Bandie/pam_panic
Bandie
/
pam_panic
1
0
Fork 0
Code Issues 5 Pull Requests Releases Wiki Activity

Test suites with dirty autoconf. Closes #20

This commit is contained in:
Bandie 2018-05-11 01:29:13 +02:00
parent 231cc86562
commit 3b9cb19ec8
Signed by: Bandie
GPG Key ID: C1E133BC65A822DD
9 changed files with 207 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -18,3 +18,4 @@ Makefile
Makefile.in
src/pam_panic_pw/pam_panic_pw
stamp-h1
test/test

5
Makefile.am
View File

@ -3,3 +3,8 @@ ACLOCAL_AMFLAGS = -I m4
AM_CPPFLAGS = -I src
SUBDIRS = src/pam_panic src/pam_panic_pw
.PHONY: all test clean
test:
make -C test

1
configure.ac
View File

@ -55,6 +55,7 @@ AC_CONFIG_FILES([
src/pam_panic/man/Makefile
src/pam_panic_pw/Makefile
src/pam_panic_pw/man/Makefile
test/Makefile
])
AC_OUTPUT

40
src/pam_panic/pam_panic_authdevice.c
View File

@ -8,8 +8,10 @@ LICENSE : GNU-GPLv3
#include <stdint.h>
#include <unistd.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
#ifndef TEST
#include <security/pam_modules.h>
#include <security/pam_ext.h>
#endif
#include <syslog.h>
#include "pam_panic_reject.h"
@ -17,20 +19,34 @@ LICENSE : GNU-GPLv3
int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){
int8_t counter = 0;
while(access(allowed, F_OK) == -1 && access(rejected, F_OK) == -1){
pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, ASK);
if(++counter >= 3){
pam_syslog(pamh, LOG_NOTICE, "Couldn't identify any keys. 3 tries.");
return (PAM_MAXTRIES);
#ifndef TEST
int8_t counter = 0;
while(access(allowed, F_OK) == -1 && access(rejected, F_OK) == -1){
pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, ASK);
if(++counter >= 3){
pam_syslog(pamh, LOG_NOTICE, "Couldn't identify any keys. 3 tries.");
return (PAM_MAXTRIES);
}
}
}
#endif
if(access(allowed, F_OK) != -1)
return (PAM_SUCCESS);
#ifndef TEST
return (PAM_SUCCESS);
#else
return 0;
#endif
if(access(rejected, F_OK) != -1)
return reject(serious_dev, bSerious, bReboot, bPoweroff);
#ifndef TEST
return reject(serious_dev, bSerious, bReboot, bPoweroff);
#else
return 99;
#endif
return (PAM_MAXTRIES);
#ifndef TEST
return (PAM_MAXTRIES);
#else
return 1;
#endif
}

11
src/pam_panic/pam_panic_password.c
View File

@ -18,17 +18,21 @@ LICENSE : GNU-GPLv3
#include "pam_panic_password.h"
#include "pam_panic_reject.h"
#define MSG_NOFILE "ALERT for password option: No password file detected."
#define MSG_ERROPEN "ERROR: Couldn't open password file."
#define MSG_CORRUPT "CRITICAL: Password file is corrupt!"
int readPassword(pam_handle_t *pamh, char pw[2][99]){
// Open file
if(access(PPASSFILE, F_OK) == -1){
pam_syslog(pamh, LOG_ALERT, "ALERT for password option: No password file detected.");
pam_syslog(pamh, LOG_ALERT, MSG_NOFILE);
return 2;
}
FILE *f = fopen(PPASSFILE, "r");
if(f == NULL){
pam_syslog(pamh, LOG_ALERT, "ERROR: Couldn't open file.");
pam_syslog(pamh, LOG_ALERT, MSG_ERROPEN);
return 1;
}
@ -40,7 +44,7 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){
fclose(f);
if(nread != 198){
pam_syslog(pamh, LOG_CRIT, "CRITICAL: Password file is corrupt!");
pam_syslog(pamh, LOG_CRIT, MSG_CORRUPT);
return 3;
}
@ -103,5 +107,6 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t
if(!strcmp(pwpanic, pw[1])){
return reject(serious_dev, bSerious, bReboot, bPoweroff);
}
return (PAM_AUTH_ERR);
}

