rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-26 21:54:15 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'mysql_tests'

Browse Source
This commit is contained in:
Klas Lindfors 2021-04-07 10:33:55 +02:00
commit 26b310cda9
No known key found for this signature in database
GPG Key ID: BCA00FD4B2168C0A
9 changed files with 99 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/build_and_test.yml vendored
View File

@ -22,17 +22,49 @@ jobs:
- os: ubuntu-20.04 - os: ubuntu-20.04
config_args: "" config_args: ""
extra: "libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" extra: "libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev"
mysql: true
- os: ubuntu-18.04 - os: ubuntu-18.04
config_args: "" config_args: ""
extra: "libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" extra: "libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev"
mysql: true
- os: ubuntu-16.04 - os: ubuntu-16.04
config_args: "" config_args: ""
extra: "libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" extra: "libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev"
mysql: true
services:
mariadb:
image: mariadb:latest
ports:
- 3306
env:
MYSQL_USER: user
MYSQL_PASSWORD: password
MYSQL_DATABASE: otp
MYSQL_ROOT_PASSWORD: password
options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v1
- name: Setup Database
if: ${{ matrix.mysql }}
env:
MYSQL_PORT: ${{ job.services.mariadb.ports[3306] }}
run: |
while ! mysqladmin ping -h"127.0.0.1" -P"$MYSQL_PORT" --silent; do
sleep 1
done
mysql --user=user --password=password --host=127.0.0.1 --port=$MYSQL_PORT otp < yubikey_mapping.sql
mysql --user=user --password=password --host=127.0.0.1 --port=$MYSQL_PORT otp < tests/aux/auth_mapping.sql
- name: Build and test - name: Build and test
env: env:
CONFIGURE_ARGS: ${{ matrix.config_args }} CONFIGURE_ARGS: ${{ matrix.config_args }}
EXTRA: ${{ matrix.extra }} EXTRA: ${{ matrix.extra }}
MYSQL_PORT: ${{ job.services.mariadb.ports[3306] }}
run: | run: |
tests/aux/build-and-test.sh tests/aux/build-and-test.sh
- name: Display logs
if: ${{ always() }}
run: |
for log in tests/*.log; do
echo $log
cat $log
done

3
pam_yubico.8.txt
View File

@ -119,6 +119,9 @@ Path of a system-wide directory where challenge-response files can be found for
*mysql_server*=_mysqlserver_:: *mysql_server*=_mysqlserver_::
Hostname/Adress of mysql server. Example 10.0.0.1 Hostname/Adress of mysql server. Example 10.0.0.1
*mysql_port*=_mysqlport_::
Network port of mysql server.
*mysql_user*=_mysqluser_:: *mysql_user*=_mysqluser_::
User for accessing to the database. Strongly recommended to use a specific user with read only access. User for accessing to the database. Strongly recommended to use a specific user with read only access.

