Browse code
dual control validates
Greg Wiley authored on 18/04/2017 21:16:06
Showing 7 changed files
Showing 7 changed files
- conversation.h
- dual_control.cc
- dual_control.h
- dual_control_test.cc
- validator.cc
- validator.h
- validator_test.cc
... | ... |
@@ -3,13 +3,37 @@ |
3 | 3 |
|
4 | 4 |
#include <security/pam_modules.h> |
5 | 5 |
#include <string> |
6 |
+#include <memory> |
|
6 | 7 |
|
7 | 8 |
#include "pam.h" |
8 | 9 |
|
10 |
+ |
|
11 |
+ |
|
12 |
+class conversation_result { |
|
13 |
+ private: |
|
14 |
+ std::string token_; |
|
15 |
+ std::string user_name_; |
|
16 |
+ public: |
|
17 |
+ conversation_result(std::string user_name, std::string token) |
|
18 |
+ : token_(token), |
|
19 |
+ user_name_(user_name) {} |
|
20 |
+ std::string token() { return token_; } |
|
21 |
+ std::string user_name() { return user_name_; } |
|
22 |
+}; |
|
23 |
+ |
|
24 |
+class conversations_ifc { |
|
25 |
+ public: |
|
26 |
+ virtual ~conversations_ifc() {} |
|
27 |
+ virtual conversation_result initiate_conversation() = 0; |
|
28 |
+}; |
|
29 |
+typedef std::shared_ptr<conversations_ifc> conversations; |
|
30 |
+ |
|
31 |
+ |
|
32 |
+ |
|
9 | 33 |
class token_conversation { |
10 | 34 |
public: |
11 | 35 |
virtual ~token_conversation() {} |
12 |
- virtual std::string token() { return""; } |
|
36 |
+ virtual std::string token() { return ""; } |
|
13 | 37 |
virtual std::string user_name() { return ""; } |
14 | 38 |
}; |
15 | 39 |
|
... | ... |
@@ -1,22 +1,40 @@ |
1 | 1 |
|
2 | 2 |
#include "dual_control.h" |
3 |
+#include "conversation.h" |
|
4 |
+#include "validator.h" |
|
3 | 5 |
|
4 | 6 |
class impl : public dual_control_ifc { |
7 |
+ private: |
|
8 |
+ conversations conversations_; |
|
9 |
+ validator validator_; |
|
5 | 10 |
public: |
11 |
+ impl(const dual_control_configuration &configuration); |
|
6 | 12 |
int authenticate(pam_handle *handle, int flags, const std::vector<const std::string> &arguments ); |
7 | 13 |
int setcred(pam_handle *handle, int flags, const std::vector<const std::string> &arguments); |
8 | 14 |
}; |
9 | 15 |
|
16 |
+impl::impl(const dual_control_configuration &configuration) : |
|
17 |
+ conversations_(configuration.conversations), |
|
18 |
+ validator_(configuration.validator) {} |
|
19 |
+ |
|
10 | 20 |
int impl::setcred(pam_handle *handle, int flags, const std::vector<const std::string> &arguments) { |
11 | 21 |
return PAM_SUCCESS; |
12 | 22 |
} |
13 | 23 |
|
14 | 24 |
int impl::authenticate(pam_handle *handle, int flags, const std::vector<const std::string> &arguments) { |
15 |
- return -1209342; |
|
25 |
+ |
|
26 |
+ conversation_result result = conversations_->initiate_conversation(); |
|
27 |
+ std::string user = result.user_name(); |
|
28 |
+ std::string token = result.token(); |
|
29 |
+ |
|
30 |
+ if (validator_->validate(user, token)) { |
|
31 |
+ return PAM_SUCCESS; |
|
32 |
+ } |
|
33 |
+ return 1212; |
|
16 | 34 |
} |
17 | 35 |
|
18 |
-dual_control create_dual_control() { |
|
19 |
- return dual_control(new impl); |
|
36 |
+dual_control create_dual_control(const dual_control_configuration &configuration) { |
