@@ -3,13 +3,37 @@

 #include <security/pam_modules.h>

 #include <string>

+#include <memory>

 #include "pam.h"

+

+

+class conversation_result {

+    private:

+        std::string token_;

+        std::string user_name_;

+    public:

+        conversation_result(std::string user_name, std::string token)

+            : token_(token),

+              user_name_(user_name) {}

+        std::string token() { return token_; }

+        std::string user_name() { return user_name_; }

+};

+

+class conversations_ifc {

+    public:

+        virtual ~conversations_ifc() {}

+        virtual conversation_result initiate_conversation() = 0;

+};

+typedef std::shared_ptr<conversations_ifc> conversations;

+

+

+

 class token_conversation {

     public:

         virtual ~token_conversation() {}

-        virtual std::string token() { return""; }

+        virtual std::string token() { return ""; }

         virtual std::string user_name() { return ""; }

 };

@@ -1,22 +1,40 @@

 #include "dual_control.h"

+#include "conversation.h"

+#include "validator.h"

 class impl : public dual_control_ifc {

+    private:

+       conversations conversations_;

+       validator validator_;

     public:

+        impl(const dual_control_configuration &configuration);

         int authenticate(pam_handle *handle, int flags, const std::vector<const std::string> &arguments );

         int setcred(pam_handle *handle, int flags, const std::vector<const std::string> &arguments);

 };

+impl::impl(const dual_control_configuration &configuration) :

+    conversations_(configuration.conversations),

+    validator_(configuration.validator) {}

+

 int impl::setcred(pam_handle *handle, int flags, const std::vector<const std::string> &arguments) {

     return PAM_SUCCESS;

 }

 int impl::authenticate(pam_handle *handle, int flags, const std::vector<const std::string> &arguments) {

-    return -1209342;

+

+    conversation_result result = conversations_->initiate_conversation();

+    std::string user = result.user_name();

+    std::string token = result.token();

+

+    if (validator_->validate(user, token)) {

+        return PAM_SUCCESS;

+    }

+    return 1212;

 }

-dual_control create_dual_control() {

-    return dual_control(new impl);

+dual_control create_dual_control(const dual_control_configuration &configuration) {

+    return dual_control(new impl(configuration));

 }

@@ -6,6 +6,10 @@

 #include <vector>

 #include <security/pam_modules.h>

+#include "validator.h"

+#include "conversation.h"

+

+

 class dual_control_ifc {

     public:

         virtual ~dual_control_ifc() {}

@@ -15,7 +19,14 @@ class dual_control_ifc {

 typedef std::shared_ptr<dual_control_ifc> dual_control;

-dual_control create_dual_control();

+struct dual_control_configuration {

+    validator validator;

+    conversations conversations;

+};

+

+dual_control create_dual_control(const dual_control_configuration &configuration);

+

+

 #endif

@@ -1,12 +1,40 @@

 #include <security/pam_modules.h>

 #include "dual_control.h"

+#include "validator.h"

+

 #include "test_util.h"

+#include "conversation.h"

+

+

+class fake_conversations : public conversations_ifc {

+    private:

+        std::string user_name_;

+        std::string token_;

+    public:

+        fake_conversations(const std::string &user_name, const std::string &token) : user_name_(user_name), token_(token) {}

+        conversation_result initiate_conversation() {

+            return conversation_result(user_name_, token_);

+        }

+};

+

+class fake_validator : public validator_ifc {

+    private:

+        std::string user_;

+        std::string token_;

+    public:

+        fake_validator(const std::string &user, const std::string &token): user_(user), token_(token) {}

+        bool validate(const std::string &user, const std::string &token) {

+            return user_ == user && token_ == token;

+        }

+};

+

 int setcred_returns_success() {

     //given

+    dual_control_configuration configuration;

     pam_handle *pamh(0);

-    dual_control dc(create_dual_control());

+    dual_control dc(create_dual_control(configuration));

     std::vector<const std::string> arguments;

     //when

@@ -18,11 +46,32 @@ int setcred_returns_success() {

 }

+int authenticate_validates_with_received_token() {

+    // given

+    dual_control_configuration configuration;

+    std::string user("user");

+    std::string token("token");

+    configuration.validator = validator(new fake_validator(user, token));

+    configuration.conversations = conversations(new fake_conversations(user, token));

+    dual_control dc(create_dual_control(configuration));

+    pam_handle_t *handle = (pam_handle_t*)"";

+    std::vector<const std::string> arguments;

+

+    // when

+    int actual = dc->authenticate(handle, 0, arguments);

+

+    // then

+    check(actual == PAM_SUCCESS, "should be valid");

+    succeed();

+}

+

+

 RESET_VARS_START

 RESET_VARS_END

 int runtests() {

     test(setcred_returns_success);

+    test(authenticate_validates_with_received_token);

     succeed();

 }

@@ -3,7 +3,7 @@

 #include "validator.h"

-bool validator::validate(const std::string &user_name, const std::string &token) {

+bool old_validator::validate(const std::string &user_name, const std::string &token) {

     user_p found_user = directory_->find_user(user_name);

     if (!found_user) {

@@ -7,12 +7,21 @@

 #include "user.h"

 #include "token.h"

-class validator {

+class validator_ifc {

+    public:

+        virtual ~validator_ifc() {}

+        virtual bool validate(const std::string &user, const std::string &token) = 0;

+};

+

+typedef std::shared_ptr<validator_ifc> validator;

+

+

+class old_validator {

     private:

         directory_p directory_;

         user_token_supplier_p user_token_supplier_;

     public:

-        validator(const directory_p &directory, const user_token_supplier_p &user_token_supplier):

+        old_validator(const directory_p &directory, const user_token_supplier_p &user_token_supplier):

             directory_(directory),

             user_token_supplier_(user_token_supplier) {}

         bool validate(const std::string &user, const std::string &token);

@@ -39,7 +39,7 @@ bool validator_validates() {

     user_token_supplier_p user_token_supplier(new fake_user_token_supplier(token));

     std::string user_name = "msmith";

     directory_p directory(new fake_directory(user_name));

-    validator validator(directory, user_token_supplier);

+    old_validator validator(directory, user_token_supplier);

     // when

@@ -57,7 +57,7 @@ bool validator_fails_unknown_user() {

    std::string token = "token";

    user_token_supplier_p user_token_supplier(new fake_user_token_supplier(token));

    directory_p directory(new fake_directory);

-   validator validator(directory, user_token_supplier);

+   old_validator validator(directory, user_token_supplier);

    // when

@@ -75,7 +75,7 @@ bool validator_fails_incorrect_token() {

     user_token_supplier_p user_token_supplier(new fake_user_token_supplier);

     std::string user_name = "msmith";

     directory_p directory(new fake_directory(user_name));

-    validator validator(directory, user_token_supplier);

+    old_validator validator(directory, user_token_supplier);

    // when