@@ -4,19 +4,27 @@

 #ifndef _TEST_SUPPORT_H

 #define _TEST_SUPPORT_H

+#include <stdlib.h>

+// SYSLOG

 void fake_openlog(const char *ident, int logopt, int facility);

 void fake_syslog(int priority, const char *format, ...);

 void fake_closelog(void);

-/*

- * replace C library functions with fake counterparts when UINT_TEST symbol

- * is defined

- */

+// PWD

+struct passwd;

+int fake_getpwnam_r(const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result);

+

+

 #ifdef UNIT_TEST

+// SYSLOG

 #define openlog(IDENT, LOGOPT, FACILITY) fake_openlog(IDENT, LOGOPT, FACILITY)

 #define syslog(PRIORITY, ...) fake_syslog(PRIORITY, __VA_ARGS__)

 #define closelog() fake_closelog()

+

+// PWD

+#define getpwnam_r(USER, PASSWD, BUFFER, BUFSIZE, PRESULT) fake_getpwnam_r(USER, PASSWD, BUFFER, BUFSIZE, PRESULT)

+

 #endif

 #endif

@@ -1,10 +1,61 @@

+#include <stdlib.h>

+#include <string.h>

 #include <security/pam_modules.h>

+#include <pwd.h>

+#include <unistd.h>

 #include "token.h"

+#include "test_support.h"

+

+int user_is_known(const char *user) {

+    struct passwd *passwd = (struct passwd *) malloc(sizeof(struct passwd));

+    size_t bufsize = (size_t) sysconf(_SC_GETPW_R_SIZE_MAX);

+    char * buffer = (char *) malloc(bufsize * sizeof(char));

+    struct passwd *found_passwd = 0;

+    getpwnam_r(user, passwd, buffer, bufsize, &found_passwd);

+    int known = found_passwd != 0;

+

+    free(buffer);

+    free(passwd);

+

+    return known;

+

+}

+

 int validate_token(const char *token) {

-    return 1;

+    int ok = 0;

+

+    char *user = 0;

+

+    // duplicate

+    int token_length = strlen(token);

+    user = (char *) malloc((token_length + 1) * sizeof(char));

+    strcpy(user, token);

+

+    // find the first colon

+    char *colon = strchr(user, ':');

+    if (!colon) {

+        goto finally;

+    }

+

+    // poke a zero so dup is the username

+    *colon = 0;

+

+    // check if user is known

+    if(!user_is_known(user)) {

+       goto finally;

+    }

+

+    ok = 1;

+

+    // determine if user is system user

+    // fail if not

+    finally:

+

+    free(user);

+    return ok;

 }

@@ -1,12 +1,18 @@

+#include <string.h>

 #include "token.h"

 #include "test_util.h"

 const char *fake_user = "";

 const char *fake_user_token = "";

+struct passwd;

 // all the fake system calls

-

+int fake_getpwnam_r(const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) {

+  int ok = !strcmp(nam, fake_user);

+  *result = ok ? (struct passwd *)"" : 0;

+  return !ok;

+}

 RESET_VARS_START

 fake_user = "";

@@ -30,9 +36,22 @@ int validate_compares_to_user_token() {

 }

+int validates_from_the_right_user() {

+    //given

+    fake_user = "jbalcita";

+    fake_user_token = "123456";

+

+    //when

+    int valid = validate_token("msmith:12346");

+

+    //then

+    check(!valid, "expected result to be invalid");

+    succeed();

+}

 int runtests() {

     test(validate_compares_to_user_token);

+    test(validates_from_the_right_user);

     succeed();

 }