|
37 |
+ return dual_control(new impl(configuration)); |
|
20 | 38 |
} |
21 | 39 |
|
22 | 40 |
|
... | ... |
@@ -6,6 +6,10 @@ |
6 | 6 |
#include <vector> |
7 | 7 |
#include <security/pam_modules.h> |
8 | 8 |
|
9 |
+#include "validator.h" |
|
10 |
+#include "conversation.h" |
|
11 |
+ |
|
12 |
+ |
|
9 | 13 |
class dual_control_ifc { |
10 | 14 |
public: |
11 | 15 |
virtual ~dual_control_ifc() {} |
... | ... |
@@ -15,7 +19,14 @@ class dual_control_ifc { |
15 | 19 |
|
16 | 20 |
typedef std::shared_ptr<dual_control_ifc> dual_control; |
17 | 21 |
|
18 |
-dual_control create_dual_control(); |
|
22 |
+struct dual_control_configuration { |
|
23 |
+ validator validator; |
|
24 |
+ conversations conversations; |
|
25 |
+}; |
|
26 |
+ |
|
27 |
+dual_control create_dual_control(const dual_control_configuration &configuration); |
|
28 |
+ |
|
29 |
+ |
|
19 | 30 |
|
20 | 31 |
#endif |
21 | 32 |
|
... | ... |
@@ -1,12 +1,40 @@ |
1 | 1 |
#include <security/pam_modules.h> |
2 | 2 |
|
3 | 3 |
#include "dual_control.h" |
4 |
+#include "validator.h" |
|
5 |
+ |
|
4 | 6 |
#include "test_util.h" |
7 |
+#include "conversation.h" |
|
8 |
+ |
|
9 |
+ |
|
10 |
+class fake_conversations : public conversations_ifc { |
|
11 |
+ private: |
|
12 |
+ std::string user_name_; |
|
13 |
+ std::string token_; |
|
14 |
+ public: |
|
15 |
+ fake_conversations(const std::string &user_name, const std::string &token) : user_name_(user_name), token_(token) {} |
|
16 |
+ conversation_result initiate_conversation() { |
|
17 |
+ return conversation_result(user_name_, token_); |
|
18 |
+ } |
|
19 |
+}; |
|
20 |
+ |
|
21 |
+class fake_validator : public validator_ifc { |
|
22 |
+ private: |
|
23 |
+ std::string user_; |
|
24 |
+ std::string token_; |
|
25 |
+ public: |
|
26 |
+ fake_validator(const std::string &user, const std::string &token): user_(user), token_(token) {} |
|
27 |
+ bool validate(const std::string &user, const std::string &token) { |
|
28 |
+ return user_ == user && token_ == token; |
|
29 |
+ } |
|
30 |
+}; |
|
31 |
+ |
|
5 | 32 |
|
6 | 33 |
int setcred_returns_success() { |
7 | 34 |
//given |
35 |
+ dual_control_configuration configuration; |
|
8 | 36 |
pam_handle *pamh(0); |
9 |
- dual_control dc(create_dual_control()); |
|
37 |
+ dual_control dc(create_dual_control(configuration)); |
|
10 | 38 |
std::vector<const std::string> arguments; |
11 | 39 |
|
12 | 40 |
//when |
... | ... |
@@ -18,11 +46,32 @@ int setcred_returns_success() { |
18 | 46 |
|
19 | 47 |
} |
20 | 48 |
|
49 |
+int authenticate_validates_with_received_token() { |
|
50 |
+ // given |
|
51 |
+ dual_control_configuration configuration; |
|
52 |
+ std::string user("user"); |
|
53 |
+ std::string token("token"); |
|
54 |
+ configuration.validator = validator(new fake_validator(user, token)); |
|
55 |
+ configuration.conversations = conversations(new fake_conversations(user, token)); |
|
56 |
+ dual_control dc(create_dual_control(configuration)); |
|
57 |
+ pam_handle_t *handle = (pam_handle_t*)""; |
|
58 |
+ std::vector<const std::string> arguments; |
|
59 |
+ |
|
60 |
+ // when |
|
61 |