55
src/pam_panic/pam_panic_reject.c
View File

@ -8,35 +8,56 @@ LICENSE : GNU-GPLv3
#include <stdint.h>
#include <unistd.h>
#include <security/pam_ext.h>
#ifdef TEST
#include <stdio.h>
#else
#include <security/pam_ext.h>
#endif
#include <sys/wait.h>
#include "config.h"
#include "pam_panic_reject.h"
int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){
if(bSerious){
int ser_stat;
int yes[2];
pipe(yes);
if(fork() == 0){
close(yes[1]);
dup2(yes[0], 0);
#ifndef TEST
int ser_stat;
int yes[2];
pipe(yes);
if(fork() == 0){
close(yes[1]);
dup2(yes[0], 0);
execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL);
}else {
close(yes[0]);
write(yes[1], "YES\n", 4);
close(yes[1]);
execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL);
}else {
close(yes[0]);
write(yes[1], "YES\n", 4);
close(yes[1]);
wait(&ser_stat);
}
wait(&ser_stat);
}
#else
return 0;
#endif
}
if(bReboot)
execlp(REBOOT, REBOOT, NULL);
#ifndef TEST
execlp(REBOOT, REBOOT, NULL);
#else
return 1;
#endif
if(bPoweroff)
execlp(POWEROFF, POWEROFF, NULL);
#ifndef TEST
execlp(POWEROFF, POWEROFF, NULL);
#else
return 2;
#endif
return (PAM_MAXTRIES);
#ifndef TEST
return (PAM_MAXTRIES);
#else
return 3;
#endif
}

8
test/Makefile.am Normal file
View File

@ -0,0 +1,8 @@
bin_PROGRAMS = test
test_SOURCES = test.h ../src/pam_panic/pam_panic_authdevice.c ../src/pam_panic/pam_panic_reject.c test.c
test_LDFLAGS = -lpam -lcunit
all:
@printf "Running test...\n"
./test
@printf "OK!\n"

117
test/test.c Normal file
View File

@ -0,0 +1,117 @@
#include <stdint.h>
#include <unistd.h>
#include <security/pam_modules.h>
#include "../src/pam_panic/pam_panic_authdevice.h"
#include "../src/pam_panic/pam_panic_reject.h"
#include <CUnit/Basic.h>
#define STATE_GOOD 0
#define STATE_BAD 99
#define STATE_NA 1
#define STATE_REJ_SER 0
#define STATE_REJ_REB 1
#define STATE_REJ_POW 2
#define STATE_REJ_NA 3
#define GOODUUID "./good"
#define BADUUID "./bad"
char* gU = GOODUUID;
char* bU = BADUUID;
int init_suite(void) {
return 0;
}
int clean_suite(void) {
return 0;
}
// pam_panic_authdevice tests
void test_authDeviceGood(void) {
FILE *f = fopen(gU, "w");
fclose(f);
int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_GOOD);
unlink(gU);
}
void test_authDeviceBad(void) {
FILE *f = fopen(bU, "w");
fclose(f);
int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_BAD);
unlink(bU);
}
void test_authDeviceNA(void) {
int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_NA);
}
// pam_panic_reject tests
void test_rejectSerious(void) {
int ret = reject(NULL, 1, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_REJ_SER);
}
void test_rejectReboot(void) {
int ret = reject(NULL, 0, 1, 0);
CU_ASSERT_EQUAL(ret, STATE_REJ_REB);
}
void test_rejectPoweroff(void) {
int ret = reject(NULL, 0, 0, 1);
CU_ASSERT_EQUAL(ret, STATE_REJ_POW);
}
void test_rejectNA(void) {
int ret = reject(NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_REJ_NA);
}
int main(void) {
// no stdout buffering
setbuf(stdout, NULL);
// init CUnit test registry
CU_pSuite pSuiteDevice = NULL;
CU_pSuite pSuiteReject = NULL;
if (CUE_SUCCESS != CU_initialize_registry())
return CU_get_error();
// Make suits
pSuiteDevice = CU_add_suite("Suite pam_panic_authdevice", init_suite, clean_suite);
pSuiteReject = CU_add_suite("Suite pam_panic_reject", init_suite, clean_suite);
if (pSuiteDevice == NULL
|| pSuiteReject == NULL) {
CU_cleanup_registry();
return CU_get_error();
}
// adding tests to all suits
// SuiteDevice
if ( (NULL == CU_add_test(pSuiteDevice, "Authenticate with good device?", test_authDeviceGood))
|| (NULL == CU_add_test(pSuiteDevice, "Authenticate with bad device?", test_authDeviceBad))
|| (NULL == CU_add_test(pSuiteDevice, "Authenticate with no device?", test_authDeviceNA))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Serious?", test_rejectSerious))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Reboot?", test_rejectReboot))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Poweroff?", test_rejectPoweroff))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Nothing?", test_rejectNA))
) {
CU_cleanup_registry();
return CU_get_error();
}
return 0;
}

1
test/test.h Normal file
View File

@ -0,0 +1 @@
#define TEST