10
pam_yubico.c
View File

@ -135,6 +135,7 @@ struct cfg
const char *yubi_attr; const char *yubi_attr;
const char *yubi_attr_prefix; const char *yubi_attr_prefix;
const char *mysql_server; const char *mysql_server;
int mysql_port;
const char *mysql_user; const char *mysql_user;
const char *mysql_password; const char *mysql_password;
const char *mysql_database; const char *mysql_database;
@ -176,7 +177,7 @@ authorize_user_token (struct cfg *cfg,
as an argument for this module. as an argument for this module.
*/ */
DBG ("Using Mariadb or Mysql Database"); DBG ("Using Mariadb or Mysql Database");
retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file); retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_port, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file);
#else #else
DBG (("Trying to use MYSQL, but this function is not compiled in pam_yubico!!")); DBG (("Trying to use MYSQL, but this function is not compiled in pam_yubico!!"));
#endif #endif
@ -892,9 +893,11 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->chalresp_path = argv[i] + 14; cfg->chalresp_path = argv[i] + 14;
if (strncmp (argv[i], "mysql_server=", 13) == 0) if (strncmp (argv[i], "mysql_server=", 13) == 0)
cfg->mysql_server = argv[i] + 13; cfg->mysql_server = argv[i] + 13;
if (strncmp (argv[i], "mysql_user=", 11) == 0) if (strncmp (argv[i], "mysql_port=", 11) == 0)
sscanf (argv[i], "mysql_port=%u", &cfg->mysql_port);
if (strncmp (argv[i], "mysql_user=", 11) == 0)
cfg->mysql_user = argv[i] + 11; cfg->mysql_user = argv[i] + 11;
if (strncmp (argv[i], "mysql_password=", 15) == 0) if (strncmp (argv[i], "mysql_password=", 15) == 0)
cfg->mysql_password = argv[i] + 15; cfg->mysql_password = argv[i] + 15;
if (strncmp (argv[i], "mysql_database=", 15) == 0) if (strncmp (argv[i], "mysql_database=", 15) == 0)
cfg->mysql_database = argv[i] + 15; cfg->mysql_database = argv[i] + 15;
@ -965,6 +968,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" ); DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" );
DBG ("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)"); DBG ("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)");
DBG ("mysql_server=%s", cfg->mysql_server ? cfg->mysql_server : "(null)"); DBG ("mysql_server=%s", cfg->mysql_server ? cfg->mysql_server : "(null)");
DBG ("mysql_port=%d", cfg->mysql_port);
DBG ("mysql_user=%s", cfg->mysql_user ? cfg->mysql_user : "(null)"); DBG ("mysql_user=%s", cfg->mysql_user ? cfg->mysql_user : "(null)");
DBG ("mysql_database=%s", cfg->mysql_database ? cfg->mysql_database : "(null)"); DBG ("mysql_database=%s", cfg->mysql_database ? cfg->mysql_database : "(null)");

3
tests/aux/auth_mapping.sql Normal file
View File

@ -0,0 +1,3 @@
INSERT INTO yubikey_mappings (otp_id, username) VALUES ('vvincredible', 'foo');
INSERT INTO yubikey_mappings (otp_id, username) VALUES ('cccccccfhcbe', 'test');
INSERT INTO yubikey_mappings (otp_id, username) VALUES ('ccccccbchvth', 'test');

9
tests/aux/build-and-test.sh
View File

@ -7,7 +7,7 @@ autoreconf -i
if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then
sudo add-apt-repository -y ppa:yubico/stable sudo add-apt-repository -y ppa:yubico/stable
sudo apt-get update -qq || true sudo apt-get update -qq || true
sudo apt-get install -qq -y --no-install-recommends libykclient-dev libpam0g-dev libyubikey-dev asciidoc docbook-xsl xsltproc libxml2-utils libmysqlclient-dev $EXTRA sudo apt-get install -qq -y --no-install-recommends libykclient-dev libpam0g-dev libyubikey-dev asciidoc docbook-xsl xsltproc libxml2-utils $EXTRA
else else
brew update brew update
brew install pkg-config brew install pkg-config
@ -26,7 +26,12 @@ fi
set -e set -e
./configure $CONFIGURE_ARGS $COVERAGE if [ ! -z $MYSQL_PORT ]; then
CFLAGS="-DTEST_MYSQL_PORT='\"${MYSQL_PORT}\"'" ./configure $CONFIGURE_ARGS $COVERAGE
else
./configure $CONFIGURE_ARGS $COVERAGE
fi
make check check-doc-dist make check check-doc-dist
if [ "x$COVERAGE" != "x" ]; then if [ "x$COVERAGE" != "x" ]; then
gem install coveralls-lcov gem install coveralls-lcov

