 @@ |
1 |
+#include <string> |
|
2 |
+#include <memory> |
|
3 |
+ |
|
4 |
+#include "session.h" |
|
5 |
+#include "test_util.h" |
|
6 |
+#include "sys_pam.h" |
|
7 |
+#include "request.h" |
|
8 |
+ |
|
9 |
+class fake_sys_pam : public pam_ifc { |
|
10 |
+ private: |
|
11 |
+ std::string user_name_; |
|
12 |
+ public: |
|
13 |
+ fake_sys_pam(std::string user_name) : user_name_(user_name) {} |
|
14 |
+ int get_user (pam_handle *handle, const char **out) const { |
|
15 |
+ *out = user_name_.c_str(); |
|
16 |
+ return PAM_SUCCESS; |
|
17 |
+ } |
|
18 |
+}; |
|
19 |
+ |
|
20 |
+int gets_user_from_pam() { |
|
21 |
+ //given |
|
22 |
+ std::string user_name("user"); |
|
23 |
+ pam fake_sys_pam(std::make_shared<fake_sys_pam>(user_name)); |
|
24 |
+ session session(session::create(fake_sys_pam)); |
|
25 |
+ pam_request request(0, 0, 0, 0); |
|
26 |
+ |
|
27 |
+ //when |
|
28 |
+ std::string actual = session.user_name(request); |
|
29 |
+ |
|
30 |
+ // |
|
31 |
+ //then |
|
32 |
+ check(actual == user_name, "returned wrong user name"); |
|
33 |
+ succeed(); |
|
34 |
+} |
|
35 |
+ |
|
36 |
+int run_tests() { |
|
37 |
+ test(gets_user_from_pam); |
|
38 |
+ succeed(); |
|
39 |
+} |
|
40 |
+ |
|
41 |
+int main(int argc, char *argv[]) { |
|
42 |
+ return !run_tests(); |
|
43 |
+} |
... | ... |
@@ -21,11 +21,11 @@ namespace |
21 | 21 |
class impl : public pam_ifc |
22 | 22 |
{ |
23 | 23 |
public: |
24 |
- int get_conv (pam_handle *handle, const pam_conv **out) |
|
24 |
+ int get_conv (pam_handle *handle, const pam_conv **out) const |
|
25 | 25 |
{ |
26 | 26 |
return ::pam_get_item (handle, PAM_CONV, (const void **)out); |
27 | 27 |
} |
28 |
- int get_user (pam_handle *handle, const char **out) |
|
28 |
+ int get_user (pam_handle *handle, const char **out) const |
|
29 | 29 |
{ |
30 | 30 |
return ::pam_get_item (handle, PAM_USER, (const void **)out); |
31 | 31 |
} |
... | ... |
@@ -19,10 +19,10 @@ class pam_ifc |
19 | 19 |
{ |
20 | 20 |
public: |
21 | 21 |
virtual ~pam_ifc() {} |
22 |
- virtual int get_user (pam_handle *handle, const char **out) { |
|
22 |
+ virtual int get_user (pam_handle *handle, const char **out) const { |
|
23 | 23 |
return PAM_SERVICE_ERR; |
24 | 24 |
} |
25 |
- virtual int get_conv (pam_handle *handle, const pam_conv **out) |
|
25 |
+ virtual int get_conv (pam_handle *handle, const pam_conv **out) const |
|
26 | 26 |
{ |
27 | 27 |
return PAM_SERVICE_ERR; |
28 | 28 |
} |
... | ... |
@@ -36,10 +36,10 @@ private: |
36 | 36 |
public: |
37 | 37 |
pam (const delegate &delegate) : delegate_ (delegate) {} |
38 | 38 |
pam() : pam (delegate (new pam_ifc)) {} |
39 |
- int get_user(pam_handle *handle, const char **out) { |
|
39 |
+ int get_user(pam_handle *handle, const char **out) const { |
|
40 | 40 |
return delegate_->get_user(handle, out); |
41 | 41 |
} |
42 |
- int get_conv (pam_handle *handle, const pam_conv **out) |
|
42 |
+ int get_conv (pam_handle *handle, const pam_conv **out) const |
|
43 | 43 |
{ |
44 | 44 |
return delegate_->get_conv (handle, out); |
45 | 45 |
} |