Browse code
validate checks against system users
Greg Wiley authored on 06/04/2017 22:10:16
Showing 3 changed files
Showing 3 changed files
... | ... |
@@ -4,19 +4,27 @@ |
4 | 4 |
|
5 | 5 |
#ifndef _TEST_SUPPORT_H |
6 | 6 |
#define _TEST_SUPPORT_H |
7 |
+#include <stdlib.h> |
|
7 | 8 |
|
9 |
+// SYSLOG |
|
8 | 10 |
void fake_openlog(const char *ident, int logopt, int facility); |
9 | 11 |
void fake_syslog(int priority, const char *format, ...); |
10 | 12 |
void fake_closelog(void); |
11 | 13 |
|
12 |
-/* |
|
13 |
- * replace C library functions with fake counterparts when UINT_TEST symbol |
|
14 |
- * is defined |
|
15 |
- */ |
|
14 |
+// PWD |
|
15 |
+struct passwd; |
|
16 |
+int fake_getpwnam_r(const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result); |
|
17 |
+ |
|
18 |
+ |
|
16 | 19 |
#ifdef UNIT_TEST |
20 |
+// SYSLOG |
|
17 | 21 |
#define openlog(IDENT, LOGOPT, FACILITY) fake_openlog(IDENT, LOGOPT, FACILITY) |
18 | 22 |
#define syslog(PRIORITY, ...) fake_syslog(PRIORITY, __VA_ARGS__) |
19 | 23 |
#define closelog() fake_closelog() |
24 |
+ |
|
25 |
+// PWD |
|
26 |
+#define getpwnam_r(USER, PASSWD, BUFFER, BUFSIZE, PRESULT) fake_getpwnam_r(USER, PASSWD, BUFFER, BUFSIZE, PRESULT) |
|
27 |
+ |
|
20 | 28 |
#endif |
21 | 29 |
|
22 | 30 |
#endif |
... | ... |
@@ -1,10 +1,61 @@ |
1 |
+#include <stdlib.h> |
|
2 |
+#include <string.h> |
|
1 | 3 |
#include <security/pam_modules.h> |
4 |
+#include <pwd.h> |
|
5 |
+#include <unistd.h> |
|
2 | 6 |
|
3 | 7 |
#include "token.h" |
4 | 8 |
|
9 |
+#include "test_support.h" |
|
10 |
+ |
|
11 |
+int user_is_known(const char *user) { |
|
12 |
+ struct passwd *passwd = (struct passwd *) malloc(sizeof(struct passwd)); |
|
13 |
+ size_t bufsize = (size_t) sysconf(_SC_GETPW_R_SIZE_MAX); |
|
14 |
+ char * buffer = (char *) malloc(bufsize * sizeof(char)); |
|
15 |
+ struct passwd *found_passwd = 0; |
|
16 |
+ getpwnam_r(user, passwd, buffer, bufsize, &found_passwd); |
|
17 |
+ int known = found_passwd != 0; |
|
18 |
+ |
|
19 |
+ free(buffer); |
|
20 |
+ free(passwd); |
|
21 |
+ |
|
22 |
+ return known; |
|
23 |
+ |
|
24 |
+} |
|
25 |
+ |
|
5 | 26 |
int validate_token(const char *token) { |
6 |
- return 1; |
|
27 |
+ int ok = 0; |
|
28 |
+ |
|
29 |
+ char *user = 0; |
|
30 |
+ |
|
31 |
+ // duplicate |
|
32 |
+ int token_length = strlen(token); |
|
33 |
+ user = (char *) malloc((token_length + 1) * sizeof(char)); |
|
34 |
+ strcpy(user, token); |
|
35 |
+ |
|
36 |
+ // find the first colon |
|
37 |
+ char *colon = strchr(user, ':'); |
|
38 |
+ if (!colon) { |
|
39 |
+ goto finally; |
|
40 |
+ } |
|
41 |
+ |
|
42 |
+ // poke a zero so dup is the username |
|
43 |
+ *colon = 0; |
|
44 |
+ |
|
45 |
+ // check if user is known |
|
46 |
+ if(!user_is_known(user)) { |
|
47 |
+ goto finally; |
|
48 |
+ } |
|
49 |
+ |
|
50 |
+ ok = 1; |
|
51 |
+ |
|
52 |
+ // determine if user is system user |
|
53 |
+ // fail if not |
|
54 |
+ finally: |
|
55 |
+ |
|
56 |
+ free(user); |
|
7 | 57 |
|
58 |
+ return ok; |
|
8 | 59 |
} |
9 | 60 |
|
10 | 61 |
|
... | ... |
@@ -1,12 +1,18 @@ |
1 |
+#include <string.h> |
|
1 | 2 |
#include "token.h" |
2 | 3 |
#include "test_util.h" |
3 | 4 |
|
4 | 5 |
const char *fake_user = ""; |
5 | 6 |
const char *fake_user_token = ""; |
6 | 7 |
|
8 |
+struct passwd; |
|
7 | 9 |
|
8 | 10 |
// all the fake system calls |
9 |
- |
|
11 |
+int fake_getpwnam_r(const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { |
|
12 |
+ int ok = !strcmp(nam, fake_user); |
|
13 |
+ *result = ok ? (struct passwd *)"" : 0; |
|
14 |
+ return !ok; |
|
15 |
+} |
|
10 | 16 |
|
11 | 17 |
RESET_VARS_START |
12 | 18 |
fake_user = ""; |
... | ... |
@@ -30,9 +36,22 @@ int validate_compares_to_user_token() { |
30 | 36 |
|
31 | 37 |
} |
32 | 38 |
|
39 |
+int validates_from_the_right_user() { |
|
40 |
+ //given |
|
41 |
+ fake_user = "jbalcita"; |
|
42 |
+ fake_user_token = "123456"; |
|
43 |
+ |
|
44 |
+ //when |
|
45 |
+ int valid = validate_token("msmith:12346"); |
|
46 |
+ |
|
47 |
+ //then |
|
48 |
+ check(!valid, "expected result to be invalid"); |
|
49 |
+ succeed(); |
|
50 |
+} |
|
33 | 51 |
|
34 | 52 |
int runtests() { |
35 | 53 |
test(validate_compares_to_user_token); |
54 |
+ test(validates_from_the_right_user); |
|
36 | 55 |
succeed(); |
37 | 56 |
} |
38 | 57 |
|