+ int actual = dc->authenticate(handle, 0, arguments); |
|
62 |
+ |
|
63 |
+ // then |
|
64 |
+ check(actual == PAM_SUCCESS, "should be valid"); |
|
65 |
+ succeed(); |
|
66 |
+} |
|
67 |
+ |
|
68 |
+ |
|
21 | 69 |
RESET_VARS_START |
22 | 70 |
RESET_VARS_END |
23 | 71 |
|
24 | 72 |
int runtests() { |
25 | 73 |
test(setcred_returns_success); |
74 |
+ test(authenticate_validates_with_received_token); |
|
26 | 75 |
succeed(); |
27 | 76 |
} |
28 | 77 |
|
... | ... |
@@ -3,7 +3,7 @@ |
3 | 3 |
|
4 | 4 |
#include "validator.h" |
5 | 5 |
|
6 |
-bool validator::validate(const std::string &user_name, const std::string &token) { |
|
6 |
+bool old_validator::validate(const std::string &user_name, const std::string &token) { |
|
7 | 7 |
user_p found_user = directory_->find_user(user_name); |
8 | 8 |
|
9 | 9 |
if (!found_user) { |
... | ... |
@@ -7,12 +7,21 @@ |
7 | 7 |
#include "user.h" |
8 | 8 |
#include "token.h" |
9 | 9 |
|
10 |
-class validator { |
|
10 |
+class validator_ifc { |
|
11 |
+ public: |
|
12 |
+ virtual ~validator_ifc() {} |
|
13 |
+ virtual bool validate(const std::string &user, const std::string &token) = 0; |
|
14 |
+}; |
|
15 |
+ |
|
16 |
+typedef std::shared_ptr<validator_ifc> validator; |
|
17 |
+ |
|
18 |
+ |
|
19 |
+class old_validator { |
|
11 | 20 |
private: |
12 | 21 |
directory_p directory_; |
13 | 22 |
user_token_supplier_p user_token_supplier_; |
14 | 23 |
public: |
15 |
- validator(const directory_p &directory, const user_token_supplier_p &user_token_supplier): |
|
24 |
+ old_validator(const directory_p &directory, const user_token_supplier_p &user_token_supplier): |
|
16 | 25 |
directory_(directory), |
17 | 26 |
user_token_supplier_(user_token_supplier) {} |
18 | 27 |
bool validate(const std::string &user, const std::string &token); |
... | ... |
@@ -39,7 +39,7 @@ bool validator_validates() { |
39 | 39 |
user_token_supplier_p user_token_supplier(new fake_user_token_supplier(token)); |
40 | 40 |
std::string user_name = "msmith"; |
41 | 41 |
directory_p directory(new fake_directory(user_name)); |
42 |
- validator validator(directory, user_token_supplier); |
|
42 |
+ old_validator validator(directory, user_token_supplier); |
|
43 | 43 |
|
44 | 44 |
|
45 | 45 |
// when |
... | ... |
@@ -57,7 +57,7 @@ bool validator_fails_unknown_user() { |
57 | 57 |
std::string token = "token"; |
58 | 58 |
user_token_supplier_p user_token_supplier(new fake_user_token_supplier(token)); |
59 | 59 |
directory_p directory(new fake_directory); |
60 |
- validator validator(directory, user_token_supplier); |
|
60 |
+ old_validator validator(directory, user_token_supplier); |
|
61 | 61 |
|
62 | 62 |
|
63 | 63 |
// when |
... | ... |
@@ -75,7 +75,7 @@ bool validator_fails_incorrect_token() { |
75 | 75 |
user_token_supplier_p user_token_supplier(new fake_user_token_supplier); |
76 | 76 |
std::string user_name = "msmith"; |
77 | 77 |
directory_p directory(new fake_directory(user_name)); |
78 |
- validator validator(directory, user_token_supplier); |
|
78 |
+ old_validator validator(directory, user_token_supplier); |
|
79 | 79 |
|
80 | 80 |
|
81 | 81 |
// when |