33
tests/pam_test.c
View File

@ -56,6 +56,10 @@ pam_sm_authenticate (pam_handle_t * pamh,
#define YKVAL_PORT2 "30559" #define YKVAL_PORT2 "30559"
#define LDAP_PORT "52825" #define LDAP_PORT "52825"
#ifndef TEST_MYSQL_PORT
#define TEST_MYSQL_PORT "3306"
#endif
#define YKVAL SRCDIR"/aux/ykval.pl" #define YKVAL SRCDIR"/aux/ykval.pl"
#define LDAP SRCDIR"/aux/ldap.pl" #define LDAP SRCDIR"/aux/ldap.pl"
#define AUTHFILE SRCDIR"/aux/authfile" #define AUTHFILE SRCDIR"/aux/authfile"
@ -97,6 +101,17 @@ static const char *ldap_cfg2[] = {
"debug" "debug"
}; };
static const char *mysql_cfg[] = {
"id=1",
"urllist=http://localhost:"YKVAL_PORT1"/wsapi/2/verify",
"mysql_server=127.0.0.1",
"mysql_port="TEST_MYSQL_PORT,
"mysql_user=user",
"mysql_password=password",
"mysql_database=otp",
"debug"
};
static const struct data *test_get_data(void *id) { static const struct data *test_get_data(void *id) {
return &_data[(long)id]; return &_data[(long)id];
} }
@ -323,6 +338,14 @@ static int test_authenticate_ldap6(void) {
return pam_sm_authenticate((pam_handle_t *)7, 0, sizeof(ldap_cfg) / sizeof(char*), ldap_cfg); return pam_sm_authenticate((pam_handle_t *)7, 0, sizeof(ldap_cfg) / sizeof(char*), ldap_cfg);
} }
static int test_authenticate_mysql1(void) {
return pam_sm_authenticate((pam_handle_t *)0, 0, sizeof(mysql_cfg) / sizeof(char*), mysql_cfg);
}
static int test_fail_authenticate_mysql1(void) {
return pam_sm_authenticate((pam_handle_t *)1, 0, sizeof(mysql_cfg) / sizeof(char*), mysql_cfg);
}
static pid_t run_mock(const char *port, const char *type) { static pid_t run_mock(const char *port, const char *type) {
pid_t pid = fork(); pid_t pid = fork();
if(pid == 0) { if(pid == 0) {
@ -420,6 +443,16 @@ int main(void) {
goto out; goto out;
} }
#endif #endif
#ifdef HAVE_MYSQL
if(test_authenticate_mysql1() != PAM_SUCCESS) {
ret = 2001;
goto out;
}
if(test_fail_authenticate_mysql1() != PAM_USER_UNKNOWN) {
ret = 2002;
goto out;
}
#endif
out: out:
kill(child, 9); kill(child, 9);

3
util.c
View File

@ -114,6 +114,7 @@ get_user_cfgfile_path(const char *common_path, const char *filename, const struc
*/ */
int int
check_user_token_mysql(const char *mysql_server, check_user_token_mysql(const char *mysql_server,
int mysql_port,
const char *mysql_user, const char *mysql_user,
const char *mysql_password, const char *mysql_password,
const char *mysql_database, const char *mysql_database,
@ -152,7 +153,7 @@ check_user_token_mysql(const char *mysql_server,
return retval; return retval;
} }
if(mysql_real_connect(con, mysql_server,mysql_user,mysql_password,mysql_database, 0, NULL, 0) == NULL) if(mysql_real_connect(con, mysql_server,mysql_user,mysql_password,mysql_database, mysql_port, NULL, 0) == NULL)
{ {
if(verbose) if(verbose)
D (debug_file, "Connection failed ..."); D (debug_file, "Connection failed ...");

4
util.h
View File

@ -52,7 +52,9 @@
int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn); int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn);
#ifdef HAVE_MYSQL #ifdef HAVE_MYSQL
int check_user_token_mysql(const char *mysql_server,const char *mysql_user,const char *mysql_password,const char *mysql_database,const char *username,const char *otp_id,int verbose,FILE *debug_file); int check_user_token_mysql(const char *mysql_server, int mysql_port, const char *mysql_user,
const char *mysql_password, const char *mysql_database, const char *username, const char *otp_id, int verbose,
FILE *debug_file);
#endif #endif
int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file); int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file);

9
yubikey_mapping.sql Normal file
View File

@ -0,0 +1,9 @@
#
# Table structure for table equiv of yubikey_mapping
#
CREATE TABLE IF NOT EXISTS `otp`.`yubikey_mappings` (
`otp_id` VARCHAR(12) NOT NULL ,
`username` VARCHAR(64) NOT NULL ,
PRIMARY KEY (`otp_id`(12))
);