1
0
mirror of https://github.com/falk-werner/webfused synced 2024-10-27 20:44:08 +00:00
falk-werner_webfused/test/test_pam_authenticator.cc
2020-03-20 09:52:56 +01:00

280 lines
8.9 KiB
C++

#include "webfused/auth/pam_authenticator.h"
#include "webfused/auth/authenticator.h"
#include "webfused/config/settings.h"
#include "webfused/auth/factory.h"
#include "mock_credentials.hpp"
#include "mock_settings.hpp"
#include "mock_pam.hpp"
#include <gtest/gtest.h>
using ::webfused_test::MockSettings;
using ::webfused_test::MockCredentials;
using ::webfused_test::MockPam;
using ::testing::_;
using ::testing::Return;
using ::testing::StrEq;
using ::testing::Invoke;
using ::testing::StrictMock;
TEST(pam_authenticator, create)
{
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, create_via_factory)
{
wfd_authenticator authenticator;
bool success = wfd_authenticator_create("pam", nullptr, &authenticator);
ASSERT_TRUE(success);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, get_type)
{
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
ASSERT_STREQ("username", wfd_authenticator_get_type(authenticator));
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, authenticate)
{
MockPam pam;
EXPECT_CALL(pam, start(StrEq("webfused"), nullptr, _, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, authenticate(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, acct_mgmt(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, end(_, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_TRUE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, authenticate_with_custom_service_name)
{
MockPam pam;
EXPECT_CALL(pam, start(StrEq("brummni"), nullptr, _, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, authenticate(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, acct_mgmt(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, end(_, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
MockSettings settings;
EXPECT_CALL(settings, getStringOrDefault(StrEq("service_name"), StrEq("webfused")))
.Times(1).WillOnce(Return("brummni"));
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_TRUE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
namespace
{
int valid_conversation(
char const * service_name,
char const * user,
struct pam_conv const * conv,
pam_handle_t * * handle)
{
(void) service_name;
(void) user;
(void) handle;
pam_message request_username = {PAM_PROMPT_ECHO_ON, "username"};
pam_message request_password = {PAM_PROMPT_ECHO_OFF, "password"};
pam_message const * messages[2] =
{
&request_username,
&request_password
};
pam_response * responses;
int rc = conv->conv(2, messages, &responses, conv->appdata_ptr);
if (PAM_SUCCESS == rc)
{
free(responses[0].resp);
free(responses[1].resp);
free(responses);
}
return rc;
}
}
TEST(pam_authenticator, conversation_with_valid_messages)
{
MockPam pam;
EXPECT_CALL(pam, start(StrEq("webfused"), nullptr, _, _))
.Times(1).WillOnce(Invoke(&valid_conversation));
EXPECT_CALL(pam, authenticate(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, acct_mgmt(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, end(_, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_TRUE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
namespace
{
int invalid_conversation(
char const * service_name,
char const * user,
struct pam_conv const * conv,
pam_handle_t * * handle)
{
(void) service_name;
(void) user;
(void) handle;
pam_message invalid_request = {-1, "invalid"};
pam_message const * messages[2] =
{
&invalid_request
};
pam_response * responses;
int rc = conv->conv(1, messages, &responses, conv->appdata_ptr);
return rc;
}
}
TEST(pam_authenticator, conversation_with_invalid_messages)
{
MockPam pam;
EXPECT_CALL(pam, start(StrEq("webfused"), nullptr, _, _))
.Times(1).WillOnce(Invoke(&invalid_conversation));
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_FALSE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, authenticate_fail_authenticate)
{
MockPam pam;
EXPECT_CALL(pam, start(StrEq("webfused"), nullptr, _, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, authenticate(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(-1));
EXPECT_CALL(pam, end(_, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_FALSE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, authenticate_fail_acct_mgmt)
{
MockPam pam;
EXPECT_CALL(pam, start(StrEq("webfused"), nullptr, _, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, authenticate(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(PAM_SUCCESS));
EXPECT_CALL(pam, acct_mgmt(_, PAM_DISALLOW_NULL_AUTHTOK)).Times(1).WillOnce(Return(-1));
EXPECT_CALL(pam, end(_, _)).Times(1).WillOnce(Return(PAM_SUCCESS));
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_FALSE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, authenticate_fail_missing_username)
{
StrictMock<MockPam> pam;
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return(nullptr));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return("secret"));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_FALSE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}
TEST(pam_authenticator, authenticate_fail_missing_password)
{
StrictMock<MockPam> pam;
wfd_authenticator authenticator;
bool success = wfd_pam_authenticator_create(nullptr, &authenticator);
ASSERT_TRUE(success);
MockCredentials creds;
EXPECT_CALL(creds, get(StrEq("username"))).Times(1).WillOnce(Return("bob"));
EXPECT_CALL(creds, get(StrEq("password"))).Times(1).WillOnce(Return(nullptr));
bool is_authenticated = wfd_authenticator_authenticate(authenticator, nullptr);
ASSERT_FALSE(is_authenticated);
wfd_authenticator_dispose(authenticator);
}