test a bit more and switch the mock to perl

2025-01-19 07:52:23 +01:00 · 2015-01-16 15:24:45 +01:00 · 2015-01-16 15:24:45 +01:00 · 8366721fd1
commit 8366721fd1
parent 286de92cd3
3 changed files with 97 additions and 40 deletions
--- a/tests/aux/ykval.pl
+++ b/tests/aux/ykval.pl
@ -0,0 +1,70 @@
+#!/usr/bin/perl
+
+# Copyright (c) 2015 Yubico AB
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+use IO::Socket::INET;
+
+use strict;
+use warnings;
+
+my %otps = (
+  'vvincredibletrerdegkkrkkneieultcjdghrejjbckh' => 'OK',
+);
+
+my $port = shift;
+$port |= 8888;
+
+my $socket = new IO::Socket::INET (
+  LocalHost => '127.0.0.1',
+  LocalPort => $port,
+  Proto => 'tcp',
+  Listen => 10,
+  Reuse => 1
+) or die "Oops: $! \n";
+
+while(1) {
+  my $clientsocket = $socket->accept();
+  my $clientdata = <$clientsocket>;
+  my $ret = "status=MISSING_PARAMETER";
+
+  if($clientdata =~ m/nonce=([a-zA-Z0-9]+).*otp=([cbdefghijklnrtuv]+)/) {
+    my $nonce = $1;
+    my $otp = $2;
+    if($otps{$otp}) {
+      my $status = $otps{$otp};
+      $ret = "h=ZrU7UfjwazJVf5ay1P/oC3XCQlI=\n";
+      $ret .= "nonce=$nonce\n";
+      $ret .= "otp=$otp\n";
+      $ret .= "status=$status";
+    } else {
+      $ret = "status=BAD_OTP";
+    }
+  }
+  print $clientsocket "\n$ret\n";
+  close $clientsocket;
+}
--- a/tests/aux/ykval.sh
+++ b/tests/aux/ykval.sh
@ -1,32 +0,0 @@
-#!/bin/bash
-
-out=`mktemp /tmp/ykval_mock.XXXXXX`
-rm -f $out
-mkfifo $out
-trap "rm -f $out" EXIT
-while true
-do
-  cat $out | nc -l 8888 > >(
-    while read line
-    do
-      line=$(echo "$line" | tr -d '[\r\n]')
-
-      if echo "$line" | grep -qE '^GET /'; then
-        REQUEST=$(echo "$line" | cut -d ' ' -f2)
-      elif [ "x$line" = x ]; then
-        echo $REQUEST
-        nonce=`echo "$REQUEST" | awk -F\& '{print $2}'`
-        otp=`echo "$REQUEST" | awk -F\& '{print $3}'`
-        if [ x$otp = "xotp=vvincredibletrerdegkkrkkneieultcjdghrejjbckh" ]; then
-          status="status=OK"
-        else
-          status="status=BAD_OTP"
-        fi
-        echo "h=ZrU7UfjwazJVf5ay1P/oC3XCQlI=
-$nonce
-$otp
-$status" > $out
-      fi
-    done
-  )
-done
--- a/tests/pam_test.c
+++ b/tests/pam_test.c
@ -42,14 +42,24 @@ static const char *err = "error";
 static const char *foo = "foo";
 static const char *otp = "vvincredibletrerdegkkrkkneieultcjdghrejjbckh";

-void test_authenticate1(void) {
+int test_authenticate1(void) {
  char *cfg[] = {
    "id=1",
    "url=http://localhost:8888/wsapi/2/verify?id=%d&otp=%s",
    "authfile=aux/authfile",
    "debug",
  };
-  assert(pam_sm_authenticate(0, 0, 4, cfg) == PAM_SUCCESS);
+  return pam_sm_authenticate(1, 0, 4, cfg);
+}
+
+int test_authenticate2(void) {
+  char *cfg[] = {
+    "id=1",
+    "urllist=http://localhost:8888/wsapi/2/verify",
+    "authfile=aux/authfile",
+    "debug",
+  };
+  return pam_sm_authenticate(2, 0, 4, cfg);
 }

 const char * pam_strerror(pam_handle_t *pamh, int errnum) {
@ -111,22 +121,31 @@ int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) {
  return PAM_SUCCESS;
 }

-pid_t run_mock(void) {
+pid_t run_mock(const char *port) {
  pid_t pid = fork();
  if(pid == 0) {
-    execvp("aux/ykval.sh", NULL);
-    exit(0);
+    execlp("aux/ykval.pl", port, NULL);
  }
+  /* Give the "server" time to settle */
  sleep(1);
  return pid;
 }

 int main () {
-  pid_t child = run_mock();
+  int ret = 0;
+  pid_t child = run_mock("8888");

-  test_authenticate1();
+  if(test_authenticate1() != 0) {
+    ret = 1;
+    goto out;
+  }
+  if(test_authenticate2() != 0) {
+    ret = 2;
+    goto out;
+  }

+out:
  kill(child, 9);
  printf("killed %d\n", child);
-  return 0;
+  return ret;
 }